2.7. The WSGI Script

Apache2 and Nginx are using a WSGI script to start the application.

This script is usually located at /etc/privacyidea/privacyideaapp.py or /etc/privacyidea/privacyideaapp.wsgi and has the following contents:

import sys
sys.stdout = sys.stderr
from privacyidea.app import create_app
# Now we can select the config file:
application = create_app(config_name="production", config_file="/etc/privacyidea/pi.cfg")

In the create_app-call you can also select another config file.

2.7.1. WSGI configuration for the Apache webserver

The site-configuration for the Apache webserver to use WSGI should contain at least:

<VirtualHost _default_:443>
    ...
    WSGIScriptAlias /      /etc/privacyidea/privacyideaapp.wsgi
    WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea
    WSGIProcessGroup privacyidea
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ...
</VirtualHost>

2.7.2. Running several instances with the Apache webserver

You can run several instances of privacyIDEA on one Apache2 server by defining several WSGIScriptAlias definitions pointing to different wsgi-scripts, which again reference different config files with different database definitions.

To run further Apache instances add additional lines in your Apache config:

WSGIScriptAlias /instance1 /etc/privacyidea1/privacyideaapp.wsgi
WSGIScriptAlias /instance2 /etc/privacyidea2/privacyideaapp.wsgi
WSGIScriptAlias /instance3 /etc/privacyidea3/privacyideaapp.wsgi
WSGIScriptAlias /instance4 /etc/privacyidea4/privacyideaapp.wsgi

It is a good idea to create a subdirectory in /etc for each instance. Each wsgi script needs to point to the corresponding config file pi.cfg.

Each config file can define its own

  • database

  • encryption key

  • signing key

  • logging configuration

To create the new database you need The pi-manage Script. The pi-manage command reads the configuration from /etc/privacyidea/pi.cfg by default.

If you want to use another instance with another config file, you need to set an environment variable and create the database like this:

PRIVACYIDEA_CONFIGFILE=/etc/privacyidea3/pi.cfg pi-manage create_tables

This way you can use pi-manage for each instance.