Minimum-viable Flask, Apache + mod_wsgi configuration

flaskapp-wsgi.conf

##############################################################################
#   A basic, functional Apache <VirtualHost> configuration stanza for
#   mod_wsgi might look something like what's below.
#
#   On an Amazon AMI ECS instance, I would save this in to a config file
#   called /etc/httpd/conf.d/flaskapp-wsgi.conf and then 'sudo service httpd
#   restart'.
#   
#   Helpful References:
#   - http://flask.pocoo.org/docs/0.11/deploying/mod_wsgi/#configuring-apache
#   - https://modwsgi.readthedocs.io/en/develop/configuration-directives/
#   - http://preview.tinyurl.com/zg99ufm ("Virtual Environments" section of
#     mod_wsgi docs)
##############################################################################

# On Amazon AMI, I needed the 'python-eggs=' parameter to prevent getting the
# error message in [1]; ensure this directory is created and the 'apache' user
# has permissions to write to it.
#
# ref: [1] https://stackoverflow.com/q/2192323, 
#      [2] http://preview.tinyurl.com/jo52d9f (mod_wsgi docs)
WSGIDaemonProcess myapp threads=1 \
    python-eggs=/var/run/wsgi/python-eggs

# Set PYTHONHOME to a virtualenv for all WSGI apps; might cause problems if
# you have multiple apps running, each with their own virtualenvs. With newer
# versions of mod_wsgi, you can specify 'python-home=' as a parameter to
# WSGIDaemonProcess. Refer to: http://preview.tinyurl.com/zg99ufm ("Virtual
# Environments" section of mod_wsgi docs) for details.
#
# This assumes that you created a virtual environment here with 'virtualenv
# venv'; if you installed packages globally with 'sudo pip', then you likely
# won't need this.
WSGIPythonHome /path/to/project/source/venv

WSGIProcessGroup myapp
WSGIApplicationGroup %{GLOBAL}

# This is what actually runs your app when a visitor hits your site
WSGIScriptAlias / /var/www/wsgi-scripts/flaskapp.wsgi

<Directory /var/www/wsgi-scripts/>
    Order deny,allow
    Allow from all
    # If you wanted to protect the site with a password (HTTP Basic
    # authentication) then run (as root) 'htpasswd -c /etc/httpd/htpasswd
    # <username>' where <username> is whatever login you want to use. You'll
    # be prompted for the password.
    #
    # Then comment out the two lines above (Order, Allow) and replace them
    # with these:
    #
    # AuthType Basic
    # AuthName "Your Flask App"
    # AuthUserFile /etc/httpd/htpasswd
    # Require valid-user
    # Order deny,allow
    # Allow from none
    # Satisfy all
</Directory>

flaskapp.wsgi

"""
WSGI connector for a simple Flask application

It's not considered a good idea to put your WSGI adapter in the same
directory as your source code (in case you accidentally expose it through
incorrect configuration of your server), so maybe /var/www/wsgi-scripts is
a good place for it. I dunno. On an Amazon EC2 instance, you can create
that directory and give your user default permissions to it like this:

    $ sudo mkdir /var/www/wsgi-scripts
    $ cd /var/www/wsgi-scripts/
    $ sudo setfacl -d -m u:ec2-user:rwx .
    $ sudo setfacl -m u:ec2-user:rwx .
"""
import sys
sys.path.insert(0, '/path/to/project/source')

# assuming your Python web application is '/path/to/project/source/flaskapp.py'
# and the Flask instance is called 'app':
from flaskapp import app as application