It’s a long time since I posted here. I’ve been working on Pyplate, my Python CMS. Over the last few months I’ve made a lot of changes to the UI. Most site administration tasks can now be done via the Pyplate UI.
I’ve modified Pyplate to use the WSGI server interface instead of CGI. With CGI, the Python interpreter has to be loaded everytime a script is executed. Using WSGI means that a Python interpreter is kept in memory between requests. When a script needs to be executed it can run immediately because the interpreter has already been loaded. This has no effect on page load times of static pages, but dynamic pages are served much more quickly. The difference is huge.
There are different implementations of WSGI for different servers. In order to use WSGI with Apache, libapache2-mod-wsgi must be installed. This ensures that a python interpreter is loaded into each Apache thread. The downside of this is that each thread takes up more memory.
With Nginx, people often use set up a uWSGI server. Nginx must be configured to pass requests for scripted pages to the uWSGI server. The uWSGI server executes a script, and returns the result to Nginx, which then passes the page back to the user who requested it.
I’ve also implemented a very simple webserver based on the WSGI class in the Python library. This server can handles static pages. If a requested file can’t be found, the server hands the request to Pyplate. Pyplate generates the page, and returns it to the server.
The Python server is not very fast. It’s slower than Apache, and enabling page caching doesn’t make much difference. On the upside, it is very easy to set up.
I’ve added some security patches to Pyplate. A security token is embedded in each form generated by Pyplate. When a user clicks on the submit button, the security token is sent to the server with the POST request, and validated. I’ve also made some changes to the cookie code to make it harder to steal user’s cookies.
User information is now stored more securely. A salt is used to encrypt each user’s password, and a different salt is generated for each user.
I think Pyplate has come a very long way. It’s now a much more complete, more usable CMS. It’s still pretty simple, and small enough to run quickly.
What’s next? I’m working on a site built on a Banana Pi cluster. I’m building it using Pyplate, and it’s going to be based on my Raspberry Pi site. I may add a few more articles to my Raspberry Pi site, but eventually I plan to get back to working on Pyplate.