How to configure Apache to run Django application?
What are the tricks to set up a Django application for production under Apache webserver?
How to make /admin interface secure?
How to run another site (either php or static html-based) on the same domain?
How to make sure that plain text files are served directly by the webserver to insure the fastest response?
1 Answer
Below is a sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver). What to do if you don't have root access - is a subject of a future post.
This walkthrough also assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally in this example django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Reliable Askbot Hosting
Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.
create your Q&A site30 days free trial
Stats
Asked: 2010-04-15 00:22:54 -0500
Seen: 2,508 times
Last updated: Apr 15 '10
