What are the tricks to set up a Django application for production under Apache webserver?
How to make
/admin interface secure?
How to run another site (either php or static html-based) on the same domain?
How to make sure that plain text files are served directly by the webserver to insure the fastest response?
Below is a sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver). What to do if you don't have root access - is a subject of a future post.
This walkthrough also assumes the following:
mod_rewriteworking on apache
Finally in this example django site will run under url
/ and for the sake of an illustration - there will be a blog (maybe php) under say
Other properties of this setup are that
/admin urls are forced to go through
https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory
/path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say
/path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories
production (you must be very careful when doing that), or create two versions for the apache setup for example
production2.conf where roles of directories would rotate (and in that case it's probably better to name them just
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use
python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 22.214.171.124:80 > ServerAdmin email@example.com ServerName www.example.com #document root exposes stuff underneath to everyone #some things will be intercepted by django, but you #must be careful so that you don't show contents of your settings.py #and any other files containing source code, etc #it's a good idea to verify that you are not exposing things you shouldnt be DocumentRoot /path/to/mysite/production #uncomment if you use html or php files as well or comment if you don't DirectoryIndex index.html index.php #set up aliases to non-django resources #for example here could be your php blog (separately make sure that php is on in that dir) #notice - no trailing slash here. it's important that way /blog will be a valid url too Alias /blog /path/to/mysite/production/blog #add more Alias lines as needed #run mod_wsgi process for django in daemon mode #this allows avoiding confused timezone settings when #another application runs in the same virtual host - e.g. a php app WSGIDaemonProcess mydjangothing #name it anything you want WSGIProcessGroup mydjangothing #these are part of django app, but must be serve statically to save CPU cycles #use trailing slash here so that you don't show contents of directory skins itself Alias /m/ /path/to/mysite/production/django_site/forum/skins/ Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/ < DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media"> Order deny,allow Allow from all < /DirectoryMatch> < Directory "/path/to/mysite/production/django_site/forum/upfiles"> Order deny,allow Allow from all < /Directory> #this is your wsgi script for the production site WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi #this will force admin interface to work only #through https (optional, but highly recommended for security) < Location "/admin"> RewriteEngine on RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301] < /Location> CustomLog /path/to/httpd/logs/mysite/access_log common ErrorLog /path/to/httpd/logs/mysite/error_log < /VirtualHost> #run admin interface under https < VirtualHost 126.96.36.199:443 > ServerAdmin firstname.lastname@example.org ServerName example.com #specify where to get media for the admin interface #the actual path that starts with /usr/local/lib - is the one to the django admin app Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/ #negative lookahead regex to send all non-admin traffic back to port 80 #regex has to be anchored here to work!!! < LocationMatch "^(?!/admin)"> RewriteEngine on RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301] < /LocationMatch> SSLEngine on #SSL files SSLCertificateFile /path/to/ssl_certificates/server.crt SSLCertificateKeyFile /path/to/ssl_keys/server.key WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi CustomLog /path/to/httpd_logs/mysite/access_log common ErrorLog /path/to/httpd_logs/mysite/error_log < /VirtualHost>
Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.create your Q&A site
Asked: 2010-04-15 00:22:54 -0500
Seen: 2,508 times
Last updated: Apr 15 '10