Revision history [back]
Below is a sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver). What to do if you don't have root access - is a subject of a future post.
This walkthrough also assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally in this example django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is a sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver). What to do if you don't have root access - is a subject of a future post.webserver)
This walkthrough also assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally in this example django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is a the sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver)
This walkthrough also assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally in this example django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver)
This walkthrough also assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally in this example assumes that django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver)
This walkthrough assumes the following:
- you have mod_wsgi
mod_sslandmod_rewriteworking on apache - if you are planning to use php (or other) applications along with django - you have handlers for those files set up for the directories where those other files reside
Finally this example assumes that django site will run under url / and for the sake of an illustration - there will be a blog (maybe php) under say /blog.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that the it is assumed that main site is installed in directory /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations. You don't want to do brain surgery on a running site :).migrations.
Later you can either just carefully swap directories staging and production (you must be very careful when doing that), , or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical. Specifically in the two cases system accounts running the two servers are most likely different and the file access permissions for them may differ too.identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver)
This walkthrough It assumes the following:
- that you have mod_wsgi installed to work together with the webserver,
mod_sslandmod_rewriteworking on apache - if you - these two are
planning to use php (or other) applications alongmost likely bundled withdjango - you have handlers for those files set up for the directories where those other files reside
Finally Also this example assumes that django site will run under url / and for the sake of an illustration - that there will be a other things like php blog (maybe php) under say /blog.. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot. This recipe will work only if you can edit the apache configuration directly (basically assumes that you have root access to the webserver)Askbot.
It assumes that you have mod_wsgi installed to work together with the webserver, mod_ssl and mod_rewrite - these two are most likely bundled with the server anyway.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just node1 and node2.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot.
It assumes that you have mod_wsgi installed to work together with the webserver, mod_ssl and mod_rewrite - these two are most likely bundled with the server anyway.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf where roles of directories would rotate (and in that case it's probably better to name them just .node1 and node2
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot.
It assumes that you have mod_wsgi installed to work together with the webserver, webserver.mod_ssl and mod_rewrite - these two are most likely bundled with the server anyway.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot.
It assumes that you have mod_wsgi mod_wsgi installed to work together with the webserver.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
Below is the sample configuration that has been tested for Askbot.
It assumes that you have mod_wsgi installed to work together with the webserver.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>