Revision history [back]
How to configure Apache to run Django application?
What are the tricks to set up a Django application for production under Apache webserver?
How to make /admin interface secure?
How to run another site (either php or static html-based) on the same domain?
How to make sure that plain text files are served directly by the webserver to insure the fastest response?
How to configure Apache to run Django application?
What Below is the sample configuration that has been tested for Askbot.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are the tricks to set that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a Django application clone of the same setup under say /path/to/mysite/staging and reserve it for production experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache webserver?(or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
How to make /admin interface secure?
How to run another site (either
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or How to
How to configure Apache to run Django application?
Below is the sample configuration that has been tested for Askbot.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is - a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
How to configure Apache to run Django application?
Below is the sample configuration that has been tested for Askbot.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog - a slightly trickier setup so decided to show this more real-life example.
Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.
Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.
Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.
Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.
< VirtualHost 74.208.164.82:80 >
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
How to configure Apache to run Django application?
Below is the sample configuration that has been tested for Askbot.
Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog - a slightly trickier setup so decided to show this more real-life example.
< VirtualHost 74.208.164.82:80 >
<VirtualHost 74.208.164.82:80>
ServerAdmin forum@example.com
ServerName www.example.com
#document root exposes stuff underneath to everyone
#some things will be intercepted by django, but you
#must be careful so that you don't show contents of your settings.py
#and any other files containing source code, etc
#it's a good idea to verify that you are not exposing things you shouldnt be
DocumentRoot /path/to/mysite/production
#uncomment if you use html or php files as well or comment if you don't
DirectoryIndex index.html index.php
#set up aliases to non-django resources
#for example here could be your php blog (separately make sure that php is on in that dir)
#notice - no trailing slash here. it's important that way /blog will be a valid url too
Alias /blog /path/to/mysite/production/blog
#add more Alias lines as needed
#run mod_wsgi process for django in daemon mode
#this allows avoiding confused timezone settings when
#another application runs in the same virtual host - e.g. a php app
WSGIDaemonProcess mydjangothing #name it anything you want
WSGIProcessGroup mydjangothing
#these are part of django app, but must be serve statically to save CPU cycles
#use trailing slash here so that you don't show contents of directory skins itself
Alias /m/ /path/to/mysite/production/django_site/forum/skins/
Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
< DirectoryMatch <DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
Order deny,allow
Allow from all
< /DirectoryMatch>
< Directory </DirectoryMatch>
<Directory "/path/to/mysite/production/django_site/forum/upfiles">
Order deny,allow
Allow from all
< /Directory>
</Directory>
#this is your wsgi script for the production site
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
#this will force admin interface to work only
#through https (optional, but highly recommended for security)
< Location <Location "/admin">
RewriteEngine on
RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
< /Location>
</Location>
CustomLog /path/to/httpd/logs/mysite/access_log common
ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
</VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
<VirtualHost 74.208.164.82:443>
ServerAdmin forum@example.com
ServerName example.com
#specify where to get media for the admin interface
#the actual path that starts with /usr/local/lib - is the one to the django admin app
Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
#negative lookahead regex to send all non-admin traffic back to port 80
#regex has to be anchored here to work!!!
< LocationMatch <LocationMatch "^(?!/admin)">
RewriteEngine on
RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
< /LocationMatch>
</LocationMatch>
SSLEngine on
#SSL files
SSLCertificateFile /path/to/ssl_certificates/server.crt
SSLCertificateKeyFile /path/to/ssl_keys/server.key
WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
CustomLog /path/to/httpd_logs/mysite/access_log common
ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
</VirtualHost>