I don't exactly know what to provide you with for this one. I am running my project on Xubuntu 12.04 under an Apache2 server. Let me know what information you need.
My admin.py file:
from django.contrib import admin
from notendur.models import * # notendur is the application
This is what the page looks like:
http://imgur.com/VB9hREt
This is not how it should look like. It should look like this:
http://imgur.com/PUdJUul
Configure your apache server to look for admin MEDIA.
See these location in site packages where admin module is installed.
Configure your apache by adding these lines.
Alias /static/ PATH/TO/LOCATION
Alias /media/ PATH/TO/LOCATION
PATH/TO/LOCATION is your admin media and static file location generally located at site-packages.
Msoni
Related
Since I had started Django, I'm tackling some ridiculous problems. Recently, when I start a new project and I run it on the server, Django's admin CSS is not loaded. The last project I ran on the server, after a while it was okay, and the real Django admin template was there and the CSS was loaded and it was working. But this time again the same problem happened and I don't know how to solve it cause the project here is the photo is raw, with no special code.
I don't know if it's Chrome problem or not, but I have tried it on other browsers and it was the same thing.
I would be glad if you can help me
the answer I found was to change STATIC_URL = 'static/' in settings.py to STATIC_URL = '/static/'. Only one '/' may change your whole admin appearance. This problem may not happens to everyone but running code in Pycharm, I had been tackling it for such a long time.
If this problem is happening locally, then just change your settings.py
DEBUG = True
#...
#...
STATIC_ROOT = YOUR_STATIC_ROOT_DIRECTORY
Then run collectstatic, make sure you have a proper STATIC_ROOT directory which is also in your settings.py file
python manage.py collectstatic
If you have deployed your app on a production server then, you have to follow certain things in order to get stylesheet and javascript files.
Firstly
In your urls.py you need to add this code
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) + \
static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
Then you have to use a third-party media file server(CDN) Like AWS S3 or you can serve your css, js or media files from your Django server
If you don't want to use AWS S3, then you can either send css/js using your django app (which is not ideal to do), or you can use nginx or apachee to send your css/js
For Nginx to send js/css
You have to add a Static and Media File Root that can be accessed by your django application, I usually use /var/www/ to serve static and media from any Linux server
STATIC_ROOT = '/var/www/static'
MEDIA_ROOT = 'var/www/media'
Then if you are using nginx
server {
server_name domainname.com;
access_log off;
location /static/ {
root /var/www/static;
}
location /media/ {
root /var/www/media;
}
If it is still not working, then your django app might not be able to use the given static_root and media directory, make sure your app has access to them
If you want to send your js/css from your django app (Better not to do in production)
Then
To install whitenoise
pip install whitenoise
In your settings file
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware',
# ...
]
I create some django websites using Plesk Onyx. My problem is If I go to domainname.com/appname/settings.py or domainname.com/manage.py url i see everything in ".py" file. My folder permissions 755, file permissions is 644. The problem is solved when I set the file permissions to 640 or 600. Is there a shortcut in django related to this vulnerability? or do I need to change individual file permissions? I'm looking for an easy way. I don't know, maybe by adding a little code in django I can prevent these files from appearing. Im using python 3.6 - Django 2.2.3 - Plesk Onyx - Nginx
in ur .htaccess file block directory browsing
if want block specific extention
IndexIgnore *.py *.txt
block full directory listing
Options -Indexes
Granted 700 permissions to all folders except media and static folders. and i give 700 permissions manage.py + passenger_wsgi.py file.
Also i add "Additional nginx directives" in plesk
location ~* .(py|sqlite3|pyc)$ {
return 404;
}
I think its okay and secure now..
I have a test django project that I have been using the django development server for. I want to start using an actual apache server to properly simulate a production environment. I am using Mac OS X.
I have been using this tutorial here, but in the first set of instructions I am getting a 403 from localhost. The browser says I do not have permission to access / on the server.
When I comment out the apache config line from the tutorial, WSGIScriptAlias / /Users/username/Projects/django_books/django_books/django.wsgi I can access localhost.
This is the contents of my django.wsgi file:
import os
import sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_books.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
path = '/Users/username/Projects/django_books/django_books'
if path not in sys.path:
sys.path.append(path)
What is causing the 403 and why can't I see my django application?
EDIT
Directory structure:
django_books
apache (empty directory right now)
random_book
__init__.py
models.py
views.py
django_books
__init__.py
django.wsgi
settings.py
urls.py
views.py
wsgi.py
media
static
css
style.css
manage.py
2ND EDIT
Permissions on all the directories:
/Users/username/Projects/django_books/django_books/django.wsgi
-rw-r--r--
/Users/username/Projects/django_books/django_books
drwxr-xr-x
/Users/username/Projects/django_books/
drwxr-xr-x
/Users/username/Projects/
drwxr-xr-x
/Users/username/
drwxr-xr-x+
/Users/
drwxr-xr-x
According to my small experience I think you must add the following lines "just below the import sys line to place your project on the path" (so juste under "import sys") like it's said in the tutorial you quote. Also, erase the second "django_books" in your path because you want to link to your site not the app in your site ;-) ("mysite" in the tutorial, not mysite/mysite)
import os
import sys
path = '/Users/username/Projects/django_books'
if path not in sys.path:
sys.path.append(path)
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_books.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
Bye
It's likely an issue related either to your Apache installation, python library, or the filesystem's permissions.
Testing Apache
You don't say it in your question, but I assume from your link you are working with Apache2 and mod_wsgi.
You can test if Apache and mod_wsgi (or your wsgi module) are working properly by placing a dummy wsgi script in the place of django.wsgi . This script (stolen from mod_wsgi's docs) doesn't rely on Django and helps make sure that Apache can read and execute the wsgi script:
# test version of django.wsgi
def application(environ, start_response):
status = '200 OK'
output = 'Hello World!'
response_headers = [('Content-type', 'text/plain'),
('Content-Length', str(len(output)))]
start_response(status, response_headers)
return [output]
And restart apache
sudo service apache2 restart
Go ahead and test the page. Did it work? Great. Undo the changes to the django.wsgi script, restart Apache and test again. If the Django site still doesn't work, we need to keep looking. If the test script didn't work, there may be a problem with your Apache installation. Check apache's error log for more information about what happened. On linux it's commonly at /var/log/apache2/error.log . mod_wsgi could be improperly installed, the script's daemon may not have appropriate permission to the wsgi file.
Correcting permission errors
Apache may not be able to read and execute the wsgi file. Running ls -l in the wsgi file's directory as indicated in other answers will tell you the user and group a file belongs to (and if that user and group can read, write, or execute a given file). It's common for a default installation to have the wsgi permissions like so:
-rw------- 1 www-data www-data 1470 Aug 29 16:00 django.wsgi
If you want to use a different user for the daemon process, you need to make sure that the apache conf file defines WSGIDaemonProccess
WSGIScriptAlias / /Users/username/Projects/django_books/django_books/django.wsgi
WSGIDaemonProcess wsgi_user processes=2 threads=15 display-name=%{GROUP}
WSGIProcessGroup wsgi_group
Testing changes to these files and restarting Apache can help narrow down what's up. Keep checking the Apache log files.
Apache Configuration
Django's tutorial on setting up mod_wsgi is good, but read through mod_wsgi's wiki as well. There are a lot of helpful things to consider in your apache conf file besides WSGIScriptAlias. Make sure there is a tag pointing to the folder with your wsgi file. If there are non-public files (like django project files) in that directory, either use the apache directory (update your apache conf file) or add a tag under the node to keep those other files private. While you're in there, you may notice other things that look wrong, like an improperly configured servername, multiple virtual hosts, or other errors.
Testing Python
If you're using virtualenv (do it), make sure that
1. The WSGIDaemonProcess variable defines the appropriate site-packages and the wsgi script's location in the variable's python-path attribute
2. The daemon has rights to read the site packages in your virtualenv.
3. Your wsgi script properly imports django and your site's settings.
Logging Apache
You can increase the level of logging reported by Apache by adding a few lines to your Apache conf file. This setup gives you very verbose logging that you may want during deployment (make sure to make a log folder):
LogLevel info
ErrorLog /Users/username/Projects/django_books/logs/apache_error.log
CustomLog /Users/username/Projects/django_books/logs/apache_access.log combined
I would suspect that the www-data (or whatever user apache is running as) doesn't have access to /Users/username/Projects/django_books/django_books.
su to that user and try and access that directory and the wsgi file within it.
To print all the relevant permissions:
ls -ld /Users /Users/username /Users/username/Projects /Users/username/Projects/django_books /Users/username/Projects/django_books/django_books /Users/username/Projects/django_books/django_books/django.wsgi
You should also check the apache error logs, they might tell you what is going wrong.
I have a problem setting my Django application for deployment on openshift and testing locally.
Here is my structure
root_folder/
my_project/
anoter_app/
urls.py
views.py
my_project/
settings.py
urls.py
views.py
manage.py
application.py (to tell openshift where my settings file is: my_project.myproject.settings)
So for it to work on the deployment server, in the settings, the ROOT_URL_CONF is:
myproject.myproject.urls
and in my url file, the view must be reached as myproject.myproject.views
But when I want to work locally, I have to change the ROOL_URL_CONF as myproject.urls
and the views are reached with myproject.views
How do I make it work both locally and on the deployment server with the same settings?
Thank you
Create a new file named local_settings.py, at the bottom of your settings.py add:
try:
import local_settings
except:
print 'CAUTION -- NOT USING LOCAL SETTINGS!'
Put any settings you need to override on your local environment in your local_settings.py file.
I resolved it, the problem was that the folder and the app had the same name.
I renamed the app and now i dont'have to do myproject.myproject
I'm new to Django and need to understand file structure. below is an example of my Django project (some files missing)
My confusing is to do with production on a real server and how my file structure relates.
I have the following questions on this issue which I think if answered will help me understand.
Where is the web root?
How do you stop users from downloading settings.py?
Its this structure ok?
project
manage.py
templates [folder]
myapp1 [folder]
models.py
views.py
projectname [folder]
urls.py
settings.py
There is no web root. Django project files can be placed anywhere for a web server to run and serve at a given URL. URL's do not correspond to file structure.
Django should never be exposed to the public. You stop users from downloading it by not exposing it to the public. Only static media should ever be accessible from the web.
Yes, your structure is okay. That's the recommended new standard.
With mod_wsgi you don't need to declare a Document Root, you just give a path to your wsgi file
a sample apache mod_wsgi configuration from the docs:
WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
WSGIPythonPath /path/to/mysite.com
<Directory /path/to/mysite.com/mysite>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
Users cannot access settings.py apache does not serve it. Make sure debug=False though as it can expose your settings
Your structure is the default django structure from 1.4+
Just to add another perspective, your URLconf, contained in urls.py, defines the virtual filesystem, if you will, of your web root. It's up your URLconf scheme to route entire classes of URLs to your views, which generate dynamic pages. So in a sense, with a handful of URL entries, views, and templates, you can make it appear as though you have a web root with populated with countless "files", none of which are your actual Python source code.