I'm new to Django and need to understand file structure. below is an example of my Django project (some files missing)
My confusing is to do with production on a real server and how my file structure relates.
I have the following questions on this issue which I think if answered will help me understand.
Where is the web root?
How do you stop users from downloading settings.py?
Its this structure ok?
project
manage.py
templates [folder]
myapp1 [folder]
models.py
views.py
projectname [folder]
urls.py
settings.py
There is no web root. Django project files can be placed anywhere for a web server to run and serve at a given URL. URL's do not correspond to file structure.
Django should never be exposed to the public. You stop users from downloading it by not exposing it to the public. Only static media should ever be accessible from the web.
Yes, your structure is okay. That's the recommended new standard.
With mod_wsgi you don't need to declare a Document Root, you just give a path to your wsgi file
a sample apache mod_wsgi configuration from the docs:
WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
WSGIPythonPath /path/to/mysite.com
<Directory /path/to/mysite.com/mysite>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
Users cannot access settings.py apache does not serve it. Make sure debug=False though as it can expose your settings
Your structure is the default django structure from 1.4+
Just to add another perspective, your URLconf, contained in urls.py, defines the virtual filesystem, if you will, of your web root. It's up your URLconf scheme to route entire classes of URLs to your views, which generate dynamic pages. So in a sense, with a handful of URL entries, views, and templates, you can make it appear as though you have a web root with populated with countless "files", none of which are your actual Python source code.
Related
I create some django websites using Plesk Onyx. My problem is If I go to domainname.com/appname/settings.py or domainname.com/manage.py url i see everything in ".py" file. My folder permissions 755, file permissions is 644. The problem is solved when I set the file permissions to 640 or 600. Is there a shortcut in django related to this vulnerability? or do I need to change individual file permissions? I'm looking for an easy way. I don't know, maybe by adding a little code in django I can prevent these files from appearing. Im using python 3.6 - Django 2.2.3 - Plesk Onyx - Nginx
in ur .htaccess file block directory browsing
if want block specific extention
IndexIgnore *.py *.txt
block full directory listing
Options -Indexes
Granted 700 permissions to all folders except media and static folders. and i give 700 permissions manage.py + passenger_wsgi.py file.
Also i add "Additional nginx directives" in plesk
location ~* .(py|sqlite3|pyc)$ {
return 404;
}
I think its okay and secure now..
I am using mod_wsgi with apache to serve the python application. I have a directive in the VirtualHost entry as follows WSGIScriptAlias /app /home/ubuntu/www/app.wsgi. I also have DocumentRoot /home/ubuntu/www/. Therefore, if the user attempts to read /app.wsgi it gets the raw file. If I try to block access to it via .htaccess, the application becomes unusable. How do I fix this? Is there a way to do so without moving the file out of the DocumentRoot?
This is far from the best option, but it does seem to work: I added WSGIScriptAlias /app.wsgi /home/ubuntu/www/app.wsgi to the VirtualHost as well so that it will run the app on that uri instead of returning the raw file.
You should not stick the WSGI file in the DocumentRoot directory in the first place. You have created the situation yourself. It doesn't need to be in that directory for WSGIScriptAlias to work.
I don't exactly know what to provide you with for this one. I am running my project on Xubuntu 12.04 under an Apache2 server. Let me know what information you need.
My admin.py file:
from django.contrib import admin
from notendur.models import * # notendur is the application
This is what the page looks like:
http://imgur.com/VB9hREt
This is not how it should look like. It should look like this:
http://imgur.com/PUdJUul
Configure your apache server to look for admin MEDIA.
See these location in site packages where admin module is installed.
Configure your apache by adding these lines.
Alias /static/ PATH/TO/LOCATION
Alias /media/ PATH/TO/LOCATION
PATH/TO/LOCATION is your admin media and static file location generally located at site-packages.
Msoni
I am a beginner programmer. I started using Python and Bottle for a small web app to print a form, so far so good. The real issue is configuring Apache and mod_wsgi, as my knowledge is almost none.
My problem: I keep getting this error:
Error 404: Not Found
Sorry, the requested URL /factura/ caused an error: Not found
In work they gave me and address redirecting to a IP:port; after some days of reading Apache docs and looking examples through the web I managed to set up the configuration so my VirtualHost doesn't breaks the others virtualhosts already running. The config looks like this (based on the bottle tutorial deployment section):
Listen port
NameVirtualHost IP:port
<VirtualHost IP:port>
ServerName IP:port
WSGIDaemonProcess factura processes=1 threads=5
WSGIScriptAlias / /var/www/factura/app.wsgi
<Directory /var/www/factura>
WSGIProcessGroup factura
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
My app.wsgi is almost the same as the one in the Bottle tutorial-deployment section. I only added the line sys.stdout = sys.stderr:
import sys, os, bottle
# Change working directory so relative paths (and template lookup) work again
sys.path = ['/var/www/factura'] + sys.path
os.chdir(os.path.dirname(__file__))
# Error output redirect
# Exception KeyError in 'threading' module
sys.stdout = sys.stderr
import factura
application = bottle.default_app()
Here is a bit of the python code which is related to Bottle:
from lib import bottle
app = bottle.Bottle()
#serves files in folder 'static'
#app.route('/static/:path#.+#', name='static')
def ...
#app.route("/factura")
#bottle.view("factura")
def ...
#app.route("/print_factura", method="POST")
def ...
I have read some of the others question similar to this, but I can't manage to see what I'mm missing. I suppose the problem is in app.wsgi?
UPDATE
file structure
/var/www/factura/ ## .py files
/views ## here is the web template
/static ## .css and .js of template
/lib ## package with bottle and peewee source files
/data ## inkscape file to play with
/bin ## backup stuff in repo, not used in code
Apache error log only shows
Exception KeyError: KeyError(-1211426160,) in <module 'threading' from '/usr/lib/python2.6/threading.pyc'> ignored
that is a warning from wsgi/python issues, harmless by wsgi issue 197
UPDATE 2 working
added #app.route("/factura/") notice the trail slash, that with the change in app import from factura import app as application those two together made it work
If you create your application explicitly:
app = bottle.Bottle()
then you should import it in your app.wsgi instead of application = bottle.default_app():
from factura import app as application
But what is far important is this. In your WSGI file, you do import bottle, yet in the app code file, you do from lib import bottle. As you have explained, you have two copies of Bottle: one installed server-wide, another under the lib directory.
That's why you were receiving 404 Not Found. You were actually working with one instance of the library (creating app), and then giving Apache a different (default_app) from a different instance of the library!
It started to work okay when you began to return the proper app.
Anybody know how to deploy a simple Flask application on Webfaction?
I know Webfaction support mod_wsgi and I read the guide on the Flask site but still I can't make my app working. Anybody have a working configuration?
UPDATE to answer a comment by Graham Dumpleton.
I get a 500 Internal server error. Apache does not show any error in the logs. The WSGI script is executed and seems to create the application correctly, but I keep getting a 500 error.
Thanks.
I got it working with the following procedure:
create and app named 'myapp' of type mod_wsgi 3.3/Python 2.7. Webfaction will create the following folders:
myapp
|- apache2
|- htdocs
Webfaction will also automatically create a simple script index.py in your htdocs directory. Check if the sample script work visiting the root of your newly created application (to do thin on Webfaction you need to "mount" the app on a website). If it's all OK modify the script deleting the content and adding:
from myapp import app as application
In apache2/conf/httpd.conf add the follwing lines:
WSGIPythonPath /home/username/webapps/myapp/htdocs/
#If you do not specify the next directive the app *will* work but you will
#see index.py in the path of all subdir
WSGIScriptAlias / /home/username/webapps/myapp/htdocs/index.py
<Directory /home/username/webapps/myapp/htdocs>
AddHandler wsgi-script .py
RewriteEngine on
RewriteBase /
WSGIScriptReloading On
</Directory>
Restart apache2
You need to set up a "Custom app (listening on port)" application. Make a note of the port that is assigned. Then in your Flask code, you need to put hardcode the port:
if __name__ == __main__:
app.run(host='0.0.0.0' port=XXXXXXX)
Where you substitute XXXXXXX with the port that is randomly assigned to your custom app.
Hope that helps.
EDIT:
Please use Raben's Answer, this way should not to be used in Production.