I have a simple website that allows the user to upload a file to my server. I want the file to be uploaded into my django project folder in a sub directory.
Everything is working fine but when I use the upload feature on my website I get a permissions denied on the folder /var/www BUT the thing is I changed the DocumentRoot to equal /mnt/public/apps - which is where I want my uploaded files to go (the upload creates a sub directory).
I have correct permissions in /mnt/public but I can't figure out how to point django or apache so that my upload goes to the /mnt/public/apps root instead of /var/www
Any help would be greatly appreciated!
As Alasdair said in the comments, which was a super quick reply (thanks!), the correct fix for my problem was to add the MEDIA_ROOT variable to my settings.py file.
Related
I am trying to serve various file types using Django on a IIS windows server. And for the life of me, I can't seem to figure it out.
I am working with a legacy DB that stores file paths in a column. The files are held on a network share so have created a Virtual Folder (tired pass-though and connect as)
I get the URLS created in HTML using the file path from the DB / model
<td><a href ="/{{doc.location}}" download>{{doc.location}}</a></td>
which results in http://panel/docs/07/xxxxxx.doc
File downloads but get a Fail - No file in Chrome.
The files are mix of doc / pdf/ txt and a few other file types.
Any help would be greatly appreciated, racking my brain with this.
Make sure you use FileField or ImageField as it uses the Django Media Files system to correctly direct to the file's path on your server.
You will need to configure the MEDIA_URL the same name as your IIS Virtual Folder.
You can also create a dedicated FileSystemStorage to direct to that virtual folder explicitly.
Checkout more information in the Django docs https://docs.djangoproject.com/en/3.1/topics/files/.
About the IIS Virtual Directory, check out the django-windowsauth package, using the createwebconfig management command you can configure your IIS Website automatically and makes sure you configure correctly the Virtual Directory.
https://github.com/danyi1212/django-windowsauth
I am working on a Django based application whose location on my disk is home/user/Documents/project/application. Now this application takes in some values from the user and writes them into a file located in a folder which is under the project directory i.e home/user/Documents/project/folder/file. While running the development server using the command python manage.py runserver everything worked fine, however after deployment the application/views.py which accesses the file via open('folder/path','w') is not able to access it anymore, because by default it looks in var/www folder when deployed via apache2 server using mod_wsgi.
Now, I am not putting the folder into /var/www because it is not a good practise to put any python code there as it might become readable clients which is a major security threat. Please let me know, how can I point the deployed application to read and write to correct file.
The real solution is to install your data files in /srv/data/myapp or some such so that you can give the webserver user correct permissions to only those directories. Whether you choose to put your code in /var/www or not, is a separate question, but I would suggest putting at least your wsgi file there (and, of course, specifying your <DocumentRoot..> correctly.
I'm trying to allow users of my django site to upload a file (mostly PDFs) to my server through a FileField on a model. However, I keep running into 'Errno 13 Permission Denied' when trying to use the upload field generated by my modelform.
I have found many potential solutions while searching around, but haven't been able to get anything to work properly so far. This is my first real deployment and I have probably confused myself. For reference, I am on Ubuntu 14.04, Django 1.6, & gunicorn+nginx.
Right now, my media root lies within my project directory at:
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
MEDIA_ROOT = os.path.join(BASE_DIR, "media/uploads")
The error indicates an issue with the proper directory, so it's going to the right spot.
I have tried to chown -r the media directory to www-data:www-data with no success. I poked around, figured out what user was running the python process and tried to set 'him' as the owner - didn't work. I flipped it back to its original owner and group (root:root) and tried to chmod -r to 755 and 770, both of which also failed to resolve the issue.
If I chmod -r to 777, then everything "works" - but that's not something I want to keep exposed for obvious reasons.
My static files are collecting and being served properly from a directory outside of my project root (/var/www/mysite/static), so I tried moving the media folder over there and repeating all of the above steps - same result.
How can I get my media folder to securely accept uploads and downloads from my users without leaving this security hole wide open?
Thank you!
First of all, media files folder has to be in you project's path, otherwise you'll be getting SuspiciousOpertion exception from Django, so don't put it in /var/www.
Also, the fact that you are using nginx, is not that relevant, important part is which user is nginx/django project is running under, whichever user it is (normally www-data, at least with apache+mod_wsgi), that user should be the owner of the media folder.
Once you change the owner to the right user (I assume www-data): sudo chown -R www-data:www-data .../media, make sure permissions are correct: sudo chmod -R u+rwX .../media.
Hope it helped. Let me know if it didn't. :)
Try upping the max_body_size in your nginx conf file:
server {
...
client_max_body_size 250M;
...
}
By default it's set to 1M which is possibly too small depending on what you're uploading.
I'm just about getting started on deploying my first live Django website, and I'm wondering how to set the Ubuntu server file permissions in the optimal way for security, whilst still granting the permissions required.
Firstly a question of directories: I'm currently storing the site in ~/www/mysite.com/{Django apps}, but have often seen people using /var/www/... or /srv/www; is there any reason picking one of these directories is better than the other? or any reason why keeping the site in my home dir is a bad idea?
Secondly, the permissions of the dir and files themselves. I'm serving using apache with mod_wsgi, and have the file WSGIScriptAlias / ~/www/mysite.com/mainapp/wsgi.py file. Apache runs as www-data user. For optimal security who should own the wsgi.py file, and what permissions should I grant it and its containing dir?
Similarly, for the www, www/mysite.com, and www/mysite.com/someapp directories? What are the minimal permissions that are needed for the dirs and files?
Currently I am using 755 and 644 for dir and files respecitvely, which works well enough which allows the site to function, but I wonder if it is optimal/too liberal. My Ubuntu user is the owner of most files, and www-data owns the sqlite dbs.
In regards to serving the application from your home directory, this is primarily preference based. However, deployment decisions may be made depending on the situation. For example, if you have multiple users making use of this server to host their website, then you would likely have the files served from their home directories. From a system administrator's perspective that is deploying the applications; you may want them all accessible from /var/www... so they are easier to locate.
The permissions you set for serving the files seem fine, however they may need to run as different users... depending on the number of people using this machine. For example, lets say you have one other application running on the server and that both applications run as www-data. If the www-data user has read permissions of Django's config file, then the other user could deploy a script that can read your database credentials.
I am trying to setup a public_html/django_app folder, where all urls like ~/{username}/django would execute the .wsgi file located there.
The idea is to checkout our project inside of the django folder, and have it work for everyone without further apache config.
Right now, our project is running in /var/www/project_name, but I would like every user to be able to checkout the project in their own folder /home/{username}/public_html/django_app, and I don't want them to edit any apache config.
So I guess the question is, what is the best way / location to do this in the apache configuration. I would like to avoid creating VirtualHosts for everyone, just to change
WSGIScriptAlias django_app/ /home/{username}/django_app/core.wsgi
Thanks.
Answer:
WSGIScriptAliasMatch
^/~([^/]+)/django_app
/home/$1/public_html/django_app/core.wsgi