I am using DJango 1.8 and python 3.4.3, and I have been running my app on Debug mode, and found a way to show images inside a directory configured on MEDIA_ROOT, this was my first question and the solution I have found: How to upload and show images in DJango. But reading the docs I found that that solution is not suitable for a served app, so, if I stop using "Debug=True" the images will not be displayed, and I have to use one of the options exposed on this link: Static files on deployment but I don't have money to pay another server, I just can pay my hosting on pythonanywhere, and for the option to use the same server for the images, I don't have idea how to automate the collectstatic and also don't know how to trigger it when an user uploads a new image.
I have used ASP.NET and PHP5 and I didn't had problems with the images in none of them, so, I have two questions:
Is there an easy way to show images URL's?
Is there a high risk security problem if I deploy my app with DEBUG=True?
I hope you can help me, because I find this ridiculous, probably is for better security, but it just not make sense for a framework, instead of making the work easier it make it more difficult and stressful.
Django runserver is not intended for serving up static files in a production environment. It should be limited to development and testing environments.
If you are intending to use django's runserver to server up static files with DEBUG=False then use the --insecure flag.
You should never deploy a site with DEBUG = True due to security implications.
Static files and media assets are 2 different things.
Static Files
Static files are things like images you created and files that come with 3rd party apps you have installed (e.g. django-cms). These files include images, css and javascript files etc.). So you need to have a settings.STATIC_ROOT for this.
python manage.py collectstatic collects static files from different locations and puts them all in a single folder.
Media Files
Media files are things the user uploads (e.g. photos, documents etc.). So you have a settings.MEDIA_ROOT for this. collecstatic won't do anything to media files, they will just be there already once the user uploads them.
Serving up static and media files in production
Frameworks like Django aren't going to cover automatic production server configuration - that is something else you will have to learn unfortunately.
There are a lot of good guides around e.g. this one to help you get started serving media and static files in production.
Regarding server costs, I'm sure you can find a host to give you some free credit, or pay $5/month for a server somewhere... try lowendbox
Here is a guide from pythonanywhere regarding media and static files: https://help.pythonanywhere.com/pages/DjangoStaticFiles/
1) in urls.py add:
(r'^media/(?P<path>.*)$', 'django.views.static.serve',
{'document_root': settings.MEDIA_ROOT, 'show_indexes': True}),
and open url http://myhost.com/media/
2) Never deploy a site into production with DEBUG turned on, DEBUG=True is a security issue,
Related
I've built a Django project with Python and a MySQL database. I'm ready to deploy it to a shared server hosting platform called Hostgator. Their tech support tells me to load all my project files directly into a public_html directory, but when I do that, and navigate to my domain, I just see a list of files (see below), instead of the website I built. What am I missing?
I can't find any good documentation for this kind of deployment. I've done the Django deploy checklist and I think I have that stuff done right. I'm wondering about if/what to put in an .htaccess file, and I'm also not sure how to configure my STATIC_URL or STATIC_ROOT. Do I need to update those to have the path of my production domain? I have run the collectstatic command on the project.
As of now, I have the following for my static file handling in settings.py:
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
You don't want your django app in public_html. If you are using nginx or apache (you are using one of them, probably visible in the lower left of your screenshot just out of crop range), you likely want to proxy to the process running your Django app (gunicorn is one way to do that).
Essentially, Nginx handles all the web traffic, and hands off (via proxy) anything for your Django app to Gunicorn which is running your wsgi application (Django). Nginx can also then serve up your static files as well.
Digital ocean has a decent 'how to' that covers most of it in depth.
https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04
A Django-based service that I'm working on allows users to upload media files via REST API or Django admin but does not provide or use any static files (like css styles, js libraries, etc.).
Media files are stored in specific fields in database and use S3 bucket as storage backend so server itself does not directly serve any files at all.
Having such a case is running collectstatic command required every time application is being deployed?
Thought the concept of static and media files in Django application is rather simple I'm still confused about whether configurations for them should be somehow related?
As Django won't serve the staticfiles when the DEBUG is False (through deployment), if you want the css, js and other static files (at least in the admin, in your case), you need to run collectstatic.
So if you want django admin to be like your development environment (with css and images), you need it.
Your Django-based service does not need collectstatic at all.
Question is about django admin - because admin app uses static content css/img/js.
Do you use django admin in production?
If yes - then you need to run collectstatic command it, otherwise admin site will be unstyled or totally broken because of missing js files.
If no - then you collectstatic command has no use for you.
This is well known topic, on how to setup, serve MEDIA Files, but there is a lot of no no to serving them in production, this is just one example from answered question on SO,
Django does not serve MEDIA_ROOT by default. That would be dangerous
in production environment. But in development stage, we could cut
short. Pay attention to the last line. That line enables Django to
serve files from MEDIA_URL. This works only in developement stage
Obviously there is a lot of web application that are handling this, I have a field in which I'm expecting a lot of CV to be uploaded, my concern are corrupted files, so is there a common pattern on how to handle this?
What you are saying is recommended against, but if you would like to anyways, there is a package called dj-static that does exactly what you are asking.
dj-static on Github
I tend to write my API documentation in Markdown and generate a static site with MkDocs. However, the site I'd like to host the documentation on is a Django site. So my question is, and I can't seem to find an answer Googling around, is how would I go about hosting the MkDocs static generated site files at a location like /api/v1/docs and have the static site viewable at that URL?
UPDATE:
I should point out I do serve all static files under Apache and do NOT use runserver or Debug mode to serve static files, that's just crazy. The site is completely built and working along with a REST API.
My question was simply how do I get Django (or should I say Apache) to serve the static site (for my API docs) generated by MkDocs under a certain URL. I understand how to serve media and static files for the site, but not necessarily how to serve what MkDocs generates. It generates a completely static 'site' directory with HTML and assets files in it.
Django is just a framework you need to host your static files and serve them with something like Nginx or Apache etc.
I think you need the alias directive in apache and use that to redirect certain URLs to your static documentation site.
from the docs
urls = [
static(settings.STATIC_URL, document_root=settings.STATIC_ROOT),
("/home","views.home"),
...
]
https://docs.djangoproject.com/en/1.8/howto/static-files/#serving-static-files-during-development
in your request you would change to
static("/api/v0/docs",document_root="/home/docs/")
I currently have this in my project urls.py, the last line is what's important.
urlpatterns = patterns('',
url(r'^', include('polls.urls', namespace="polls")),
url(r'^admin/', include(admin.site.urls)),
) + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
I've been told and I've read that this is not suitable for a production environment. Why is this the case?
Django is built to be an "application server", not a "web server".
In other words, serving static files from Django will have worse performance than using Apache or Nginx. These static content servers are (1) written in C and (2) optimized for performance.
In contrast, Django is (1) written in pure Python and (2) optimized for developing an application.
See the documentation.
That may be totally fine. I have used Django to serve static content in production, when I knew the load would not be high and I wasn't serving large files. It depends on what kind of environment "production" actually is.
FYI, A common production setup would be to use Nignx, Django, Gunicorn, and Supervisor. Nginx servers the static content from disk and reverse proxies the rest of it to Gunicorn, which runs multiple Django instances. Supervisor monitors Gunicorn and makes sure it stays running. It all depends on what level of web application you need.
It is not recommended to serve static files from the django server itself. The recommended way is to serve them in a separate server. check static files deployment, there you will find all you need.
Extending #Paul Draper's answer:
When using Nginx, make sure to list the following configuration:
location /media/ {
root path/to/your/media;
}
I used the tutorial for the google section of the django-storages package and it solves the issue serving the files (either static or media or both) from Google Storage, which avoids the trouble of additional configuration on Nginx or the like