I am working on a Django based application whose location on my disk is home/user/Documents/project/application. Now this application takes in some values from the user and writes them into a file located in a folder which is under the project directory i.e home/user/Documents/project/folder/file. While running the development server using the command python manage.py runserver everything worked fine, however after deployment the application/views.py which accesses the file via open('folder/path','w') is not able to access it anymore, because by default it looks in var/www folder when deployed via apache2 server using mod_wsgi.
Now, I am not putting the folder into /var/www because it is not a good practise to put any python code there as it might become readable clients which is a major security threat. Please let me know, how can I point the deployed application to read and write to correct file.
The real solution is to install your data files in /srv/data/myapp or some such so that you can give the webserver user correct permissions to only those directories. Whether you choose to put your code in /var/www or not, is a separate question, but I would suggest putting at least your wsgi file there (and, of course, specifying your <DocumentRoot..> correctly.
Related
So I have a MySQL database for my Django project which I think is located in the default directly (wherever that should be). When I want to move my Django project to digital ocean, how do I move that database? The my.cnf file is located inside the same directory as the settings.py file for the Django project. I am using macOS.
In short: How do I copy my database file to my Django project directory and reconfigure its path to that?
Compare the MySQL versions of both servers. Ensure the new version isn't less than the current version. Also check its not two major versions ahead of the current one.
Ensure MySQL is stopped.
Copy/move the entire datadir to the new location. There should be no files in this new location that weren't in the original.
In the my.cnf file set datadir to the new location.
Copy the my.cnf file to the location where mysql is expecting to read this on the new server. Look at top of mysqld --help --verbose if you have doubts where this is.
There are many things to consider here,
In Digital Ocean you would have MySQL server running on same machine as the Django server i.e just like your local machine?
If yes then you might not have to change anything on django settings (if you keep user and password same as local).
If No, you might need to change host in django to IP of that server(there are many things involved here...)
Regarding the data transfer, it is always the best practice to dump MySQL and Import it in new DB. There are many guides available on web. Here is one from Digital ocean.
This is a bit embarassing, but I'm a Django noob and I couldn't find a simple solution to this:
I have written a Django app in a local VM that I now want to deploy to a "production" server. App works like a charm locally.
Now my IT colleague has set up the server with Django and that also works fine. I can open it via the Web and I get the usual "Congratulations on your first Django-powered page". I can also log into the admin interface. The project has been created.
This is a very low-key mini project and I'm not too familiar with git, so we've decided to just push files via FTP. (And I want to stick with that if at all possible.) So I uploaded the app folder into the project folder and also adjusted the project's settings.py and urls.py.
However, nothing seems to be happening on the server's end. The welcome page is the same, the app does not show up in the admin interface and the URLs won't be resolved as hoped.
Any suggestions what I should have done / done differently?
You need to restart apache or whatever is running your django project. Your changes to py files are cached when you first load your server config (settings).
Any suggestions what I should have done / done differently?
You should be using git/jenkins/deployment techniques, I know you said you've decided not to use it but you're going to be missing out on important things like being able to keep track of changes and unit testing
I am running into a problem where any changes I make to my .py Django files don't change the .pyc file, so the Django web site doesn't change until I manually delete the .pyc file.
This only happens when running a Django app/py files dependent on Django.
Example:
models.py: contains methods to update database
cron.py: Independent script that sets up Django environment and then uses models.py to update database as a cron job
For some reason, changes in cron.py are reflected when I run it with python cron.py but cron.py will NOT pick up any changes I make to models.py. It will run off of the old .pyc file which is consistent with that happens when I use models.py through the web app.
I've tried chmod 777 on the entire directory. Does anyone have any idea what is causing this? Is there any relevant code I can post?
In case you are running this your Django instance with apache, you will need to restart apache in order for the changes to reflect, which you can simply do using
sudo service apache2 graceful
The pyc files are autoupdated locally with the default django development server only.
I'm just about getting started on deploying my first live Django website, and I'm wondering how to set the Ubuntu server file permissions in the optimal way for security, whilst still granting the permissions required.
Firstly a question of directories: I'm currently storing the site in ~/www/mysite.com/{Django apps}, but have often seen people using /var/www/... or /srv/www; is there any reason picking one of these directories is better than the other? or any reason why keeping the site in my home dir is a bad idea?
Secondly, the permissions of the dir and files themselves. I'm serving using apache with mod_wsgi, and have the file WSGIScriptAlias / ~/www/mysite.com/mainapp/wsgi.py file. Apache runs as www-data user. For optimal security who should own the wsgi.py file, and what permissions should I grant it and its containing dir?
Similarly, for the www, www/mysite.com, and www/mysite.com/someapp directories? What are the minimal permissions that are needed for the dirs and files?
Currently I am using 755 and 644 for dir and files respecitvely, which works well enough which allows the site to function, but I wonder if it is optimal/too liberal. My Ubuntu user is the owner of most files, and www-data owns the sqlite dbs.
In regards to serving the application from your home directory, this is primarily preference based. However, deployment decisions may be made depending on the situation. For example, if you have multiple users making use of this server to host their website, then you would likely have the files served from their home directories. From a system administrator's perspective that is deploying the applications; you may want them all accessible from /var/www... so they are easier to locate.
The permissions you set for serving the files seem fine, however they may need to run as different users... depending on the number of people using this machine. For example, lets say you have one other application running on the server and that both applications run as www-data. If the www-data user has read permissions of Django's config file, then the other user could deploy a script that can read your database credentials.
I'm writing a web application in Python (on Apache server on a Linux system) that needs to connect to a Postgres database. It therefore needs a valid password for the database server. It seems rather unsatisfactory to hard code the password in my Python files.
I did wonder about using a .pgpass file, but it would need to belong to the www-data user, right? By default, there is no /home/www-data directory, which is where I would have expected to store the .pgpass file. Can I just create such a directory and store the .pgpass file there? And if not, then what is the "correct" way to enable my Python scripts to connect to the database?
No matter what approach you use, other apps running as www-data will be able to read your password and log in as you to the database. Using peer auth won't help you out, it'll still trust all apps running under www-data.
If you want your application to be able to isolate its data from other databases you'll need to run it as a separate user ID. The main approaches with this are:
Use the apache suexec module to run scripts as a separate user;
Use fast-cgi (fcgi) or scgi to run the cgi as a different user; or
Have the app run its own minimal HTTP server and have Apache reverse proxy for it
Of these, by far the best option is usually to use scgi/fcgi. It lets you easily run your app as a different unix user but avoids the complexity and overhead of reverse proxying.
Install the application and its config files in its own directory different from the static files directory and only readable by the application user.
Set another user to run the application and use the WSGIDaemonProcess directive.
All of that and much more is clearly described in the mod_wsgi site, in the Quick Configuration Guide, Configuration Guidelines and Configuration Directives