On Sep 6, 5:01 am, DaveP <davidpet...@gmail.com> wrote:
> Let me first state, I'm fairly new to Python and even newer to Django,
> so if what I'm mentioning is already an ongoing effort, I apologize.
>
> I was reviewing the following
> documentation:http://docs.djangoproject.com/en/dev/howto/deployment/modwsgi/.
>
> I has a question/possible suggestion. The documentation suggests that
> you should place your wsgi file in your project, which I think is a
> very valid location for it.
No it isn't and the documentation of the mod_wsgi site warns against
doing that. Instead it says to create a subdirectory called Apache and
place it in that.
This is because you need to tell Apache that it is allowed to serve up
files from that directory. If you put the WSGI script file in the same
directory as the settings file, then you consequently could be saying
that Apache can server up all your site source code, including your
settings file with passwords in it.
The only saving grace is that for files to be accessible requires two
steps. The first is saying that Apache can serve up files from a
directory. The second is there being a URL mapping in Apache which
exposes that directory under some URL. Normally the latter isn't going
to exist unless Apache configuration stuffed up, by why reduce your
security and make it that bit easier to expose your code when you do
muck up the Apache configuration.
> My question and potential suggestion
> stems from the contents of the file itself.
>
> This line sort of bothers me: sys.path.append('/usr/local/django'). As
> well as the statement:
> "Remember to replace 'mysite.settings' with your correct settings
> file, and '/usr/local/django' with your own project's location."
>
> Doing that makes the project less portable, and requires changes from
> environment to environment. This is obviously not a difficult thing to
> accomplish, however I think the wsgi file could be made a little more
> generic and accomplish the task at hand.
>
> So on the surface it would appear the recommended wsgi file should
> look something like (obvious path variations):
>
> # Start Example From Documentation
> import os
> import sys
>
> os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
>
> sys.path.append('/usr/local/django')
> import django.core.handlers.wsgi
> application = django.core.handlers.wsgi.WSGIHandler()
> #End Example From Documentation
>
> I think this could be simplified and made more portable for everyone
> with something more like the following. I intentionally used a few
> extra lines for readability, but it could of course be consolidated to
> use less variables
> #Start Sample of Suggested Alteration
> import os
> import sys
>
> project_folder = os.path.split(__file__)[0]
Go read what os.path.dirname() does. It is a better way of doing what
you are doing.
> project_parent_folder = os.path.split(project_folder)[0]
> project_name = os.path.split(project_folder)[1]
> sys.path.append(project_parent_folder)
> settings_module = project_name + ".settings"
>
> os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
>
> import django.core.handlers.wsgi
> application = django.core.handlers.wsgi.WSGIHandler()
> #End Sample of Suggested Alteration
>
> This version doesn't require any changes from project to project, and
> is independent of where the project is stored. This should lend itself
> to promoting projects from development into production where directory
> layouts may differ.
>
> I had also thought that perhaps the wsgi file could be auto-generated
> from the django-admin.py startproject command. I can can certainly
> understand if the desire is to minimize the amount of files created as
> part of the startproject command, however at the very least, I think
> updating the documentation mentioned above, would be beneficial.
>
> Again, I'm pretty new to all this stuff, so If I've missed something
> or what I'm suggesting is just dumb, please don't be afraid to let me
> know that :)
Also suggest you go have a read of:
http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango
http://blog.dscpl.com.au/2010/03/improved-wsgi-script-for-use-with.html
Graham
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
