I think after that comment I'm slowly getting it but I still need to go back and learn more. Regardless of the the horrible security holes in my application, this still wouldn't do anything as far as *not* making this django app run, would it? In other words, I know it's insecure as hell to do what I'm doing but that is *not* the reason my django app is not running, correct?
thanks again, j. On Dec 11, 7:09 pm, Mike Dewhirst <mi...@dewhirst.com.au> wrote: > On 12/12/2010 10:35am, jc wrote: > > > You definitely lost me in some places but you've also cleared some > > things up in the process. I also noticed that I had "<Directory /srv/ > > www/wsgi-scripts>", which is lacking a directory for the > > WSGIScriptAlias. I've fixed that now. *Now*, I no longer get my > > listing of my files in my project when I go to my address *but* I now > > get 500 Internal Server Error. I'm not sure if I should trust the logs > > Always trust the logs. If you know enough about Apache to mistrust the > logs then you wouldn't be here. > > > or maybe I've misconfigured something else (either in Apache or in my > > django.wsgi file)...I had this same issue yesterday 500 error... > > > Also, when you said "Somewhere in your Apache config you have denied > > access to the entire filesystem", do you mean *Apache* has done this > > so that it will keep others out of my project (not that I've actually > > done this somewhere, right?) > > Somewhere in your Apache config there will be something like this ... > > # forbid access to the entire filesystem by default > <Directory /> > Options None > AllowOverride None > Order deny,allow > Deny from all > </Directory> > > ... which - as the comment says - locks the public out of everything on > the server. <Directory /> actually means the root of the server itself. > In other words /. The '/>' is not an XML closing tag even though it > might look like it. > > This is why you need to specifically open up public access to htdocs and > your wsgi script directory. Incidentally, it is also why your Django > code should not be in your your wsgi script directory. If it was Apache > could reveal it to the public - which is what I think you were > describing earlier. > > > > > After these changes, the project is still not running and I'm still > > not sure if it's my django app that's the issue or wsgi and my Apache > > configs. :/ > > 1. In WSGIScriptAlias you map your wsgi script (django.wsgi itself) to > the root of your duckling website. In other words your wsgi script > becomes the / which is the slash at the end ofhttp://1.2.3.4/ > > 2. Your Apache config opens up access to the directory in which that > script lives - in other words you create a hole in the entire filesystem > lockdown. > > To gain more info on wsgi scripts try ... > > http://code.google.com/p/modwsgi/wiki/DebuggingTechniques > > Good luck > > Mike > > > > > > > > > > > thanks for the reply back, I do appreciate it... > > > j. > > > On Dec 11, 5:29 pm, Mike Dewhirst<mi...@dewhirst.com.au> wrote: > >> On 12/12/2010 7:14am, jc wrote: > > >>> Apache& mod_wsgi are configured correctly (I've created a hello > >>> world .html apache file and a hello world mod_wsgi application with > >>> no > >>> problems). I know need my Django app to recognize my django.wsgi > >>> file. > >>> What makes me think that it's not recognizing my wsgi file is that I > >>> went into my django.wsgi file I created and completely deleted all of > >>> the code in the file and restarted Apache and it still gives me the > >>> same page (a listing of the files from Django app, not my actual > >>> Django application. Configuring Apache and mod_wsgi went really well > >>> but I'm at a loss of how to fix this. Here are some details instead of > >>> "it's > >>> not working": > > >> You are correct. Apache is not looking at the wsgi script. Have a look > >> at the suggestions below ... before playing with django.wsgi. > > >>> Here is my current django.wsgi file: > > >>> import os > >>> import sys > >>> sys.path.append('/srv/www/duckling.org/store/') > >>> os.environ['PYTHON_EGG_CACHE'] = '/srv/www/duckling.org/ > >>> store/.python- > >>> egg' > >>> os.environ['DJANGO_SETTINGS_MODULE'] = 'settings' > >>> import django.core.handlers.wsgi > >>> application = django.core.handlers.wsgi.WSGIHandler() > > >>> I've tried a few different versions of the django.wsgi file > >>> (including > >>> a version like the one over athttp://www.djangoproject.com/). > >>> This version of my wsgi is from here: > >>>http://library.linode.com/frameworks/django-apache-mod-wsgi/ubuntu-10... > > >>> Also, here is my vhost apache configuration file below. I think these > >>> are > >>> the main files that are suppose to do the job for me. Let me know if > >>> you see any errors in what I'm doing and what else I might do to fix > >>> this. The django app runs fine on the django's built-in development > >>> server so I'm thinking it *might have* something with my paths. > >>> No errors in my apache error.log file as well. It's acting as there's > >>> no problem at all, which is not the case...the project isn't loading, > >>> like I said just a listing of my files and directories of my Django > >>> project. Here is my apache config file: > > >>> <VirtualHost 1.2.3.4:80> > >>> ServerAdmin h...@duckling.org > >>> ServerName duckling.org > >>> ServerAliaswww.duckling.org > > >>> DocumentRoot /srv/www/duckling.org/store/ > > >> # DocumentRoot is where you keep non-django stuff eg., static files > >> # which is served by Apache without needing your Django code > >> DocumentRoot /srv/www/duckling.org/htdocs/ > > >>> <Directory /srv/www/duckling.org/store/> > >>> Order Allow,Deny > >>> Allow from all > >>> </Directory> > > >> # now let the public access anything here > >> <Directory /srv/www/duckling.org/htdocs/> > >> AllowOverride None > >> Order deny,allow > >> Allow from all > >> </Directory> > > >>> WSGIScriptAlias /django /srv/www/duckling.org/store/wsgi-scripts/ > >>> django.wsgi > >>> <Directory /srv/www/wsgi-scripts> > >>> Order allow,deny > >>> Allow from all > >>> </Directory> > >>> </VirtualHost> > > >> Somewhere in your Apache config you have denied access to the entire > >> filesystem to prevent outsiders from hacking in. Your Django code must > >> also be hidden from outsiders so it will live safely in > >> /srv/www/duckling.org/store because you haven't allowed anyone except > >> Apache to see it. > > >> Now you need to provide an allowed conduit to your Django code. So make > >> an Apache script alias to map the website root (ie '/') to your Django > >> code. Because you are using mod_wsgi the entry point is your django.wsgi > >> script. So map / to the script: > >> WSGIScriptAlias / /srv/www/duckling.org/store/wsgi-scripts/django.wsgi > > >> # and give the public full access - but only to the entry point > >> <Directory /srv/www/duckling.org/store/wsgi-scripts/> > >> Order deny,allow > >> Allow from all > >> </Directory> > > >> hth > >> Mike > > >>> And here are versions of the stack that I'm using, I saw over at the > >>> mod_wsgi site that you all would like the versions of what I'm using > >>> on the server: > >>> Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch > >>> mod_python/3.3.1 Python/2.6.5 mod_wsgi/2.8 > > >> I would remove mod_python if possible > > >>> thanks, > >>> j. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
