First time here? Check out the FAQ!

Revision history  [back]

How to configure Apache to run Django application?

What are the tricks to set up a Django application for production under Apache webserver?

How to make /admin interface secure?

How to run another site (either php or static html-based) on the same domain?

How to make sure that plain text files are served directly by the webserver to insure the fastest response?

How to configure Apache to run Django application?

What Below is the sample configuration that has been tested for Askbot.

Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is a slightly trickier setup so decided to show this more real-life example.

Other properties of this setup are the tricks to set that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.

Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a Django application clone of the same setup under say /path/to/mysite/staging and reserve it for production experimental installs and migrations.

Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.

Finally - always test under Apache webserver?(or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.

How to make /admin interface secure?

How to run another site (either

< VirtualHost 74.208.164.82:80 >
   ServerAdmin forum@example.com
    ServerName www.example.com

    #document root exposes stuff underneath to everyone
    #some things will be intercepted by django, but you 
    #must be careful so that you don't show contents of your settings.py 
    #and any other files containing source code, etc
    #it's a good idea to verify that you are not exposing things you shouldnt be
    DocumentRoot /path/to/mysite/production

    #uncomment if you use html or php files as well or static html-based) on the same domain?

How to comment if you don't DirectoryIndex index.html index.php #set up aliases to non-django resources #for example here could be your php blog (separately make sure that plain text files php is on in that dir) #notice - no trailing slash here. it's important that way /blog will be a valid url too Alias /blog /path/to/mysite/production/blog #add more Alias lines as needed #run mod_wsgi process for django in daemon mode #this allows avoiding confused timezone settings when #another application runs in the same virtual host - e.g. a php app WSGIDaemonProcess mydjangothing #name it anything you want WSGIProcessGroup mydjangothing #these are served directly by the webserver to insure the fastest response?

part of django app, but must be serve statically to save CPU cycles #use trailing slash here so that you don't show contents of directory skins itself Alias /m/ /path/to/mysite/production/django_site/forum/skins/ Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/ < DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media"> Order deny,allow Allow from all < /DirectoryMatch> < Directory "/path/to/mysite/production/django_site/forum/upfiles"> Order deny,allow Allow from all < /Directory> #this is your wsgi script for the production site WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi #this will force admin interface to work only #through https (optional, but highly recommended for security) < Location "/admin"> RewriteEngine on RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301] < /Location> CustomLog /path/to/httpd/logs/mysite/access_log common ErrorLog /path/to/httpd/logs/mysite/error_log < /VirtualHost> #run admin interface under https < VirtualHost 74.208.164.82:443 > ServerAdmin forum@example.com ServerName example.com #specify where to get media for the admin interface #the actual path that starts with /usr/local/lib - is the one to the django admin app Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/ #negative lookahead regex to send all non-admin traffic back to port 80 #regex has to be anchored here to work!!! < LocationMatch "^(?!/admin)"> RewriteEngine on RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301] < /LocationMatch> SSLEngine on #SSL files SSLCertificateFile /path/to/ssl_certificates/server.crt SSLCertificateKeyFile /path/to/ssl_keys/server.key WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi CustomLog /path/to/httpd_logs/mysite/access_log common ErrorLog /path/to/httpd_logs/mysite/error_log < /VirtualHost>

How to configure Apache to run Django application?

Below is the sample configuration that has been tested for Askbot.

Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog. This is - a slightly trickier setup so decided to show this more real-life example.

Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.

Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.

Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.

Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.

< VirtualHost 74.208.164.82:80 >
   ServerAdmin forum@example.com
    ServerName www.example.com

    #document root exposes stuff underneath to everyone
    #some things will be intercepted by django, but you 
    #must be careful so that you don't show contents of your settings.py 
    #and any other files containing source code, etc
    #it's a good idea to verify that you are not exposing things you shouldnt be
    DocumentRoot /path/to/mysite/production

    #uncomment if you use html or php files as well or comment if you don't
    DirectoryIndex index.html index.php

    #set up aliases to non-django resources
    #for example here could be your php blog (separately make sure that php is on in that dir)
    #notice - no trailing slash here. it's important that way /blog will be a valid url too
    Alias /blog /path/to/mysite/production/blog
    #add more Alias lines as needed

    #run mod_wsgi process for django in daemon mode
    #this allows avoiding confused timezone settings when
    #another application runs in the same virtual host - e.g. a php app
    WSGIDaemonProcess mydjangothing #name it anything you want
    WSGIProcessGroup mydjangothing

    #these are part of django app, but must be serve statically to save CPU cycles 
    #use trailing slash here so that you don't show contents of directory skins itself
    Alias /m/ /path/to/mysite/production/django_site/forum/skins/
    Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
    < DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
    Order deny,allow
    Allow from all
    < /DirectoryMatch>
    < Directory "/path/to/mysite/production/django_site/forum/upfiles">
    Order deny,allow
    Allow from all
    < /Directory>

    #this is your wsgi script for the production site
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi

    #this will force admin interface to work only
    #through https (optional, but highly recommended for security)
    < Location "/admin">
        RewriteEngine on
        RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
    < /Location>
    CustomLog /path/to/httpd/logs/mysite/access_log common
    ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
    ServerAdmin forum@example.com
    ServerName example.com

    #specify where to get media for the admin interface
    #the actual path that starts with /usr/local/lib - is the one to the django admin app
    Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
    #negative lookahead regex to send all non-admin traffic back to port 80
    #regex has to be anchored here to work!!!
    < LocationMatch "^(?!/admin)">
        RewriteEngine on
        RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
    < /LocationMatch>
    SSLEngine on
    #SSL files
    SSLCertificateFile /path/to/ssl_certificates/server.crt
    SSLCertificateKeyFile /path/to/ssl_keys/server.key
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
    CustomLog /path/to/httpd_logs/mysite/access_log common
    ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>

How to configure Apache to run Django application?

Below is the sample configuration that has been tested for Askbot.

Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog - a slightly trickier setup so decided to show this more real-life example.

Other properties of this setup are that /admin urls are forced to go through https - secure connection, and non-admin urls - through regular unencrypted connection, and all media files served by the Apache server directly. It is a common oversight to leave static files - like images and style sheets served by the Django application.

Also notice that it is assumed that main site is installed in /path/to/mysite/production. You should seriously consider setting up a clone of the same setup under say /path/to/mysite/staging and reserve it for experimental installs and migrations.

Later you can either just carefully swap directories staging and production, or create two versions for the apache setup for example production1.conf and production2.conf.

Finally - always test under Apache (or other webserver) before deploying - to minimize crisis management, do not use python manage.py runserver because conditions of these two environments are not identical.

< VirtualHost 74.208.164.82:80 >
   ServerAdmin forum@example.com
    ServerName www.example.com

    #document root exposes stuff underneath to everyone
    #some things will be intercepted by django, but you 
    #must be careful so that you don't show contents of your settings.py 
    #and any other files containing source code, etc
    #it's a good idea to verify that you are not exposing things you shouldnt be
    DocumentRoot /path/to/mysite/production

    #uncomment if you use html or php files as well or comment if you don't
    DirectoryIndex index.html index.php

    #set up aliases to non-django resources
    #for example here could be your php blog (separately make sure that php is on in that dir)
    #notice - no trailing slash here. it's important that way /blog will be a valid url too
    Alias /blog /path/to/mysite/production/blog
    #add more Alias lines as needed

    #run mod_wsgi process for django in daemon mode
    #this allows avoiding confused timezone settings when
    #another application runs in the same virtual host - e.g. a php app
    WSGIDaemonProcess mydjangothing #name it anything you want
    WSGIProcessGroup mydjangothing

    #these are part of django app, but must be serve statically to save CPU cycles 
    #use trailing slash here so that you don't show contents of directory skins itself
    Alias /m/ /path/to/mysite/production/django_site/forum/skins/
    Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
    < DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
    Order deny,allow
    Allow from all
    < /DirectoryMatch>
    < Directory "/path/to/mysite/production/django_site/forum/upfiles">
    Order deny,allow
    Allow from all
    < /Directory>

    #this is your wsgi script for the production site
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi

    #this will force admin interface to work only
    #through https (optional, but highly recommended for security)
    < Location "/admin">
        RewriteEngine on
        RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
    < /Location>
    CustomLog /path/to/httpd/logs/mysite/access_log common
    ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
    ServerAdmin forum@example.com
    ServerName example.com

    #specify where to get media for the admin interface
    #the actual path that starts with /usr/local/lib - is the one to the django admin app
    Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
    #negative lookahead regex to send all non-admin traffic back to port 80
    #regex has to be anchored here to work!!!
    < LocationMatch "^(?!/admin)">
        RewriteEngine on
        RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
    < /LocationMatch>
    SSLEngine on
    #SSL files
    SSLCertificateFile /path/to/ssl_certificates/server.crt
    SSLCertificateKeyFile /path/to/ssl_keys/server.key
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
    CustomLog /path/to/httpd_logs/mysite/access_log common
    ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>

How to configure Apache to run Django application?

Below is the sample configuration that has been tested for Askbot.

Also this example assumes that django site will run under url / and that there will be other things like php blog under say /blog - a slightly trickier setup so decided to show this more real-life example.

< VirtualHost 74.208.164.82:80 >
<VirtualHost 74.208.164.82:80>
    ServerAdmin forum@example.com
    ServerName www.example.com

    #document root exposes stuff underneath to everyone
    #some things will be intercepted by django, but you 
    #must be careful so that you don't show contents of your settings.py 
    #and any other files containing source code, etc
    #it's a good idea to verify that you are not exposing things you shouldnt be
    DocumentRoot /path/to/mysite/production

    #uncomment if you use html or php files as well or comment if you don't
    DirectoryIndex index.html index.php

    #set up aliases to non-django resources
    #for example here could be your php blog (separately make sure that php is on in that dir)
    #notice - no trailing slash here. it's important that way /blog will be a valid url too
    Alias /blog /path/to/mysite/production/blog
    #add more Alias lines as needed

    #run mod_wsgi process for django in daemon mode
    #this allows avoiding confused timezone settings when
    #another application runs in the same virtual host - e.g. a php app
    WSGIDaemonProcess mydjangothing #name it anything you want
    WSGIProcessGroup mydjangothing

    #these are part of django app, but must be serve statically to save CPU cycles 
    #use trailing slash here so that you don't show contents of directory skins itself
    Alias /m/ /path/to/mysite/production/django_site/forum/skins/
    Alias /upfiles/ /path/to/mysite/production/django_site/forum/upfiles/
    < DirectoryMatch <DirectoryMatch "/path/to/mysite/production/django_site/forum/skins/([^/]+)/media">
    Order deny,allow
    Allow from all
    < /DirectoryMatch>
    < Directory </DirectoryMatch>
    <Directory "/path/to/mysite/production/django_site/forum/upfiles">
    Order deny,allow
    Allow from all
    < /Directory>
</Directory>

    #this is your wsgi script for the production site
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi

    #this will force admin interface to work only
    #through https (optional, but highly recommended for security)
    < Location <Location "/admin">
        RewriteEngine on
        RewriteRule /admin(.*)$ https://example.com/admin$1 [L,R=301]
    < /Location>
</Location>
    CustomLog /path/to/httpd/logs/mysite/access_log common
    ErrorLog /path/to/httpd/logs/mysite/error_log
< /VirtualHost>
</VirtualHost>
#run admin interface under https
< VirtualHost 74.208.164.82:443 >
<VirtualHost 74.208.164.82:443>
    ServerAdmin forum@example.com
    ServerName example.com

    #specify where to get media for the admin interface
    #the actual path that starts with /usr/local/lib - is the one to the django admin app
    Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
    #negative lookahead regex to send all non-admin traffic back to port 80
    #regex has to be anchored here to work!!!
    < LocationMatch <LocationMatch "^(?!/admin)">
        RewriteEngine on
        RewriteRule django.wsgi(.*)$ http://example.com$1 [L,R=301]
    < /LocationMatch>
</LocationMatch>
    SSLEngine on
    #SSL files
    SSLCertificateFile /path/to/ssl_certificates/server.crt
    SSLCertificateKeyFile /path/to/ssl_keys/server.key
    WSGIScriptAlias / /path/to/mysite/production/django_site/django.wsgi
    CustomLog /path/to/httpd_logs/mysite/access_log common
    ErrorLog /path/to/httpd_logs/mysite/error_log
< /VirtualHost>
</VirtualHost>