We Keep Coding

Django Deployment: Error 403 Forbidden You don't have permission to access / on this server

I'm currently deploying my Django app into a CentOS 7 Server (CentOS Linux release 7.8.2003) based on Django documentation here. But I encounter this problem (Error 403) stated in the error log below.
Things to take note:
Yes, I was able to run the server through a virtual environment port 8000.
The database I'm using is mysql (guide).
Does this have any relation with the access permission set for apache? As for now, I have set the permission for apache as below:
sudo chown :apache colus_cafe/
sudo chown -R :apache colus_cafe/colus_cafe/media
Python version 3.6.8 & WSGI python36-mod_wsgi.x86_64 (guide).
What have I tried: Will be updated based on given answer
remove and reinstall virtual environment.
/etc/httpd/conf.d/django.conf:
Alias /static /home/colus/colus_cafe/colus_cafe/static
<Directory /home/colus/colus_cafe/colus_cafe/static>
Require all granted
</Directory>
Alias /media /home/colus/colus_cafe/colus_cafe/media
<Directory /home/colus/colus_cafe/colus_cafe/media>
Require all granted
</Directory>
<Directory /home/colus/colus_cafe/colus_cafe>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/colus/colus_cafe/colus_cafe/wsgi.py
WSGIDaemonProcess colus_cafe_app python-home=/home/colus/colus_cafe/env python-path=/home/colus/colus_cafe
WSGIProcessGroup colus_cafe_app
/etc/httpd/logs/error_log
Current thread 0x00007fee066d6880 (most recent call first):
[Wed Jul 08 07:11:09.691137 2020] [mpm_prefork:notice] [pid 10044] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Jul 08 07:11:10.768060 2020] [core:notice] [pid 10231] SELinux policy enabled; httpd running as context system_$
[Wed Jul 08 07:11:10.769024 2020] [suexec:notice] [pid 10231] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/$[Wed Jul 08 07:11:10.789925 2020] [so:warn] [pid 10231] AH01574: module wsgi_module is already loaded, skipping
[Wed Jul 08 07:11:10.793580 2020] [lbmethod_heartbeat:notice] [pid 10231] AH02282: No slotmem from mod_heartmonitor
[Wed Jul 08 07:11:10.796988 2020] [mpm_prefork:notice] [pid 10231] AH00163: Apache/2.4.6 (CentOS) mod_wsgi/4.6.2 Pyt$[Wed Jul 08 07:11:10.797021 2020] [core:notice] [pid 10231] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jul 08 07:11:10.798024 2020] [wsgi:warn] [pid 10232] (13)Permission denied: mod_wsgi (pid=10232):
Unable to stat Python home /home/colus/colus_cafe/env.
Python interpreter may not be able to be initialized correctly.
Verify the supplied path and access permissions for whole of the path.
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ModuleNotFoundError: No module named 'encodings'

Based on Maarten's comment, I have found the answer for this problem.
I need to change the access permissions of apache to read and execute the django project folder by using chmod. However, this later shows another problem below.
/etc/httpd/logs/error_log
failed to map segment from shared object permission denied mysql.
Then I found out the error shows that Python (in the virtual environment) is unable to execute the packages (mysqlclient). Hence, the solution can be found here, which to change the security context of “httpd_sys_script_exec_t” which allows Apache to execute.
I hope this helps anyone who encounters this problem. And if there are any bad practices or mistakes that I have made, please do leave a comment.
Thank you and have a nice day.

WSGI Segmentation Fault After Upgrade from Apache 2.2 to 2.4 on Debian Linux with Django

After running a dist-upgrade from debian 7.1 to 8.10, WSI seg faults with the following errors in the Apache logs:
[Tue Mar 27 21:06:34.843952 2018] [core:notice] [pid 117022] AH00052: child pid 128687 exit signal Segmentation fault (11)
[Tue Mar 27 21:06:34.844011 2018] [wsgi:info] [pid 117022] mod_wsgi (pid=128687): Process 'icmlcc' has died, deregister and restart it.
[Tue Mar 27 21:06:34.844021 2018] [wsgi:info] [pid 117022] mod_wsgi (pid=128687): Process 'icmlcc' terminated by signal 11
[Tue Mar 27 21:06:34.844030 2018] [wsgi:info] [pid 117022] mod_wsgi (pid=128687): Process 'icmlcc' has been deregistered and will no longer be monitored.
[Tue Mar 27 21:06:53.989780 2018] [ssl:debug] [pid 128282] ssl_engine_io.c(1213): (70014)End of file found: [client 183.11.70.193:19265] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
I'm looking for any help I can get troubleshooting this. Thanks in advance. More info...
When I view the website in my browser, I'm presented with Django's Internal Server Error page, but the SSL certificate is correctly presented and trusted.
I occasionally receive, "Truncated or oversized response headers received from daemon process" in my site error.log
I'm using packages supplied by Debian for everything:
libapache2-mod-wsgi/oldstable,now **4.3.0-1** amd64 [installed]
apache2-bin/oldstable,now 2.4.10-10+deb8u11 amd64 [installed,automatic]
python2.7/oldstable,now 2.7.9-2+deb8u1 amd64 [installed]
The code works correctly with the development server. manage.py runserver works.
The relevant parts of my .conf file:
SSLCertificateFile /etc/ssl/certs/icml.cc.crt
SSLCertificateKeyFile /etc/ssl/private/icml.cc.key
#SSLCertificateChainFile /etc/ssl/certs/gd_bundle-g2-g1.crt
SSLCACertificateFile /etc/ssl/certs/gd_bundle-g2-g1.crt
<Directory /www/icml.cc/media>
#Order deny,allow
#Allow from all
Require all granted
</Directory>
<Directory /www/icml.cc/admin>
#Order deny,allow
#Allow from all
Require all granted
</Directory>
WSGIScriptAlias / /www/icml.cc/djnipscc/wsgi.py
WSGIDaemonProcess icmlcc home=/var/www python-path=/home.local/lee/.virtualenvs/nips/lib/python2.7/site-packages:/www/icml.cc processes=25 threads=10 maximum-requests=0
WSGIProcessGroup icmlcc
I tried using a python that was compiled from source. I haven't tried building mod_wsgi from source.
Any help would be much appreciated. Thanks.

Unable to connect to WSGI daemon process mod_wsgi in Centos7 with Cpanel/WHM

I'm with a problem while deploying Django in my VPS with Centos 7.3 and WHM. It seems to work, except for a socket problem with mod_wsgi.
[Sun Jun 25 00:37:03.254774 2017] [wsgi:error] [pid 29756] (13)Permission denied: [client 66.249.83.220:35523] mod_wsgi (pid=29756): Unable to connect to WSGI daemon process 'brunamaiahair.com.br' on '/var/run/apache2/wsgi.721.27.1.sock' as user with uid=1004.
I read to insert WSGISocketPrefix as a directive, so I edited httpd.conf and put:
WSGISocketPrefix /var/run/apache2/wsgi
But I'm receiving the same error. Here is the log with the modified httpd.conf after an Apache restart:
[Sat Jun 24 21:10:56.084269 2017] [mpm_prefork:notice] [pid 721] AH00163: Apache/2.4.25 (cPanel) OpenSSL/1.0.2k mod_bwlimited/1.4 mod_wsgi/4.5.7 Python/2.7 configured -- resuming normal operations
Here is my VirtualHost configuration:
WSGIDaemonProcess brunamaiahair.com.br socket-user=#1004 python-path=/home/bmhair/public_html/django/framework:/home/bmhair/public_html/django/denv/lib/python2.7/site-packages
WSGIProcessGroup brunamaiahair.com.br
WSGIScriptAlias / /home/bmhair/public_html/django/framework/framework/wsgi.py

See socket-user option in:
http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html
Recent CPanel installations seem to use PrivilegesMode set to SECURE so you will need to declare who should own the socket. It should be the user/uid Apache changes to when handling requests for you, rather than the default of the Apache user.
If for example the user which CPanel is setup to run your request as under Apache is bmhair, you need to add to the WSGIDaemonProcess directive in the Apache configuration the option:
socket-user=bmhair
After a restart of Apache, check in the directory where the socket file is placed, eg., /var/run/apache2 and check that socket file is owned by user bmhair.
Note that this will require that the directory /var/run/apache2 provides access to other users, ie., not just root or the user Apache runs your code as. If that is not the case, then use WSGISocketPrefix to move the socket file to another directory which is accessible to the user bmhair. Generally you should not need to even override WSGISocketPrefix as the default location used is fine. If you had set it explicitly for some reason, and didn't allow the default to be used, that could also be part of the problem.

The path /var/run/apache2 bmhair do not have access to that folder.Only root and approved users have.
So we need to show apache a path for wsgi socket.
If it is VPS:
WSGISocketPrefix /var/run/wsgi
If you are in a shared hosting:
WSGISocketPrefix ../../var/run/wsgi
Or
WSGISocketPrefix /home/bmhair/var/run/wsgi
As I can see you are in bmhair user so for you 2nd one will work.

Apache on Amazon EC2 Not Connecting To My Django Site

I have an Amazon EC2 instance running Ubuntu and I'm trying to get it to display my Django site. The dev server works (i.e. if I run the dev server on the instance and go to http://ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com/:8000, my site works fine) but I can't get it to run properly via apache.
I've read about a thousand tutorials and so far none have been successful. Here is my most recent attempt - my Django site is stored in /home/ubuntu/Amazon/repo/my_site/.
I've tried creating a virtual host file in /etc/apache2/sites-available/ec2.conf with the following:
<VirtualHost *:80>
ServerName ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com
ServerAlias *.compute.amazonaws.com
WSGIScriptAlias / /home/ubuntu/Amazon/repo/my_site/my_site/apache/apache.wsgi
<Directory />
Require all granted
</Directory>
</VirtualHost>
After that, I ran sudo a2ensite ec2 to add the conf file to sites-enabled but going to ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com in my browser still returns to the default page.
Any guidance would be great, I'm sure I'm missing several steps, but I'm completely lost at the moment. There are a lot of things I don't understand at the moment such as:
Do I need a /var/www/html/ directory somewhere? Or does Django handle that?
Do I need to use virtual hosts at all? Or is that only for subdomains?
Do I need to register a domain name prior to getting it working? All the examples I see use something like "example.com" where I have "ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com". I have the domain name registered but I haven't pointed it at my amazon instance yet - I was hoping to first get it working.
Edit: Apache error.log output:
[Tue Jul 08 16:07:47.983174 2014] [mpm_event:notice] [pid 5054:tid 140062636054400] AH00491: caught SIGTERM, shutting down
[Tue Jul 08 16:07:49.046666 2014] [mpm_event:notice] [pid 5211:tid 139882510350208] AH00489: Apache/2.4.7 (Ubuntu) mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Tue Jul 08 16:07:49.046735 2014] [core:notice] [pid 5211:tid 139882510350208] AH00094: Command line: '/usr/sbin/apache2'

django admin url not found (404)

I am a django beginner.
I receive the following message in /var/log/apache2/error.log (apache is set to debug level)
[Thu Aug 30 16:15:11 2012] [info] mod_wsgi (pid=5616): Initializing Python.
[Thu Aug 30 16:15:11 2012] [info] mod_wsgi (pid=5616): Attach interpreter ''.
[Thu Aug 30 16:15:15 2012] [error] [client 172.24.113.130] File does not exist: /var/www/netvistra3
[Thu Aug 30 16:15:19 2012] [error] [client 172.24.113.130] File does not exist: /var/www/netvistra3
My wsgi file is located in /usr/local/django/netvistra3/apache/netvistra3.wsgi
The admin site only seems to work with django's embedded webserver.
Snippet from apache2 virtual directory site:
Alias /static/admin /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin
WSGIDaemonProcess netvistra3 user=pbensel group=staff threads=5
WSGIScriptAlias /netvistra3 /usr/local/django/netvistra/apache/netvistra3.wsgi
<Directory /usr/local/django/netvistra3>
WSGIScriptReloading On
WSGIProcessGroup netvistra3
WSGIApplicationGroup %{GLOBAL}
Order allow,deny
Allow from all
</Directory>
I greatly appreciate any help

Django has a bit of magic when running under it's own server that helps with this. When deploying on Apache, etc you are you're responsible for setting up Apache, or whichever media server you're using, to serve the admin files. The Django docs are pretty good on the topic. Please see the following link to the Django docs.
It's a pretty common problem. So, don't feel bad. Just Google if you need any more specific help for "deploy django admin"
Btw, I use the "collectstatic" approach for my projects and server them from an s3 bucket. It works great and seems to be a pretty common practice. At least with Django 1.3.

As David said, you have to take the right steps to set up static files. You have:
Alias /static/admin /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin
but are missing corresponding:
<Directory /usr/lib/python2.7/dist-packages/django/contrib/admin/static>
Order allow, deny
Allow from all
</Directory>
Don't have that and you will find static files fail with forbidden error.
I would though also check whether you have set up settings properly to say under what URL the static media is available.
If the static files are not served properly, you will be missing all the stlying for the admin pages, which could be considered as not working properly.
Also look into collectstatic as suggested as not always a good idea to refer to static media out of the Python installation like you are doing.