I have an Django(10.5) WSGI application running on Ubuntu(16.04). The application works completely except for one piece of functionality.
The functionality is located in the views.py file and it tries to get a list of file names in a directory but is unable too.
apache2 is running under the user www-data and the directory is owned by another user. I have tried to chown and chmod the directory so that it is owned by www-data but this didn't make a difference.
I have also added the following to the sites-available file:
<Directory /home/other_user/backup>
Require all granted
</Directory>
NOTE: The functionality works if I run it in Django's dev server:
python3 ./manage.py runserver 0:80
I am wondering where you are trying to get the list of file names. Because Django project recognize that the directory where the manage.py located is the root directory. So The other directories outside of this root directory can't be recognized.(Due to BASE_DIR option in settings). It's nothing related with apache.
If you are trying to get the list of files in the directory which is inside root directory, the please check the permission.
Related
I deployed the server with Ubuntu 18, Django, Gunicorn, Nginx
And I ran into this problem:
everything works great but,
When I upload large pictures files in Django, Nginx gives 403 Error Forbidden.
I updated the permissions to the folder with static files on 755. It works!
But when I upload other files, the rights do not work.
I added the user root and user www-data to the folder owner’s group, but nothing has changed.
I understand that Nginx has no permissions, but how can I implement the inheritance permissions of new files from the parent folder
or will you suggest another solution?
You need to add FILE_UPLOAD_PERMISSIONS=0o644 variable to you settings.py file.
This is the numeric mode (i.e. 0o644) to newly uploaded files to.
For more information, please read this doc.
Try use this
chown -R www-data:www-data 'your project folder'
Apache and wsgi now have permissions problems accessing the directory in which my Django project is stored. I think I need to get back to having wsgi run as user (or maybe just group) kevin.
I had this working, and I don't know what I did to stop it working, but now I get an permissions error as soon as I get past logging into my app. Unfortunately, I don't have the apache config under version control. I'm pretty sure that's where the problem is because restoring a backup of the project from when it was working didn't change anything, but tweaking permissions on the database and the root directory of the project has altered the particulars of the error message. I wasn't going to give o+w to the whole works, nor did I feel like giving an ACL to every single file or directory.
Background: apache 2 as delivered with Ubuntu 16.04 LTS. Django 1.11. Python 3.5. libsqlite3.0 3.11.0
I thought that what I had in the tail of /etc/apache2/apache2.conf took care of this, in particular the line
WSGIProcessGroup kevin
because all the files and directories are owned by kevin.kevin, and my evidence seems to indicate that when it was working, it did so because it was running with at least effective group 'kevin' and not the current 'www-data'.
The whole tail of stuff I added to apache2.conf for this project now looks like this:
# KOSMANOR:
# In accordance with https://www.mindchasers.com/dev/apache-install
WSGIDaemonProcess kevin processes=4 threads=12 python-path=/build/comprosloco
WSGIProcessGroup kevin
WSGIRestrictEmbedded On
WSGILazyInitialization On
WSGIScriptAlias / /build/comprosloco/comprosloco/wsgi.py
<Directory /build/comprosloco/comprosloco>
Require all granted
</Directory>
# 29 Jan 2018 on kosmanor.com
# 6 Mar 2018 revised reference to 1.11, but it's so modified as to be unrecognizable. Not sure what reference was used.
# 6 Mar 2018 In particular the stuff about virtual environments is ignored here.
# WSGIScriptAlias / is set above in accordance with the mindchaser page
# WSGIPythonPath not set (semms to find my stuff without it)
# WSTIPythonHome is not set (not using a vitual environment yet)
# Added in accordance (somewhat modified) with https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/modwsgi/
#
Alias /static/ /usr/local/lib/python3.5/dist-packages/django/contrib/admin/static/
<Directory /usr/local/lib/python3.5/dist-packages/django/contrib/admin/static>
Require all granted
</Directory>
The documentation for WSGIDaemonProcess can be found at:
http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html
You possibly can use the user and group options.
Otherwise the directories and files need to at least be readable by the Apache user on your system. If needing to write files, then the Apache user would need write access to the files and in cases like SQLite also the directory so it can create a database lock file.
Very helpful comments. I did get it solved, but the details should probably be stated, as something of the sort could happen to others.
Unless you do something about it, WSGI is run as the user that Apache normally starts child processes. On my Ubuntu 16.04, that was 'www-data'. That user does not normally have permissions on the directories I build with my non-privileged user account.
Django is going to need r and x permissions on all directories, and w permission on the database AND THE DIRECTORY WHERE THE DATABASE RESIDES. The latter is because it creates its transaction and locking files there.
If WSGI is failing on account of permissions, the apache error log is your friend. The normal access log can be helpful too.
You can make the WSGI child run as some other user with the WSGIDaemonProcess entry in the apache config file (/etc/apache2/apache2.conf on my system). I added "user=me group=me' to the entry, where 'me' was my account's and group's names. That gave it all the permissions it needed.
I have editted the httpd.conf inside apache by adding:
<Directory /home/ec2-user/hqlocal>
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /home/ec2-user/hqlocal/hq_local/apache/django.wsgi
WSGIPythonPath /usr/lib/python2.7/site-packages
# Serving Django admin static files
Alias /static/admin /usr/lib/python2.7/site-packages/django/contrib/admin/static/admin
# Serving Django static files (our own files use in our app), assuming in settings.py, STATIC_ROOT is “/var/www/static/” and our STATIC_URL is “/static/”
Alias /static /var/www/static/
I have tried many solutions that fix the 403 problem like swapping deny and allow, and so on. But none of them works, I still get 403 cannot access '/'
Therefore, I tried commenting line by line.
The result is that the line
WSGIScriptAlias / /home/ec2-user/hqlocal/hq_local/apache/django.wsgi
causing the problem.
By adding this line, the system becomes 403 but without it, when entering the public DNS, the server will point to Apache default page.
So, I assume that Apache may not have permission to read this file. Therefore, i changed the permission to be global. However, it still didn't work properly.
May I know how to fix this?
Thank you very much.
The directory '/home/ec2-user' is likely not readable to the Apache user. Watch:
http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations
for common mod_wsgi setup issues including this one.
Also, you should not need:
WSGIPythonPath /usr/lib/python2.7/site-packages
if mod_wsgi is actually compiled against the system Python 2.7. If it isn't compiled against the system Python 2.7, but another version, you should not be forcing it to use modules installed into another Python version as that will cause problems. You should reinstall mod_wsgi with version compiled against correct Python version you want to use.
There are two possible reasons.
Make sure you set the permission correctly for the directory '/home/ec2-user/hqlocal', you can do this:
chmod -R 755 /home/ec2-user/hqlocal
Disable selinux (if using enforcing mode, you need get permissions for apache in selinux). You can configure the /etc/selinux/config:
SELINUX:disabled
Then reboot the machine.
I'm getting started with a Django tutorial, and I've run into a snag. Having created the sample "mysite" on my usual domain, I want to be able to display it in my browser. The tutorial points me to http://127.0.0.1:8000. However, that's not going to work, as I'm doing this remotely.
[background information]
What I have done, apparently successfully, is
django-admin.py startproject mysite
(created mysite directory containing four files)
python manage.py runserver
(Validating models... 0 errors found, etc.)
The absolute path is
/home/toewsweb/public_html/pythonlab/mysite
What URL should I be able to use to bring this up in my browser?
I also put mysite at
/home/toewsweb/mysite (since it's not supposed to go in a publicly accessible directory)
What URL should I be able to use in this case?
This is a virtual private server, so I have access to httpd.conf. I have downloaded and installed mod_wsgi and have added it to the Apache configuration. I actually did set a subdomain with a DocumentRoot of /home/toewsweb/public_html/pythonlab/mysite; however, when I point the browser to that subdomain, I just get the directory listing.
[/background information]
Right now, I just want to know how to view what I'm working on in my browser.
Thanks!
For development purposes, there's no need to mess about with configuring WSGI (although it's useful to know, as you will need to do it for production). Just start the dev server so that it listens to an external port:
./manage.py runserver 0:8000
This binds to the external IP address, so now you can access your Django site via port 8000 on that server:
http://whatever.my.ip.is:8000
You need to setup the apache WSGIScriptAlias directive in your VirtualHost to properly load python and your site. Django's docs have a great explanation on what you need to do.
Basic configuration
Once you’ve got mod_wsgi installed and activated, edit your httpd.conf file and add:
WSGIScriptAlias / /path/to/mysite/apache/django.wsgi
The first bit above is the url you want to be serving your application at (/ indicates the root url), and the second is the location of a "WSGI file" -- see below -- on your system, usually inside of your project. This tells Apache to serve any request below the given URL using the WSGI application defined by that file.
Next we'll need to actually create this WSGI application, so create the file mentioned in the second part of WSGIScriptAlias and add:
import os
import sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
If your project is not on your PYTHONPATH by default you can add:
path = '/path/to/mysite'
if path not in sys.path:
sys.path.append(path)
just below the import sys line to place your project on the path. Remember to replace 'mysite.settings' with your correct settings file, and '/path/to/mysite' with your own project's location.
OR
The other option is to run the dev server so it's accesible externally like so:
python manage.py runserver 0.0.0.0:80
though please DO NOT use this in production. The dev server is single-threaded, and has not been auditing for security.
Hey I just got apache2 working with mod_wsgi on my django_project directory, which is pretty kool. However I can only make it work if I set the permissions on my django_project to
chmod -R 777 django_project not so nice I believe.
Can anyone tell me what chmod -R xxx django_project I should be running. Im not too tight on the whole linux-group-permissions. eg how do I tell what perm-group apache is in?
Thanks,
N
I believe only static directory needs to be writable by Apache in your case and not entire project directory.
You don't need 777 definitely, all you need is apache user (unless you have other user configured in WSGIDaemonProcess directive ) to own that directory.
Running ps -ef | grep httpd will show the user apache is running as. (Some OS may use apache instead of httpd but you get the idea).
Also you can see ls -l /var/www/ and it'll show you user-onwer and group-owner for the directory.
You should make permissions for django_project similar to /var/www/.
And writable permission is necessary for a socket if it's used (in fasctcgi-scheme)