I have a Django website as an on-going development which I have running on Ubuntu 16.04.1. It is an intranet and so sits within a corporate network.
It currently works nicely with Nginx, Gunicorn and Supervisor.
However, I would now like to implement single sign on so that users who have already authenticated into their workstations don’t have to sign into the application. As I understand from, the Django documentation, setting the REMOTE_USER environment variable is key and, during my efforts, I have been able to set this variable in my current Nginx config and it authenticates to the Django site.
However, the network environment means that I am looking for a solution that uses with NTLM or Kerberos (rather than Based Auth, which I believe would make this much easier for me although I’m currently unfamiliar with all of them.)
In trying to find internet posts that would help be do this (including on here), I’m not 100% sure that it would actually be possible.
Does anyone know if it is using recent versions of nginx (1.10) ? If not, am I likely to have more success with some sort of Apache set up ( using mod_wsgi instead of Gunicorn as this post this post would insinuate.
Related
I am trying to deploy Django on local host and "tunnel" using ngrok. The ngrok works but the IIS (Internet Information Manager) gives 500 Error <handler> scriptProcessor could not be found in <fastCGI> application configuration. Reference into fastcgi shows that this feature is deprecated but what is the replacement for serving Django using local server and ngrok. I also pip installed pyngrok. Can you suggest a clear solution?
FastCGI was deprecated in Django 6+ years ago, their docs say WSGI is the preferred alternative, and they provide a tutorial for types of WSGI deployments to get you started.
But you wouldn't use ngrok in this case, you'd serve it up with something like nginx or apache using a wsgi mod (also shown in their tutorial). Where you'd use ngrok is in development with Django's built-in dev server, and that's the full example provided in pyngrok's documentation.
Usually I'd provide actual sample code here, but what you're asking about are full end-to-end solutions, which is why I'm providing links. Without the full context and examples of what you've built, it's hard to tell you where it's going wrong—hard to provide specific solutions without specific examples of the problem. But these tutorials tutorials are for exactly what you're doing, so hopefully they can help you debug your own solution.
I'm a complete newbie when it comes to sysadmin/deployment. Here's what I'm hoping to accomplish:
Have domain.com be a normal WordPress site.
Have either domain.com/app or app.domain.com be a Django webapp.
Hosting on Linode.
Quick and easy updates of the Django webapp code.
From what I can tell, gunicorn is an elegant way to serve the Django webapp, while WordPress fits most naturally with Apache. Meanwhile, nginx is recommended as a proxy in front of gunicorn and also seems to be used to improve performance of WordPress sites.
So what I'm thinking is: use nginx as a proxy server that routes all incoming web requests to either gunicorn (for the Django wepapp) or Apache (for the WordPress site). The Linode host would be running nginx, gunicorn, and Apache simultaneously.
Meanwhile, for updates of the Django webapp, I can simply update to the latest version of the code via github.
Does all that make sense? Am I even understanding things conceptually correctly? Or barking up the wrong tree entirely? (For instance can/should I just use a single Apache server to route requests to either WordPress or the Django app based on URL?) What gotchas and issues should I keep in mind as I research how to get this running nice and smoothly?
UPDATE: I've side-stepped all of this by (1) using Heroku to host my Django app, (2) using a CNAME record to map app.domain.com to the Heroku-hosted Django app, and (3) leaving (for now) the WordPress site on its existing host at domain.com. Thankfully, after gaining great new respect for what sysadmins and db admins do as I investigated all this, now I can get back to coding!
#Ghopper21
+1 for your question first.
Now, This is really interesting to know how it's possible in real time execution. I checked with some of my geek friends and I found tremendous response, here are some of suggestion with reference I got after brainstorming with them.
First of all check this link for deploying & running WP altogether with Django on Nginx +uWSGI...
These two threads of support forums from Webfaction.com gives you more idea about how they are recommending it to their client...
Deploying Django and Wordpress in same domain
wordpress + django on same account - advisable or not?
Hey, I got one support ref. of Stack Overflow itself, which is explaining how to achieve it on APACHE server...
How do I run Django and PHP together on one Apache server?
And last but not least, the one where a geek like us integrated WP with Django...
Integrate WordPress and Django
I'm going to setup a simple Django app running in a production environment on a Linux box. The app will have very little traffic - less that 100 page loads per day. Is it okay to use the builtin Django webserver for this or should I install Apache and mod_wsgi? If so, what are the reasons for this? Security perhaps?
UPDATE
OK it is clear I shouldn't be using the builtin server. Some of the alternatives to Apache look interesting. Is there one that is more popular/more frequently used with Django perhaps?
Is it okay to use the builtin Django webserver for this
No.
Should I install Apache and mod_wsgi?
Yes.
If so, what are the reasons for this? Security perhaps?
Partly.
More importantly, the little toy Django server is single-threaded and any hangup in your code hangs the server. This means that when two users click almost at the same time, user one's query must go all the way through Django before user two's query can even starts.
And this will have to include the insanely slow download speed to the desktop.
Apache (like all the alternatives, lighttpd or nginx) is multi-threaded. The slowest part of the transaction is the download from Apache to the desktop. You don't want Python code (and Django) handling this in a single-threaded manner. Even for just a few users.
Also, you don't what Django serving static media (i.e., CSS and JS library files.)
A single slow spot in your application won't effect the overall system throughput if Apache and mod_wsgi are in place. One request 's output page can be slowly downloading to a PC desktop in parallel with another user's output.
DO NOT USE THIS (the builtin Django webserver) SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests.
http://docs.djangoproject.com/en/dev/ref/django-admin/#runserver-port-or-address-port
But you don't have use Apache if you don't want to. You could directly use Spawning, Gunicorn etc.
Cherokee is also easy to setup.
Use nginx + gunicorn.
Nginx: five lines of configuration. Gunicorn: two lines of configuration. That's easy and efficient. For better control you can spawn the gunicorn process using supervisord.
Both gunicorn and supervisord are available to install with pip, and nginx is available in almost any distribution in the default package pool.
The built in Django server was not built for production. There are many reasons why, mainly security and efficiency.
The recommended way is to use mod_wsgi which is covered in the docs here
I need to deploy a small Django app to be used in a small intranet. Concurrency and speed are non issues because there will be, at most, 10 users (and I bet that there will be almost no concurrency).
There is already a MySQL server. The problem is with the Django app. What is the most lightwieght server I can install under a WinXP environment ? The Apache + mod_python approach seems a little overkill. The cherrypy server seems more suitable.
Any suggestions ? Someone with similar experiences ?
You could use IIS with PyISAPIe.
I outline my Django on Windows deployment here and also more info on PyISAPIe with Python 2.6 here.
As I'm not a big fan of IIS, I'd still use Apache + mod_wsgi. mod_wsgi is officially recommended way of deploying django apps, according to http://docs.djangoproject.com/en/dev/howto/deployment/modwsgi/
We're currently deploying a small intranet Django app to complement a closed source app on IIS to an audience of about 300-400, but low use.
We opted for cherrypy by means of django-wsgiserver, but go for the bitbucket version if you don't use the admin, there's a bug in the 0.6.10 version that's on pypi.
We have IIS as a reverse proxy in front of it, and use media from the existing app. Don't know yet if it's stable, but I like the fact that it's conceptually the same as the Apache+gunicorn setup that I use on the *nix box.
Since this question dates from 2 years, I'm very curious about your experience.
The Windows port of lighttpd also bears mention.
I use Django for my website and I want to know whether there is a work around for testing secure pages in Development server. As a temporary workaround, I wont use HTTP to check the webpages in dev server, which I think is not a correct way? What do you think?
You might consider mod_wsgi, since it can be used for development, testing, and deployment. mod_wsgi can be configured to detect any changes to you make to your Python code and automatically restart, same as the development server.
I tend to do most of my development on my local machine, but use an actual reference implementation server for testing. It's running mod_wsgi under apache, with a self-signed certificate. A recent detailed article by Graham Dumpleton is available here:
http://blog.dscpl.com.au/2008/12/using-modwsgi-when-developing-django.html
This looks helpful -- using stunnel to route HTTPS requests to django dev server.
The Django development server is very basic and intended for local testing only. It does not support ssl/https. You'll have to run it using Apache, NGINX, or some other web server that supports SSL in order to test.
You can now use FakeSSLMiddleware