I can get to the route of my site without issues like this: http://example.com
When I go to http://www.example.com I get a 404 error.
How can I handle going to www and delivering the user to the route of the site?
I don't think it is related, but here is my httpd.conf:
WSGISocketPrefix /var/run/wsgi
<VirtualHost *:80>
WSGIDaemonProcess example.com display-name=%{GROUP}
WSGIProcessGroup example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /example
WSGIScriptAlias / /example/wsgi.py
</VirtualHost>
Alias /static/ /example
<Directory /example>
Order deny,allow
Allow from all
</Directory>
WSGIPythonPath /example
<Directory /example>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
Change ALLOWED_HOSTS in the settings.py to something like this
ALLOWED_HOSTS = ['www.example.com', 'example.com']
According to Django Documentation, ALLOWED_HOSTS defines
A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent an attacker from poisoning caches and triggering password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.
For more ALLOWED_HOSTS
Related
I have recently locally deployed Django project on Apache server Fedora 36. Everything work good when accessing site by ip. The issue that could not access it by hostname. I am getting "Bad Request (400)" error.
here my httpd.conf
<VirtualHost *:80>
ServerName calljournal.local
alias /static /var/www/django_project/call_journal/static
<Directory /var/www/django_project/call_journal/static>
Require all granted
</Directory>
<Directory /var/www/django_project/call_journal>
Require all granted
</Directory>
WSGIDaemonProcess calljournal.local python-path=/var/www/django_project/virt/lib/python3.8/site-packages
WSGIProcessGroup calljournal.local
WSGIScriptAlias / /var/www/django_project/call_journal/call_journal/wsgi.py
redirect / https://192.168.1.109
</VirtualHost>
and my hosts file
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.109 calljournal.local
You need to enter the hostname in ALLOWED_HOSTS settings.
I have a domain in AWS like example.com
But I want all requests of the subdomains, rea.example.com, exem2.example.com be sent to the same server.
For now I've created Record Set like *.example.com and it does not work.
When I set the subdomain as a new "record set" it works, but I need to answer to all subdomains, that are created dinamically by the application.
Thanks
Now is fixed. It was a missing configuration in the etc/httpd/httpd.conf. To allow all requests and resources be answered by the server.
In the httpd.conf was added:
Custom htaccess file
AccessFileName .htaccess
And was created another file in the folder:
etc/httpd/conf.d/
mydomain.conf
with the virtual hosts:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
SetEnv APPLICATION_ENV "production"
ServerName www.mydomain.com
ServerAlias *.mydomain.com.br
DocumentRoot /var/www/folder_app
<Directory />
Options FollowSymLinks
AllowOverride None
AllowOverride All
</Directory>
<Directory /var/www/folder_app>
Options Indexes FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Is there a way for Django to pass through some urls to whatever apache would resolve them too?
For instance, if I type in: http://< my-ip >. Is there a way to have django just serve up whatever is in /var/www/html/index.html?
Similarly, if I type in http://< my-ip >/devel, is there a way to make django simply serve what's in /var/www/html/devel/?
Basically, I want some urls to "not be touched".
Thanks!
Edit
Following Anentropic's comment, I'd like Apache to call Django only if it can't match the url. How would I need to change httpd.conf to do that? Let's say I want Django to respond to only /polls/, /admin/ and /accounts/.
Here's the relevant portion from my httpd conf file:
<VirtualHost *:80>
#DocumentRoot /home/ec2-user/srv/mysite
DocumentRoot /var/www/html/
ServerName <My IP ADDRESS>
WSGIScriptAlias / /home/ec2-user/srv/mysite/apache/wsgi.py
# Alias /phpmyadmin /var/www/html/phpmyadmin
# <Location /phpmyadmin>
# SetHandler None
# </Location>
<Directory /home/ec2-user/srv/mysite/media>
Order deny,allow
Allow from all
</Directory>
<Directory /home/ec2-user/srv/mysite/apache>
Order deny,allow
Allow from all
</Directory>
LogLevel warn
Alias /media/ /home/ec2-user/srv/mysite/media/
Alias /static/ /home/ec2-user/srv/mysite/static/
<Directory /home/ec2-user/srv/mysite/static>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
If you'd like to serve static html pages you could use the flatpages app.
Again if you'd like to use different languages (php etc) I believe that you'd have to set up different virtual host in you apache config file to catch the url before it gets served to Django and redirect it to the correct folder. i.e:
<VirtualHost *:80>
ServerName staging.mydomain.com
DocumentRoot /var/www/html/mydomain.com/staging/
</VirtualHost>
<VirtualHost *:80>
ServerName dev.mydomain.com
DocumentRoot /var/www/html/mydomain.com/dev/
</VirtualHost>
EDIT
<VirtualHost *:80>
#DocumentRoot /home/ec2-user/srv/mysite
DocumentRoot /var/www/html/
ServerName <My IP ADDRESS>
Alias /phpmyadmin /var/www/html/phpmyadmin
<Location /phpmyadmin>
SetHandler None
</Location>
<Directory /home/ec2-user/srv/mysite/media>
Order deny,allow
Allow from all
</Directory>
<Directory /home/ec2-user/srv/mysite/apache>
Order deny,allow
Allow from all
</Directory>
LogLevel warn
WSGIScriptAlias /polls /home/ec2-user/srv/mysite/apache/wsgi.py
WSGIScriptAlias /admin /home/ec2-user/srv/mysite/apache/wsgi.py
WSGIScriptAlias /accounts /home/ec2-user/srv/mysite/apache/wsgi.py
Alias /media/ /home/ec2-user/srv/mysite/media/
Alias /static/ /home/ec2-user/srv/mysite/static/
<Directory /home/ec2-user/srv/mysite/static>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/
Is it possible to deploy a Django app on Apache + mod_wsgi (the standard way) but with HTTP authentication in front of the whole thing?
Basically, I need an extra layer of HTTP security before any user, Django-authenticated or anonymous, is even able to reach the app.
Is this possible? If so, where do the Apache auth directives go?
Yes, it's possible.
With mod_wsgi on /, any resources to be provided by apache need to be listed as aliases.
Auth directives and host restrictions live in Location directives.
So I've disabled any apache access restrictions on things like css, and provided host/ip based access to another directory.
<VirtualHost *:80>
Servername app.domain.example
CustomLog logs/access_log combined
ErrorLog logs/error_log
DocumentRoot "/home/app/apache/app/html"
Alias /media/ /home/app/apache/app/html/media/
<Location />
Options None
AuthType Basic
AuthName "Login Prompt"
AuthUserFile /path/to/passwd.file
Require valid-user
</Location>
<Location /media>
Order allow,deny
Allow from all
Satisfy any
</Location>
WSGIDaemonProcess app user=app group=app processes=5 threads=1 display-name=app_WSGI
WSGIProcessGroup app
WSGIScriptAlias / /home/app/apache/app.wsgi
</VirtualHost>
Sure, here is example from one site:
<VirtualHost *:80>
ServerName djangoproject.domain.biz
DocumentRoot "/home/user/websites/djangoproject/website/"
WSGIDaemonProcess djangoproject python-path=/home/user/.virtualenvs/djangoproject/lib/python2
.6/site-packages/ user=user group=user threads=1
WSGIProcessGroup djangoproject
WSGIScriptAlias / /home/user/websites/djangoproject/website/django.wsgi
<Directory "/home/user/websites/djangoproject/website/">
Order deny,allow
Allow from all
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /etc/apache2/passwords
Require valid-user
</Directory>
</VirtualHost>