serve protected images in a django template through nginx - django

I am using nginx to serve static and media django files and apache as a reverse proxy.
the media files are protected.
I am able to acess the media images from a django view using this code:
response['X-Accel-Redirect']='/media/%s'% obj.photo
but i want to display protected image in a template. Is there any way to do that?

Related

How can I serve a stand-alone static app through Django

We're using django for authentication, user management, site content etc, but we have a JS tool that needs to be behind django auth as well. The tool is an html page that pulls in a couple dozen static files through relative paths in the html page (src="./someJSfile.js").
The problem is I can't figure out how to serve the html file through django but keep the relative paths intact. I can create an apache alias to that directory so that the relative paths are intact, but then the html is served through apache and bypasses auth. I would like to be able to have the html file served through a django view so that auth works, and also keep the static files in the same directory.
Is there some apache magic where I can have the html served through django but have the static served through apache using an alias, while keeping the html and static in the same directory?
Thanks in advance

Django: How can I serve an angular app without using STATIC_URL during development?

I have a django project which is making use of django-rest-framework to provide an api for an angular client.
The entire angular app is developed separately to the django project, and doesn't make use of any django templates or suchlike.
Eventually the angular app will be served as a static asset via nginx or something along those lines.
However, during development, I would like the django development server to serve the angular app.
The issue I have is that none of the static assets in index.html are prefixed with STATIC_URL or a similar static prefix which django can look for.
Attempting to serve all non-api routes as static files as such:
urlpatterns += static(r'', document_root=settings.ANGULAR_APP_ROOT)
gives an exception
Empty static prefix not permitted
I know that in nodejs express server you can use something like:
app.use(express.static(path.join(config.root, 'app')));
which works seamlessly. I guess it searches for any paths in the configured folder and if any match the requested url, serves them.
I do not want to force django specific code/prefixes into the angular app (ala STATIC_URL etc)
What I'm looking for is some middleware which will offer a fallback route for anything unmatched by the existing urlpatterns and search a filesystem path for a matching asset and serve it if found.
Is it possible to get the static assets served like this with the django development server?

Django share CSS and Javascript for admin and public

I am using django grapelli. It is in the static/admin/ directory, which is used by admin site.
I create a public directory, which separate from admin, and can be access from public.
Django grapelli come with jquery and some other css.
Should I create a static/public/ to store css and js for public site or should I use the admin static css and js?
I create a a directory name public in static directory - static/public/, but I seems not able to serve the static files.
In order to make it as seamless as possible, django serves the admin media in the development server from within the django sources.
In order to make it take the grapelli media, you should do:
python manage.py runserver --adminmedia=./static/public
And it serves the admin media from that directory!

Serving uploaded images securely in Django?

My Django site lets users upload images. It's running on Apache.
Files are uploaded via a FileUpload form. The folder to which files are uploaded is outside the Django project, and protected as described here, i.e. the folder has 755 permissions and files have 644 permissions.
I now want to serve the images up to users - but I need to do it securely, so that executable scripts don't run, and so that users can't e.g. delete all the images in the directory.
My question is, how do I serve the uploaded images to users in a secure way? Can I serve them safely as static media directly from that folder, with those permissions? Or should I copy them into another directory with different permissions, and serve them from there?
I'm serving the other static media (/media/css) on the site as a separate, static application.
Thanks!
The way to do this is to configure your web server to serve files with the names it expects, and with a correct image content-type. Use Django's ImageField for some level of validation by PIL/Pillow that uploaded files are images. For this directory, disable webserver features like autogenerating directory indexes, autoserving everything from the filesystem, guessing at mime types, and running cgi scripts.

Django and Serving Static Files

I'm hosting a site on WebFaction using Django/mod_python/Python2.5. I've recently run into the concept of static files (when setting up my Django admin).
From what I understand, serving static files is simply the idea of telling the server to serve files directly from a specific directory, rather than first routing the request through apache, then mod_python, then django, and finally back to the user. In the case of WebFaction this helps especially since there are two Apache servers that your request must go through (your app's server and the main public server).
Why is it that when I setup Django's static files, it only needs the /media folder in /contrib/admin? Is it just that all of Django's static content is related to the admin panel?
When I want to serve my own static content (images, css, etc.) should I include it in the same /media folder or set up another alias for my own content (/my_media)?
Yes, the static files used by Django are pretty much related to images, javascript and css for the admin. All other static content comes from your application. You can keep both sets (yours and the admin) under the same server. Just set the appropriate folders in the settings file.
http://docs.djangoproject.com/en/dev/ref/settings/#admin-media-prefix
http://docs.djangoproject.com/en/dev/ref/settings/#media-root
http://docs.djangoproject.com/en/dev/ref/settings/#media-url
See this post for a little more information:
Django and Static Files
Django's static files (e.g. js, css, images, etc.) are all in the media folder, and are related to the admin panel.
On WebFaction to save processing power, and more importantly memory, it is better to serve these from your secondary apache server (or even better from nginx or lighttpd) without having to go through mod_python and Django.
I use the following folder setup for my files:
media
css
js
img
etc
admin
css
js
img
See http://forum.webfaction.com/viewtopic.php?id=1981 for how to setup nginx as your secondary server on WebFaction if you are interested.