We Keep Coding

You don't have permission to access admin (Django, wsgi, Apache)

I want to configure my Debian server to provide my Django application. Everything is working fine but my Apache2 is blocking the access to my admin site.
So when I am trying to access www.mydomain.com/admin the Apache2 says that I don't have permission to access that site. I can't get why.
Alias /static /etc/website/portal/static
Alias /media /etc/website/portal/static/media
Alias /admin /etc/website/portal/static/admin
<Directory /etc/website/portal/static/admin >
Require all granted
</Directory>
<Directory /etc/website/portal/static>
Require all granted
</Directory>
<Directory /etc/website/portal/static/media>
Require all granted
</Directory>
<Directory /etc/website/portal/Portal>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess portal python-home=/etc/website/ python-path=/etc/website/portal
WSGIProcessGroup portal
WSGIScriptAlias / /etc/website/portal/Portal/wsgi.py
The structure of my project on the server:
-etc
---website 'that is my virtualenv'
-----portal 'my project folder'
-------manage.py
-------templates
-------Portal 'main project'
-------SomeApp
-------static
----------admin
-------------'files of admin'
----------img
----------media
----------static
I thought that I gave access with configuring following in the admin:
Alias /admin /etc/website/portal/static/admin
<Directory /etc/website/portal/static/admin >
Require all granted
</Directory>
I also changed the permissions on the admin folder with chmod 777 and chown :www-data but it is still not working.
I don't know if it is relevant but I use a MySQL database.
Thank you for your help ! If some information are missing just let me know it.
FYI: I restarted Apache several times ;)
EDIT: Apache error.log
[Sat Feb 03 12:57:46.159991 2018] [autoindex:error] [pid 1648:tid 140319177287424] [client 188.97.14.161:59095] AH01276:
Cannot serve directory /etc/website/portal/static/admin/:
No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found,
and server-generated directory index forbidden by Options directive

apache SetEnvIf Request_URI getting not working

Currently running site on apache server on ubuntu and now whole site is protected with .htaccess authentication.
Want to do: I need to allow two URL without authentication.
sites1.conf
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(tools|manager)/
</VirtualHost>
<Directory /srv/site1/symfony/>
AuthType Basic
AuthName "My Area"
AuthBasicProvider file
AuthUserFile "/etc/apache2/passwords.htpwd"
Require user user1
SetEnvIf Request_URI ^/en/App/uploadImagesForm allow
Order allow,deny
Allow from env=allow
Satisfy any
</Directory>
URL: xxx.xxxx.xx:9005/en/App/uploadImagesForm/
Problem Still asking password

You can disable authentication for the whole directory
<Directory "/srv/site1/symfony/public">
AuthType None
Require all granted
</Directory>
To allow only specific URI add the following code to your VirtualHost configuration.
<Location "/en/App/uploadImagesForm">
AuthType None
Require all granted
</Location>
Take a look at the Apache Sections Configuration documentation for more details: http://httpd.apache.org/docs/current/sections.html#file-and-web

Using iRedMail with a django site on the same server

I am trying to create a small django site and use iRedMail for e-mail. I installed iRedMail first, and ensured that it worked. I could go to both www.domain.com/iredadmin and www.domain.com/mail and have it work perfectly. My next step was to install my django site and configure Apache. Unfortunately, this caused my django site to try and handle /mail/ and /iredadmin/. I've been fidgeting with the config for a few hours now and have no idea what to do. Here are the settings:
apache2.conf:
# Defaults...
WSGIPythonPath /path/to/website.com/website
sites-enabled/website.com:
<VirtualHost *:80>
ServerName website.in
ServerAlias www.website.in
ErrorLog ${APACHE_LOG_DIR}/error.log
Alias /static /path/to/website.com/website/static
Alias /media /path/to/website.com/website/media
Alias /mail /usr/share/apache2/roundcubemail/
Alias /admin /usr/share/apache2/iredadmin/
<Directory /usr/share/apache2/roundcubemail/>
Order allow,deny
Allow from all
</Directory>
WSGIScriptAlias / /path/to/website.com/website/website.wsgi
<Location "/">
SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE website.settings
PythonDebug Off
PythonPath "['/path/to/website.com/website/']+sys.path"
</Location>
<Directory /path/to/website.com/website>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
<Directory /path/to/website.com/website/static>
Order allow,deny
Allow from all
</Directory>
<Location /static/>
SetHandler None
</Location>
<Directory /path/to/website.com/website/media>
Order allow,deny
Allow from all
</Directory>
<Location /media/>
SetHandler None
</Location>
</VirtualHost>
The django website displays fine, although I have been getting internal server errors.

You are trying to use both mod_wsgi and mod_python to handle the Django site at the same time, with mod_python overriding mod_wsgi. Choose one of the other. Since mod_python is no longer developed or supported and support for it in Django deprecated, probably not a good option to keep using it.
The next thing which is wrong is:
Alias /mail /usr/share/apache2/roundcubemail/
Alias /admin /usr/share/apache2/iredadmin/
Remove the trailing slashes:
Alias /mail /usr/share/apache2/roundcubemail
Alias /admin /usr/share/apache2/iredadmin
Even then it will still not work, because when using mod_python you have to tell mod_python not to handle those paths.
<Location /mail/>
SetHandler None
</Location>
<Location /admin/>
SetHandler None
</Location>
A further problem you may have is that /admin is usually used for the Django admin interface and you are overriding that.

Can't get Apache to serve django admin static files

I'm trying to deploy Django to apache but can't get it to serve my static admin files. It seems to be looking for them under /var/www/static and I can't seem to be able to change that.
The admin site seem to be working except for styling. I get a title and a log in form. My django app is working too. It's the static files for the admin that aren't served.
Using Django 1.4.1.
The files are under /usr/local/lib/python2.7/dist-packages/django/contrib/admin/static and linked to from /home/dutt/vaccapp/backend/static/admin.
The apache error log says this
[Sun Sep 30 10:57:20 2012] [error] [client 192.168.1.10] File does not exist: /var/www/home, referer: http://dathui.example.com/vaccapp/admin/
[Sun Sep 30 10:57:20 2012] [error] [client 192.168.1.10] File does not exist: /var/www/home, referer: http://dathui.example.com/vaccapp/admin/
But I'm not sure how to change it.
In my django site config I have
<VirtualHost *:80>
ServerAdmin me#host.com
ServerRoot "/home/dutt/vaccapp"
DocumentRoot "/home/dutt/vaccapp"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/dutt/vaccapp/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Alias /static/ "/home/dutt/vaccapp/backend/static/"
<Directory "/usr/local/lib/python2.7/dist-packages/django/contrib/admin/static">
Order allow,deny
Options Indexes
Allow from all
IndexOptions FancyIndexing
</Directory>
ServerRoot is not set in apache2.conf.
From my settings.py
STATIC_ROOT = '/home/dutt/vaccapp/backend/'
STATIC_URL = '/static/'
Nothing added to STATICFILES_DIRS.
This is added to my apache2.conf
WSGIScriptAlias /vaccapp /home/dutt/vaccapp/backend/wsgi.py
WSGIPythonPath /home/dutt/vaccapp
<Directory /home/dutt/vaccapp>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>

ADMIN_MEDIA_PREFIX is set by default to /static/admin/ # Deprecated in Django 1.4 (now using STATIC_URL + 'admin/'. The result is the same.
Here's the fixes to the apache config:
Alias /static/admin "/usr/local/lib/python2.7/dist-packages/django/contrib/admin/static"
Alias /static "/home/dutt/vaccapp/backend/static"
<Directory "/usr/local/lib/python2.7/dist-packages/django/contrib/admin/static">
Order allow,deny
Options Indexes
Allow from all
IndexOptions FancyIndexing
</Directory>
And the WsgiScriptAlias had to be moved from the main apache config into the VirtualHost.
After a long discussion we found the problem was that Django did not install the admin static properly ... they were symlinked to eachother (very weird). A Django reinstall fixed it and it worked fine now.

My low reputation forces me to write a whole answer to add a small detail to Igor's answer.
I simply added the apache config part to my configuration, but it was not sufficient. I had to change:
"/usr/local/lib/python2.7/dist-packages/django/contrib/admin/static"
to
"/usr/local/lib/python2.7/dist-packages/django/contrib/admin/static/admin"
both in the first Alias and in the <Directory> directive.

Just like Blazor I had to use a small variation of the original. My setup includes graphite-web, which is using django admin. I'm just posting it for reference.
My apache's virtual host:
<VirtualHost *:80>
ServerName graphite.myhost.com
Redirect permanent / https://graphite.myhost.com/
</VirtualHost>
<VirtualHost *:443>
ServerName graphite.myhost.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/graphite.cert
SSLCertificateKeyFile /etc/apache2/ssl/ssl_graphite.key
SSLStrictSNIVHostCheck on
WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite
WSGIProcessGroup _graphite
WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}
WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi
AliasMatch ^/admin/(.*)static/admin(.*)$ /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/$2
<Directory "/usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/">
Order allow,deny
Allow from all
</Directory>
Alias /content/ /usr/share/graphite-web/static/
<Location "/content/">
SetHandler None
</Location>
<Location "/">
Order allow,deny
allow from all
AuthType Basic
AuthName "Restricted Zone"
AuthBasicProvider wsgi
WSGIAuthUserScript /var/www/django_auth.wsgi
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined
</VirtualHost>
I also added STATIC_URL = 'static/' just to make sure I didn't have any issues with the regex.

Try using next
python manage.py collectstatic
The staticfiles app - Django documentation

I got similar problem when running Django + Apache, the Django admin site misses all styling. This is how I solved it:
apache conf: httpd-app.conf
Alias /static "/...path/to/your/django.../site-packages/django/contrib/admin/static"
<Directory "/...path/to/your/django.../site-packages/django/contrib/admin/static">
Require all granted
</Directory>
The /...path/to/your/django.../ above, you can find it by pip show django

Deploying a Django app on Apache + mod_wsgi with HTTP auth

Is it possible to deploy a Django app on Apache + mod_wsgi (the standard way) but with HTTP authentication in front of the whole thing?
Basically, I need an extra layer of HTTP security before any user, Django-authenticated or anonymous, is even able to reach the app.
Is this possible? If so, where do the Apache auth directives go?

Yes, it's possible.
With mod_wsgi on /, any resources to be provided by apache need to be listed as aliases.
Auth directives and host restrictions live in Location directives.
So I've disabled any apache access restrictions on things like css, and provided host/ip based access to another directory.
<VirtualHost *:80>
Servername app.domain.example
CustomLog logs/access_log combined
ErrorLog logs/error_log
DocumentRoot "/home/app/apache/app/html"
Alias /media/ /home/app/apache/app/html/media/
<Location />
Options None
AuthType Basic
AuthName "Login Prompt"
AuthUserFile /path/to/passwd.file
Require valid-user
</Location>
<Location /media>
Order allow,deny
Allow from all
Satisfy any
</Location>
WSGIDaemonProcess app user=app group=app processes=5 threads=1 display-name=app_WSGI
WSGIProcessGroup app
WSGIScriptAlias / /home/app/apache/app.wsgi
</VirtualHost>

Sure, here is example from one site:
<VirtualHost *:80>
ServerName djangoproject.domain.biz
DocumentRoot "/home/user/websites/djangoproject/website/"
WSGIDaemonProcess djangoproject python-path=/home/user/.virtualenvs/djangoproject/lib/python2
.6/site-packages/ user=user group=user threads=1
WSGIProcessGroup djangoproject
WSGIScriptAlias / /home/user/websites/djangoproject/website/django.wsgi
<Directory "/home/user/websites/djangoproject/website/">
Order deny,allow
Allow from all
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /etc/apache2/passwords
Require valid-user
</Directory>
</VirtualHost>