Django and Serving Static Files - django

I'm hosting a site on WebFaction using Django/mod_python/Python2.5. I've recently run into the concept of static files (when setting up my Django admin).
From what I understand, serving static files is simply the idea of telling the server to serve files directly from a specific directory, rather than first routing the request through apache, then mod_python, then django, and finally back to the user. In the case of WebFaction this helps especially since there are two Apache servers that your request must go through (your app's server and the main public server).
Why is it that when I setup Django's static files, it only needs the /media folder in /contrib/admin? Is it just that all of Django's static content is related to the admin panel?
When I want to serve my own static content (images, css, etc.) should I include it in the same /media folder or set up another alias for my own content (/my_media)?

Yes, the static files used by Django are pretty much related to images, javascript and css for the admin. All other static content comes from your application. You can keep both sets (yours and the admin) under the same server. Just set the appropriate folders in the settings file.
http://docs.djangoproject.com/en/dev/ref/settings/#admin-media-prefix
http://docs.djangoproject.com/en/dev/ref/settings/#media-root
http://docs.djangoproject.com/en/dev/ref/settings/#media-url
See this post for a little more information:
Django and Static Files

Django's static files (e.g. js, css, images, etc.) are all in the media folder, and are related to the admin panel.
On WebFaction to save processing power, and more importantly memory, it is better to serve these from your secondary apache server (or even better from nginx or lighttpd) without having to go through mod_python and Django.
I use the following folder setup for my files:
media
css
js
img
etc
admin
css
js
img
See http://forum.webfaction.com/viewtopic.php?id=1981 for how to setup nginx as your secondary server on WebFaction if you are interested.

Related

How can I serve a stand-alone static app through Django

We're using django for authentication, user management, site content etc, but we have a JS tool that needs to be behind django auth as well. The tool is an html page that pulls in a couple dozen static files through relative paths in the html page (src="./someJSfile.js").
The problem is I can't figure out how to serve the html file through django but keep the relative paths intact. I can create an apache alias to that directory so that the relative paths are intact, but then the html is served through apache and bypasses auth. I would like to be able to have the html file served through a django view so that auth works, and also keep the static files in the same directory.
Is there some apache magic where I can have the html served through django but have the static served through apache using an alias, while keeping the html and static in the same directory?
Thanks in advance

I want to serve static files with permissions logic in my django project

So I've been working on a django project. Its a marketplace platform (two kinds of users - buyer & seller) and when a seller uploads files for a buyer, only those two users should have access to the uploaded files. I'm trying to figure how static files can be served with these permissions.
I'm not sure if this is relevant but I'm using nginx to serve the static files, so is there a way to add permissions logic in django to serve these static files?
A bit of Django terminology first: you're not talking about "static files" (those are the css, js, images and other assets that are part of your source) but about "media files" (user uploaded content).
Now for the technical answer: use nginx's X-Accel-Redirect feature. This delegates the permissions validation to your Django app, but still let nginx serve the file itself.

Push media files to a seperate nginx VM with Django in production

I don't know if I missed information regarding this. But I want to know how to store static files to a different VM. I've read that some recommend doing that to larger sites to seperate the load.
My current setup is that I use one computer engine with nginx, virtualenv, gunicorn etc. I use nginx to display the static files (including the media files) on the same server.
How can I push media files to a seperate nginx server when a user uploads an image? How can I obtain the same url as well?
Let's first explore the options of static resources(Javascript, CSS, Images, Fonts etc...)
You have complete control of where this static content should go during the deployment. Typically these resources will go for compression during the build process to optimize the content size to reduce the bandwidth.
Deploy the static resource on the different server(VM with ngnix) and configure that URL in the Django settings.py with STATIC_URL. If you use the cookieless domain, it will save little more bandwidth. Refer the section Use Cookie-free Domains for Components in this URL: https://developer.yahoo.com/performance/rules.html
You can use the content expiry settings for these resources to cache on the client for the specified duration.
Some best practices are mentioned in the official documentation: https://docs.djangoproject.com/en/1.10/howto/static-files/
For the media resources, you can save the files on the shared volume and run it on the different server same as static resources. You can configure that server URL in the Django settings.py with MEDIA_URL.

Nginx and Django on Dotcloud

I currently have a dotcloud app that uses django to serve everything. It works great, however, we recently had our site redone in angular.js, and I don't want to use django to serve the actual html pages (I want to just use nginx for that), but I want django to serve some links for the API we built for the angular code to use.
Is it possible for me, in the same app, to configure nginx to serve some static files for particular urls, and have it send other urls for django to serve?
I want nginx to serve my index.html page is a request comes in to wwww.example.com, but if a request for example.com/api/login/ comes in, I want that to be handled by django. Is this possible?
Yes, you can do what you are looking for, you just need to add an nginx.conf to your project and then specify which urls you want nginx to serve and which ones you want django to serve, by default they will all go to django, so you just need to specify which ones you want to be served by nginx.
Here is a link to the documentation: http://docs.dotcloud.com/0.4/guides/nginx/
Link to the nginx documentation on location blocks: http://wiki.nginx.org/HttpCoreModule#location
Here is an example for serving static files from nginx, you can use this as a guide to do what you need.
location /media/ {
root /home/dotcloud/data ;
}
location /static/ {
root /home/dotcloud/volatile ;
}

Serving uploaded images securely in Django?

My Django site lets users upload images. It's running on Apache.
Files are uploaded via a FileUpload form. The folder to which files are uploaded is outside the Django project, and protected as described here, i.e. the folder has 755 permissions and files have 644 permissions.
I now want to serve the images up to users - but I need to do it securely, so that executable scripts don't run, and so that users can't e.g. delete all the images in the directory.
My question is, how do I serve the uploaded images to users in a secure way? Can I serve them safely as static media directly from that folder, with those permissions? Or should I copy them into another directory with different permissions, and serve them from there?
I'm serving the other static media (/media/css) on the site as a separate, static application.
Thanks!
The way to do this is to configure your web server to serve files with the names it expects, and with a correct image content-type. Use Django's ImageField for some level of validation by PIL/Pillow that uploaded files are images. For this directory, disable webserver features like autogenerating directory indexes, autoserving everything from the filesystem, guessing at mime types, and running cgi scripts.