Apache Multiple Django Sites Including Root - apache

I would like to serve multiple django apps using mod_wsgi including one at root. Currently my apache config looks like this:
WSGIScriptAlias /app1 /path/to/app1/wsgi.py
<Directory /path/to/app1>
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias /app2 /path/to/app2/wsgi.py
<Directory /path/to/app2>
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /path/to/main-app/wsgi.py
<Directory /path/to/main-app>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
If i switch that last directive to /main it works fine, but if i try to serve that last directive as written then apache searches for /app1/folder one in /folder1 and i get 500 errors for each of the first two directive. Is there a way too do this, outside of configuring app1.servername and app2.servername?

Do you really mean for /app2 to map to /path/to/app1/wsgi.py?
Other than that, there is nothing wrong with that Apache configuration snippet.
Make sure you are not wrongly setting FORCE_SCRIPT_NAME in your Django settings file.
Make sure you aren't use setdefault() in wsgi.py for Django to set DJANGO_SETTINGS_MODULE. See:
http://blog.dscpl.com.au/2012/10/requests-running-in-wrong-django.html

Related

Why some directives in Apache vhost don't work with Ghost?

CONTEXT. I work on a server running Centos 8.3 with Apache 2.4.37.
In Apache's vhosts.conf configuration file I have this vhost for one of my websites:
<VirtualHost *:80>
ServerAdmin se#site.com
DocumentRoot /var/www/html/site
ServerName site.com
ErrorLog /var/log/httpd/admin-site.com-error_log
CustomLog /var/log/httpd/admin-site.com-access_log common
<Directory "/var/www/html/site">
Options SymLinksIfOwnerMatch
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<Files ~ "test\.txt">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch "\.(txt|png)$">
Order Allow,Deny
Deny from all
</FilesMatch>
</VirtualHost>
I have these two different scenarios:
If in the DocumentRoot folder I put only static files (html, css, images, etc), the Files and FilesMatch directives work perfectly and the frontend looks excellent.
If I put a Ghost installation in the DocumentRoot folder, I necessarily have to add the following Proxy directives to the vhost. And when doing so, the frontend looks great too, but the Files and FilesMatch directives NOT work at all, i.e. the browser allows me to open site.com/test.txt and site.com /file.png, when they shouldn't open.
ProxyRequests off
ProxyPass / http://localhost:2368/
ProxyPassReverse / http://localhost:2368/
Any ideas how to get the Files and FilesMatch directives to work on my Ghost installation?
I already tried this:
For those thinking about .htaccess. If I activate AllowOverride so that the .htaccess is read: I already tried and the directives in the .htaccess don't work either.
For those thinking of Deny from all. I know Deny from all is for Apache 2.2, and for 2.4 Require all denied should be used. I have done tests and in my Apache 2.4 the Require does not work, it only works Deny from all.

What could cause deny,allow directive to be ignored in .htaccess?

I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>

How can I serve multiple sites with apache based on the URL

I have two separate Django projects that I want to serve up from the same machine. I'm trying to set up my VirtualHost configurations in apache to serve them up. I know I can serve them up on separate ports, but I'd rather do it based on the request URL. So example.com/app1 would go to one app and example.com/app2 would go to the other. ServerName and ServerAlias won't work since they only look at the Host, which in both cases would just be example.com. Is there any way to do this?
The ServerPath directive looked promising but it looks like, since it was only meant as a fallback for older browsers, apache only looks at ServerPath if the browser doesn't supply the Host field in the request.
Update: Here is what the VirtualHost configuration for my first app looks right now.
<VirtualHost *:80>
ServerAlias *
WSGIScriptAlias /app1 /home/eyuelt/app1/app1/wsgi.py
Alias /app1/static /home/eyuelt/app1/staticfiles
<Directory /home/eyuelt/app1/app1>
<Files wsgi.py>
Order deny,allow
Require all granted
</Files>
</Directory>
<Directory /home/eyuelt/app1/staticfiles>
AllowOverride None
Order deny,allow
Require all granted
</Directory>
</VirtualHost>

How to block URL pattern using Apache with mod_wsgi

I have a web2py application run under Apache via mod_wsgi. How do I restrict access to the admin page (www.myapp.com/admin) based on source IP?
Ideally, I do it directly within Apache for two reasons: 1) I assume that Apache has more effective access to the source IP [citation needed] and 2) I don't feel like modifying the stock admin page in web2py to block specific IPs.
My (abridged) configuration looks something like this:
<VirtualHost *:80>
WSGIDaemonProcess web2py user=myapp group=myapp
WSGIProcessGroup web2py
WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py
TimeOut 45
ServerName myapp.com
ServerAlias www.myapp.com
<Directory /home/myapp/myapp>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
#======================================
# THIS IS WHAT I TRIED THAT DIDN'T WORK
<Directory /home/myapp/myapp/admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
#======================================
AliasMatch ^/static/(.*) \
/home/myapp/myapp/applications/myapp/static/$1
<Directory /home/myapp/myapp/applications/myapp/static/>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
# HTTPS enforcement
# Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
RedirectMatch ^/a(.*) https://myapp.com/a$1
RedirectMatch ^/c/(.*) https://myapp.com/c/$1
RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1
CustomLog /var/log/apache2/access.log common
ErrorLog /var/log/apache2/error.log
</VirtualHost>
Note that I have a similar VirtualHost for port 443. I just didn't include it for the sake of redundancy.
Normally, it is my understanding that I could use something like the directory notation to deny access to certain directories. However, the above didn't work and I wonder if it has to do with the WSGIScriptAlias directive.
Use:
<Location /admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>

Symfony 1.4 under a userdir in Apache

I have users who want to run their own Symfony projects under their home directories, but I can't get Symfony to work properly. In my Apache2 config file, I set the userdir as:
UserDir sfproject/web
But the DocumentRoot has to be:
/var/www/sfproject/web
This requirement is there because when we deploy the code to production, we don't want to change the Apache config file. And everything is going to be under that directory.
The problem is that when we go to a user directory: dev.server.com/~asdf
Symfony gives a 404 error: Empty module and/or action after parsing the URL "/index.php" (/).
I don't understand what's wrong. We want them to see their individual projects in their home directories. I looked at some other people setting up Symfony in shared hosting environments, but this is not a shared hosting environment. This is a dedicated server and I have root. Thank you for your help. Here is the relevant parts of my Apache config:
UserDir sfproject/web
<Directory "/usr/share/php/data/symfony/web/sf">
AllowOverride All
Allow from All
</Directory>
<VirtualHost *>
DocumentRoot "/var/www/sfproject/web"
DirectoryIndex index.php
<Directory "/var/www/sfproject/web">
AllowOverride All
Allow from All
</Directory>
Alias /sf /usr/share/php/data/symfony/web/sf
<Directory "/usr/data/symfony/web/sf">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
I think something like the following would be closer to a solution.
<VirtualHost *>
DocumentRoot "/var/www/sfproject/web"
DirectoryIndex index.php
<Directory "/var/www/sfproject/web">
AllowOverride All
Allow from All
</Directory>
# or is the dir /usr/share/php/data/symfony/data/web/sf ?
Alias /sf /usr/share/php/data/symfony/lib/vendor/symfony/data/web/sf
<Directory "/usr/share/php/data/symfony/lib/vendor/symfony/data/web/sf">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
The paths from your excerpt does not look good I guess. Try it out and let us know if it works.