stackoom
  简体   繁体   中英

Deploying a Django site with sensitive code on a host

 原文  2014-07-25 16:01:45       django/ web-hosting

Question

I've been developing a site with sensitive (ie proprietary) code on my local machine, testing it using apache2, and I'm finally going to be getting it setup with a web host. I'm a bit wary because of the "Where should this code live?" note here in the Django Tutorial:

Where should this code live?

If your background is in plain old PHP (with no use of modern frameworks), you're probably used to putting code under the Web server's document root (in a place such as /var/www). With Django, you don't do that. It's not a good idea to put any of this Python code within your Web server's document root, because it risks the possibility that people may be able to view your code over the Web. That's not good for security.

Put your code in some directory outside of the document root, such as /home/mycode.

My host told me that I'll be given a /home/ directory, and that the site will live in /home/www. I'm trying to emulate this directory structure on my end before I send everything to him to make sure it goes as smoothly as possible. My question is, if I want all my code to live outside of the /www directory (per the Django tutorial recommendation above), what actually goes inside the /www directory?

My development directory structure is basically this: 

project
    db
    app1
    app2
    mysite (contains settings.py, wsgi.py, etc.)
    static
    templates (contains my base.html, and custom templates for admin, etc.)

Where app1 and app2 are Django apps I've developed to plug into mysite. So what folders / files need to go in the home/www directory, and what can safely live in home/mycode?

1 answers

solution1
 1 ACCPTED  2014-07-25 16:23:23

Your static and media (user-uploaded) folders, robots.txt etc. should be in the www directory. Basically any file that is directly served by your webserver and not through Django. Other files should live outside of this directory.

Your webserver should point all requests that are not found in the www directory towards your wsgi application, which doesn't need the code to be accessible by an url.

The reason for this is that your webserver does not execute the code in a python file, in contrast to php files. If your code lived in your web root, people could read your settings files by just going to example.com/src/settings.py . Images, plain html/text files and javascript should be read, but any code that should be executed should live outside your web root. Django will execute the files and generate the response that a user should actually see.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question deploying django site (wsgi) Host Django site on windows on lan Deploying old Django project to new host Deploying old Django site to new server Working Django site breaks when deploying with Zappa Deploying Django application in AWS. Raise Disallowed Host exception What kind of Apache access control is recommended when deploying a Django site Deploying telegram bot to production along with Django web-site JS/Jquery issue when deploying Django site on with Gunicorn/Nginx (on DigitalOcean) deploying my django site to windows server without using IIS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM