Asking for advice on Django deployment settings with Apache and mod_wsgi

Question

I have deployed Django with Apache and mod_wsgi following the official documentation and other posts. While I have my site working I am concerned that I may have gotten my setup wrong. I'd like some advice on my setup and if it is following best practices. Please let me know if you see problems with this setup. Thanks, Lee

wsgi.py

import os
import sys
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../../")))
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../")))
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "DjangoProject.settings")
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

settings.py

  ...
    ALLOWED_HOSTS = ['DjangoProject.example.com']
    STATIC_ROOT = "/var/www/DjangoProject/static/"
    STATIC_URL = '/static/'
    ....

/etc/apache2/apache2.conf - other settings are above this line

...
WSGIPythonPath /var/www/DjangoProject/DjangoProject:/var/www/DjangoProject/env/lib/python2.6/site-packages

/etc/apache2/httpd.conf - no other settings but this line deployed

WSGIPythonPath /var/www/DjangoProject:/var/www/DjangoProject/DjangoProject:/var/www/DjangoProject/env/lib/python2.6/site-packages

/etc/apache2/sites-available/default

NameVirtualHost *:8080
<VirtualHost *:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>


        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>


        ErrorLog ${APACHE_LOG_DIR}/error.log

        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
##############################
## DjangoProject WSGI         ##
##############################

ServerName DjangoProject.example.com
Alias /favicon.ico /var/www/DjangoProject/DjangoProject/static/favicon.ico
AliasMatch ^/([^/]*\.css) /var/www/DjangoProject/MyApp/static/MyApp/css/$1

Alias /media/  /var/www/DjangoProject/DjangoProject/media/
Alias /static/ /var/www/DjangoProject/MyApp/static/

<Directory /var/www/DjangoProject/MyApp/static>
Order deny,allow
Allow from all
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 10080 minutes"
  ExpiresByType image/jpeg "access plus 10080 minutes"
  ExpiresByType image/png "access plus 10080 minutes"
  ExpiresByType text/css "access plus 60 minutes"
  ExpiresByType text/javascript "access plus 60 minutes"
  ExpiresByType application/x-javascript "access plus 60 minutes"
  ExpiresByType text/xml "access plus 60 minutes"
ExpiresByType text/xml "access plus 60 minutes"
</IfModule>
</Directory>


<Directory /var/www/DjangoProject/DjangoProject/media>
Order deny,allow
Allow from all
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 10080 minutes"
  ExpiresByType image/jpeg "access plus 10080 minutes"
  ExpiresByType image/png "access plus 10080 minutes"
  ExpiresByType text/css "access plus 60 minutes"
  ExpiresByType text/javascript "access plus 60 minutes"
  ExpiresByType application/x-javascript "access plus 60 minutes"
  ExpiresByType text/xml "access plus 60 minutes"
</IfModule>
</Directory>


WSGIDaemonProcess DjangoProject.example.com processes=2 threads=15 display-name=%{GROUP}
    WSGIProcessGroup DjangoProject.example.com


WSGIScriptAlias /MyApp /var/www/DjangoProject/DjangoProject/wsgi.py
WSGIScriptAlias / /var/www/DjangoProject/DjangoProject/wsgi.py


<Directory /var/www/DjangoProject/DjangoProject>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
<IfModule mod_expires.c>
  ExpiresActive On
ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 10080 minutes"
  ExpiresByType image/jpeg "access plus 10080 minutes"
  ExpiresByType image/png "access plus 10080 minutes"
  ExpiresByType text/css "access plus 60 minutes"
  ExpiresByType text/javascript "access plus 60 minutes"
  ExpiresByType application/x-javascript "access plus 60 minutes"
  ExpiresByType text/xml "access plus 60 minutes"
</IfModule>
</Directory>


AddType audio/mpeg .mp1 .mp2 .mp3 .mpg .mpeg
</VirtualHost>

Answer 1

Setting:

DocumentRoot /var/www

as you have is dangerous for a start.

You should never set DocumentRoot directory to be a parent directory of where your Django project is being stored. If you stuff up other parts of your configuration it could result in your Django settings file being downloadable, including any database passwords.