Server configurations¶
All of the bellow examples assume that:
MEDIA_ROOT
is set to/media/psf/Home/Projects/django-private-files/testproject/static/
MEDIA_URL
is set to/media/
- Protected files are stored in two subfolders
uploads
anddownloadables
- Other static files stored in
MEDIA_ROOT
should be freely downloadable
Apache¶
If you serve your static content with Apache and have mod_xsendfile you can set FILE_PROTECTION_METHOD
to xsendfile
. Turn
XSendFile
on and deny access to the directory where you store your protected files (the value of upload_to
appended to MEDIA_ROOT
).
Here’s an exmple of a vhost configuration with mod_xsendfile and mod_wsgi:
<VirtualHost *:80>
ServerName django.test
XSendFile on
alias /adminmedia/ /media/psf/Home/Projects/django-private-files/testproject/static/
alias /media/ /home/vasil/src/django-trunk/django/contrib/admin/media/
WSGIDaemonProcess django-test user=vasil group=users threads=1 processes=5
WSGIProcessGroup django-test
WSGIScriptAlias / /media/psf/Home/Projects/django-private-files/testproject/django.wsgi
<Directory /media/psf/Home/Projects/django-private-files/testproject>
Order deny,allow
Allow from all
</Directory>
<Directory /media/psf/Home/Projects/django-private-files/testproject/static/uploads>
Order deny,allow
Deny from all
</Directory>
<Directory /media/psf/Home/Projects/django-private-files/testproject/static/downloadables>
Order deny,allow
Deny from all
</Directory>
<Directory /home/vasil/src/django-trunk/django/contrib/admin>
Order deny,allow
Allow from all
</Directory>
ErrorLog /var/log/httpd/test.err.log
</VirtualHost>
lighttpd¶
Lighttpd has the same mechanism of controlling access to files from a proxy backend. The following example proxies request to django running on fcgi:
$HTTP["host"] =~ "^django.test$" {
server.errorlog = "/var/log/lighttpd/test-error.log"
accesslog.filename = "/var/log/lighttpd/test-access.log"
alias.url = (
"/adminmedia" => "/home/vasil/src/django-trunk/django/contrib/admin/media/",
"/media" => "/media/psf/Home/Projects/django-private-files/testproject/static/",
)
fastcgi.server = (
"/django.fcgi" => (
"main" => (
# Use host / port instead of socket for TCP fastcgi
"allow-x-send-file" => "enable",
"host" => "127.0.0.1",
"port" => 3033,
"check-local" => "disable",
)
),
)
url.access-deny = ( "/media/uploads/", "/media/downloadables/" )
url.rewrite-once = (
"^(/adminmedia.*)$" => "$1",
"^(/media.*)$" => "$1",
"^/django.fcgi(/.*)$" => "django.fcgi$1",
"^(/.*)$" => "django.fcgi$1",
)
}
Nginx¶
If you use nginx to serve your static files you can set the internal
directive like so:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name django.test;
location /uploads/{
internal;
root /media/psf/Home/Projects/django-private-files/testproject/static;
}
location /downloadables/{
internal;
root /media/psf/Home/Projects/django-private-files/testproject/static;
}
location /media/ {
alias /media/psf/Home/Projects/django-private-files/testproject/static/;
}
location /media/uploads/ {
deny all;
}
location /media/downloadables/ {
deny all;
}
location /adminmedia {
alias /home/vasil/src/django-trunk/django/contrib/admin/media;
}
location / {
# for a TCP host/port:
fastcgi_pass localhost:3033;
# necessary parameter
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi.conf;
# to deal with POST requests
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
}
}