Django + Apache – virtual host syntax with virtual environment

In Django, Server on May 28th, 2015

In this blog, I will show how to configure Apache virtual host for Django project with virtual environment and run it as separate daemon. I will show configuration for both http and https.

Assumptions:

  1. Your Django project is in /var/www/myproject
  2. You have install virtual environment in /var/www/myproject/venv
  3. Static and media directory in your Django project is /var/www/myproject/static and /var/www/myproject/media respectively.

Virtual Host configuration for normal site (http)

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com, *.example.com

    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html

    #serve static content
    Alias /static/ /var/www/mhyproject/static/

    <Directory /var/www/mhyproject/static>
        Require all granted
    </Directory>

    #for media
    Alias /media/ /var/www/mhyproject/media/

    <Directory /var/www/mhyproject/media>
        Require all granted
    </Directory>

    # Daemon process to run WSGI app
    WSGIDaemonProcess myprocessname python-path=/var/www/mhyproject:/var/www/mhyproject/venv/lib/python2.7/site-packages
    WSGIProcessGroup myprocessname

    WSGIScriptAlias / /var/www/mhyproject/myproject/wsgi.py
    <Directory /var/www/mhyproject>
            <Files wsgi.py>
                    Require all granted
            </Files>
    </Directory>
    
    #for log
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

 

Virtual Host for https

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName example.com
        ServerAlias www.example.com, *.example.com

        ServerAdmin webmaster@localhost
        
        #serve static content
        Alias /static/ /var/www/mhyproject/static/

        <Directory /var/www/mhyproject/static>
            Require all granted
        </Directory>

        #for media
        Alias /media/ /var/www/mhyproject/media/

        <Directory /var/www/mhyproject/media>
            Require all granted
        </Directory>

        # Daemon process to run WSGI app
        WSGIDaemonProcess myprocessname python-path=/var/www/mhyproject:/var/www/mhyproject/venv/lib/python2.7/site-packages
        WSGIProcessGroup myprocessname
        
        WSGIScriptAlias / /var/www/mhyproject/myproject/wsgi.py
        <Directory /var/www/mhyproject>
                <Files wsgi.py>
                        Require all granted
                </Files>
        </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined


        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile  /etc/ssl/mycert.crt
        SSLCertificateKeyFile /etc/ssl/mykey.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/ssl/certificatebundle.crt

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        #   Notice: Most problems of broken clients are also related to the HTTP
        #   keep-alive facility, so you usually additionally want to disable
        #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
        #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
        #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
        #   "force-response-1.0" for this.
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    </VirtualHost>
</IfModule>