Otdfbt

Parameterize chained calls to a utility program in Bash

If I wouldn't want to read the story, is writing it still a good idea?

Why did pressing the joystick button spit out keypresses?

Find the C-factor of a vote

Is this proposal by U.S. presidential candidate Pete Buttigieg to change the composition of the Supreme Court constitutional?

How many people are necessary to maintain modern civilisation?

When can you leave off “le/la” to say “it” in French?

Can White Castle?

Explain why a line can never intersect a plane in exactly two points.

Suggested order for Amazon Prime Doctor Who series

What can I do with a research project that is my university’s intellectual property?

Is it illegal to withhold someone's passport and green card in California?

Silly doubt about tidal effects and Einstein Field Equations

If plants "alternate generations" between sporophytes and gametophytes, why don't we say the same of humans?

Do I have to explain the mechanical superiority of the player-character within the fiction of the game?

What does "play with your toy’s toys" mean?

How many children?

How long would it take to cross the Channel in 1890's?

Why do even high-end cameras often still include normal (non-cross-type) AF sensors?

How do I professionally let my manager know I'll quit over smoking in the office?

How is hair tissue mineral analysis performed?

Trainee keeps missing deadlines for independent learning

What's currently blocking the construction of the wall between Mexico and the US?

What happens to Cessna electric flaps that are moving when power is lost?

hosting static files with mod_wsgi

Directory, Proxy and Location - how to co-exist in one Apache configuration?High CPU load on Django/Apache/mod_wsgi site503 Error: Service Temporarily Unavailable (Mod_wsgi, Apache, Django) Setting environment variables in mod_wsgi for DjangoApache virtualhost - only apply script if file does not exist in document rootCannot open shared object file when restarting httpdLoading Module Into Apache - mod_wsgiIncorrect deployment of WSGI app to AWS using Elastic Beanstalktrouble deploying django under apache on centos with mod_wsgimod-wsgi one daemon for multiple VirtualHosts with different ServerNames

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

I've followed Graham's simple configuration instructions for hosting static files along with a wsgi application mounted at the domain root. And in fact, my site is working.

However, requests for static pages are being handled twice. Apache responds with the static content, but the wsgi app is also receiving the request. For example, a browser request to "myApp.domain.com/static/test.js" shows the test.js file contents in the browser, but the wsgi app is also invoked with "static/test.js" as the path.

Relevant Apache Configuration:

LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi

<VirtualHost *:80>
 DocumentRoot /var/www/myApp
 ServerName myApp.domain.com

 Alias /static/ /var/www/myApp/static/

 <Directory /var/www/myApp/static>
 Order deny,allow
 Allow from all
 </Directory>

 WSGIScriptAlias / /var/www/myApp/app.wsgi

 <Directory /var/www/myApp>
 Order allow,deny
 Allow from all
 </Directory>


 WSGIDaemonProcess myAppName processes=1
 WSGIProcessGroup myAppName
</VirtualHost>

What do I need to change in my apache configuration to prevent request at myApp.domain.com/static/ from being passed to the wsgi application? Hopefully I just have a typo somewhere...

---

Edit: Can no longer reproduce this behavior.

mod-wsgi

share|improve this question

edited Jul 18 '12 at 4:08

jmilloy

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

add a comment | 

1

I've followed Graham's simple configuration instructions for hosting static files along with a wsgi application mounted at the domain root. And in fact, my site is working.

However, requests for static pages are being handled twice. Apache responds with the static content, but the wsgi app is also receiving the request. For example, a browser request to "myApp.domain.com/static/test.js" shows the test.js file contents in the browser, but the wsgi app is also invoked with "static/test.js" as the path.

Relevant Apache Configuration:

LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi

<VirtualHost *:80>
 DocumentRoot /var/www/myApp
 ServerName myApp.domain.com

 Alias /static/ /var/www/myApp/static/

 <Directory /var/www/myApp/static>
 Order deny,allow
 Allow from all
 </Directory>

 WSGIScriptAlias / /var/www/myApp/app.wsgi

 <Directory /var/www/myApp>
 Order allow,deny
 Allow from all
 </Directory>


 WSGIDaemonProcess myAppName processes=1
 WSGIProcessGroup myAppName
</VirtualHost>

What do I need to change in my apache configuration to prevent request at myApp.domain.com/static/ from being passed to the wsgi application? Hopefully I just have a typo somewhere...

---

Edit: Can no longer reproduce this behavior.

mod-wsgi

share|improve this question

edited Jul 18 '12 at 4:08

jmilloy

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

add a comment | 

I've followed Graham's simple configuration instructions for hosting static files along with a wsgi application mounted at the domain root. And in fact, my site is working.

However, requests for static pages are being handled twice. Apache responds with the static content, but the wsgi app is also receiving the request. For example, a browser request to "myApp.domain.com/static/test.js" shows the test.js file contents in the browser, but the wsgi app is also invoked with "static/test.js" as the path.

Relevant Apache Configuration:

LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi

<VirtualHost *:80>
 DocumentRoot /var/www/myApp
 ServerName myApp.domain.com

 Alias /static/ /var/www/myApp/static/

 <Directory /var/www/myApp/static>
 Order deny,allow
 Allow from all
 </Directory>

 WSGIScriptAlias / /var/www/myApp/app.wsgi

 <Directory /var/www/myApp>
 Order allow,deny
 Allow from all
 </Directory>


 WSGIDaemonProcess myAppName processes=1
 WSGIProcessGroup myAppName
</VirtualHost>

What do I need to change in my apache configuration to prevent request at myApp.domain.com/static/ from being passed to the wsgi application? Hopefully I just have a typo somewhere...

---

Edit: Can no longer reproduce this behavior.

mod-wsgi

share|improve this question

edited Jul 18 '12 at 4:08

jmilloy

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi

<VirtualHost *:80>
 DocumentRoot /var/www/myApp
 ServerName myApp.domain.com

 Alias /static/ /var/www/myApp/static/

 <Directory /var/www/myApp/static>
 Order deny,allow
 Allow from all
 </Directory>

 WSGIScriptAlias / /var/www/myApp/app.wsgi

 <Directory /var/www/myApp>
 Order allow,deny
 Allow from all
 </Directory>


 WSGIDaemonProcess myAppName processes=1
 WSGIProcessGroup myAppName
</VirtualHost>

share|improve this question

edited Jul 18 '12 at 4:08

jmilloy

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

share|improve this question

edited Jul 18 '12 at 4:08

jmilloy

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

asked Jul 18 '12 at 1:10

jmilloyjmilloy

128119

1 Answer
1

active

oldest

votes

0

For security reasons, you should not set:

DocumentRoot /var/www/myApp

Or more specifically, you should not set DocumentRoot to be a parent directory of where your application source code is. This is dangerous because if you accidentally comment out WSGIScriptAlias, your source code will be downloadable. Leave DocumentRoot out so uses default, or point it at an empty directory.

As for your problem, what evidence are you seeing that your application is being hit by URL for static files?

share|improve this answer

edited Jul 18 '12 at 5:38

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It's not a Django application. I just put in a print statement in the application method. It prints to the apache logs once if I request, say, a static javascript file through the browser. It prints three times when I go through the app (once like it should, returning html, and then once for the static css file and once for the static javascript file that are included in the html.
  
  – jmilloy
  Jul 18 '12 at 3:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Currently there is not really any application source code, just like 15 lines in the app.wsgi file, so I'll worry about those security issues when they becomes appropriate.
  
  – jmilloy
  Jul 18 '12 at 3:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well now I can't reproduce. Woohoo for waiting two hours. I'll monitor but I don't know that I need more help, will probably delete the question in the morning if it's still behaving normally.
  
  – jmilloy
  Jul 18 '12 at 4:05
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Did you actually print out the value of environ['PATH_INFO'] to validate what was being requested? Are you sure it wasn't your browser requesting favicon.ico? Disappointing that this got a down vote considering it points out a valid security issue with your configuration.
  
  – Graham Dumpleton
  Jul 18 '12 at 5:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well, I don't know who strolled by and down-voted you, and I don't really get it. The security issue doesn't really have anything to do with the question, but I always appreciate it that you are so responsive to every question about wsgi on stackoverflow and here. Thanks. As for the issue - is it only a security issues because I might accidentally comment out the script alias?
  
  – jmilloy
  Jul 18 '12 at 14:18
  
  

  
  
  
  

 | 
show 1 more comment

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f408687%2fhosting-static-files-with-mod-wsgi%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

For security reasons, you should not set:

DocumentRoot /var/www/myApp

Or more specifically, you should not set DocumentRoot to be a parent directory of where your application source code is. This is dangerous because if you accidentally comment out WSGIScriptAlias, your source code will be downloadable. Leave DocumentRoot out so uses default, or point it at an empty directory.

As for your problem, what evidence are you seeing that your application is being hit by URL for static files?

share|improve this answer

edited Jul 18 '12 at 5:38

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It's not a Django application. I just put in a print statement in the application method. It prints to the apache logs once if I request, say, a static javascript file through the browser. It prints three times when I go through the app (once like it should, returning html, and then once for the static css file and once for the static javascript file that are included in the html.
  
  – jmilloy
  Jul 18 '12 at 3:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Currently there is not really any application source code, just like 15 lines in the app.wsgi file, so I'll worry about those security issues when they becomes appropriate.
  
  – jmilloy
  Jul 18 '12 at 3:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well now I can't reproduce. Woohoo for waiting two hours. I'll monitor but I don't know that I need more help, will probably delete the question in the morning if it's still behaving normally.
  
  – jmilloy
  Jul 18 '12 at 4:05
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Did you actually print out the value of environ['PATH_INFO'] to validate what was being requested? Are you sure it wasn't your browser requesting favicon.ico? Disappointing that this got a down vote considering it points out a valid security issue with your configuration.
  
  – Graham Dumpleton
  Jul 18 '12 at 5:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well, I don't know who strolled by and down-voted you, and I don't really get it. The security issue doesn't really have anything to do with the question, but I always appreciate it that you are so responsive to every question about wsgi on stackoverflow and here. Thanks. As for the issue - is it only a security issues because I might accidentally comment out the script alias?
  
  – jmilloy
  Jul 18 '12 at 14:18
  
  

  
  
  
  

 | 
show 1 more comment

0

For security reasons, you should not set:

DocumentRoot /var/www/myApp

Or more specifically, you should not set DocumentRoot to be a parent directory of where your application source code is. This is dangerous because if you accidentally comment out WSGIScriptAlias, your source code will be downloadable. Leave DocumentRoot out so uses default, or point it at an empty directory.

As for your problem, what evidence are you seeing that your application is being hit by URL for static files?

share|improve this answer

edited Jul 18 '12 at 5:38

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It's not a Django application. I just put in a print statement in the application method. It prints to the apache logs once if I request, say, a static javascript file through the browser. It prints three times when I go through the app (once like it should, returning html, and then once for the static css file and once for the static javascript file that are included in the html.
  
  – jmilloy
  Jul 18 '12 at 3:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Currently there is not really any application source code, just like 15 lines in the app.wsgi file, so I'll worry about those security issues when they becomes appropriate.
  
  – jmilloy
  Jul 18 '12 at 3:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well now I can't reproduce. Woohoo for waiting two hours. I'll monitor but I don't know that I need more help, will probably delete the question in the morning if it's still behaving normally.
  
  – jmilloy
  Jul 18 '12 at 4:05
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Did you actually print out the value of environ['PATH_INFO'] to validate what was being requested? Are you sure it wasn't your browser requesting favicon.ico? Disappointing that this got a down vote considering it points out a valid security issue with your configuration.
  
  – Graham Dumpleton
  Jul 18 '12 at 5:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well, I don't know who strolled by and down-voted you, and I don't really get it. The security issue doesn't really have anything to do with the question, but I always appreciate it that you are so responsive to every question about wsgi on stackoverflow and here. Thanks. As for the issue - is it only a security issues because I might accidentally comment out the script alias?
  
  – jmilloy
  Jul 18 '12 at 14:18
  
  

  
  
  
  

 | 
show 1 more comment

For security reasons, you should not set:

DocumentRoot /var/www/myApp

Or more specifically, you should not set DocumentRoot to be a parent directory of where your application source code is. This is dangerous because if you accidentally comment out WSGIScriptAlias, your source code will be downloadable. Leave DocumentRoot out so uses default, or point it at an empty directory.

As for your problem, what evidence are you seeing that your application is being hit by URL for static files?

share|improve this answer

edited Jul 18 '12 at 5:38

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

DocumentRoot /var/www/myApp

share|improve this answer

edited Jul 18 '12 at 5:38

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519

answered Jul 18 '12 at 3:16

Graham DumpletonGraham Dumpleton

5,53721519