我是否必须将我的 wsgi.py 从我的 django 项目文件夹中分离出来?
Do I have to isolate my wsgi.py from my django project folder?
我应该把我的 wsgi.py 放在哪里?
我必须将它与我的 django 项目文件夹隔离吗?
我应该将我的 django 项目文件夹移到我的主目录之外吗?
目前我将我的 django 项目文件夹复制到 /home/username/djangosites/project/
我的 wsgi.py 在文件夹 /home/username/djangosites/project/project/
中
在同一个文件夹中有像 settings.py urls.py ...
这样的文件
来自 modwsgi 文档:
"Note that it is highly recommended that the WSGI application script
file in this case NOT be placed within the existing DocumentRoot for
your main Apache installation, or the particular site you are setting
it up for. This is because if that directory is otherwise being used
as a source of static files, the source code for your application
might be able to be downloaded.
You also should not use the home directory of a user account, as to do
that would mean allowing Apache to serve up any files in that account.
In this case any misconfiguration of Apache could end up exposing your
whole account for downloading.
It is thus recommended that a special directory be setup distinct from
other directories and that the only thing in that directory be the
WSGI application script file, and if necessary any support files it
requires."
让 wsgi.py 但不要使 DocumentRoot 像 /home/username/djangosites/project/ 这样会暴露您的 Python 脚本源代码,这对恶意用户来说肯定非常有帮助。
您需要公开的只是 STATIC_ROOT(在 STATIC_URL 上)和 MEDIA_ROOT(在 MEDIA_URL 上),您可以为此使用 Alias 指令。另一种解决方案是使用 dj-static.
我应该把我的 wsgi.py 放在哪里?
我必须将它与我的 django 项目文件夹隔离吗?
我应该将我的 django 项目文件夹移到我的主目录之外吗?
目前我将我的 django 项目文件夹复制到 /home/username/djangosites/project/
我的 wsgi.py 在文件夹 /home/username/djangosites/project/project/
中
在同一个文件夹中有像 settings.py urls.py ...
来自 modwsgi 文档:
"Note that it is highly recommended that the WSGI application script file in this case NOT be placed within the existing DocumentRoot for your main Apache installation, or the particular site you are setting it up for. This is because if that directory is otherwise being used as a source of static files, the source code for your application might be able to be downloaded.
You also should not use the home directory of a user account, as to do that would mean allowing Apache to serve up any files in that account. In this case any misconfiguration of Apache could end up exposing your whole account for downloading.
It is thus recommended that a special directory be setup distinct from other directories and that the only thing in that directory be the WSGI application script file, and if necessary any support files it requires."
让 wsgi.py 但不要使 DocumentRoot 像 /home/username/djangosites/project/ 这样会暴露您的 Python 脚本源代码,这对恶意用户来说肯定非常有帮助。
您需要公开的只是 STATIC_ROOT(在 STATIC_URL 上)和 MEDIA_ROOT(在 MEDIA_URL 上),您可以为此使用 Alias 指令。另一种解决方案是使用 dj-static.