Django on apache wtih mod_wsgi (Linux) - 403 Forbidden
If this is exactly your config file then i doubt the path that you're using is wrong. Please fix that first.
Set WSGIScriptAlias this to correct path.
Then your WSGI file must look something like:
import os
import sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
Apache mod_wsgi throwing error 403 Forbidden when deploying a Django project
Sorry, that I posted this a bit late. This was the final fix to my apache config that ultimately worked.
WSGIScriptAlias /basic /var/www/django/basic/basic/wsgi.py
WSGIPythonPath /var/www/django/basic/
<Directory /var/www/django/basic/basic>
Options FollowSymLinks
<Files wsgi.py>
Order allow,deny
Allow from all
</Files>
</Directory>
Alias /static /var/www/django/basic/basic/static
And this is the final version of my wsgi.py file in python. The key line of code here was the PYTHON_EGG_CACHE
. That variable was by default set to a directory that did not exist. I set it to /tmp/.python-eggs
Make sure that .python-eggs
has correct permissions for the apache user to read/write to it wherever you may place this file.
"""
WSGI config for basic project.
It exposes the WSGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/
"""
import os
import sys
path = "/usr/local/django/basic/basic/apache"
if path not in sys.path:
sys.path.append(path)
os.environ['PYTHON_EGG_CACHE'] = '/tmp/.python-eggs'
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "basic.settings")
#print os.getenv("DJANGO_SETTINGS_MODULE")
#print os.getenv("PYTHON_EGG_CACHE")
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
Side note:
- A friendly reminder to make sure that every file in your django application is readable, (and writeable if needed) by the apache user. Git once overwrote a file to an old permission I had set up once and it took me a little time to figure out the permissions had changed without realizing it.
What is causing the '403 Forbidden error' in my Apache2 server? And how can I fix it? The available fixes on the web are not working for me
I've found a solution, for now at least. I ran a sudo chmod 777
on my home folder so that literally every single file is accessible. I heard that this solution was not recommendable, but for now it will do.
I still don't know why other solutions that were posted didn't work for me, because it was of my understanding that every file that was needed to fun the server was inside the django_project folder.
I will be looking into it a bit more though, because I don't know how secure it is to have everysingle file with permisions.
403 error on Apache Server with Django application
SELinux has its own system of granting access. Your process ever has to be granted to access files on filesystem depending on SELinux context. There are some default politics and contexts defined in SELinux those are usefull for default cases of your installation. Just web files are expected to be in '/var/www'. You can mostly check the current context of files or processes using switch '-Z', see
[root@localhost]# ls -Z /var
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 www
Check the context of /srv/mysite
[root@localhost]# ls -Z /srv
drwxr-xr-x. root root system_u:object_r:var_t:s0 mysite
The Apache HTTPD server is allowed to access files with SELinux type httpd_sys_content_t byt it is NOT allowed to access files with SELinux type var_t.
1. Change the SELinux type for your directory and check the context
[root@localhost]# chcon -R -t httpd_sys_content_t /srv/mysite
[root@localhost]# ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite
Check if your webiste is working right now.
Till now it is not finished yet, while you relabel filesystem to default or if you use a daemon to check or relabel itself, you risk to lose your new labeling.
2. Make the default labaling for your directory
Create the default labeling by 'semange' and apply it on your directory by 'restorecon'
[root@localhost]# semanage fcontext -a -t httpd_sys_content_t /srv/mysite
[root@localhost]# restorecon -v -R /srv/mysite
[root@localhost]# ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite
Right now your SELinux labeling is fixed.
Note: It is possible regular expressions to define default context.
Debian: I'm not a Debian user, so the SELinux type can be a bit different, the principle is just the same, check the SELinux type of your apache directory and set it on your directory you want to be accessible from apache.
Read more at RedHat:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
Fedora SELinux documentation:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
Apache mod_wsgi error: Forbidden You don't have permission to access / on this server
The second directory block doesn't match where you have your WSGI script file installed. It is very bad practice though to stick the WSGI script file in a location where source code or other sensitive files exist, ie., same directory or sub directory. Instead you should stick it in a sub directory of its own. Thus:
WSGIScriptAlias / /home/wong2/Code/python/django2/atest/apache/setting.wsgi
<Directory "/home/wong2/Code/python/django2/atest/apache">
Order allow,deny
Allow from all
</Directory>
So, create 'apache' subdirectory under 'atest'. Move 'setting.wsgi' into that 'apache' subdirectory and change config to above.
Your problem also may be caused by restrictive permisions on your home directory as Apache cannot see inside.
Go watch:
http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations
as it explains these permissions problems as well as issues like where to stick your code and the WSGI script file.
Also read:
http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango
Django Deployment: Error 403 Forbidden You don't have permission to access / on this server
Based on Maarten's comment, I have found the answer for this problem.
- I need to change the access permissions of apache to read and execute the django project folder by using
chmod
. However, this later shows another problem below.
/etc/httpd/logs/error_log
failed to map segment from shared object permission denied mysql.
- Then I found out the error shows that Python (in the virtual environment) is unable to execute the packages (mysqlclient). Hence, the solution can be found here, which to change the security context of “httpd_sys_script_exec_t” which allows Apache to execute.
I hope this helps anyone who encounters this problem. And if there are any bad practices or mistakes that I have made, please do leave a comment.
Thank you and have a nice day.
Apache 2.4 with mod_wsgi: 403 Forbidden, don't have permission to access /calbase on this server
The section:
<Directory /EquipmentCalibration/equipcale>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
has a directory name which does match what is used in the WSGIScriptAlias
directive. One uses equipcal
and the other equipcale
. They need to match in that segment name.
Related Topics
How to Ask Bash for the Current Options
"Bad Interpreter" Error Message When Trying to Run Awk Executable
Pthread Condition Variables on Linux, Odd Behaviour
Comparison of Cat Pipe Awk Operation to Awk Command on a File
How to Get the CPU Time for a Perl System Call
Ssh Connection to Ubuntu Open Ssh-Server Requires Login on (Physical) Server via Password First
How Create a Bash Script with Another Bash Script
Calculating Memory of a Process Using Proc File System
Awk or Sed to Change Column Value in a File
How to Overlap and Merge Multiple Audio Files Using Ffmpeg
Linking a Dynamically Linked Executable with Ld
Stop Being Root in the Middle of a Script That Was Run with Sudo
Removing of Specific Line in Text File
How to Move First Column to Last Column in Unix
Linking to Modules Folder Gives Undefined Reference
Synchronize Linux System Clock to Windows Ntp Service
How to Use the Parallel Command to Exploit Multi-Core Parallelism on My MACbook