I've got a linux machine that I use solely for (multiple) Django projects. I'm looking for the best place to put everything. Currently I'm using the following directories -
/home/Code/my_project to put the django project itself (ie the code created by start_project)
/home/Code/virtualenvs/my_project_env for the virtualenv
/home/www/my_project for apache logs
On top of this I've been keeping my static root and media root directories within the main project code -
/home/Code/my_project/static_root
/home/Code/my_project/media
The big issue I've hit with this setup is that I'm running out of disk space on /home. I feel that I should at least be keeping my static files in /var somewhere. Should the apps themselves go in /opt?
How should I set this up next time? What can I do about my disk space issues with current apps? (Is this really a sys admin question?)
Related
After getting a helpful answer from this post I want to store media on a separate harddrive on the windows server. Is it possible to make those files available via http?
I soon discovered that Plesk does not allow me to create a virtual path that points to a location outside of my website root. I want the virtual path to point to a folder on D: (an extra disk, not the same as the website root directory)
Only two possible solutions I could think of, although I can't find them any where.
1) Maybe plesk has an advanced configuration file that prevents it from overwriting certain things in IIS when it runs its maintenance jobs or updates, specifically the Virtual Path I created directly in IIS outside of plesk.
2) Maybe there is a third party component available that offers this functionality, setting virtual paths outside of web root or the config file I just mentioned in #1.
Any other solutions are also welcome.
cd "%plesk_vhosts%\"domain.tld\httpdocs
mklink /J point c:\outOfSpace
Now provide permissions to "psacln" group to c:\outOfSpace and that's it.
Also you can create "point" not in httpdocs but in web space root and than from Plesk create Virtual Folder inside /httpdocs with needed access permissions.
There is issue that your custom permissions may lost after Plesk upgrade, this KB article describe how your can avoid it kb.sp.parallels.com/111194
I have a standard ubuntu 14.04 machine. I use it daily under the user mh00h. I'm interested in using this machine as a production server. How do I manage file permissions for Django and Nginx?
Nginx is currently configured to run under the www-data:www-data. This minimizes risk of the rest of a machine being compromised. Django/gunicorn likewise should run under a user other than mh00h. But under what user should gunicorn actually be run under? nobody, correct?
Next: I am storing all of my web development files under /home/mh00h/development. Owned by mh00h. /home/mh00h/development/project1 (plus all dir/files but /media and /static)? Owned by mh00h. I follow django two-scoops best practices to create a project directory with static files inside of it. Of course, Nginx is unable to access /home/mh00h/development/project1/project1/static now because all of those parent directories are owned by mh00h, not www-data (./static is owned by www-data).
To complicate the matter, virtualenvwrapper creates my virtual environments under /home/mh00h/.virtualenvs/.
I am hesitant to fraction away from two scoop's best practices and store /static separately in /var/www, because I want all of these directories to stay nicely packaged together for easy transport off to some other server later. Plus, it makes me messy if I compare myself against how two-scoops did it.
Where should my static files be stored?
Where should django specific files be stored?
What users/groups should be able to access which of 1 and 2?
Where should virtualenvwrapper environments be stored?
What permissions should these locations have?
Thank you.
All files and directories in our production environment are owned by root:root with 755/644 file permissions, unless otherwise required. Some private files (think private keys etc.) are only readable by the user/process that needs them, while still being writable only by root.
As for the project structure: all our projects have a dedicated directory under /srv/www/vhosts.d/. Virtual environments are stored under /srv/www/virtualenvs. It is perfectly possible to store them in your home folder, but I feel this central approach is more in line with the idea of a production server. With the right settings, all virtual envs are also accessible by all users.
Our main project directory contains several scripts (manage.py and several deployment/update scripts) and is further split out into subdirectores: i.e. web contains public files, src contains the source code, and frontend contains the template folder and sass folder. The whole project directory is contained in a git repository, but deployment-specific files (user uploaded files, search indexes, encryption keys) are all in .git-ignore.
Our nginx process runs as www-data. In general each Django project has its own user, and the gunicorn process runs as this user.
This is a more general and noob question. I am developing a small application in Linux (Ubuntu, to be more precise) and at this point I have an executable, a shared library (.so), a configuration file (.conf) with some settings to be read by the application at the beginning, a data folder with images and other resources to be used during the application life-time (resources that can be also modified, deleted) and of course, I would need some file for logs and messages (right now I am using syslog).
So, my question is, where should each one of these be stored when the application is installed on a client's computer? What is the standard way of organizing all the application's files in Linux? On Windows everything would be found usually in the C:\Program Files\(App Folder) but it looks like on Linux things are more (or less) organized. Can you give me some advices on this matter?
Program data were historically stored in dot-prefixed folders in user's home directory. Modern Linux distributions tends to use ~/.config/program_name folder.
For all files that will not be modified after distibution follow Linux standard:
Ex: project dir: ABC
sub directories:
logs - keep log files
conf - keep configuration files here
bin - executable binaries here
traps - any trap mesg
then depend on what application we develop
Along with you can set level for starting your application from boot level if required.
My project resides in a shared Linux hosting server. The hosting provider, of course, has already set up the necessary directory and file ownerships relative to other server users. My concern for now is how to setup permissions within my domain so my users can have read access to the files and folders they should have and still let my scripts retain read/write access to it.
Question: What would be the recommended permissions on:
Public files and folders (read only?)
Files where uploaded files from forms are stored
Files and folders where GD and cache files are being written into
Folders where my server-side scripts are stored (I used mainly PHP)
My WWW root folder (where index.php resides)
This is a perfect example of where you need the Principle of Least Privilege. Allow ReadOnly to the webserver's user for RO content, allow writing only to a directory/files that absolutely need to be written. Explicitly deny access to things you don't want people to read (config files, htaccess, anything with paths/ip addresses/passwords), don't allow any extra processing if you're not using it (CGI executables, Server Side Includes).
The best way to do it is to start with deny everything and slowly open thing up as you go. First try serving static content, see what is the minimal amount of Apache directives/modules and filesystem ownerships and permissions to get it working. Then try some RO PHP scripts. Then try some RW PHP scripts. Then DB connectivity, and so on, you get the idea... It's a very tedious processes, and you want to plan ahead the sort of things you want to test; I tend to write long scripts with wget commands trying to do both good and bad things to the server. Make one change, restart, rerun the script, see what changes from the last time. Observe-modify-analyze, until you cant stand looking at it anymore ;)
my shared hosting only allows me to create 2 virtual directories. and i want to host multiple webapps... say an asp.net mvc blog, a forum, a personal site etc...
isnt there any other way of doing this? cant i simply just ftp the blog folder to one of my virtual directories and then access it online??
For ASP.NET web applications, typically each would live in its own virtual directory which serves as the application starting point.
Technically you could "piggy-back" two applications on the same application starting point in one of two ways:
Put all the files for each application in the same directory (and appropriate sub directories)
If you don't have ANY files that overlap, you can get away with this. Of course, it's likely that you won't with such files as the default or index pages, etc. And this would be pretty messy anyway.
Put all the non-binary files for each app in an appropriate subdirectory and the binaries in the main virtual's \bin directory.
You'll be able to do this only if each application's binary files don't overlap by name AND there are no namespace ambiguity conflicts between assemblies (two different assemblies by file name, but with the same namespace). The latter is much less likely to happen if you are trying to piggy-back two different applications.
The big problem I see with the latter solution is that any parts of the application that make use of application root references will break. When some code tries to resolve a reference to some resource (like an image) based on an application root reference such as
~/images/logo.gif
the ~ will get resolved to the virtual directory, but will not include the additional (non-virtual and non-app starting point) subdirectory in which the application lives. So instead of this:
/vd1/app1/images/logo.gif
you'll end up with this:
/vd1/images/logo.gif
Obviously, that won't work.
So... you won't break either app if you can put them both in the same virtual directory, however, you'll have to check for file conflicts and such. Possible namespace conflicts will be unavoidable without separate application starting points.
Can't you just put each app in a separate subdirectory in either of the virtual directories. e.g. if you had http://server.com/vd1, you could partition it like http://server.com/vd1/app1, http://server.com/vd1/app2, etc.