1

I'm developing my first Django application, I have installed allauth to permit openid login. I'm trying to use no-ip dns to avoid the problem of the dynamic ip, for register my app on facebook and testing from my machine. But I don't know how to make my django test server visible from outside on port 80. If I force it using sudo it gave me problems on logging to postgrel database, but if I not use sudo it says that I can't use that port (also if apache is off).

Thank you for your help.

Marco Fedele
  • 2,090
  • 2
  • 25
  • 45

3 Answers3

2

One way is to create virtual host in apache, which will use mod_wsgi to talk to a Django app.

Example:

<VirtualHost *:80>
    ServerName xxx.xxx.com
    ServerAdmin webmaster@localhost

    WSGIScriptAlias / /var/www/xxx/apache/xxx.wsgi
    Alias /static/ /var/www/xxx/static/

    DocumentRoot /var/www/xxx
    LogLevel info

    ErrorLog ${APACHE_LOG_DIR}/xxx-error.log
    CustomLog ${APACHE_LOG_DIR}/xxx-access.log combined
</VirtualHost>

Contents of xxx.wsgi:

import os, sys

apache_configuration = os.path.dirname(__file__)
project = os.path.dirname(apache_configuration)
workspace = os.path.dirname(project)
sys.path.append(workspace)
sys.path.append('/var/www/xxx')

os.environ['DJANGO_SETTINGS_MODULE'] = 'xxx.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
favoretti
  • 29,299
  • 4
  • 48
  • 61
  • It's the better solution I think, but I get this error: OperationalError: FATAL: Peer authentication failed for user "xxx" [Wed Oct 24 19:28:44 2012] [error] [client 127.0.0.1] And I can't find out how to solve this. I think it comes out from my postgres database. – Marco Fedele Oct 25 '12 at 00:47
  • And indeed it looks like Postgres. Depending on your situation you might want a password based auth. – favoretti Oct 25 '12 at 00:54
  • It seems that I found out a serious problem in my configuration. But your method works well, so accepted! – Marco Fedele Oct 25 '12 at 00:57
  • Thanks! God luck solving PostgreSQL auth. Try replacing `peer` with `md5` in `pg_hba.conf`. Unless you really want peer auth. – favoretti Oct 25 '12 at 00:58
  • I really hope they didn't literally copy all those 'xxx' values and use them as is. BTW, it is a bad idea to stick your Django project source code under DocumentRoot. One stuff up in your Apache configuration and people can download your code, including any sensitive information in your settings file. – Graham Dumpleton Oct 25 '12 at 09:32
  • @GrahamDumpleton: It was just an example of my development server config and I wanted to shadow the name of the real project :) Although I'm not sure what you mean by `One stuff up in your Apache configuration`. If you mean mis-configurations then it indeed can lead to some elevated view rights, but technically just moving out project settings file should be enough. – favoretti Oct 25 '12 at 09:38
  • I was saying that I hope that the OP didn't just copy the 'xxx' values as is. His subsequent error message had 'xxx' in it. One doesn't know for sure whether he used that actual value or was masking what he was using. I have seen too many times people not think and literally copy examples like this and then expect them to work. As to stuff up in configuration, comment out WSGIScriptAlias and ALL your code for the project is available for download. You are better off not sticking any code in DocumentRoot because of it being fallback for static files. – Graham Dumpleton Oct 25 '12 at 09:46
2

"Redirecting" port 80 to port 8000

You won't be able to bind to port 80 without using sudo, it's a protected port that only root can bind to. (Like any port below 1024)

Here's a simple iptables rules that will forward requests to port 8000 onto port 80, so you can "pretend" to access your server at port 80 while serving it at port 8000.

It only works for the loopback interface (e.g., you on your own computer talking to itself), but that should be what you need for development.

iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8000

Should you need it, for an exterior client, the rule is:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000 (edit the interface if needed)

Alternate solution

You can however have a look at this question: Is there a way for non-root processes to bind to "privileged" ports on Linux?, which indicates another solution to your issue.

Please do pay attention to the point concerning interpreted languages (such as python).

A word of warning

This is obviously only intended for development purposes. To run your app, you should be using nginx + gunicorn or apache + mod_wsgi.

Community
  • 1
  • 1
Thomas Orozco
  • 53,284
  • 11
  • 113
  • 116
  • That should be really the accepted answer. Sometimes, for dev purposes, you'd have to cut edges and not use bloated solutions like running an extra webserver – xyzman Sep 25 '20 at 10:28
1

I would use an nginx proxy pass. On Ubuntu, all you have to do is sudo apt-get install nginx, then sudo nano /etc/nginx/sites-available/default. Change the location / block to this:

location / {
    proxy_pass http://localhost:8080; #or whatever port you are using
    proxy_set_header Host $host;
}

and uncomment the listen 80; line and change it to listen 127.0.0.1:80 (this will prevent your development site from accidentally being served to the entire internet on port 80). You may also have to change the server_name if you want to do anything with /etc/hosts to make your site think it is elsewhere.

sudo service nginx start and you'll be in business. Note that nginx may need to be manually started after boot; I don't think the default is for it to start on boot every time.

Andrew Gorcester
  • 19,595
  • 7
  • 57
  • 73