[Please see bottom of question for latest status!]
I'm trying to set up Django with Apache + mod_wsgi on a vanilla Debian 6.0 machine.
Unfortunately, when I go to the machine's IP address in a browser, I get 403 Forbidden: You don't have permission to access / on this server. The Apache logs just say:
[Wed May 04 10:20:56 2011] [error] [client x.x.x.x] (13)Permission denied: access to / denied
So here's what I've tried to do. I've set up a new Django project at ~/fruit/myfruit, and some WSGI/Apache files at ~/fruit/apache, as follows:
**~/fruit/apache/django.wsgi**
import os
import sys
path = '~/fruit'
if path not in sys.path:
sys.path.append(path)
os.environ['DJANGO_SETTINGS_MODULE'] = 'myfruit.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
**~/fruit/apache/django_wsgi.conf**
WSGIScriptAlias / "/root/fruit/apache/django.wsgi"
<Directory "/root/fruit/apache">
Order deny,allow
Allow from all
</Directory>
And I've edited various Apache files as follows:
**/etc/apache2/httpd.conf **
LoadModule wsgi_module modules/mod_wsgi.so
Include "/root/fruit/apache/django_wsgi.conf"
**/etc/hosts**
127.0.0.1 localhost
[[my_ip_address]] debian debian
When I restart Apache (running as root), I get the following warnings:
root@debian:~/fruit/apache# /etc/init.d/apache2 restart
Restarting web server: apache2[Wed May 04 10:27:36 2011] [warn] module wsgi_module is already loaded, skipping
apache2: Could not reliably determine the server's fully qualified domain name, using [[my_ip_address]] for ServerName
... waiting [Wed May 04 10:27:37 2011] [warn] module wsgi_module is already loaded, skipping
apache2: Could not reliably determine the server's fully qualified domain name, using [[my_ip_address]] for ServerName
.
I don't know whether these are connected to the permissions error, or whether it matters that the error message is printed twice.
Please could anyone tell me what I'm doing wrong? I have little experience of Apache!
Many thanks!
UPDATE: In case it's a file permissions error, I've run chmod a+x * for all files in the myfruit and apache directories and the directories themselves, and restarted Apache. No joy.
UPDATE: I can't even connect to localhost:
root@debian:~/fruit# wget http://localhost
--2011-05-04 10:44:41-- http://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2011-05-04 10:44:41 ERROR 403: Forbidden.
UPDATE: OK solved it, by setting chmod a+x on my root directory. I don't like this at all though – surely it must be a security hole? What should I be doing instead?
Best Answer
Running any web application as root is not advisable!
As you have already figured out, it is a permissions problem. The reason you had to chmod a+x on /root is because no other user, including the user running apache, has rights to the /root directory (it should be private!).
Either serve the application using the web server's user (www-data on debian IIRC) from the /var/www folder or even better, create a completely new user.