On 12 March 2010 03:13, virgil.balibanu <[email protected]> wrote: > Hi, I am trying to configure an apache server using mod_wsgi for > dynamic mass hosting.
Is this hosting of arbitrary applications which are provided and/or implemented by the user, or are they managed applications which the user has no ability to change the code in? At the present time I would discourage using a single instance of mod_wsgi for hosting of multiple distinct user supplied applications unless you really know what you are doing and have ensured you have done absolutely everything possible to ensure that different users code is adequately isolated. Although some hosting service companies do seem to use mod_wsgi for this type of arrangement, I never see the right types of questions being asked about how to properly secure Apache/mod_wsgi. As such I can only assume that such companies simply provide it and hope that all will be okay without really understanding where the risks lie. Anyway, that is my paranoid disclaimer so when things go custard I can say that I warned people against this model of usage. :-) > Each user will have it's own instance of a > python application located in /mnt/data/www/domains/[user_name] But will it always be Django like your configuration below suggests? Will they only ever have one Python application to host, or could they want more than one? Do the users have the ability to modify the code? If they do have the ability to modify the code, then you MUST use daemon mode with each distinct users code running as a separate user. At that point things become difficult as daemon mode configuration is static. This means you either have to change the Apache configuration every time you add a new user, or pre-specify a whole lot of daemon processes against preconfigured user accounts and later allocate users to those accounts or use user/group permissions in such a way that their application when run as that special user can still access files/directories within their real account. > and > there will be a vhost.map telling me which domain maps to each user's > directory (the directory will have the same name as the user). What i > do not know is how to write the WSGIScriptAliasMatch line so that it > also takes the path from the vhost.map file. You cant use WSGIScriptAlias(Match) in conjunction with rewrite rules, you need to fall back to lower level Apache URL mechanisms. I am not in a state of mind right now to try and explain it with a good example, so refer you to prior discussion at: http://groups.google.com/group/modwsgi/browse_frm/thread/c29dde8fbef68e0b so you can start to get an idea of what you have to go through to get close to what you want. > What i want to do is something like this: I can have on my server > different domains like www.virgilbalibanu.com or virgil.balibanu.com > and flaviu.balibanu.com where each domain would belog to another user, > the user name having no neccesary connection to the domain name. I > want to do this beacuse a user, wehn he makes an acoount receives > something like virgil.mydomain.com but if he has his own domain he can > change it later to that, for example www.virgilbalibanu.ro, and this > way I would only need to chenage the line in the vhost.map file > So far I have something like this: > > Alias /media/ /mnt/data/www/iitcms/media/ > #all media is taken from here > > RewriteEngine on > > RewriteMap lowercase int:tolower > > # define the map file > RewriteMap vhost txt:/mnt/data/www/domains/vhost.map > > #this does not work either, can;t say why atm > RewriteCond %{REQUEST_URI} ^/uploads/ > RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$ > RewriteCond ${vhost:%1} ^(/.*)$ > RewriteRule ^/(.*)$ %1/media/uploads/$1 > > #---> this I have no ideea how i could do > WSGIScriptAliasMatch ^([^/]+) /mnt/data/www/domains/$1/apache/ > django.wsgi > > <Directory "/mnt/data/www/domains"> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > Allow from all > </Directory> > > <DirectoryMatch ^/mnt/data/www/domains/([^/]+)/apache> > AllowOverride None > Options FollowSymLinks ExecCGI > Order deny,allow > Allow from all > </DirectoryMatch> > > <Directory /mnt/data/www/iitcms/media> > AllowOverride None > Options Indexes FollowSymLinks MultiViews > Order allow,deny > Allow from all > </Directory> > > <DirectoryMatch ^/mnt/data/www/domains/([^/]+)/media/uploads> > AllowOverride None > Options Indexes FollowSymLinks MultiViews > Order allow,deny > Allow from all > </DirectoryMatch> > > I know the part i did with mod_rewrite doesn't work, couldn't really > say why not but that's not as important so far, I am curious how could > i write the WSGIScriptAliasMatch line so that to accomplish my > objective. > I would be very grateful for any help, or any other ideas related to > how i can deal with this. Also it would be great if I'd manage to get > each site to run in wsgi daemon mode, thou that is not as important. As I said above, depending on what you are doing, daemon mode may well be mandatory. You certainly don't want to be running lots of fat Django instances at same time in embedded mode as the memory requirements will become excessive. Try and digest what is in that other discussion I sent you and see if you can integrate that into what you are trying and then come back with more specific questions. Graham -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
