apache mod_wsgi basic authentication for django app

Question

I've finished a first website based on django and I'm ready to deploy on a liveserver. However, I don't want this site to be visible to the public for now while tweaking and testing.

On PHP sites I always used basic http authentication via .htaccess to make last changes. This is a two liner which denies access for the whole site.

Ideally I want to run a environment like this:

• static.mydomain.com (served by apache2 for static files)
• mydomain.com (served by apache2 with mod_wsgi latest stable release -> available for public)
• dev.mydomain.com (served by apache2 with mod_wsgi dev/testing -> not available for public (basic authentication))

Can this be done with django/apache2/mod_wsgi?

Answer 1

You could setup basic auth for your virtual host dev.mydomain.com. Look at http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html and http://httpd.apache.org/docs/2.2/vhosts/name-based.html for more details

EDIT: Your virtual host config will look somthing like:

<VirtualHost *:80>

    ServerName mydomain.com
    DocumentRoot /srv/www/wsgi

    <Directory /srv/www/wsgi>
        Order allow,deny
        Allow from all
    </Directory>

    WSGIScriptAlias / /srv/www/wsgi/app.wsgi

</VirtualHost>

<VirtualHost *:80>

    ServerName dev.mydomain.com
    DocumentRoot /srv/www/wsgi-dev

    <Directory /srv/www/wsgi-dev>
        Order allow,deny
        Allow from all
    </Directory>

    WSGIScriptAlias / /srv/www/wsgi-dev/app.wsgi

    <Location />
        AuthType Basic
        AuthName "Restricted Files"
        AuthUserFile /usr/local/apache/passwd/passwords
        Require valid-user
    </Location>

</VirtualHost>

Answer 2

mod_wsgi doesn't care if you use HTTP auth over it. The only provision would be that if you want it to be visible to the WSGI application then you'd need to use WSGIPassAuthorization, but this is not a concern in this case since Django has its own authentication scheme independent of HTTP auth.