0

I am setting up a Django project and Apache on Ubuntu 20. The below setup correctly displays the Django project, however ANY URL that points to the server's IP address is served this project. I obviously need to limit this to my particular website mysite.com. ServerName is ignored.

I have looked at other question/answers. However, they usually mention httpd.conf, which is no longer used in Apache. Or, there is no accepted answer. Or, it just isn't relevant to my setup. Also, I've been told not to touch apache2.conf. This is a brand-new installation instance so no weird stuff hanging around.

I will eventually need to have multiple sites served on the same server.

Install Apache mod-wsgi:

sudo apt install apache2 apache2-utils ssl-cert libapache2-mod-wsgi
sudo a2enmod rewrite
sudo systemctl restart apache2

Set up .conf file and activate it:

Copy mysite.com.conf to /etc/apache2/sites-available

sudo a2ensite mysite.com.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2
sudo systemctl restart apache2

mysite.com.conf:

<VirtualHost *:80>

    WSGIApplicationGroup %{GLOBAL}
    WSGIDaemonProcess test_project_ns processes=1 threads=10 python-path=/home/ubuntu/test_project python-home=/home/ubuntu/test_project/test_env
    WSGIProcessGroup test_project_ns

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ServerName mysite.com
    ServerAlias www.mysite.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    <Directory /home/ubuntu/test_project/test_ui>
        <Files wsgi.py>
            Require all granted
        </Files>
    </Directory>
   
    WSGIScriptAlias / /home/ubuntu/test_project/test_ui/wsgi.py

</VirtualHost>

Result:

mysite.com correctly serves up the Django project, but so does ANY other website that points to the server.

Output of apache2ctl -S:

VirtualHost configuration:
*:80                   mysite.com (/etc/apache2/sites-enabled/mysite.com.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
user984003
  • 101
  • 1
  • 1
  • 2

1 Answers1

0

So if apache doesn't find a match for the URL, it uses the first virtual host, regardless of ServerName. I therefore added a blocking virtual host before the real one. Now all sites that don't match ServerName or ServerAlias are shown a standard forbidden message.

This also works with multiple site.com.conf files. I add the blocking virtual host to the top of each file so I don't have to worry about which virtual host is "first" when there are multiple files.

<VirtualHost *:80>
     <Location />
        Deny from all
    </Location>
</VirtualHost>
<VirtualHost *:80>

    ServerName mysite.com
    .....
        
</VirtualHost>
user984003
  • 101
  • 1
  • 1
  • 2