Where do I store my django project code when using apache and mod_wsgi?

Question

I'm looking at what appears to be conflicting information on django's website.

On this page: https://docs.djangoproject.com/en/1.7/intro/tutorial01/

It says:

It’s not a good idea to put any of this Python code within your Web server’s document root, because it risks the possibility that people may be able to view your code over the Web. That’s not good for security.

Put your code in some directory outside of the document root, such as /home/mycode.

However, on this page: https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/modwsgi/ It says this is how Apache should be set up:

WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
WSGIPythonPath /path/to/mysite.com

<Directory /path/to/mysite.com/mysite>
<Files wsgi.py>
Require all granted
</Files>
</Directory>

Doesn't the latter show the project files in the www root?

So which is correct? The former or the latter?

I have used these linux commands to set up the project:

cd /home/personal/network/django
django-admin.py startproject djnet

I then put this into httpd.conf:

WSGIScriptAlias / /home/personal/network/django/djnet/wsgi.py
WSGIPythonPath /home/personal/network/django
<Directory /home/personal/network/django/djnet>
<Files wsgi.py>
Require all granted
</Files>
</Directory>

This works, but I'm worried about the "That’s not good for security" line in the first page I've referenced.

Am I supposed to put the project code generated by django-admin startproject in a directory separate from the Apache directory? If so, how would I configure Apache?

Answer 1

No, why do you say it shows the files in the document root? It doesn't, it shows them in "/path/to/mysite.com". What you have done is correct, and isn't in the web root either.