Where to put django files on server?

Question

I have a question. I work with one guy who is developing in Php, I am developing in Django right know. This is my first time doing something for other people and he firstly asked me to put my application to Apache Web server document root(I think he didn't know that much about Django, and he did everything this way), so I did it, because I didn't know that much about Apache and servers. But right know I am scared because I have all the python files in document root and I realized that this Web server document root \www\myproject might be accessible to other people. How should I change it, where should I put it, what is the best practice? I am deploying with mod_wsgi and Apache 2.4. In the documentation it says, that I shouldn't put code in Web server document root too, but if I put it somewhere else can I access it the same way, like I used to when it was on the Web server document root? Will I have to do something other than changing paths in Apache config?

Answer 1

You should put the Django project anywhere on the machine except for the apache document root, for security reasons as you have pointed out. You can then configure apache to pint to the location of your wsgi.py which can live in the Django project if you wish:

WSGIScriptAlias / <path to the wsgi.py>

I'm not aware of a standard place to put the Django project root directory, I guess it depends on the OS and the distribution.