Page 3: SELinux Policy Configuration and Apache Setup (Gunicorn/mod_wsgi Integration)

Configure CentOS's SELinux security policies to allow Apache and your Django application to function correctly, and set up the Apache web server to serve your Django application and static files. This section presents both Gunicorn and mod_wsgi integration methods.


5. SELinux Policy Configuration

Specify the SELinux security context for the Django project directory (/home/hello) to allow Apache access, and enable Apache to connect to the network and read user content.

sudo semanage fcontext -a -t httpd_sys_content_t "/home/hello(/.*)?" # /home/hello 디렉토리 및 하위 파일에 Apache 웹 콘텐츠 타입 지정
sudo restorecon -Rv /home/hello # SELinux 컨텍스트 복원
sudo setsebool -P httpd_can_network_connect on # Allow Apache to connect to network (e.g., Gunicorn socket access, DB connections)
sudo setsebool -P httpd_read_user_content on # Allow Apache to read user content

6. Apache Configuration (Gunicorn Integration)

Create the /etc/httpd/conf.d/hello.conf file to configure Apache to serve your Django project via Gunicorn. Apache will proxy requests to Gunicorn's TCP address and port using the mod_proxy module. (Recommended)

cat | sudo tee /etc/httpd/conf.d/hello.conf > /dev/null << EOF
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName your_domain_or_ip # Change to your actual server domain or IP
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/
    Alias /static /home/hello/static
    <Directory /home/hello/static> # Static files directory configuration
        Require all granted
    </Directory>
    ErrorLog /var/log/httpd/hello_error.log
    CustomLog /var/log/httpd/hello_access.log combined
</VirtualHost>
EOF

Note: Apache's mod_proxy and mod_proxy_http modules must be enabled. (Typically enabled by default upon installation)


6. Apache Configuration (mod_wsgi Integration)

Create the /etc/httpd/conf.d/hello.conf file to configure Apache to serve your Django application directly. This method uses the mod_wsgi module. (Optional)

cat | sudo tee /etc/httpd/conf.d/hello.conf > /dev/null << EOF
WSGIDaemonProcess hello python-home=/home/hello/venv python-path=/home/hello
WSGIProcessGroup hello
WSGIScriptAlias / /home/hello/config/wsgi.py
<Directory /home/hello/config> # Directory where the WSGI file is located
    <Files wsgi.py>
        Require all granted
    </Files>
</Directory>
Alias /static /home/hello/static
<Directory /home/hello/static> # Static files directory configuration
    Require all granted
</Directory>
EOF

Note: If using this method, you must execute `pip install mod_wsgi` in Page 1.