Serve static files with X-Send File

Information freshness

• As of 2014-01-10
• Debian GNU/Linux 7.3 (wheezy)/Ubuntu 13.10
• Python 2.7 (via apt-get)
• django 1.4〜1.5

Background and mod_auth_tkt issues

This is a continuation. http://qiita.com/amedama/items/3f2197cadc1ea7d6374e

• Suppose you have a project on your django website that dynamically increases or decreases
• For example, let's say you make a project management software like Redmine.
• Sometimes you want to show static files only to users who are participating in the project
• Mod_auth_tkt does not match this scenario
• It is troublesome to change the value of TKTAuthToken dynamically, or it is rather impossible if it is left as it is ...
• You can't specify Apache environment variables like% {ENV: SOMETHING}, as far as implementation is concerned.
• It may be possible to use it because Define was introduced from 2.4.
• I really wanted to fix mod_auth_tkt for a moment, but it hasn't been developed at all.
• It's a pain to manage!
• Let me share the constants used in the apache settings and the django constants.

X-SendFile

And it's X-Send File.

If this is included in the Response header, the web server under the WSGI app, that is Apache this time, will Before returning a response to the user, it expands the path and starts sending the file to the user. There are more articles around nginx, but if you put a module in another, it will work with Apache.

Evaluation of performance is ... Of course through.

Probably not if the DB contains files.

http://stackoverflow.com/questions/7296642/django-understanding-x-sendfile

For Debian / Ubuntu Apache2, include libapache2-mod-xsendfile.

# prepare "@project_member_required" by yourself
@login_required
@project_member_required
def download_project_file(request, project_name, file_name):
    response = HttpResponse()
    # prepare this function by yourself
    download_path = construct_path_from_file_name(file_name))
    response['X-Sendfile'] = download_path
    response['Content-Type'] = ''
    return response

In the above case

• If you are not logged in, the login screen will appear.
• If you are not a project member, @project_member_required will get angry (make it like that)
• Without the file Apache gets angry on the spot.

On Apache settings

XSendFile on
XSendFilePath /opt/yourproject/downloads

If you do, / opt / yourproject / downloads will be whitelisted. Conversely, if you specify the wrong path, nothing will be sent.

Reference: https://tn123.org/mod_xsendfile/

bonus

django-sendfile (https://github.com/johnsensible/django-sendfile)

The first thing that appears in the google result of "django X-SendFile" is a land mine. This is an implementation that reads a file on django, expands it, and returns it as content, which is far from efficient.

Finally

We welcome your comments.