Difference between apache and lighttpd x-sendfile backends

[pkaczynski]

I think the documentation about x-sendfile for Apache and lighttpd has some wrong code imports, for example:

Then set django_downloadview.apache.XSendfileMiddleware as DOWNLOADVIEW_BACKEND:

END backend

Then, the code is a bit confusing. How is the lighttpd backend different than apache for x-sendfile? The code for django_downloadview.lighttpd.XSendfileMiddleware is quite identical to django_downloadview.apache.XSendfileMiddleware. Are there any other differences?

The reason I'm asking is that I tried to make media files private (i.e. accessible only by Djnago authenticated users) but accessed through lighttpd (like all static files, but static files are not "private") while Django is served by Apache with mod_wsgi. Is such configuration actually possible?

[benoitbryon]

I think the documentation about x-sendfile for Apache and lighttpd has some wrong code imports

True! Thanks for the report @pkaczynski :)

Cause: includes in Sphinx using "lines" Consequence: when external file changes, docs need to be changed too. Hard to check and maintain. Hypothese: we'd better use :start-after: and :end-before: instead of :lines:. See literalinclude documentation.

[pkaczynski]

np.

Can you elaborate anything on my question about dual private media serving (apache and lighttpd)?

[benoitbryon]

How is the lighttpd backend different than apache for x-sendfile? The code for django_downloadview.lighttpd.XSendfileMiddleware is quite identical to django_downloadview.apache.XSendfileMiddleware. Are there any other differences?

I think code for Apache and Lighttpd is the same, except the names.

As far as I remember, I duplicated code because Apache and Lighttpd could move apart and I was not sure factorization was a good option. That said, I'm nginx user so I don't have much experience with Apache or Lighttpd. Feedback and contribs are welcome!

[benoitbryon]

The reason I'm asking is that I tried to make media files private (i.e. accessible only by Djnago authenticated users) but accessed through lighttpd (like all static files, but static files are not "private") while Django is served by Apache with mod_wsgi. Is such configuration actually possible?

I'm not sure I understood this question... Do you mean:

• Apache serves Django
• Lighttpd disallows direct access to media files
• you would like Django to check permissions on media files, then serve them through lighttpd?

What I know is possible:

• Apache reverse-proxies Django
• Django (within Apache) checks permissions on media files, then issues a X-Sendfile response, Apache catches the X-Sendfile response and replaces it with file streaming.

At the moment, I don't know if we can mix Apache and Lighttpd.

[benoitbryon]

Maybe a sequence diagram could help understand each other (may improve documentation too):

Here is the classic (the one I know) sequence: (edited via websequencediagrams.com)

client->Apache: GET /files/sample/
Apache->Django: GET /files/sample/
note over Django: Django checks permissions on media/sample.pdf
Django->Apache: X-Sendfile media/sample.pdf\n(lightweight response,\nfile not loaded into memory)
Apache->client: sample.pdf\n(Apache actually streams the file contents)

Can you explain your use case using such a diagram?

[benoitbryon]

Here are notes about fixing the django-downloadview/lighttpd docs:

• DOWNLOADVIEW_BACKEND example is there: https://github.com/benoitbryon/django-downloadview/blob/1.9/demo/demoproject/settings.py#L80
• DOWNLOADVIEW_RULES example is there: https://github.com/benoitbryon/django-downloadview/blob/1.9/demo/demoproject/settings.py#L101-L109