Share

Question

Hi I have a project hosted on Digitalocean. What changes should i make to my project or NGINX so that media files are not served to users who are not logged in?

Answer 1

ryanpq MOD November 25, 2016

This guide will walk you through setting up basic authentication in Nginx. Additional steps might be needed if you authenticate your users in some other way or have an existing authentication system already in place.

How To Set Up Basic HTTP Authentication With Nginx on Ubuntu 14.04

by finid

In this tutorial, you'll learn how to restrict access to an Nginx-powered website using the HTTP basic authentication method on Ubuntu 14.04. HTTP basic authentication is a simple username and (hashed) password authentication method.

Report

djangouser November 25, 2016

This is totally unrelated with question asked. Need a django specific solution.

Report

ryanpq MOD November 25, 2016

I apologize, I missed that the question was tagged Django. It seems the best option for implementing this in Django is the XSendfile method which is supported by apache. This thread compares some methods and includes examples like this one;

@login_required
def serve_file(request, filename):
    fullname = myapp.settings.PRIVATE_AREA+filename
    try:
        f = file(fullname, "rb")
    except Exception, e:
        return page_not_found(request, template_name='404.html')
    try:
        wrapper = FileWrapper(f)
        response = HttpResponse(wrapper, mimetype=mimetypes.guess_type(filename)[0])
        response['Content-Length'] = os.path.getsize(fullname)
        response['Content-Disposition'] = 'attachment; filename={0}'.format(filename)
        return response
    except Exception, e:
        return page_not_found(request, template_name='500.html')

Report

Answer 2

djangouser November 25, 2016

This is totally unrelated with question asked. Need a django specific solution.

Report

ryanpq MOD November 25, 2016

I apologize, I missed that the question was tagged Django. It seems the best option for implementing this in Django is the XSendfile method which is supported by apache. This thread compares some methods and includes examples like this one;

@login_required
def serve_file(request, filename):
    fullname = myapp.settings.PRIVATE_AREA+filename
    try:
        f = file(fullname, "rb")
    except Exception, e:
        return page_not_found(request, template_name='404.html')
    try:
        wrapper = FileWrapper(f)
        response = HttpResponse(wrapper, mimetype=mimetypes.guess_type(filename)[0])
        response['Content-Length'] = os.path.getsize(fullname)
        response['Content-Disposition'] = 'attachment; filename={0}'.format(filename)
        return response
    except Exception, e:
        return page_not_found(request, template_name='500.html')

Report

Django: What setting to be done in NGINX Conf to serve media file to logged in users only.

Leave a Comment

Share

Share your Question

Django: What setting to be done in NGINX Conf to serve media file to logged in users only.

Leave a Comment

Related

question

Django, static folder and files not load and 502 Bad Gateway nginx/1.4.6(Ubuntu).

question

Django: can't load static files from template using Ubuntu 14.04/Django Droplet

question

uWSGI can't receive any request from Nginx

question

I can't get Django admin css loaded using nginx server

Almost there!