I’m toying around with deployment options. My server setup is such that the static files of my django project are being served from a subfolder of the html-folder. The html-folder is the root for public files. When I use collectstatic in the default way, all the files get copied to a subfolder of my html-folder and everything is fine. When I use the -l option where it will create symbolic links instead, it does not work.
My knowledge about webservers is limited. I’m assuming that the problem is that I’m linking from a public location of the server into a non-public location. Can I make this work? Or would it create a security breach?
Your assumption is correct. Symbolic links do not bypass security. (Or, perhaps the more accurate way to phrase it is that the security on the target file apply, not the security on the symlink.) Note that this isn’t a webserver issue but a standard of operation of linux / Unix and Unix-style filesystems.