I am using Nginx to server Media and Static files. I am about to allow the upload of sensitive information via Django. As I understand it, with my current setup everyone could view the content of my media and my static files folder since it is served via Nginx and isn’t protected through the Django Auth System.
How can I secure my Media and Static Files in Django / Nginx?
There are a couple different options - see django-protected-media · PyPI for an add-on that provides this facility. Also see the nginx docs at X-Accel | NGINX.
There’s also django-downloadview · PyPI
Note: We don’t use either of these. I have no direct experience with them and cannot speak to their quality / suitability of use.
While we have the need to do this as well, our usage of these types of files is so small that we serve them through Django directly. They’re an exception to our general pattern of serving static files through nginx.
first of all - thanks for being here. You don’t leave any question unanswered and help where you can! It’s as if you make the forum more welcoming in this way and set a nice and positive tone here.
So I went for
django-protected-media works like a charm with relatively few changes to my project.
I guess I could have served the files via django directly since my userbase isn’t that big and performance is rarely an issue.
So thanks for your advice and your work here Ken!