Re: [mezzanine-users] x_frame_options deny causes wysiwyg editor "insert/edit image" upload to fail
On Wed, Jan 13, 2016 at 10:50 AM, Joseph Mohanwrote: > Makes 100% sense, Doh! Of course, I look at the actual thing that I deployed and it's SAMEORIGIN not SAME-ORIGIN or SAME_ORIGIN. Sorry for the noise. -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] mezzanine.forms - using email field as mail from
You should mention to your client that it's very likely these emails will be dropped into a spam folder as forgeries. This is totally against best practices, and a terrible idea. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: help needed depoloying Mezzanine on Digital Ocean
It's probably a bad idea to put your virtualenv in /root, this is the root user's home dir. I usually create a specific user that will be running my mezzanine projects. This way you are not running gunicorn as root, but as a normal user. Really, it's a best practice to reduce the number of services running as root to as few as possible. I am fairly certain that the fabfile assumes you are running as a normal user which may account for the permission issue(s). Cheers, Matt On Sun, Apr 27, 2014 at 11:41 PM, Jared Nielsen nielsen.ja...@gmail.com wrote: So I deleted my Droplet and started fresh, following Josh's tutorial to the T. Devian 7 x64 Created a fresh local mezzanine project. But I didn't have a live_settings.py file in /deploy. So I copied one from an older project. Why wasn't a live_settings.py generated? Would one be generated later? There is a local_settings.py.templates that contains the same information. I proceeded, ran fab all and got hung up on the virtualenv. Here's my error: [oulipy.com] out: /bin/bash: line 0: cd: /root/venv: Permission denied [oulipy.com] out: Fatal error: run() received nonzero return code 1 while executing! Requested: virtualenv oulipy --distribute Executed: /bin/bash -l -c cd /root/venv virtualenv oulipy --distribute Aborting. Disconnecting from oulipy.com... done. At first I was getting an error that the directory didn't exist, so I created it. Then I tried changing permissions on the directory. But I'm stuck here. Any help is greatly appreciated. On Sunday, April 27, 2014 8:58:26 PM UTC-6, Jared Nielsen wrote: Everything about Mezzanine is awesome. Except deployment. I'm new to Mezzanine and Django and struggling to get my site deployed. I chose Digital Ocean because for their price, their documentation and Josh's fab post: http://bitofpixels.com/blog/deploying-mezzanine-to-digital-ocean-using-the-included-fabfile/ I'm attempting two approaches. 1. The first is following the Digital Ocean guidelines, beginning with this tutorial: https://www.digitalocean.com/community/articles/how-to-install-and-get-started-with-django-based-mezzanine-cms-on-ubuntu I create a droplet, login, create a virtualenv, pip install mezzanine and pillow, mezzanine-project, createdb, runserver like this: python manage.py runserver 0.0.0.0:8000 No problem. Fresh Mezzanine project in my browser. So I create a new virtualenv and directory, git clone my mezzanine project, install requirements, runserver: django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty. So I create a local_settings.py file and add a SECRET_KEY. Then runserver, and I get this error at http://my_droplet:8000 Bad Request (400) Am I wrong to think that I can run my Mezzanine project with a development server? Moving on... 2. Following Josh's tutorial: http://bitofpixels.com/blog/deploying-mezzanine-to-digital-ocean-using-the-included-fabfile/ I fill in all my settings and when I run fab all, I get: [jarednielsen.com] Executing task 'all' --- all --- --- install --- $ cat /etc/default/locale - [jarednielsen.com] Login password for 'jarednielsen': I enter my password and it times out for a moment, then asks for my password again and again. What am I missing here? Many thanks in advance. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- M. Summers ...there are no rules here -- we're trying to accomplish something. - Thomas A. Edison -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] Uploadify swf versus fileuploader.js
Hello, I'm just curious if anyone has tried replacing the flash-based filebrowser-safe uploader with the JS-based uploader from filebrowser? It appears that the successor to fileuploader.js is called fine-uploader, but you gotta build it yourself if you want to use it for free. Looks easy enough. Any interest in nuking the swf? I'll probably give it a shot today. From what I can see, it doesn't look to be too bad, and it might just be a drop-in deal. Thoughts? Cheers, Matt -- M. Summers ...there are no rules here -- we're trying to accomplish something. - Thomas A. Edison -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Re: TinyMCE dialogs not rendering over SSL
Hi there, First, tinymce uses an iframe for its pop-ups, so make sure you use: add_header X-Frame-Options SAMEORIGIN; and not: add_header X-Frame-Options DENY; I have a feeling that the issue is with the iframe coming from http in an https page. Second, you definitely do not want to over-ride SSL_FORCE_URL_PREFIXES to exclude /admin since that would yield plain text auth (==BAD). If you are interested in SSL-only site, which I highly recommend, you may want to look at HSTS. I use it like the following in both the http (providing redirect) and https server blocks. add_header Strict-Transport-Security max-age=15768000; The max-age is in seconds, feel free to set this to a longer time period. I think the max allowed is around 2 years or 63072000. You might want to add these headers too, for completion: add_header X-XSS-Protection 1; mode=block; add_header X-Content-Type-Options nosniff; Third, to make mezzanine SSL-only, I set Enable SSL to True in teh admin, and set SSL_FORCE_URL_PREFIXES=/ in my settings.py. Also a couple of things jump out at me. 1) Don't use rewrite for your redirect to https, use 'return 301', (it's more efficient). Use the following in your server block: return 301 https://www.example.com$request_uri; 2) Don't use alias in your location blocks, use root like this: location /static/ { root/path/to/project; ## The following are optional, and will not help with 404s. access_log off; log_not_found off; } Reference for that is here: http://nginx.org/en/docs/http/ngx_http_core_module.html#alias Cheers, Matt -- M. Summers ...there are no rules here -- we're trying to accomplish something. - Thomas A. Edison -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] Serving static files in development without runserver (with gunicorn)
Hello, I've seen a few threads about this in the past so I thought I would share. It's common to desire parity between dev and production environments, i.e. no change between envs. At least I generally find this to save time and energy, so towards that I generally develop Mezzanine, or any django project, using gunicorn instead of runserver. Why? Well I hate the single request nature of runserver, so that is the main reason for me. It is also the case that some core django devs would love to see runserver removed in favor of something like gunicorn. The issue has been code reloading on change, which gunicorn would not do. Well, until recently. Its not in a release yet, but gunicorn [0] now supports change detection and reloading, yay!!WIN1!! So, how do you make this transition? I've found the package dj-static [1] by Kenneth Reitz (Heroku) to be the simple, quick, elegant solution to this problem. dj-static leverages a wsgi app aptly called static [2,4] to do the actual serving. It's pretty fast efficient. Oh, its also really easy to setup too. Just collectstatic check the dj-static readme on github [3]. It handles uploaded content too. Here is a hint, use HEAD on github, DO NOT USE pypi version, its stale, although it should still work ok with python2. If you want to use python3, use HEAD (looks like it will be 0.0.6 when it's released), it uses static3 [4]. Anyway, check it out. Let me know what you think! Cheers, Matt [0] https://github.com/benoitc/gunicorn/blob/master/docs/source/settings.rst#reload [1] https://pypi.python.org/pypi/dj-static [2] https://pypi.python.org/pypi/static [3] https://github.com/kennethreitz/dj-static [4] https://pypi.python.org/pypi/static3 -- M. Summers ...there are no rules here -- we're trying to accomplish something. - Thomas A. Edison -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Fab Script ImportError: No module named future.builtins
Does that file exist? -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Default fabfile deploy, Internal Server Error
Just for reference, --log-file and --error-logfile are the same http://docs.gunicorn.org/en/latest/settings.html#errorlog Cheers, Matt -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Can't figure out why my Static Files won't load
Remove the trailing slash on your location alias directive. On Thu, Mar 27, 2014 at 6:32 PM, Kyle Pennell kpenn...@gmail.com wrote: Ah! Will try pulling that out. Thanks for the help, Stephen. On Thu, Mar 27, 2014 at 5:28 PM, Stephen McDonald st...@jupo.org wrote: On Fri, Mar 28, 2014 at 8:46 AM, Kyle Pennell kpenn...@gmail.com wrote: Triple checked my settings and can't find why my static files aren't loading. Nginx and Gunicorn are installed and working. Symbolic Link between sites-available and sites-enabled is made ── sites-available │ ├── mezzanine_app │ └── myproject ├── sites-enabled │ ├── ahalearning - ../sites-available/ahalearning │ ├── mezzanine_app - ../sites-available/mezzanine_app │ └── myproject - ../sites-available/myproject Collectstatic has been run and static files are in place: ├── deploy │ ├── crontab │ ├── gunicorn.conf.py │ ├── live_settings.py │ ├── nginx.conf │ └── supervisor.conf ├── dev.db ├── fabfile.py ├── __init__.py ├── __init__.pyc ├── local_settings.py ├── local_settings.pyc ├── manage.py ├── requirements.txt ├── settings.py ├── settings.pyc ├── static │ ├── admin │ ├── css │ ├── filebrowser │ ├── fonts │ ├── grappelli │ ├── img │ ├── js │ ├── media │ ├── mezzanine │ ├── robots.txt │ └── test ├── urls.py ├── urls.pyc └── wsgi.py STATIC_ROOT in settings.py points to the right folder (opt/myenv/mezzanine_app/static/) My nginx server settings point to the right files: /etc/nginx/sites-available server { server_name 107.170.215.138; access_log off; location /static/ { alias /opt/myenv/mezzanine_app/static/; } I think this will look for the directory /opt/myenv/mezzanine_app/static/static/ location / { proxy_pass http://127.0.0.1:8001; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; add_header P3P 'CP=ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV'; } } Nginx and Gunicorn fire up without problems. Any idea what I might be missing? Why are my static files 404'ing? -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to a topic in the Google Groups Mezzanine Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/mezzanine-users/CrUlR8jjUw0/unsubscribe. To unsubscribe from this group and all its topics, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- M. Summers ...there are no rules here -- we're trying to accomplish something. - Thomas A. Edison -- You received this message because you are subscribed to the Google Groups Mezzanine Users group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.