where should I place my wsgi.py?
Do I have to isolate it from my django project folder?
Should I move my django project folder outside of my home directory?
Currently I copied my django project folder to /home/username/djangosites/project/
and my wsgi.py is in the folder /home/username/djangosites/project/project/
In the same folder there are files like settings.py urls.py ...
From the modwsgi documentation:
"Note that it is highly recommended that the WSGI application script
file in this case NOT be placed within the existing DocumentRoot for
your main Apache installation, or the particular site you are setting
it up for. This is because if that directory is otherwise being used
as a source of static files, the source code for your application
might be able to be downloaded.
You also should not use the home directory of a user account, as to do
that would mean allowing Apache to serve up any files in that account.
In this case any misconfiguration of Apache could end up exposing your
whole account for downloading.
It is thus recommended that a special directory be setup distinct from
other directories and that the only thing in that directory be the
WSGI application script file, and if necessary any support files it
Let wsgi.py but don't make DocumentRoot anything like /home/username/djangosites/project/ which would expose your Python scripts source code, which would definitely be very helpful to malicious users.
All you need to expose is STATIC_ROOT (on STATIC_URL) and MEDIA_ROOT (on MEDIA_URL), you can use the Alias directive for that. Another solution is to use dj-static.