So I of course know that serving static files through Django will send you straight to hell but I am confused on how to use a custom url to mask the true location of the file using Django. Django: Serving a Download in a Generic View but the answer I accepted seems to be the "wrong" way of doing things.
urls.py:
url(r'^song/(?P<song_id>\d+)/download/$', song_download, name='song_download'),
views.py:
def song_download(request, song_id):
song = Song.objects.get(id=song_id)
fsock = open(os.path.join(song.path, song.filename))
response = HttpResponse(fsock, mimetype='audio/mpeg')
response['Content-Disposition'] = "attachment; filename=%s - %s.mp3" % (song.artist, song.title)
return response
This solution works perfectly but not perfectly enough it turns out. How can I avoid having a direct link to the mp3 while still serving through nginx/apache?
EDIT 1 - ADDITIONAL INFO
Currently I can get my files by using an address such as:
http://www.example.com/music/song/1692/download/
But the above mentioned method is the devil's work.
How can I accomplished what I get above while still making nginx/apache serve the media? Is this something that should be done at the webserver level? Some crazy mod_rewrite?
http://static.example.com/music/Aphex%20Twin%20-%20Richard%20D.%20James%20(V0)/10%20Logon-Rock%20Witch.mp3
EDIT 2 - ADDITIONAL ADDITIONAL INFO
I use nginx for my frontend and reverse proxy back apache/development server so I think if it does require some sort of mod_rewrite work I will have to find something that would work with nginx.
To expand on the previous answers you should be able to modify the following code and have nginx directly serve your download files whilst still having the files protected.
First of all add a location such as :
to your nginx.conf file (the internal makes this not directly accessible). Then you need a Django View something like this:
which will hand off the file download to nginx.
Both httpd and Nginx have a way to specify a static file to serve via a header. The exact header varies though, so it's best to put something in the settings to pick the method.
The basic idea is to get your Django view to redirect to a secure URL that is served by your media server.
See this list of suggestions by Graham Dumpleton, author of mod_wsgi.