I have a web application developed using Python, HTML, CSS & JavaScript.
The customer installs it in any of their own Machine and uses it through their LAN.
In short the customer sets up the webserver in any of their own machine.
Since its a web application, all the source code is open for the customer in the document root directory of webserver. I want to encrypt the whole source code in the document root directory in such a way that it should not effect the working of the web application.
Is there is any way to encrypt the Python, HTML, CSS & JavaScript for this purpose.
Best Answer
Once your customer has a program they can run, they will be able to reverse engineer it given sufficient time & skill. That is just a fact of life.
If you really want to stop it, you should host and run the software yourself (SaaS)
Having said that, something like Python will be easier than C. Let's split this into the 3 parts you asked about (and then some more)
HTML
No matter what you do here, it will be decrypted in the browser (even in the SaaS model), so encrypting it on the server is pointless. Even minifying is pointless as modern browsers like Firefox and Chrome will neatly format it for them.
CSS
See above - don't waste your time
Javascript
Yahoo has a tool that can obfuscate it for you. Try YUI Compressor. Not, don't both encrypting this on the server-side as it must be served to the client unecrypted*, which would defeat the purpose.
Python
This is the only place you really want to spend your time - protecting your business logic. There are several methods you will find on google such as encrypting on disk and then decrypting at run-time. All these methods have problems, such as performance hits and having to supply the decrypter (hence enabling them to decrypt it anyone).
Your best beat to stop those not hellbent on stealing your code would be to use an obfuscate your Python code.
Summary
The only code you can stop someone from getting is the code you don't give them. HTML, CSS & Javascript will always end up on your users machine in a manner they can use, so assume they be able to steal it if they want, tough luck.
To protect your server code, the only sure-fire method is to NOT give it to them, running it in something like a SaaS model.
If that isn't possible, the best you can do is make it harder for them.
Testing
Always make sure you test on the production version you will be supplying your customers. This ensures any special build steps (such as obfuscation & minification) do not break your software.
Boring Business Stuff
So all of the above (and your question) has addressed this issue from the technical side. The other side of the coin is from the business/legal side.
If you have a small number of clients you can provide different "watermarked" versions of your software to each client. By doing this, you increase the possibility being able to track stolen software back to the source and take whatever legal action is appropriate.
Don't forgot, if you are in a serious business, you would be best to consult a lawyer on how you can prove and enforce the ownership of your software, should things go wrong.
* not strictly true, you could serve it encrypted and have other Javascript decrypt it on the fly, but this would be near pointless as it adds a performance hit and you will have to supply the attacker with the decrypter anyway...