7 Critical Django Production Server Settings to Configure Before Going Live
Вставка
- Опубліковано 14 жов 2024
- Learn how to configure a Django production server with settings that ensure your Python website is secure before releasing it to the public. In addition to installing an SSL certificate and verifying the deployment with python manage.py check --deploy, these Django settings include:
• SECRET_KEY
• SESSION_COOKIE_SECURE
• CSRF_COOKIE_SECURE
• SECURE_SSL_REDIRECT
• SECURE_HSTS_SECONDS
• SECURE_HSTS_PRELOAD
• SECURE_HSTS_INCLUDE_SUBDOMAINS
• ALLOWED_HOSTS
• DEBUG
• STATIC_ROOT
• STATIC_URL
Check out my short domain name search engine that was featured in this video micro.domains
0:57 Hide the secret key
2:25 Install SSL certificate
2:53 HTTPS settings
3:35 HSTS settings
4:45 ALLOWED_HOSTS
5:15 Turn off debug
6:10 Copy static files
7:11 Run the deployment checklist
Code snippets and more at tonyteaches.te...
Check out my vlog channel @TonyFlorida
#django
Dude, I'm so grateful to you for the work you've done on all of your videos
I appreciate that!
Clear, concise, competent and to the point. Thank you!
You're welcome! Subscribe for more :)
This is the first time am actually seeing someone on UA-cam shows with detail how to configure settings for Django production environment....i really appreciate you much on this....please can you make a video on how to deployment django with ability to send emails?? And with postgresql as the database???.....Thanks alot
Probably not postgres but I will consider a Django email tutorial :)
1:32 - As for the secret key, also recommended to check the module 'decouple'. It does the same thing but in more elegant way.
Thanks for the tip Daniel
Or dotenv.
Modules like these also help to hide other credentials like database name password and username etc
Great Video! Straight to the point, no time wasted just awesome :). Keep up the good work.
I appreciate that 😊
Fucking amazing how quickly and concisely you could share all this information. And with very clear pronunciation too! Coming here in the future for any other django information I need.
🙏🙏🙏
Very nice, thank you!
Have you made a video about deploying a Django site to a PaaS?? I feel IaaS is too hard and complicated for beginners like me. I don't feel i need all that control and setup a full Linux server from scratch for a simple portfolio website.
This was an amazing video, learnt quite a lot of things which turned out to be very important! Thank you so much :)
Sure thing!
Thank you so much for helping me figure this out. There were quite a number of settings I skipped on my production site settings.py file. Thanks once again.
You're welcome Keno !
What a solid video. Thanks! I just implemented these changes on my site!
Glad it was helpful John!
Great tutorial sir do we have to change the file upload settings also
Best Tutorial i have ever seen! Your Awsome!
Thanks!!
Great video thank you , i have issue with deploying project with Django corntab its works normally in local but in after production its not working anymore any hint to fix this issue
What a great video with a great recommendations, thank you
You are so welcome!
Good work!
Please, make a tutorial to full deploy in Namecheap hosting... they have an strange way to serve static files for Admin panel
Found this video in the right time💯💯🤗😊
handsome, smart, and well rich too, man many thanks 😀😀
You're welcome!
Tony. Tony. Tony. You are awesome!
Thank you kindly
Is it best practice to use the same database for development and production?
Wow this was super helpful, thanks!
Glad it was helpful!
Subscribed 🙌 can please make a video on how to access static files if you're hosting static files in digital ocean spaces ...i have hosted my static files in digital ocean spaces and I am not able to change anything on those files ..i have search online about it but they says AWS S3 is not mutable i have to download the files and edit the hosted file and then re-upload it which is not convenient ..
Hey Tony! Thanks for the video! I have a problem with a Django deployment, how can I hide the "Server" header? It's something i am being asked to do but I don't seem to find a way to hide/remove it. Thank you!
I am so grateful. God bless you son.
I'm happy to help :)
precise content man.. good job.
Appreciate it!
Thank you!
Thank you so much this was so useful 🙏🏻
Btw,I’m trying to serve my media files from a file hosting service that is connected to my main domain as a sub domain.
I don’t know how should i tell Django to upload video files(inside media) to the other host..
Any help will be appreciated🙏🏻
Thank you so much🙏🏻
Thanks! Sorry I don't have experience with Django uploads
I was wondering what is the purpose of the secure key and why we need to hide it. Also what about the database connection string? Should we hide that as well ?
You can see the official documentation for these values here docs.djangoproject.com/en/3.2/ref/settings/#secret-key
@@TonyTeachesTech Cool Thx
Brief and Straight to the point. Thanks. How could i solve this error: [Errno 99] Cannot assign requested address while registering users via email confirmation. Everything seems to work fine in development.
Hi Joel, I'm not familiar with that error. Sorry
Un muy buen video felicitaciones por tu trabajo es un canal muy vacano de seguir (Y)
nice information bro
Thanks :)
So I am having issue, I hosted my project with render with a DB SQLite and when ever I update a listing in my admin after a few hours it resets/removes my listing I can’t seem to find my way around this please help
Grt work bro,thnx a lot
You're welcome!!
Cool, thanks!
No problem!
Great video, keep going
Thanks, will do!
Can you please explain the SECURE_PROXY_SSL_HEADER setting what it does for the django project and how to set it
I have not used this one before, but here is the docs on it docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header
Brother when I enable debug=False Static file not working? Please help me. I am using VPS hosing with centos 7
thanks bdy
Sure thing 🙂
Great video! Thanks
But how do I hide my database details, email details
What about using .env file?
Yes you can use an env file that's above of the root of your website
Why not a secret key in an .env? Coming from the JS world just a few weeks ago. Noticed they used a similar system.
That's an option for sure
I have a problem in reading env variables from ubuntu server. I can hide the credentials to environment just fine in devlopment as well as production. But the trick is my django app cannot retrieve that env keys in production. I'm missing something. I am searching for solutions, still searching for it. I'm not a great programmer, but I don't think this is hiding the secret key. It just relocate the key to a text file which is in the same directory as the app itself. How is that hiding? I'm confused.
Hmm, I'm not sure how to help you with this.
Great video. Thanks a lot. What production environment do you deploy to? GCP?AWS?
Right now, I'm on Linode
Hey how can I separate my development database from my production database??
When I change DEBUG=False all my media files (images) are not showing up? What is the correct way to make this work ?
I don't know why that is happening
You've probably figured this out by now but I'll just leave this for anyone who may stumble upon this. I ran into this issue and spent hours looking for a fix
1. I wrote the src attribute for all my image elements with a hardcoded path (src="/images/somewhere/something.png"). In the official docs, it says to use the static template tag {% static "image path" %}. The static module can contain EITHER a string or a template variable but NOT both, so if you need that functionality then you'll have to create a custom template filter to append the strings together (the add filter didn't work for me). If you don't, then you can skip to step 2. There's an answer describing how this is done on stackoverflow (appending template variable in static TAG). An example of this is if the directory you need is /static/images/files/filename.png, and filename.png is stored in template variable {{ filename }}, the code you'll need in your html file will look like this
{% with 'images/files/'|customfiltername:filename as variable_name %}
{% endwith %}
customfiltername is what performs the concatenation of 'images/files' with the contents of filename (again, this filter does not exist and needs to be written by you). As a note, make sure you include {% load static %} and {% load *name of the file that contains your custom template filter %} at the top of each file that contains an image
2. I messed up the static paths in my settings dot py file: there's STATIC_URL (the directory of the main static folder), STATICFILES_DIR (provides directory for static files in individual apps that are outside the main static folder), and STATIC_ROOT (used only when DEBUG=False). STATIC_ROOT exists because in production, Django doesn't serve static files from individual apps the way it does in production, so it bundles them all together in a single location. STATICFILES_DIR and STATIC_ROOT can't have the same name, so I used a folder called staticfiles to be used solely for production (static is the name of my main static folder used in development). To set your STATIC_ROOT directory, choose a directory name (I chose staticfiles), add the setting to your settings file, create an empty folder of the name you chose in the root folder of your project, and run the command "python manage dot py collectstatic". This will automatically traverse all the static files in your project and add them to the folder you chose in STATIC_ROOT
Once I made these changes (added STATIC_ROOT to the settings, created the corresponding folder, ran the collectstatic command to populate it with files, and changed the source of all images in my project to use the {% static %} template tag), the images finally showed up as expected with DEBUG=False. I really hope this helps!
@@BlueBrendan2000 This will surely be helpful for others. Thanks!
If I make these changes while my website is running on the server, do I need to restart the uwsgi service after making these changes or not?
It would be a good idea
hi, Im having trouble with media files, when I turn debug=True, then all of user added images shows on the page, and when i turn it False, it says the image is not found..
usual configurations in settings.py:
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static/")
MEDIA_URL = "/media/"
MEDIA_ROOT = os.path.join(BASE_DIR, "media/")
and also urls:
url.. = [
] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
pls help me out here
Appreciate the code snippet. I would look at the URL of the image that's not found and compare that to the path on your filesystem
Nice.
Thanks!
That intro after that calm voice! I was on 80% volume! :(
Woke you up, didn't it 😉
Hello I have my website on production on Digital Ocean. My settings.py file has the Debug = False. I ran systemclt restart gunicorn command but nothing changed. However, I see the the page as if it was in Debug Mode. Please, how I can fix this issue ?
Could this be a browser caching issue? Have you tried incognito or a guest window?
@@TonyTeachesTech My problem is solved thanks
@@manuponot5093 What that the issue?
@@TonyTeachesTech It was my fault I have created a config file local_settings.py and didn't remeber that it exists and it was Debug = True inside
i got this error how to resolve with open (os.path.join(BASE_DIR, 'SECRET_KEY.text')) as f: SECRET_KEY = f.red().strip()
AttributeError: '_io.TextIOWrapper' object has no attribute 'red'
No attribute 'red'? That would be a syntax error... red -> read
My site just doesn't work after adding SECURE_SSL_REDIRECT=True, this is the error: "You're accessing the development server over HTTPS, but it only supports HTTP." Some help would be nice :)
Are you launching your site using the runserver command? If so, that's your problem. These settings are for production servers ua-cam.com/video/ZpR1W-NWnp4/v-deo.html
after set SECURE_SSL_REDIRECT = True I always get: True page isnt redirecting properly ...
After setting hsts setting i couldn't been able to run on localhost to changes anything
You'll need to clear HSTS settings for your website from your browser really-simple-ssl.com/knowledge-base/clear-hsts-browser/
@@TonyTeachesTech it didn't worked, but worked with the package django-sslserver
Abe Bhai kya bta rha
horrible sizer inducing intro. more so at 2x speed. video content is good though.
Awesome! Thanks a lot!
Sure thing!
Excellent tutorial. Can you give expert lectures in our college on Django . Whatsapp Me
Thank you!
You're welcome!