Opened 11 years ago

Closed 11 years ago

#19697 closed New feature (fixed)

Add an overview of good practices for production settings

Reported by: Aymeric Augustin Owned by: Aymeric Augustin
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Quoting Claude:

add a section in the docs where we explain what settings should be typically added in deployed projects, but not suitable in public repositories (DEBUG=False, DATABASES, STATIC_ROOT, SECRET_KEY, ADMINS, SERVER_EMAIL, etc.) and link to this section in the template.

Change History (8)

comment:1 by Aymeric Augustin, 11 years ago

Triage Stage: UnreviewedAccepted

This was discussed in the context of the new project template. A link to that document should be added below the comment that reads: "# Quick-start development settings - unsuitable for production".

comment:2 by Carl Meyer, 11 years ago

Lukasz Langa mentioned in IRC today that it would be good to document that most production sites probably want to use the caching template loader. This isn't exactly something that is "not suitable in public repositories", but it fits in a slightly broader document about "things you probably want to do when you go to production." Using the caching loader in development is painful because you don't get template updates until a reload, but almost all sites probably should be using it in production.

comment:3 by Carl Meyer, 11 years ago

Also, ALLOWED_HOSTS definitely belongs here; see #19875

comment:4 by Aymeric Augustin, 11 years ago

This is an excellent start, thank you!

A few suggestions:

  • add an introduction explaining that you probably want a different settings file for development and production
  • group settings by category
    • 1) for security
    • 2) for HTTPS
    • 3) for performance
    • 4) for error reporting
    • add more if necessary
  • look for other production-related settings in the settings list
    • ALLOWED_INCLUDE_ROOTS
    • CACHES
    • CSRF_COOKIE_SECURE
    • EMAIL_* + SERVER_EMAIL
    • LOGGING
    • MANAGERS
    • MEDIA_ROOT & URL
    • SESSION_COOKIE_SECURE
    • TEMPLATE_LOADERS => enable the cached template loader
Last edited 11 years ago by Aymeric Augustin (previous) (diff)

comment:5 by Aymeric Augustin, 11 years ago

Pull request re-sent together here: https://github.com/django/django/pull/839

comment:6 by Aymeric Augustin, 11 years ago

Owner: changed from nobody to Aymeric Augustin
Status: newassigned

comment:7 by Aymeric Augustin, 11 years ago

Has patch: set

comment:8 by Aymeric Augustin <aymeric.augustin@…>, 11 years ago

Resolution: fixed
Status: assignedclosed

In 912b5d2a6bc78067d6a7e130f10514c51bd1a58f:

Fixed #19697 -- Added a deployment checklist.

Note: See TracTickets for help on using tickets.
Back to Top