Opened 5 months ago

Closed 3 months ago

Last modified 3 months ago

#35450 closed Cleanup/optimization (wontfix)

Missing documentation: deploying Django in production behind a proxy.

Reported by: Klaas van Schelven Owned by: Wassef Ben Ahmed
Component: Documentation Version: 5.0
Severity: Normal Keywords:
Cc: Mariusz Felisiak Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When Django is deployed behind a proxy (with https), various settings _must_ be set for your site to work correctly. Currently, there is no single place where these settings are documented. That is, they are mentioned in the general docs for settings (with a warning "only do this when behind a proxy) but there is no page "how to set up Django behind a proxy", which means to do this you must now puzzle various Stack Overflow / blog posts together.

The variables that I could find are SECURE_PROXY_SSL_HEADER, USE_X_FORWARDED_HOST and USE_X_FORWARDED_PORT (if the port is not included in the host), but there may be more.

Change History (11)

comment:1 by Sarah Boyce, 5 months ago

Component: UncategorizedDocumentation
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

There's need talk that the Django docs should better help with deployment, so I would happily review PRs on this.

comment:2 by Wassef Ben Ahmed, 4 months ago

Owner: changed from nobody to Wassef Ben Ahmed
Status: newassigned

comment:3 by Wassef Ben Ahmed, 4 months ago

I wrote a small guide to a bare minimum production deployment of Django on a VPS.
It covers most things needed from pointing a domain to an IP address to generating self-signed certs.

should I try removing any Django-unrelated parts and push it as a PR?
If so: any suggestions on parts that shouldn't be included? or recommendation on what to focus on?

Link to guide: https://dev.to/wassef911/deploying-django-in-production-b1p

also related ticket https://code.djangoproject.com/ticket/35451

---
closes thing I found online, is: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu
although it's not really focusing on making the deployment a "production" but to just get things running...

comment:4 by Wassef Ben Ahmed, 4 months ago

Has patch: set

comment:5 by Sarah Boyce, 3 months ago

Has patch: unset

Please either link the PR or make sure the PR title has the prefix "Fixed #35450 --" so that it will be linked automatically when you set "Has patch" to "Yes"

comment:6 by Wassef Ben Ahmed, 3 months ago

Has patch: set

in reply to:  1 ; comment:7 by Mariusz Felisiak, 3 months ago

Cc: Mariusz Felisiak added

Replying to Sarah Boyce:

There's need talk that the Django docs should better help with deployment, so I would happily review PRs on this.

There is so many different deployment options that, IMO, Django documentation is not appropriate place to cover them. We've rejected many such tickets in the past. They will outdate really fast, must be opinionated, won't work for everybody, create a maintenance burden, and can create many further reports about security issues, missing options etc. I'm strongly against accepting either #35450 or #35451.

in reply to:  7 comment:8 by Sarah Boyce, 3 months ago

Resolution: wontfix
Status: assignedclosed

Replying to Mariusz Felisiak:

There is so many different deployment options that, IMO, Django documentation is not appropriate place to cover them. We've rejected many such tickets in the past. They will outdate really fast, must be opinionated, won't work for everybody, create a maintenance burden, and can create many further reports about security issues, missing options etc.

Good points thank you for raising👍

Klaas/Wassef, I see that FastAPI has an External Links and Articles section on their website which includes some articles on deployment. From a maintenance perspective this is much simpler, allows adding many opinions/voices on this topic, and means we can keep Django's official documentation limited to hold information that is unique to Django.
As Mariusz has said, the Django documentation may not be the appropriate place to document this.

As previous suggestions have been rejected, this ticket would require a change of documentation approach, and hence we need a discussion on the Django forum and consensus that we should include this in Django's official documentation. This discussion would need to address the concerns raised in this ticket.
However, I would recommend investigating other approaches here which do not impact the official docs.

comment:9 by Mariusz Felisiak, 3 months ago

Triage Stage: AcceptedUnreviewed

comment:10 by Klaas van Schelven, 3 months ago

Despite being the original raiser of this issue, I do not have a strong opinion about it, and I can largely follow the reasoning of keeping the maintenance burden low etc.

A further 2c I'd like to add is that such a philosophy does seem to be slightly at odds with the status quo, in which the docs do have various (outdated?) articles on deployment.

in reply to:  10 comment:11 by Sarah Boyce, 3 months ago

Replying to Klaas van Schelven:

A further 2c I'd like to add is that such a philosophy does seem to be slightly at odds with the status quo, in which the docs do have various (outdated?) articles on deployment.

It's a good point, we should perhaps make an audit of these and weigh up the value of keeping them vs retiring them, especially if keeping them up-to-date is difficult

Note: See TracTickets for help on using tickets.
Back to Top