Dev is just a few steps away from production, right?
May 8, 2015 11:21 AM   Subscribe

I have a little Django web app that is nearly complete. But I absolutely can't it working with a production-grade web server (Apache, nginx). Can I just turn off debug mode and use the dev server in production?

The app works fine and does everything it should when I use the dev server. This is not something I'm doing professionally, it's just a little something I want to put out there as a public service. I can't imagine that there would be more than 5 concurrent users. And even if a bunch of people accessed it at once, it's not some kind of critical app where it really matters if it works quickly or works at all. It's perfectly fine if 10 people accessing it at once brings the server down.

That said, if the Django dev server has security vulnerabilities then I can't use it. The app will be running on a tiny Amazon ec2 instance, and I don't want somebody taking over my server.

I have run tutorial after tutorial and have read the official documentation over and over, and I just can't figure out how to hook up Django with uWSGI + nigunx or any of the other possible server configurations. I keep setting up new ec2 instances so I can try a new thing with a clean slate, but nothing I try works. I have no budget to pay someone to teach me to do this, and I don't think I'll get good responses if I go to the Django mailing list and ask "can someone teach me about setting up web servers because I don't get it."

So can I just use the Dev server for a tiny site? Or am I opening my server up to get hacked?
posted by Tehhund to Computers & Internet (6 answers total) 2 users marked this as a favorite
 
Best answer: The Django docs are pretty adamant that the development server is not security audited, nor intended to be secure.

I think you can absolutely post basic questions to a Django forum or a Stack Overflow site about how to set up a server on your EC2 instance. Just make sure to include the details of what you already tried and exactly what happened when you tried it.

Another option is Heroku. I use a free Heroku account for tiny, no-database web apps where I don't want to bother with setting up and running my own server (and don't really care about scale or performance). It's super-painless.
posted by mbrubeck at 11:31 AM on May 8, 2015 [1 favorite]


Unless you're interested in plowing through this as a learning exercise for yourself, I'd use Heroku and not worry about server config. They have various environments ready to go with very little sysadmin-ing needed on your part. The lowest tier is free and sounds like it's all you'd need to get things running.
posted by the jam at 11:32 AM on May 8, 2015 [4 favorites]


Speaking as someone who has worked on a large Django-based project, I'm seconding the jam — use Heroku forget about trying to do it yourself. Absolutely do not try to use the dev server as a production server; it's simply not built to be performant or secure enough.

One of our project's dependencies was Apache+mod_wsgi, with all the configuration that that required, and it was never a fun thing to have to deal with.
posted by gmb at 11:46 AM on May 8, 2015


I have run tutorial after tutorial and have read the official documentation over and over, and I just can't figure out how to hook up Django with uWSGI + nigunx or any of the other possible server configurations.

I went through this exact same nightmare awhile back (and I never got uWSGI to work properly). My advice is to ditch uWSGI (which has a bewildering array of options, none of them well-documented) for Phusion Passenger (it's not just for Ruby anymore!).

Just in case it helps, here are the settings that ended up working for me. This was a couple years ago, so the specifics may have changed:

passenger_wsgi.py (goes in Django project root):
#!/usr/bin/env python
import sys
import os
import re

# virtualenv stuff, optional:
SITEPATH = os.path.abspath(os.path.dirname(__file__))
INTERP = SITEPATH + "/venv/bin/python"
if sys.executable != INTERP:
    os.execl(INTERP, INTERP, *sys.argv)
sys.path.append(SITEPATH)
# end virtualenv stuff

os.environ['DJANGO_SETTINGS_MODULE'] = "cfg.settings"
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
and in your nginx config (you need to build nginx with Passenger support):
server {
        listen 80;
        server_name your_server_name;

        passenger_root /usr/local/lib/ruby/gems/your-passenger-gem-dir;
        passenger_ruby /path/to/your/ruby/binary
        root /your/django/app/root;
}

posted by neckro23 at 1:22 PM on May 8, 2015


Yes to Heroku (or Bitnami). No to the built-in dev server.
posted by nosila at 2:25 PM on May 8, 2015


Response by poster: Update: we finally got help from a member of our group who has experience setting up other web servers, and it's now running uWSGI + nginx. I documented what he did in painstaking detail in our readme and was able to replicate it on a fresh server, so anyone in our group should be able to bring the site up if necessary.
posted by Tehhund at 6:07 AM on June 11, 2015 [1 favorite]


« Older The worms crawl in and the worms crawl out   |   How to make colonoscopy prep less awful Newer »
This thread is closed to new comments.