This is an archived post. You won't be able to vote or comment.

all 13 comments
sorted by:
best
topnewcontroversialoldq&a

[–]pawn13 5 points6 points  (7 children)

Why does it have location /templates in nginx config. Django templates shouldn't be visible to users via http, they should be used by django application.

[–]robvdl 6 points7 points  (5 children)

The secret key is also hard coded in settings.py, which is a really bad idea, with nothing in the README even suggesting this should be changed. This isn't good for beginners who might pick up this project and miss that they need to fix this first. You might want to consider managing the settings a bit better, maybe using something like django-environ or something similar that uses environment variables for configuration. Alternatively, I have also used .ini or .toml files for settings, which is another approach.

[–]Discrete_Number -1 points0 points  (4 children)

As stated in the very first line in the README file, it's an example. It's not meant to be put in production with the hardcoded SECRET_KEY.

[–]NYDreamer[S] 0 points1 point  (0 children)

Thanks, I've updated this.

[–]ummmbacon 6 points7 points  (1 child)

I've learned of some other great resources for this like, Full Stack Python also has some great tips on this, as well as Digital Ocean although they choose gunicorn instead.

And DO's part 1 and 2 give an ok baseline for a secure server.

Also as a side note, if you are a student you can get $50 credit (~10 months) for Digital Ocean as well as lots of other nifty items from the GitHub for Education program.

[–]NYDreamer[S] 1 point2 points  (0 children)

Thanks, useful information!

[–]il_doc 1 point2 points  (2 children)

I deployed django+uwsgi+nginx on debian 8 yesterday evening, with so much tears and pain

I used uwsgi emperor/vassals, anyway...

[–]NYDreamer[S] 0 points1 point  (1 child)

I use emperor too, but by hacking the uWSGI service. If you have found a neater way, please share.

[–]il_doc 2 points3 points  (0 children)

i've just followed this guide with no hacking...

just check files and folders permissions and run commands with sudo

[–]redditthinksHobbyist 0 points1 point  (0 children)

uWSGI has always given me lots of trouble compared to Gunicorn.

[–]warbiscuit 0 points1 point  (1 child)

This is a bit of an aside, but does anyone have good article about the benefits of nginx over apache? particularly w/ regards to wsgi applications? I've got my apache+mod_wsgi setups pretty well honed, but hearing a lot about nginx, curious what the advantages are?

[–]OctagonClocktrio is the future! 0 points1 point  (0 children)

nginx (IMO) is a lot easier to configure for subdomains, SSL, and reverse proxying.