Next

Deployment Basics

  • Understand the fundamentals of deploying Django applications to production environments.

  • What is Deployment?

    Deployment means moving your Django project from local development to a live server so it can be accessed by real users on the internet.

    Why Deployment is Important?

    • Users can access the application

    • Handles real-world traffic

    • Enables monitoring, security, and scalability

    Debug vs Production

    Debug Mode

    • Controlled by DEBUG = True in settings.py

    • Shows detailed error pages

    • Allows auto-reload when code changes

    • Do NOT use in production

Debug Mode Example 

# settings.py
DEBUG = True
ALLOWED_HOSTS = []

  •  Description

    • Local development only

    • Displays full traceback errors

    • ALLOWED_HOSTS can be empty

    Production Mode

    • Controlled by DEBUG = False

    • Error pages are generic

    • Requires proper configuration:

      • ALLOWED_HOSTS → domain names / server IPs

      • Static & media files → properly served

      • Security settings → HTTPS, SECRET_KEY, CSRF

Production Settings Example

settings.py 

# settings.py
DEBUG = False
ALLOWED_HOSTS = ['www.yourdomain.com', 'IP_ADDRESS']
SECRET_KEY = 'your-production-secret-key'

  •  Description

    • Always keep SECRET_KEY secret

    • Only allow trusted hosts

    • Do not expose debug info

    Settings for Deployment

    Static Files Handling

    • In development, Django serves static files automatically

    • In production, use:

    python manage.py collectstatic

Static File Settings

settings.py 

STATIC_URL = '/static/'
STATIC_ROOT = BASE_DIR / 'staticfiles'

  • STATIC_ROOT → Folder where all static files are collected for server

    Media Files Handling

    • For user-uploaded files

    # settings.py

    MEDIA_URL = '/media/'

    MEDIA_ROOT = BASE_DIR / 'media'


    • Serve via web server (Nginx / Apache) in production

    Allowed Hosts

    • Prevents host header attacks

    ALLOWED_HOSTS = ['yourdomain.com', 'www.yourdomain.com']

    Security Settings

    • Enable HTTPS → SECURE_SSL_REDIRECT = True

    • Enable CSRF and XSS protections → default in Django

    • Set session and CSRF cookies secure

    SESSION_COOKIE_SECURE = True

    CSRF_COOKIE_SECURE = True

    SECURE_BROWSER_XSS_FILTER = True

    SECURE_CONTENT_TYPE_NOSNIFF = True

    5. Database Settings

    Use production-grade database (PostgreSQL / MySQL)

Example 

DATABASES = {

    'default': {

        'ENGINE': 'django.db.backends.postgresql',

        'NAME': 'prod_db',

        'USER': 'db_user',

        'PASSWORD': 'db_password',

        'HOST': 'localhost',

        'PORT': '5432',

    }

}

  • Deployment Checklist

    Task

    Description

    DEBUG

    Set to False

    SECRET_KEY

    Keep secret, do not hardcode in repo

    ALLOWED_HOSTS

    Add server IP/domain

    Static & Media

    Configure collectstatic & server access

    Database

    Use production DB

    Security

    HTTPS, secure cookies, headers

    Logging

    Set up error logging

    Common Deployment Servers

    Server

    Notes

    Heroku

    Simple, free for small apps

    DigitalOcean / AWS EC2

    Full control, recommended for production

    PythonAnywhere

    Easy for beginners

    Docker + Nginx + Gunicorn

    Professional setup

    Topic 5: WSGI / ASGI for Deployment

    • WSGI → Standard for synchronous Django apps

    • ASGI → Required for asynchronous features (WebSocket, Channels)


wsgi.py 

from django.core.wsgi import get_wsgi_application

application = get_wsgi_application()
  • Connect Gunicorn / uWSGI to serve Django on server
Next