0
0
DjangoHow-ToBeginner · 4 min read

How to Configure Django for Production: Best Practices

To configure Django for production, set DEBUG = False, configure ALLOWED_HOSTS with your domain names, and use a secure SECRET_KEY. Also, serve static files properly, use a production-ready database, and enable HTTPS with proper security settings.
📐

Syntax

Key settings to configure in settings.py for production:

  • DEBUG = False: Disables debug mode for security.
  • ALLOWED_HOSTS: List of domain names your site serves.
  • SECRET_KEY: A strong, unique secret key for cryptographic signing.
  • STATIC_ROOT: Directory where static files are collected.
  • DATABASES: Configure for production database like PostgreSQL.
  • SECURE_SSL_REDIRECT: Redirect HTTP to HTTPS.
python
DEBUG = False
ALLOWED_HOSTS = ['yourdomain.com', 'www.yourdomain.com']
SECRET_KEY = 'your-very-secure-and-unique-secret-key'

STATIC_ROOT = BASE_DIR / 'staticfiles'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'prod_db_name',
        'USER': 'prod_db_user',
        'PASSWORD': 'prod_db_password',
        'HOST': 'localhost',
        'PORT': '5432',
    }
}

SECURE_SSL_REDIRECT = True
💻

Example

This example shows a minimal settings.py snippet for production with essential security and deployment settings.

python
from pathlib import Path

BASE_DIR = Path(__file__).resolve().parent.parent

DEBUG = False
ALLOWED_HOSTS = ['example.com', 'www.example.com']

SECRET_KEY = 'replace-this-with-a-secure-random-string'

STATIC_URL = '/static/'
STATIC_ROOT = BASE_DIR / 'staticfiles'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'prod_db',
        'USER': 'prod_user',
        'PASSWORD': 'prod_password',
        'HOST': 'localhost',
        'PORT': '5432',
    }
}

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

# Additional recommended security settings
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
⚠️

Common Pitfalls

Common mistakes when configuring Django for production include:

  • Leaving DEBUG = True which exposes sensitive error details.
  • Not setting ALLOWED_HOSTS, causing server errors.
  • Using the default SECRET_KEY or sharing it publicly.
  • Not collecting static files with python manage.py collectstatic.
  • Serving static files directly from Django instead of a web server.
  • Not enabling HTTPS and secure cookies.
python
### Wrong (debug left on)
DEBUG = True

### Right
DEBUG = False
📊

Quick Reference

Summary tips for production Django configuration:

  • Set DEBUG = False and configure ALLOWED_HOSTS.
  • Use a strong, unique SECRET_KEY.
  • Configure a production database like PostgreSQL.
  • Collect static files and serve them via a web server.
  • Enable HTTPS and secure cookie settings.
  • Use environment variables or secrets manager for sensitive data.

Key Takeaways

Always set DEBUG = False and specify ALLOWED_HOSTS for security.
Use a strong SECRET_KEY and keep it secret.
Serve static files with a web server after running collectstatic.
Configure a production-ready database like PostgreSQL.
Enable HTTPS and secure cookie settings to protect data.

Related by keyword

How to Configure Database in settings.py in DjangoProject StructureHow to Organize Django Project: Best Practices and StructureProject StructureHow to Name URLs in Django: Syntax and Best PracticesURLs and ViewsHow to Configure Media Files in Django: Step-by-Step GuideStatic and Media FilesHow to Configure Static Files in Django: Simple Setup GuideStatic and Media Files

Up next

How to Use Fixtures in Django Test for Easy Data SetupHow to Use TestCase in Django for TestingHow to Prevent CSRF in Django: Simple Fix and Best PracticesHow to Prevent SQL Injection in Django Securely

More in Deployment

How to Deploy Django Application: Step-by-Step GuideHow to Deploy Django to AWS: Step-by-Step GuideHow to Deploy Django to Heroku: Step-by-Step GuideHow to Deploy Django Using Docker: Step-by-Step Guide