generic django project
This is my starting point for a new Django site, mixed and stirred from several public sources and spiced with my own enhancements.
- server OS: Debian/Ubuntu based Linux
- local OS: macOS (only some local settings are OSX specific)
- web server: Nginx/gunicorn
- Python version: 3.6+
- Django version: 2.2
- FeinCMS version: 1.17+
- version control: Git (with a remote git host)
- deployment tool: Fabric
- local development database: SQLite3 or MariaDb/MySQL
- server database: MariaDb/MySQL
- process control (optional): supervisord
I don’t know if this still makes sense, but while I update some sites from Django 1.9 to 3.0 I also update this.
Django’s startproject doesn’t do enough. I’m a programmer, thus lazy, and try to reduce redundant work like repeating the same setup steps over and over. (DRY)
Just copying/cloning this generic project to a new site isn’t ideal either, since general changes don’t affect all dependent sites, but I got no idea how to do that.
I’m trying to keep this current and to implement what I learn from my actual projects and best practice advise. But since I mostly do other things than starting new django projects, I’m always far behind.
- While I try to adhere to best practices, there are probably security holes - use at your own risk.
- Since I update this template after experiences with my actual sites, the commits are often not atomic.
- I handle migrations wrongly, will try to fix soon.
- pip-installed requirements are not fixed on a version.
- I could also support runit, but I didn't want to replace init.
- PostgreSQL would make sense, but I don’t need it.
- gunicorn runs internally on an unix socket, because I find file locations easier to control than server ports.
- My earlier Fabric workflow used only local git and pushed a package to the web server. Now I’m relying on my private git server (gitolite) and doing away with different releases on the web server. This might also fit some shared hosting providers with git-enabled Plesk.
- I’m using Let’s Encrypt certificates with certbot.
- My nginx settings get an A+ rating at SSLLabs (still?)
- Learn more from e.g. Two Scoops of Django, http://agiliq.com/books/djangodesignpatterns/, https://github.com/callowayproject/django-app-skeleton, https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
- Include Sphinx template
django-admin.py startproject --template=https://github.com/fiee/generic_django_project/zipball/master --extension=py,rst,html,txt,ini,sh MY_PROJECTwork
- Maybe use cookiecutter. Investigate other deployment tools.
- Finally learn proper testing
- Split templates for simple site, celery site, reusable app
- Change workflow from local git plus website releases to local+remote git
- Add setup for Wagtail (and Longclaw)
This project template itself has no special license. Do with it what you want. Attribution is appreciated. Corrections are welcome. I’m not responsible for your failure, damage or loss.
Since it’s a collection of (modified) snippets from different sources that may have different licenses, it would be impossible to untangle.
Following Django’s documentation I suggest to use a 2-clause BSD license for your own reusable projects.
- Rename "django_project" (this would be the project root as created by
- Replace all occurrences of lowercase "project_name" with your project name.
This is also the webserver and database server username!
The "project_name" directory is the one that would be created by
- Check the settings in server-setup and django_project/settings: fabfile.py, gunicorn-settings.py, supervisor.conf, settings/base.py, settings/local.py etc.
- Adapt LICENSE to your needs if you might publish your project. The 2-clause BSD license is just a suggestion.
- Set up an email account for your project’s error messages and configure it in settings/base.py and .env
- cd into your project directory,
virtualenv .(create virtual environment; make sure you use the right version)
. bin/activate(activate virtual environment)
bin/pip install -r requirements/local.txt(install requirements)
vi .env(create .env file, see below)
./manage.py migrate(initialize migrations)
git init, always commit all changes
fab webserver setup(once)
fab webserver deploy(publish new release - always last committed version!)
Following 12-factor design, we now set our passwords and other secret settings as environment variables to avoid to have them in version control. I suggest to go the dotenv route:
Put your settings into a
.env file in the
to use with django-dotenv. Don’t forget to tell git to ignore .env files!
DJANGO_SETTINGS_MODULE=settings SECRET_KEY=secret123 DATABASE_PASSWORD=secret123 EMAIL_PASSWORD=secret123
Alternatively add the settings to the end of your virtualenvs
export DJANGO_SETTINGS_MODULE=settings export SECRET_KEY=secret123 export DATABASE_PASSWORD=secret123 export EMAIL_PASSWORD=secret123
Create the user
I suggest to copy makeuser.sh to your webserver’s root/admin account and use it to create system and database accounts.
scp makeuser.sh firstname.lastname@example.org:/root/bin/
Otherwise look into that script. This is just a part of the necessary setup:
create user and sudo-enable it (I suggest via a
admingroup, but you can also add the user to
adduser project_name --disabled-password --gecos "" adduser project_name admin
REM: It’s possible to avoid sudo rights for each website user, but then you need to run some commands as root or as an other sudo-enabled user.
create database user and database (schema):
mysql -u root -p # at first setup only: we installed MySQL without user interaction, # so there’s no root password. Set it! use mysql; update user set password=password('...') where user='root'; # create user and database for our project: create user 'project_name'@'localhost' identified by '...'; create database project_name character set 'utf8'; grant all privileges on project_name.* to 'project_name'@'localhost'; flush privileges; quit;
/var/www/project_name(or use virtualenvs’
activatescript), see above.
publish your project (
fab webserver setup)
Open your firewall for tcp 433 (not default on some systems).
Create a ssh key for the new user:
ssh-keygen -b 4096
Add this key to your git server’s access configuration, e.g. like
scp email@example.com:/home/project_name/.ssh/id_rsa.pub firstname.lastname@example.org
You need read access for
project_nameon the web server and write access for your development user.
Publish your project to your git server and clone the project on your web server, e.g. as
Activate the project in supervisor.
Run certbot to acquire a SSL certificate for your project.
(This is WIP)
If you use FeinCMS’ Page, consider first, which extensions you’ll need – see the docs – the migration is somewhat tricky.
Instead of FeinCMS’s medialibrary, consider to use django-filer instead, there’s some support for it in FeinCMS, but not yet here.
Links / Sources
- Nginx configuration: http://wiki.nginx.org/NginxConfiguration
- Secure Nginx configuration: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html or https://www.sherbers.de/howto/nginx/ (German)
- Gunicorn configuration: http://gunicorn.org/configure.html
- logrotate: e.g. http://www.linux-praxis.de/lpic1/manpages/logrotate.html
- supervisord: http://supervisord.org