In a production environment you want a webserver in front of the Django engine and the preferred one is Nginx. This will handle all inbound requests, server your ssl certificate, redirect http requests to https, and serve up static content in /media and /static.
$ sudo adduser nadine
$ sudo su - nadine
Follow all the instructions in :doc:`quickstart<quickstart>` as the nadine user.
Create a few important directories for later.
$ mkdir -p /home/nadine/logs/
$ mkdir -p /home/nadine/backups/
$ mkdir -p /home/nadine/webapp/run/
$ mkdir -p /home/nadine/webapp/media/
$ mkdir -p /home/nadine/webapp/static/
$ sudo apt-get install nginx certbot openssl
Follow instructions here: https://certbot.eff.org/all-instructions/ <https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx>
If you test your server using the SSL Labs Server Test now, it will only get a B grade due to weak Diffie-Hellman parameters. We can fix this by creating a new dhparam.pem file and adding it to our server block.
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
$ cd /home/nadine/webapp/nadine/conf
$ sudo cp etc/nginx/sites-available/nadine /etc/nginx/sites-available/nadine
$ sudo ln -sf /etc/nginx/sites-available/nadine /etc/nginx/sites-enabled/default
$ sudo cp etc/nginx/snippets/ssl-nadine.conf /etc/nginx/snippets/
$ sudo cp etc/nginx/snippets/ssl-params.conf /etc/nginx/snippets/
$ sudo cp etc/uwsgi/apps-available/nadine.yaml /etc/uwsgi/apps-available/
$ sudo ln -s /etc/uwsgi/apps-available/nadine.yaml /etc/uwsgi/apps-enabled/
Edit all configuration files to make sure your domain is correct.
$ sudo nginx -t
$ sudo systemctl restart nginx