'Deploy a Django App With Gunicorn, Nginx, & HTTPS' companion repo (#121)

* 'Django Security Headers in Practice' companion repo

* Rename per PR template guidelines

* Remove logging call (redundant with httpie)

* Additional header-related settings

* Use a new SECRET_KEY

* Gunicorn configuration

* Spacing

* Update ALLOWED_HOSTS

* Typo

* SK gitignore

* Specify project requirements

* Add <link> to normalize.css

* Add CSP to middleware

* Set Content-Security Policy (CSP)

* Typo

* HSTS

* Increase SECURE_HSTS_SECONDS to 1 year

* Nginx configuration file

* Make the base path reachable

* Add a JS static file for collectstatic

* Path fix

* Update nginx config

* Remove localhost

* Don't specify unncessary path in STATICFILES_DIRS

* Turn of DEBUG

* Bring in line with article

* Call the toy project 'django-gunicorn-nginx'

* black

* Consolidate config under subdirectory

* Consolidate requirements under subdirectory

* Shorten requirement file names

* Pin to Django 3

* Shorten gunicorn config file names

* Loosely pin requirements

* Build out Gunicorn config

* Add util script for installing certbot

* Remove extraneous setting

* Use a template

* Add to INSTALLED_APPS; ALLOWED_HOSTS wildcard

* Remove outdated script

* Turn off DEBUG

* Include local and remote JS in template

* Update nginx sites-available config

* Update for article 0058e4b4

* Top-level sample project folders should contain a README.md file

* Pin requirements to minor rather than major version

* Add a description and intro howto in the readme

* Language edit

Co-authored-by: Bartosz Zaczyński <[email protected]>
Co-authored-by: Sadie Parker <[email protected]>

Author: 3 people

.gitignore

@@ -56,6 +56,8 @@ coverage.xml
 # Django stuff:
 *.log
 local_settings.py
+*.sqlite3
+nohup.out
 
 # Flask stuff:
 instance/

django-gunicorn-nginx/.gitignore

@@ -0,0 +1 @@
+.DJANGO_SECRET_KEY

django-gunicorn-nginx/README.md

@@ -0,0 +1,24 @@
+# Securely Deploy a Django App With Gunicorn, Nginx, & HTTPS
+
+This directory contains the Django project created in the tutorial [Securely Deploy a Django App With Gunicorn, Nginx, & HTTPS](https://realpython.com/django-nginx-gunicorn/).
+
+It requires Python 3.8 or higher and Django 3.2.
+
+Here's what this repository and the tutorial illustrate:
+
+- How you can take your Django app **from development to production**
+- How you can **host your app** on a real-world public domain
+- How to introduce **Gunicorn** and **Nginx** into the request and response chain
+- How **HTTP headers** can fortify your site's HTTPS security
+
+To get started, install requirements and migrate your database:
+
+```bash
+python3 -m venv env
+source env/bin/activate
+python3 -m pip install -r requirements/prod.txt
+echo "export SECRET_KEY='$(openssl rand -hex 40)'" > .DJANGO_SECRET_KEY
+source .DJANGO_SECRET_KEY
+python3 manage.py migrate
+python3 manage.py check
+```

django-gunicorn-nginx/config/etc/nginx/sites-available/supersecure

@@ -0,0 +1,36 @@
+server_tokens             off;
+access_log                /var/log/nginx/supersecure.access.log;
+error_log                 /var/log/nginx/supersecure.error.log;
+
+server {
+  listen                  80 default_server;
+  return                  444;
+}
+
+server {
+  server_name             .supersecure.codes;
+  listen                  80;
+  return                  307 https://$host$request_uri;
+}
+
+server {
+
+  location / {
+    proxy_pass            http://localhost:8000;
+    proxy_set_header      Host $host;
+    proxy_set_header      X-Forwarded-Proto $scheme;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_redirect        off;
+  }
+
+  location /static {
+    autoindex             on;
+    alias                 /var/www/supersecure.codes/static/;
+  }
+
+  listen 443 ssl; # managed by Certbot
+  ssl_certificate /etc/letsencrypt/live/www.supersecure.codes/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/www.supersecure.codes/privkey.pem; # managed by Certbot
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}

django-gunicorn-nginx/config/gunicorn/dev.py

@@ -0,0 +1,20 @@
+"""Gunicorn *development* config file"""
+
+# Django WSGI application path in pattern MODULE_NAME:VARIABLE_NAME
+wsgi_app = "project.wsgi:application"
+# The granularity of Error log outputs
+loglevel = "debug"
+# The number of worker processes for handling requests
+workers = 2
+# The socket to bind
+bind = "0.0.0.0:8000"
+# Restart workers when code changes (development only!)
+reload = True
+# Write access and error info to /var/log
+accesslog = errorlog = "/var/log/gunicorn/dev.log"
+# Redirect stdout/stderr to log file
+capture_output = True
+# PID file so you can easily fetch process ID
+pidfile = "/var/run/gunicorn/dev.pid"
+# Daemonize the Gunicorn process (detach & enter background)
+daemon = True

django-gunicorn-nginx/config/gunicorn/prod.py

@@ -0,0 +1,19 @@
+"""Gunicorn *production* config file"""
+
+import multiprocessing
+
+# Django WSGI application path in pattern MODULE_NAME:VARIABLE_NAME
+wsgi_app = "project.wsgi:application"
+# The number of worker processes for handling requests
+workers = multiprocessing.cpu_count() * 2 + 1
+# The socket to bind
+bind = "0.0.0.0:8000"
+# Write access and error info to /var/log
+accesslog = "/var/log/gunicorn/access.log"
+errorlog = "/var/log/gunicorn/error.log"
+# Redirect stdout/stderr to log file
+capture_output = True
+# PID file so you can easily fetch process ID
+pidfile = "/var/run/gunicorn/prod.pid"
+# Daemonize the Gunicorn process (detach & enter background)
+daemon = True

django-gunicorn-nginx/manage.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "project.settings")
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == "__main__":
+    main()

django-gunicorn-nginx/myapp/__init__.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class MyappConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "myapp"