Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Prepping Your Project for Production

Peter Baumgartner
September 23, 2019
Programming
2
810

Prepping Your Project for Production

Django makes it easy to run a project locally in development where you are the only user and manage.py runserver “just works”. When you start thinking about moving that project to production and running it on the internet; it’s a bit more difficult. You’ll need to consider the following:

* How should I host my site (PaaS, FaaS, unmanaged hosting)?
* Should I be using Docker and/or Kubernetes?
* How do I serve my static/media assets?
* How should I handle my settings?
* Which database should I use and what are the performance considerations?
* How should I handle other supporting services (email, search, cache, etc.)
* Which web server should I use and how should I configure it?
* How do I serve my site via HTTPS?
* How do I protect my site from evil bots and blackhat hackers?

Unfortunately, the answers to these questions aren’t one-size-fits-all. In this talk, I’ll discuss the pros and cons of common approaches and recommend the best option for different scenarios. I’ll also call out various security and performance considerations along the way.

Peter Baumgartner

September 23, 2019
Tweet

More Decks by Peter Baumgartner

See All by Peter Baumgartner
Just Enough Ops for Developers
ipmb
0
200
Containerless Django
ipmb
5
1.6k
Django Deployments Done Right
ipmb
6
1.5k
High Performance Django: From runserver to Reddit hugs
ipmb
1
1.4k
Getting Started with Salt (PyCon 2014)
ipmb
6
1.2k
Monitoring Infrastructure with SaltStack
ipmb
16
10k
Getting Started with Salt
ipmb
11
1.7k

Other Decks in Programming

See All in Programming
[PyCon Korea 2024 Keynote] 커뮤니티와 파이썬, 그리고 우리
beomi
0
110
Golang と Erlang
taiyow
8
1.9k
リリース8年目のサービスの1800個のERBファイルをViewComponentに移行した方法とその結果
katty0324
5
3.6k
CSC509 Lecture 09
javiergs
PRO
0
110
PLoP 2024: The evolution of the microservice architecture pattern language
cer
PRO
0
1.6k
生成 AI を活用した toitta 切片分類機能の裏側 / Inside toitta's AI-Based Factoid Clustering
pokutuna
0
570
デプロイを任されたので、教わった通りにデプロイしたら障害になった件 ~俺のやらかしを越えてゆけ~
techouse
52
32k
C#/.NETのこれまでのふりかえり
tomokusaba
1
160
Jakarta Concurrencyによる並行処理プログラミングの始め方 (JJUG CCC 2024 Fall)
tnagao7
1
230
Modern Angular: Renovation for Your Applications
manfredsteyer
PRO
0
210
Universal Linksの実装方法と陥りがちな罠
kaitokudou
1
220
Go言語でターミナルフレンドリーなAIコマンド、afaを作った/fukuokago20_afa
monochromegane
2
140

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
3
370
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
Making Projects Easy
brettharned
115
5.9k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
Gamification - CAS2011
davidbonilla
80
5k
A designer walks into a library…
pauljervisheath
202
24k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k

Transcript

  1. None
  2. None

  3. IT’S DANGEROUS TO GO ALONE! TAKE THIS.

  4. PHILOSOPHY Keep things as simple as possible While maintaining: Performance

    Observability Stability Security

  5. Hosting Configuration Web Server Assets (static and media) OVERVIEW Additional

    Considerations: Performance Security Observability

  6. HOSTING

  7. PLATFORM AS A SERVICE (PAAS) Heroku PythonAnywhere Platform.sh Google App

    Engine Google Cloud Run

  8. PROS CONS PLATFORM AS A SERVICE (PAAS) Managed Monitored Secured

    Supported Backing services may be included Performance Less flexibility Cost*

  9. FUNCTIONS AS A SERVICE (FAAS OR SERVERLESS) AWS Lambda (with

    Zappa) Google Cloud Functions Azure Functions ZEIT

  10. PROS CONS FUNCTIONS AS A SERVICE (FAAS OR SERVERLESS) Managed

    Monitored Secured Less expensive* New = rough edges Performance and cold starts Management commands

  11. KUBERNETES (MANAGED) Google Kubernetes Engine (GKE) DigitalOcean Kubernetes Amazon Elastic

    Kubernetes Service (EKS) Azure Kubernetes Service (AKS)
  12. None

  13. PROS KUBERNETES (MANAGED) Managed Monitored Secured Requires k8s knowledge Probably

    overkill CONS

  14. UNMANAGED/SELF-HOST Flexible Cost* Security Monitoring Management Documentation/training TLS Certificates PROS

    CONS

  15. HOSTING (CONT) BACKING SERVICES AND APPLICATION STATE

  16. USE MANAGED SERVICES

  17. MANAGED SERVICES Database (Amazon RDS, Cloud SQL, Heroku Postgres, etc.)

    Object Storage (Amazon S3, Google Cloud Storage, etc.) SMTP (Amazon SES, Sendgrid, Mailgun, etc.) Elasticsearch Redis

  18. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  19. CONFIGURATION

  20. 12 FACTOR Deployment Application Config

  21. CONFIGURATION Environment Variables Configuration File Django settings (prod.py, staging.py, etc.)

  22. CONFIGURATION Environment Variables Configuration File Django settings (prod.py, staging.py, etc.)

  23. SECRETS API KEYS, SECRET_KEY, SERVICE CREDENTIALS, ETC. Never in your

    code repository
 (unencrypted)

  24. CONFIGURATION PaaS Configuration Amazon SSM and Chamber Kubernetes Secrets Encrypted

    in configuration mangagement Hashicorp Vault

  25. GOODCONF

  26. GOODCONF Configuration via file or environment variables Type casting for

    environment variables Auto-generate documentation Auto-generate commented sample configs
  27. None
  28. None

  29. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  30. WEB SERVER

  31. WEB SERVER

  32. GUNICORN

  33. UWSGI

  34. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  35. SERVING ASSETS

  36. WHITENOISE pip install whitenoise

  37. UWSGI

  38. NODE.JS Source files in version control Webpack/Parcel to generate static

    files during build Add build destination to STATICFILES_DIRS django-webpack-loader if bundle-splitting

  39. MEDIA Use django-storages with your preferred backend (Amazon, Google, Azure,

    etc.) Be careful of public vs. private AWS_DEFAULT_ACL AWS_QUERYSTRING_AUTH AWS_QUERYSTRING_EXPIRE

  40. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  41. GO LIVE!

  42. PERFORMANCE

  43. USE AN APM Third-party: NewRelic, Scout, Datadog Provider: AWS X-Ray,

    Google Stackdriver Trace Self-hosted: Elastic

  44. DATABASE Don't be surprised if your laptop performs better Network

    latency Size of dataset

  45. DATABASE Use Postgres (unless you have a good reason not

    to) CONN_MAX_AGE Reduce queries select_related prefetch_related Indexes db_index index_together

  46. TEMPLATE FRAGMENT CACHING

  47. TEMPLATE FRAGMENT CACHING

  48. CDN

  49. CDN Third Party: Cloudflare, Fastly Provider: Amazon Cloudfront, Google Cloud

    CDN

  50. CDN Cache static files forever (far-future expires) Cache Django responses

    if possible

  51. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  52. SECURITY

  53. CODE Monitor dependencies for vulnerabilities
 (GitHub Security Alerts) Use a

    lockfile (pipenv, poetry, pip-compile) Consider an external audit

  54. ENVIRONMENT DEBUG = False ... ALWAYS! manage.py check --deploy https://observatory.mozilla.org

  55. AUTHENTICATION (ESPECIALLY THE ADMIN) MFA django-two- factor-auth External provider (G-

    Suite, AWS Cognito, etc.) Rate limiting (Cloudflare, Nginx, AWS WAF, Django) Firewall/VPN

  56. ADDITIONAL ATTACK VECTORS SSH Platform web console (use MFA!) Domain

    registrar Email Backing services APIs

  57. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  58. OBSERVABILITY

  59. ERROR REPORTING Emails don't scale Use Sentry or Rollbar

  60. LOGGING Third-party: Datadog, LogDNA, Splunk, Sumo Logic Provider: AWS Cloudwatch,

    Google Stackdriver Self-hosted: ELK, Graylog

  61. MONITORING & ALERTING Third-party: Internal: Datadog External: Pingdom, StatusCake, Datadog

    Alerts: PagerDuty, OpsGenie, Slack Provider: Cloudwatch, Stackdriver Self-hosted: Prometheus, Grafana

  62. Additional Considerations: Performance Security Observability OVERVIEW Hosting Configuration Web Server

    Assets (static and media)

  63. IT’S DANGEROUS TO GO ALONE! TAKE THIS. GAME OVER

  64. PETER BAUMGARTNER [email protected] SAVE SLIDE DESIGN BY YUPGUP