Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Prepping Your Project for Production

Peter Baumgartner
September 23, 2019
Programming
2
680

Prepping Your Project for Production

Django makes it easy to run a project locally in development where you are the only user and manage.py runserver “just works”. When you start thinking about moving that project to production and running it on the internet; it’s a bit more difficult. You’ll need to consider the following:

* How should I host my site (PaaS, FaaS, unmanaged hosting)?
* Should I be using Docker and/or Kubernetes?
* How do I serve my static/media assets?
* How should I handle my settings?
* Which database should I use and what are the performance considerations?
* How should I handle other supporting services (email, search, cache, etc.)
* Which web server should I use and how should I configure it?
* How do I serve my site via HTTPS?
* How do I protect my site from evil bots and blackhat hackers?

Unfortunately, the answers to these questions aren’t one-size-fits-all. In this talk, I’ll discuss the pros and cons of common approaches and recommend the best option for different scenarios. I’ll also call out various security and performance considerations along the way.

Peter Baumgartner

September 23, 2019
Tweet

More Decks by Peter Baumgartner

See All by Peter Baumgartner
Just Enough Ops for Developers
ipmb
0
80
Containerless Django
ipmb
5
1.3k
Django Deployments Done Right
ipmb
6
1.3k
High Performance Django: From runserver to Reddit hugs
ipmb
1
1.2k
Getting Started with Salt (PyCon 2014)
ipmb
6
1.1k
Monitoring Infrastructure with SaltStack
ipmb
16
9.8k
Getting Started with Salt
ipmb
11
1.6k

Other Decks in Programming

See All in Programming
Information Schemaから自動生成する型付きORM spannent
khmer495
0
110
CloudWatchLogsが個人情報保護の盲点になっていませんか?
shoheihosaka
0
150
読みやすいコードの書き方 第 2 回 / Code readability: Session 2 (ver. 2, Ja)
munetoshi
0
220
Kotlin Multiplatform Library 배포하기
fornewid
0
200
スクラムマスターを目指すためにギャルになってみた話
kinocoboy2
7
2.2k
enjoy_conferences
maimux2x
0
5k
The Angular Renaissance: Architectures with Modern Angular
manfredsteyer
PRO
1
300
シン・リッチエディタ徹底解説
microcms
1
460
Studio Botを遠くから眺める
shinmiy
0
140
Load gem from browser
ledsun
2
520
例示! Spring Bootで作られた REST APIのテストコード/ Testing-Example-for-a-REST-API-created-with-Spring-Boot
hirotokirimaru
0
110
M5Stack用の指紋認証デバイスを試す
ufoo68
0
120

Featured

See All Featured
Teambox: Starting and Learning
jrom
124
8k
The Pragmatic Product Professional
lauravandoore
22
3.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
7
1k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.3k
Designing the Hi-DPI Web
ddemaree
273
33k
Infographics Made Easy
chrislema
236
17k
The Invisible Customer
myddelton
113
12k
The Art of Programming - Codeland 2020
erikaheidi
37
11k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
44k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
3
540
Docker and Python
trallard
31
2.1k
Large-scale JavaScript Application Architecture
addyosmani
500
110k

Transcript

  1. View Slide

  2. View Slide

  3. IT’S DANGEROUS TO GO
    ALONE! TAKE THIS.

    View Slide

  4. PHILOSOPHY
    Keep things as simple as possible
    While maintaining:
    Performance
    Observability
    Stability
    Security

    View Slide

  5. Hosting
    Configuration
    Web Server
    Assets (static and media)
    OVERVIEW
    Additional
    Considerations:
    Performance
    Security
    Observability

    View Slide

  6. HOSTING

    View Slide

  7. PLATFORM AS A
    SERVICE (PAAS)
    Heroku
    PythonAnywhere
    Platform.sh
    Google App Engine
    Google Cloud Run

    View Slide

  8. PROS
    CONS

    PLATFORM AS A SERVICE
    (PAAS)
    Managed
    Monitored
    Secured
    Supported
    Backing services may be
    included
    Performance
    Less flexibility
    Cost*

    View Slide

  9. FUNCTIONS AS A SERVICE
    (FAAS OR SERVERLESS)
    AWS Lambda (with Zappa)
    Google Cloud Functions
    Azure Functions
    ZEIT

    View Slide

  10. PROS
    CONS

    FUNCTIONS AS A SERVICE
    (FAAS OR SERVERLESS)
    Managed
    Monitored
    Secured
    Less expensive*
    New = rough edges
    Performance and cold
    starts
    Management
    commands

    View Slide

  11. KUBERNETES
    (MANAGED)
    Google Kubernetes
    Engine (GKE)
    DigitalOcean
    Kubernetes
    Amazon Elastic
    Kubernetes Service (EKS)
    Azure Kubernetes
    Service (AKS)

    View Slide

  12. View Slide

  13. PROS

    KUBERNETES
    (MANAGED)
    Managed
    Monitored
    Secured
    Requires k8s
    knowledge
    Probably
    overkill
    CONS

    View Slide

  14. UNMANAGED/SELF-HOST
    Flexible
    Cost*
    Security
    Monitoring
    Management
    Documentation/training
    TLS Certificates
    PROS
    CONS

    View Slide

  15. HOSTING (CONT)
    BACKING SERVICES AND
    APPLICATION STATE

    View Slide

  16. USE MANAGED
    SERVICES

    View Slide

  17. MANAGED SERVICES
    Database (Amazon RDS,
    Cloud SQL, Heroku
    Postgres, etc.)
    Object Storage (Amazon S3,
    Google Cloud Storage, etc.)
    SMTP (Amazon SES,
    Sendgrid, Mailgun, etc.)
    Elasticsearch
    Redis

    View Slide

  18. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  19. CONFIGURATION

    View Slide

  20. 12 FACTOR
    Deployment
    Application Config

    View Slide

  21. CONFIGURATION
    Environment Variables
    Configuration File
    Django settings (prod.py, staging.py, etc.)

    View Slide

  22. CONFIGURATION
    Environment Variables
    Configuration File
    Django settings (prod.py, staging.py, etc.)

    View Slide

  23. SECRETS
    API KEYS, SECRET_KEY, SERVICE CREDENTIALS, ETC.
    Never in your code repository

    (unencrypted)

    View Slide

  24. CONFIGURATION
    PaaS Configuration
    Amazon SSM and Chamber
    Kubernetes Secrets
    Encrypted in configuration mangagement
    Hashicorp Vault

    View Slide

  25. GOODCONF

    View Slide

  26. GOODCONF
    Configuration via file or environment variables
    Type casting for environment variables
    Auto-generate documentation
    Auto-generate commented sample configs

    View Slide

  27. View Slide

  28. View Slide

  29. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  30. WEB SERVER

    View Slide

  31. WEB SERVER

    View Slide

  32. GUNICORN

    View Slide

  33. UWSGI

    View Slide

  34. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  35. SERVING ASSETS

    View Slide

  36. WHITENOISE
    pip install whitenoise

    View Slide

  37. UWSGI

    View Slide

  38. NODE.JS
    Source files in version control
    Webpack/Parcel to generate static files during build
    Add build destination to STATICFILES_DIRS
    django-webpack-loader if bundle-splitting

    View Slide

  39. MEDIA
    Use django-storages
    with your preferred
    backend (Amazon,
    Google, Azure, etc.)
    Be careful of public
    vs. private
    AWS_DEFAULT_ACL
    AWS_QUERYSTRING_AUTH
    AWS_QUERYSTRING_EXPIRE

    View Slide

  40. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  41. GO LIVE!

    View Slide

  42. PERFORMANCE

    View Slide

  43. USE AN APM
    Third-party: NewRelic, Scout, Datadog
    Provider: AWS X-Ray, Google Stackdriver Trace
    Self-hosted: Elastic

    View Slide

  44. DATABASE
    Don't be surprised if your laptop performs better
    Network latency
    Size of dataset

    View Slide

  45. DATABASE
    Use Postgres (unless you have a
    good reason not to)
    CONN_MAX_AGE
    Reduce queries
    select_related
    prefetch_related
    Indexes
    db_index
    index_together

    View Slide

  46. TEMPLATE FRAGMENT CACHING

    View Slide

  47. TEMPLATE
    FRAGMENT CACHING

    View Slide

  48. CDN

    View Slide

  49. CDN
    Third Party: Cloudflare, Fastly
    Provider: Amazon Cloudfront,
    Google Cloud CDN

    View Slide

  50. CDN
    Cache static files forever (far-future expires)
    Cache Django responses if possible

    View Slide

  51. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  52. SECURITY

    View Slide

  53. CODE
    Monitor dependencies for vulnerabilities

    (GitHub Security Alerts)
    Use a lockfile (pipenv, poetry, pip-compile)
    Consider an external audit

    View Slide

  54. ENVIRONMENT
    DEBUG = False ... ALWAYS!
    manage.py check --deploy
    https://observatory.mozilla.org

    View Slide

  55. AUTHENTICATION
    (ESPECIALLY THE ADMIN)
    MFA
    django-two-
    factor-auth
    External provider (G-
    Suite, AWS Cognito, etc.)
    Rate limiting
    (Cloudflare, Nginx,
    AWS WAF, Django)
    Firewall/VPN

    View Slide

  56. ADDITIONAL
    ATTACK VECTORS
    SSH
    Platform web console
    (use MFA!)
    Domain registrar
    Email
    Backing services
    APIs

    View Slide

  57. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  58. OBSERVABILITY

    View Slide

  59. ERROR REPORTING
    Emails don't scale
    Use Sentry or Rollbar

    View Slide

  60. LOGGING
    Third-party: Datadog, LogDNA, Splunk, Sumo
    Logic
    Provider: AWS Cloudwatch, Google Stackdriver
    Self-hosted: ELK, Graylog

    View Slide

  61. MONITORING & ALERTING
    Third-party:
    Internal: Datadog
    External: Pingdom, StatusCake, Datadog
    Alerts: PagerDuty, OpsGenie, Slack
    Provider: Cloudwatch, Stackdriver
    Self-hosted: Prometheus, Grafana

    View Slide

  62. Additional
    Considerations:
    Performance
    Security
    Observability
    OVERVIEW
    Hosting
    Configuration
    Web Server
    Assets (static and media)

    View Slide

  63. IT’S DANGEROUS TO GO
    ALONE! TAKE THIS.
    GAME OVER

    View Slide

  64. PETER BAUMGARTNER
    [email protected]
    SAVE
    SLIDE DESIGN BY YUPGUP

    View Slide