Deployment Overview of Django on Server¶
Prerequisites and Basic Requirements¶
The application requires a Linux-based environment (Debian or Ubuntu) with the following specifications:
-
Operating System: Debian or Ubuntu.
-
Privileges: Root access or sudo privileges are required for package installation and service management.
-
Domain: A domain under
hostkey.inis used for SSL certificate issuance via Certbot. -
Ports:
-
8000: Internal application port (Django development server). -
443: External HTTPS port.
-
FQDN of the final panel on the hostkey.in domain¶
The application is accessible via the following FQDN format: <prefix><server_id>.hostkey.in
Based on the configuration, the specific URL structure uses the prefix django.
File and Directory Structure¶
The deployment utilizes several key directories for application files, configurations, and SSL certificates:
| Path | Description |
|---|---|
/root/django_client/project | Django project source code and management scripts. |
/root/django_client/venv | Python virtual environment (on Debian). |
/etc/systemd/system/django.service | Systemd service unit file for the Django application. |
/root/nginx/compose.yml | Docker Compose configuration for Nginx and Certbot. |
/data/nginx/user_conf.d/ | Custom Nginx configuration files. |
/data/nginx/letsencrypt/ | ACME challenge directory for SSL validation. |
/data/nginx/nginx-certbot.env | Environment variables for the Nginx container. |
Application installation process¶
The application is installed as a Django project using Python 3. The deployment includes:
-
Python Environment: A virtual environment is created at
/root/django_client/venv(on Debian) or via global pip installation (on Ubuntu). -
Dependencies: Installation of
django,python3-pip, andlibpq-dev. -
Project Initialization: The Django project structure is generated in the
/root/django_client/projectdirectory. -
Static Files: Static files are collected into a
static/directory within the project root.
Access Rights and Security¶
-
User Execution: The Django service runs under the
rootuser. -
Firewall/Network: The application is configured to listen on
0.0.0.0:8000. -
CSRF Protection:
CSRF_TRUSTED_ORIGINSis explicitly set to include the hostkey.in domain for secure form submissions.
Databases¶
The application uses PostgreSQL-compatible libraries (libpq-dev) and performs database migrations during the installation process using: python /root/django_client/project/manage.py migrate
Docker Containers and Their Deployment¶
The deployment utilizes a Docker container to manage Nginx and Let's Encrypt SSL certificates via docker compose.
Deployment Command:
Container Configuration Details:
-
Image:
jonasal/nginx-certbot:latest -
Network Mode:
host -
Volumes:
-
nginx_secrets:/etc/letsencrypt(External volume for SSL certificates) -
/data/nginx/user_conf.d:/etc/nginx/user_conf.d -
/data/nginx/letsencrypt:/var/www/letsencrypt
-
Proxy Servers¶
Nginx is deployed as a reverse proxy in a Docker container to handle HTTPS termination and SSL certificate management via Certbot.
-
SSL Management: Automated renewal is configured with an interval of
8d. -
ACME Challenge: A specific location block is injected into the Nginx configuration to facilitate Let's Encrypt validation:
Permission Settings¶
The following permission settings are applied to critical directories:
| Directory | Owner | Group | Mode |
|---|---|---|---|
/root/nginx | root | root | 0755 |
/data/nginx/letsencrypt/.well-known/acme-challenge | root | root | 0755 |
Available ports for connection¶
| Port | Protocol | Usage |
|---|---|---|
443 | HTTPS | External web traffic (via Nginx) |
8000 | TCP | Internal Django application service |