In this video, I'm gonna take my deployed Django project and

make it more production ready.

So I'm gonna start by getting some production ready settings.

A common pattern in Django projects is to have a base settings file,

which is used for local development, things like that, and a production

settings file that pulls in the base settings and makes necessary changes.

To make everything a little easier later on,

I'm going to make the production settings importable as its own Python module.

So in my terminal, and I am here just inside

the deploying_django folder, I'm going to create a new directory and

then add an init file so that it's a Python module.

So I'm going to mkdir djangoal/djangoal/deploy_settings.

And then I'm gonna touch

djangoal/djangoal/deploy_settings/__init_- _.py.

So this creates the module directory for the deploy settings, and the init.py,

that tells Python that it's a module.

So now I'm going to open up the deploy settings __init__.py in my text editor.

And you can see this is empty.

So the first thing I'm gonna do is I'm gonna import all of these settings.

So I'm going to say from ..settings import *.

So that'll bring in all, since it's here, I go ..

to come up to this directory, and it'll bring in this settings.py.

It'll bring in all of the settings.

So then I need to turn off debug.

So we set DEBUG = False, and TEMPLATE_DEBUG is also gonna be,

it's gonna be set to DEBUG.

So what this does is, setting it to DEBUG False means that it's running in

production mode, not debug mode, not development mode.

And the TEMPLATE_DEBUG being set to whatever debug is set to makes sure that

the template is running in production mode as well.

If I deployed this at this point and

opened it up in the web browser, I would get a Bad Request error,

because in production mode, Django employs what's called host header validation.

And any request that's made to a domain that's not in the allowed host list

is rejected.

So if you don't put your domain name in the allowed hosts list and

your web app gets a request, then it goes, well,

I don't know where this is coming from, and it just ignores it or it rejects it.

So to make sure that the app can be accessed,

I'm going to update the ALLOWED_HOSTS setting.

And it's going to have two items in it.

So the first one is going to be the string localhost,

which will allow requests from on the same machine.

And the second one is going to be .pythonanywhere.com,

which will allow requests to any domain that end in pythonanywhere.com.

There's one other potential security issue that needs to be taken care of.

The base settings file has a secret key for the project, right?

Right there.

And that is not good, right?

That doesn't need to be there.

So that means that our, oops, sorry, no, it's right here.

That means that the secret key is on source control, and

I don't want the secret key to be available on source control.

So to fix that, I'm gonna use environment variables.

I've already gone ahead and added this function, but

I want to point out what the function is.

The function is right here, it's called get_env_variable.

So what it does is it tries to find a variable in the environment.

So in the environment that the web app is running in, it looks for a variable.

And it looks for whatever variable you've asked for.

So whatever var_name you put in.

If it can't find that, then it throws an error message.

If we're in debug, it just throws a warning, but otherwise,

it raises an actual configuration error.

Putting this here into settings.py makes it so iit's available for

all the other settings files.

And that includes this one, the deploy settings.

So in deploy settings, I'm going to add a new line here,

which is SECRET_KEY = get_env_variable("SECRET_KEY").

So that'll go look up the secret key in the environment.

So while I'm changing the settings files, I want to add one more line.

This isn't about security, this is for static files.

In the base settings file, I'm gonna add one more line down at the bottom.

And I think it's already in there, yeah.

It's the STATIC_ROOT line.

So you'll want to go ahead and

add that STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles').

And then, one more in the deploy settings,

which is STATICFILES_STORAGE=

"whitenoise.django.GzipManifestStaticFile- sStorage".

So setting a static route like I did in the settings file gives a place for

Django to collect our static assets to on the server.

And setting the static files storage like I've done here lets WhiteNoise make

some optimizations for us when it handles the static files.

So with those two changes in place,

it's time to redeploy the project to Python Anywhere.

So I will check the status.

And I will do git add.

And git commit -m "add deploy settings".

And then git push origin master.

And in the Python Anywhere console, I will do a git pull.

And now those changes are on there, so great.

But before I can deploy the app again, I need to make a couple of changes to files

that are already on Python Anywhere to make all of this work.

So first I need to handle the environment variables that we need,

the secret key generator, or the security key, rather.

So to do that, environment variables go into two places in Python Anywhere.

One of them is the post activate script for the virtualenv.

Anytime activate is called to step into our virtual EMV,

post activate gets called immediately after that.

So I can get a new secret key by going to this website,

miniwebtoolcom/django-secret-key-genera- tor.

And I can just click this button to generate a new Django secret key.

So there's a new key, I'll copy that.

And then back over here, I'm going to go to the Files tab.

And then I'm going to click the .virtualenvs directory.

And then I'm going to click the venv directory.

And then I'm going to click the bin directory.

And then there's a file over here named postactivate.

I'm gonna right-click and open that in a new tab, just so I can keep things up.

And you may have this line, you may not have this line, you probably won't.

But you wanna add a line that says export SECRET_KEY, and

then inside of quotes, you want to add whatever your new secret key is.

And then you want to hit Save.

And so what'll happen now is, any time you activate your environment,

it creates this new secret key.

So you can close that tab, come back over here to your console.

And if you type workon venv, it will reactivate the virtual environment.

And we can check that setting that key worked by doing echo $SECRET_KEY

all in caps and getting back the secret key that we put in.

Okay, so because of the way the Python Anywhere works,

we also need to add it to the WSGI file.

So I'm gonna go back over here I'm and gonna go back to the Web tab.

And I want to add the secret key to the OS environment and

then adjust the WSGI file to use the deploy settings.

So I need to come down here, I need edit this WSGI file.

So I'm gonna open that in a new tab as well.

I'm going to set the secret key.

So again, os.environ["SECRET_KEY"] = and then the secret key that I copied.

And then I'm gonna add another line here, which is, or rather,

I'm gonna change this line.

You'll have a line that says os.environ.setdefault

DJANGO_SETTINGS_MODULE.

And it will almost likely say djangoal.settings.

You want to change that to djangoal.deploy_settings, deploy_settings.

So save that.

And back over here in this tab, you should be able to hit Reload.

And then let's try refreshing the web app.

And we get a 500 error.

If we look down here in the errors.

Here, I'm gonna scroll all the way to the bottom.

We see this value error about, the CSS goal could not be found.

That's because the static files aren't set up correctly.

So let's see if we can fix that.

What I want to do is here in the console, I need to collect the static files.

So I'm at the top directory of the application.

And if I do an ls, I'll see the manage.py.

So I want to do Python manage.py collectstatic.

And then I'm gonna do --settiongs=djangoal.deploy_settings.

Press Return.

It's gonna to ask me if I want to collect the files to this location.

And I want to, so I'm gonna type in yes.

And it's gonna copy everything over.

Tons of stuff, 58 files.

And now, if I refresh this, the site loads,

because now it knows where the static files are.

So that wraps it up for this video.

The Django project that I've deployed is now much more production ready, and

there's really just one thing left to do.

So in the next video, I'm gonna be moving the project to use Python Anywhere as my

SQL database instead of using a SQLite database.