website/conservancy/settings/prod.py

import json

from django.core.exceptions import ImproperlyConfigured

from .base import *  # NOQA

DEBUG = False
ALLOWED_HOSTS = ['www.sfconservancy.org', 'sfconservancy.org']

ADMINS = [
    ('Bradley M. Kuhn', 'sysadmin@sfconservancy.org'),
    ('Ben Sturmfels', 'sysadmin+conservancy@sturm.com.au'),
]

MANAGERS = [
    ('Bradley M. Kuhn', 'sysadmin@sfconservancy.org'),
]

DATABASES = {
    'default': {
        'NAME': '/var/lib/www/database/conservancy-website.sqlite3',
        'ENGINE': 'django.db.backends.sqlite3',
    }
}

# Apache/mod_wsgi doesn't make it straightforward to pass environment variables
# to Django (can't use the Apache config).
with open(BASE_DIR.parent / 'secrets.json') as f:  # NOQA
    secrets = json.load(f)

def get_secret(secrets, setting):
    try:
        return secrets[setting]
    except KeyError:
        raise ImproperlyConfigured(f'Missing secret \'{setting}\'')

SECRET_KEY = get_secret(secrets, 'SECRET_KEY')

SESSION_COOKIE_SECURE = True
Switch settings to use "the one true way" approach The advantage of this approach is that the production and dev configurations are in version control, so there's less opportunity for surprises. As advocated by Jacob Kaplan-Moss (OSCON 2011) and Two Scoops of Django book. 2024-03-20 02:29:37 +00:00			`import json`

			`from django.core.exceptions import ImproperlyConfigured`

Fix flake8 warnings 2024-07-22 07:13:34 +00:00			`from .base import * # NOQA`
Switch settings to use "the one true way" approach The advantage of this approach is that the production and dev configurations are in version control, so there's less opportunity for surprises. As advocated by Jacob Kaplan-Moss (OSCON 2011) and Two Scoops of Django book. 2024-03-20 02:29:37 +00:00
			`DEBUG = False`
			`ALLOWED_HOSTS = ['www.sfconservancy.org', 'sfconservancy.org']`

			`ADMINS = [`
			`('Bradley M. Kuhn', 'sysadmin@sfconservancy.org'),`
			`('Ben Sturmfels', 'sysadmin+conservancy@sturm.com.au'),`
			`]`

			`MANAGERS = [`
			`('Bradley M. Kuhn', 'sysadmin@sfconservancy.org'),`
			`]`

			`DATABASES = {`
			`'default': {`
			`'NAME': '/var/lib/www/database/conservancy-website.sqlite3',`
			`'ENGINE': 'django.db.backends.sqlite3',`
			`}`
			`}`

			`# Apache/mod_wsgi doesn't make it straightforward to pass environment variables`
			`# to Django (can't use the Apache config).`
Fix flake8 warnings 2024-07-22 07:13:34 +00:00			`with open(BASE_DIR.parent / 'secrets.json') as f: # NOQA`
Switch settings to use "the one true way" approach The advantage of this approach is that the production and dev configurations are in version control, so there's less opportunity for surprises. As advocated by Jacob Kaplan-Moss (OSCON 2011) and Two Scoops of Django book. 2024-03-20 02:29:37 +00:00			`secrets = json.load(f)`

			`def get_secret(secrets, setting):`
			`try:`
			`return secrets[setting]`
			`except KeyError:`
			`raise ImproperlyConfigured(f'Missing secret \'{setting}\'')`

			`SECRET_KEY = get_secret(secrets, 'SECRET_KEY')`

			`SESSION_COOKIE_SECURE = True`