Production checklist#

The following are some recommendations for deploying production Pegasus applications.

Run the Django deployment checklist#

Django provides a deployment checklist that helps ensure your site has some of the most important settings properly configured for production environments. It is executed by running manage.py check --deploy on your production server.

It’s recommended to run this on your production application and address any critical issues.

The default Pegasus configuration will contain some warnings, to help prevent misconfigurations which can affect your site’s availability. Not all warnings are serious issues and some may not be possible to address (e.g. if part of your site must be available over HTTP instead of HTTPS). After running the manage.py check --deploy command you should read through the documentation for any issues you get and update the relevant settings where necessary.

Note: The “unable to guess serializer” warnings are safe to ignore, and will be fixed in a future version of Pegasus.

Set your ALLOWED_HOSTS#

In your app’s settings_production.py be sure to update the ALLOWED_HOSTS setting with the domain(s) you want the site to be available from, replacing the '*' that is there by default:

ALLOWED_HOSTS = [
    'example.com',  # use your app's domain here
]

Failure to do this opens up your site to more HTTP host header attacks.

Update your Django Site#

In order for absolute URLs and JavaScript API clients to work, your Django site should match your application’s domain. See the documentation on absolute URLs to do this.

Set up email#

If you haven’t already, you’ll want to set up your site to send email

Make sure your secrets are set#

Application secrets (e.g. API keys, passwords, etc.) are managed in environment variables. Ensure that you have configured the following variables (if you are using them):

  • All apps should set SECRET_KEY to a long, randomly-generated value.

  • If you’re using Stripe, you should set the STRIPE_TEST_PUBLIC_KEY, STRIPE_TEST_SECRET_KEY, STRIPE_LIVE_PUBLIC_KEY, and STRIPE_LIVE_SECRET_KEY config vars (or whatever subset you are using).

  • If you set up email, ensure whatever keys/secrets you need are set.

  • If you’re using Mailchimp, set MAILCHIMP_API_KEY and MAILCHIMP_LIST_ID.

Refer to your chosen platform’s documentation for details on how to set environment variables in that platform.

Sync Stripe data#

After setting up your Stripe variables per above, you’ll want to run:

python manage.py bootstrap_subscriptions

to initialize your subscription data.

See your chosen platform’s documentation for how to run one-off commands.

Set up media files#

Some functionality, like user profile pictures, requires saving user-uploaded files. In development these are saved to the file system, but in most production environments the file system is not usable for it. Instead, you need to set up an external storage to handle these.

There is guidance on configuring media files in the settings and configuration docs.

The most common choice of external storage is Amazon S3, though many cloud providers have their own S3-compatible options, e.g. Digital Ocean Spaces.

Future versions of Pegasus should improve on this process.

Optimize your front end#

The front-end files that ship with Pegasus are the developer-friendly versions. In production, these should be optimized.

First you should add the compiled files to your .gitignore as described in the front end docs. Then, as part of your CI/CD deployment process, you should build the bundle files directly on your production server (using npm install && npm run build).

This will ensure that the latest, optimized version of the front-end code is always deployed as part of your production environment.

The platform-specific docs have some guidance on setting this up where possible.

Update other configuration options#

See the configuration page for a larger list of options, including social login, sign up flow changes, analytics, logging, and so on.