0

I'm trying to understand the simplest way to deploy a Django application in production.

Many recommend nginx or Apache along with uwsgi or gunicorn. I think that is more than my situation requires, and I would like know if my thinking is correct.

This application is nothing more than an API that sends JSON to the client application. There are static files for an admin page, but that page is for developers only, so extremely low traffic. In other words, most responses have very small payloads, and requests for static resources are rare.

Also, since this is just an API, serving on port 8000 is fine.

I would be happy to leave out the complication of nginx/Apache if uWSGI is sufficient for my situation, but it isn't clear to me what other advantages a real server might offer, and how to determine if it is necessary.

I realize that this question is subjective, but I'm inexperienced in the Python/Django world, and it seems all of the advice is focused on the more typical case where actual web pages are served. Are there best practices for deployment of Django APIs?

Improve this question
5
  • Why do you think using Nginx with Gunicorn is complicated? It's two packages to install and about eight lines of configuration. Commented Jun 11, 2015 at 11:08
  • Seems to me that everything that I install has complications. Install with pip or apt? In virtualenv or not? I'm yet to see the "8 lines of configuration" approach, maybe you could link to that? Commented Jun 11, 2015 at 11:11
  • @rightfold also, why would I install and configure anything, no matter how simple, if it wasn't necessary for my use case? Commented Jun 11, 2015 at 11:13
  • Hope this help's you robgolding.com/blog/2011/11/12/… Commented Jun 11, 2015 at 11:13
  • 1
    Gunicorn simply isn't designed to be a internet-facing webserver, e.g. it is more susceptible to DoS attacks (and at some point you will be a target). Hiding it behind a reverse proxy that is designed to handle all the culprits of the open internet alleviates those problems. I would think the same is probably true for uWSGI. Commented Jun 11, 2015 at 11:54

1 Answer 1

Reset to default
1

Security, what this is ultimately about, is and always has been a very complicated matter. The open internet is one of the most dangerous places. No matter how small and insignificant your server seems to be, people will find it and try to break it. If a web server is not designed from the ground up to handle all the culprits of the open internet, it is not secure.

Gunicorn is designed as a Python application server. Even though it handles HTTP requests, it is not designed as a full web server. As the docs say:

We strongly recommend to use Gunicorn behind a proxy server.

I don't have any experience with uWSGI, but I wouldn't be surprised if the same was true.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'm curious, would uWSGI/Gunicorn be sufficient if this were a service that were only called internally? Suppose there were a service that handled security, etc, and that service called other services that were not accessible to the open Internet. Would the back-end services need nginx or Apache in that case?
As I said, it's complicated. Logically, if the server physically isn't accessible from the outside, it can't be the direct target of an attack. But what if your load balancer/access point can handle a much higher load, and forwards all those requests to your Django server? A good rule of thumb in security is, if you don't have the experience to know that it is safe, follow the convention.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.