[oliwarner]

"Safely" download and run a script as root. Watch as it "safely" destroys existing nginx configuration and replaces it with one that statically maps to `/home/ubuntu/jeequery/staticroot`. Yeah that won't even work.

If you want to safely deploy Django, learn how to deploy Django.

A tutorial explaining what it's installing, how it's installing, how to keep it updated, where it's configured etc takes 20 minutes and leaves the reader safe. This is a broken script that pulls people into performing some of the worst possible security practices.

TL;DR Avoid this article to stay safe.

[ddorian43]

Any article that you recommend ? Better yet, how to safely UPDATE/UPGRADE python/django project ?

[oliwarner]

The Django docs aren't a bad place to start for first time deployments. The problem is there are architectural decisions to be made.

I think anybody sane would recommend a virtualenv for all but the smallest projects (unikernel deployments) but what WSGI server? UWSGI's emperor mode is awesome for many sites but is another layer of configuration. UWSGI (sans emperor) and Gunicorn are both good point and shoot. Both need keeping alive (eg systemd).

Once you've picked your WSGI server, read its documentation and try deploying. It's usually about then when you realise the other server might be better for you, or why storing your configuration in a database might make more sense. There are limitless choices here that are only apparent to the person behind the project.

As for updating, that's more about automated testing and having a staging server (VM) to test on than any secret sauce. It's hard to do well manually.

[ddorian43]

Virtualenv always makes sense.

Yeah, uwsgi is where it's at. Even serves static files, so it's possible you won't even need nginx.

On updating I think:

1. remove from load balancer 2. update/upgrade/restart (hopefully it's already tested) 3. readd to load balancer