DjangoCon US 2023

Motivation

One mistake in a server setup can lead to major downtime or a security breach of a website. Short of that, it can cause a lot of headaches for developers. This talk will cover the key issues that people encounter in creating and maintaining production deployments, and present one or more battle-tested solutions to each of those problems.

There are a lot of technologies involved in a good server setup, and the list at first may seem overwhelming. This talk is going to be an overview of the technologies in question. For each suggested technology, the goal is to leave the audience with an understanding of where each technology fits in the deployment ecosystem and what they would be using it for, so they know what documentation to look for when they are working with it.

Target Audience

This talk is aimed at anyone that is working with the servers and/or deployment process of a production Django project. For people setting up a new set of servers for a Django project, this talk should be a good overview of the approach they need to take. For people with an existing server setup for a Django project, this talk should help them identify issues that they had missed and ways to make their servers easier to manage.

Technological goals

A good server setup has the following properties:

• Server setup is resilient to individual server failures
• Deployments are robust and fully automated
• Code can be tested on a representative environment (ex. staging) before being deployed to production
• Data and secrets are properly secured and backed-up
• Errors are sent to developers
• Servers can be analyzed for problems
• Resources can be scaled in response to load

These properties are the framing for the talk. All the technologies and techniques in this talk serve at least one of these goals.

Outline

The following is an outline of the presentation. Each bullet point roughly corresponds to one slide (on average, one minute of content).

Intro:
* Who I am
* Motivation
* Goals of a good deployment
* Talk outline

Hosting:
* Elastic beanstalk
* ECS
* EKS (Kubernetes)
* Terraform
* Gunicorn
* Docker
* Load balancers

Deployment:
* Deploying EB
* Deploying ECS
* Deploying EKS
* Full continuous deployment (zero-click deployments)
* Updating system packages

Databases and Migrations:
* RDS and backups
* Encryption in transit and at rest
* Security groups for RDS
* Running migrations on EB (configure a deployment command)
* Running migrations on ECS (run a task)
* Running migrations on EKS (run a job)
* Django Migrations race condition
* Downtime flag for deployments
* Automatic database resizing

Static assets and Media:
* WhiteNoise plus on-server hosting for static assets
* CloudFront for static assets
* django-storages + S3 for media assets
* Encryption in transit and at rest

Secrets management:
* django-environ
* Amazon secrets manager

HTTPS:
* Amazon certificate manager
* Disabling insecure versions of SSL and Amazon SSL policies
* HTTP -> HTTPS redirect

Monitoring/Error Reporting:
* Sentry (error monitoring tool)
* UptimeRobot (uptime monitoring tool)
* DataDog (error monitoring plus profiling tool)

Performance:
* CloudWatch (profiling tool)
* NewRelic (profiling tool)
* Load testing
* Manual scaling
* Auto-scaling

Extras:
* Dependency pinning: use pip-tools or poetry
* SSH-ing on to a server: use Amazon Session Manager; for EKS, install Amazon SSM agent