make your nginx config as simple as

manage.py create_nginx_config

this will give you a nginx_conf dirrectory with all you need to put in prod your project.

it use several settings to make your nginx config :

• ADMINISTRATOR_IP (default "127.0.0.1")
• FQDN
• SITE_NAME
• DOMAIN_NAME
• DJANGO_ROOT
• SECURE_PREFIX
• STATIC_ROOT
• MEDIA_ROOT

generate a nginx config with:

• separated static content from dynamic (2 virtual host) ({{http://FQDN/ and http://static-{{FQDN}}/ }})
• serve static content gziped
• add cache header for static content
• automatic redirect http<−>https that make transparent secured urls and unsecured.
• version in static/media url (or not)
• use gunicorn for deployment.
• mainenance mod switch
• upload progression as json available at /upload/progress
• create a ready to use init script
• provide a simple script to gzip all css/js static which will be served as is by the server.

(manage.py|bin/django) create_nginx_config [destination dirrectory] [--socket=path/to/socket] [--workon_home=/path/to/workonhome]
[--forcesetting=NAME=VALUE] [--no-buildout]

all settings can be overriten by --settings. ie : FQDN is lol.ox.com => --setting=FQDN=lol.ox.com

###ADMINISTRATOR_IP a list of IP of the administrator, which will be authorized in maintenance mod

###FQDN

fully qualified domain name. used in server name and in arbo

the verbose name of the apps (used in init script for displaying)

the name of the domaine (exemple.com)

the root of the virtual server (root of django project is nice)

a list of url who need to be transmited over SSL,ie: for authentication form. all url who start with one of these will be secured. all other will be on clear text.

if noone is provided, no SSL config will be generated, and so no certificat will be needed.

full path of static content storage

full path of media content storage.

this script generate a nginx config with the following rules:

• all log files is stored in /var/log/nginx/{{FQDN}}/
• socket for communication with gunicorn will be located in /var/run/django/
• all certs and key will be in /etc/ssl/certs and /etc/ssl/private/ (see SSL section for more details)
• if maintenance mod is enabled, it return a 503 error with possibly a custome page located at {{DJANGO_ROOT}}/erreur503.html

SSL will be enabled only if there is one or more url in SECURE_PREFIX setting.

if there is one or more, 2 extra server will be created (static and dynamic), and will search for:

• pem cert in /etc/ssl/certs/{{FQDN}}.crt
• private key in /etc/ssl/private/{{FQDN.key}}

this mean that the ssl cert will need to have an alternative name for static-{{FQDN}}

all protocol switch use an HTTP 301 response.

all «secured» url is only accessible by https and make a redirect if browsed with http,
and all non secure is accessible with http and make a redirect to http if browsed by https

the dynamic content can be temporary disabled for a mantenance just by renaming «extra/di.maintenance.conf» by «extra/en.maintenance.conf» and reloading nginx.

this will return a 503 error (and a custom page in available) for all non admin visitor. admin is identified by their IP Address located in ADIMINSTRATOR_IP

a simple script can be used to swith the name of this file :

switch_maintenance.sh maintenance && service nginx reload # put server in maintenance

switch_maintenance.sh production && service nginx reload # restore server in production

you will find a standard init_script. it work as it is. it run a gunicorn with 2 worker by default and use the rigth unix socket using buildout by default.

note:

if --no-buildout is used, init script will try to activate a virtualenv name {{FQDN}} located in the --workon_home directory. and then use the manage.py

just chmod 755 and copy in /etc/init.d/ thats all