Django Production Launch

A Django specific production checklist used at Vinta before launching projects we've been working on. Access Github Repo.
quality-assurance; python; good-practices; django;
Checks are saved in your local storage

Content

Accessibility

SEO & Analytics

Performance

Django Settings

Transactional Emails

  • Check if DEFAULT_FROM_EMAIL is set to a friendly reply email
  • Check if email templates are correct
  • Configure SendGrid, Mailgun, or another transactional email service
  • Set an automatic BCC on SendGrid
  • Save metadata of every email sent, use http://bit.ly/anymail-signals

Monitoring

  • Check no sensitive data is being logged

  • Check if logs are prefixed according to task/feature

  • Configure Papertrail or another logging service

  • Set Papertrail alerts and integrate with Slack and email

  • Configure Sentry for backend, including Celery

  • Configure Sentry for frontend

  • Configure Uptime Robot

  • Configure New Relic

Security

  • Check the SaaS CTO Security Checklist: http://bit.ly/sqreen-security-checklist
  • Run Observatory: http://bit.ly/mozilla-observatory
  • Add all accesses of third-party tools to LastPass or another password manager service
  • Update OAuth callback/deauthorize URLs in all third-party services
  • Rotate OAuth keys of all third-party services
  • Change passwords of all third-party services
  • Check if buckets/blob storages of AWS/Azure are private
  • Setup AWS S3 buckets encryption
  • Set Django shell to be read-only

DNS

  • Check records
  • Check TTL, set low when launching, set high after everything is fine
  • [Heroku] Add a custom domain: http://bit.ly/heroku-custom-domain
  • Move API to a different subdomain (like api.example.org ), this allows a different server for frontend
  • Enforce or remove www subdomain (and set PREPEND_WWW in Django if necessary)

Server

  • [Heroku] Check if latest stack is being used
  • Check if latest server OS version is being used
  • Check if latest server Python version is being used
  • Configure Redis maxmemory and eviction policy (likely volatile-ttl )
  • Configure RabbitMQ: http://bit.ly/rabbitmq-production-checklist
  • Configure SSL for everything
  • Test SSL health: http://bit.ly/ssl-server-test
  • Configure SSL certificates autorenewal
  • [Heroku] Set a "Standard" database or higher
  • Tune PostgreSQL settings: http://bit.ly/pgtune-tool
  • Configure database backups generation scripts
  • Configure entire database server disk backup
  • Guarantee Celery and other services aren't running as sudo
  • Configure application firewall for application servers
  • Limit file size for uploads
  • Validate uploads media types: http://bit.ly/dj-validating-file-types
  • Configure throttling
  • Configure autoscaling
  • Enable HTTP/2
  • Check if all services are able to handle autoscaling upper limits. (Eg.: will your Redis be able to handle connections if X servers are provisioned)
  • Configure Cloudflare DNS/caching
    • Enable Brotli Compression
    • Check and enable the speed features that don't interfere with your application
  • Enable other speed/WAF features if you have a paid plan

Yay! You completed the checklist top to bottom!
Now spread the ❤︎ by thanking the author, making improvements or creating you own checklist!