""" Django production settings for ThrillWiki project. These settings are used in production environments. """ from .base import * # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False ALLOWED_HOSTS = env.list('ALLOWED_HOSTS') # Security Settings SECURE_SSL_REDIRECT = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SECURE_HSTS_SECONDS = 31536000 # 1 year SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True X_FRAME_OPTIONS = 'DENY' # Static files (WhiteNoise) STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage' MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware') # Email Configuration (configure for production email backend) EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = env('EMAIL_HOST', default='smtp.gmail.com') EMAIL_PORT = env.int('EMAIL_PORT', default=587) EMAIL_USE_TLS = env.bool('EMAIL_USE_TLS', default=True) EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='') EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='') DEFAULT_FROM_EMAIL = env('DEFAULT_FROM_EMAIL', default='noreply@thrillwiki.com') # Database - Require DATABASE_URL in production if not env('DATABASE_URL', default=None): raise ImproperlyConfigured('DATABASE_URL environment variable is required in production') # Connection pooling DATABASES['default']['CONN_MAX_AGE'] = env.int('CONN_MAX_AGE', default=600) # Redis - Require REDIS_URL in production if not env('REDIS_URL', default=None): raise ImproperlyConfigured('REDIS_URL environment variable is required in production') # Celery - Run tasks asynchronously in production CELERY_TASK_ALWAYS_EAGER = False # Logging - Send errors to file and Sentry LOGGING['handlers']['file']['filename'] = '/var/log/thrillwiki/django.log' LOGGING['root']['level'] = 'WARNING' LOGGING['loggers']['django']['level'] = 'WARNING' LOGGING['loggers']['apps']['level'] = 'INFO' # Admin URL (obfuscate in production) ADMIN_URL = env('ADMIN_URL', default='admin/') # Performance CACHEOPS_ENABLED = True # CORS - Strict in production CORS_ALLOW_ALL_ORIGINS = False if not CORS_ALLOWED_ORIGINS: raise ImproperlyConfigured('CORS_ALLOWED_ORIGINS must be set in production')