Heroku¶
DNS¶
Set up one address for the application environment.
Add the address first to Heroku to get the the DNS target for the CNAME entry.
Info
If you are using Cloudflare ignore the DNS targets and use the Heroku application URL instead, something like [dev-app-name].herokuapp.com.
Add redirects for robots.txt and favicon.ico to /static/robots.txt and /static/favicon.ico.
Heroku¶
Create a Heroku app for your project. A dev, test and live environment is good to have.
Connect the Heroku app to your git repo or push your code directly to Heroku. If you are using GitHub I recommend selecting it as the "deployment method".
Then so the following steps for each environment.
Set these settings as a minimum:
API_BASE_URLBASIC_AUTH_ENABLEDBASIC_AUTH_LOGINBASIC_AUTH_PASSWORDDJANGO_SETTINGS_MODULEEMAIL_HOSTON_HEROKU=true(so correct production settings gets loaded)ORG_LONG_NAMEORG_SHORT_NAMEORG_EMAILSECRET_KEY(see below for generating secret key)SEND_MESSAGESSERVER_EMAILSTAFF_EMAIL_DOMAINS
Generate secret key with:
python3 -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
- Add Heroku Postgres as a add-on. "Hobby dev" or "Hobby basic" works for dev and test and "Standard 0" is a good start for production.
- Add buildpacks for Nodejs and Python, make sure Nodejs is listed first.
- Temporarily remove the "release" step from the "Procfile". It has a clear cache step that will fail until the cache tables are created.
- Deploy the appropriate branch.
- Activate dynos to run your app. For dev and test the "Hobby" level works well. For production a "Standard-2X" with a dyno count of 2 and WEB_CONCURRENCY set to 3 performance well.
-
Run the following commands from the command line with the help of heroku-cli. If it's the first time you use heroku-cli you first need to login with
heroku login: -
Now add the "release" step back to the "Procfile" and deploy again.
You should now have a running site.
AWS S3¶
Set up a bucket for private files and another for public files. Private files are uploads on submissions.
Set these settings as a minimum:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_STORAGE_BUCKET_NAME(most often same asAWS_PUBLIC_BUCKET_NAME)AWS_PRIVATE_BUCKET_NAMEAWS_PUBLIC_BUCKET_NAME
Optionally set these as well:
AWS_PUBLIC_CUSTOM_DOMAINAWS_QUERYSTRING_EXPIRE
Private bucket¶
Properties:
Versioning enabled. Default encryption enables AES-256
CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Public bucket¶
Properties:
Versioning enabled.
Access Control List:
Public access -> Everyone -> List Yes
CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Bucket policy:
{
"Version": "2012-10-17",
"Id": "Policy1562302603386",
"Statement": [
{
"Sid": "Stmt1562302600239",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::public.example.com/*"
}
]
}
Mailgun¶
Set:
MAILGUN_API_KEY
And it should just work.