Build a Django App on DigitalOcean

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi everyone this is Mason Egger and today I'm gonna be showing you how I will deploy a django web application to digitalocean so this tutorial will be mostly a combination of a couple of digital ocean community tutorials which I will link in the description below it is how I would personally do all of these things but if you don't feel like watching the whole video and stuff you can piece together everything that I've done from the tutorials that I believe will put in the bottom or if you just want to follow along in the description the tutorial links will be there also this tutorial expects you to already have a django app ready to go or it will expect you to use the django out that we've provided in the github repository that is also in the description links this django this toriel will not show how to create a django app or do any of that we will be working with ready to go ready to deploy django applications so the first thing that i typically do whenever i create a new app is now that digitalocean has VP sees I create a private network for my app to live this helps with me knowing that the traffic between the two apps isn't being sniffed or going over the public Internet and it just makes it feel be a little bit more secure so what we're going to do is we're going to create a django app inside of the in NYC one data center we're gonna just go ahead and call this VPC django and what i like to do here is typically digitalocean can generate an IP for me but i typically like to configure my own because if they were to generate slash 20 for me that's way too many IP addresses so your private IP range prefix one that most people are familiar with because of your home Wi-Fi router is 192.168.0.1 ago ahead and select 24 because I only need 250 one available addresses is more than enough that I need to deploy this application so let's go ahead and create that V PC Network and it has been created and it's up here called Jango and it's in NYC one so now let's go ahead and create a droplet for my server and we're gonna go ahead and just go with the default so we're gonna go with the new bun to 1804 server standard we're gonna go ahead and use a something with a couple more CPUs so we're gonna use two CPUs and two gigabytes of RAM this will help us with serving up the website you know allows more multi-threading if we do get a lot of traffic on to it um you can always go with the cheaper one if you want if you don't anticipate a lot of traffic or more if you do but since this is a Python app you are if you want to get some pretty good multi processing or multiple concurrent things you will probably want to have multiple CPUs we're gonna go ahead and use new york one because that's where our VPC is you cannot select a V PC that is not in the same data center region so if I were to select San Francisco you're not gonna see my Jango region it just doesn't exist if you come over back to New York City one though you will see our Jango V PC so we're gonna go ahead and select my SSH key and we're just gonna call this Jango web and we're gonna go ahead and create our droplet so now we have a droplet ready to serve our Jango app we have it it's inside of a V PC to kind of protect it but if we weren't if it was just a drop but I really wouldn't feel the need to use a VP C but um instead of doing this locally on an SQLite database I actually want to play with digital oceans manage database offering so I'm gonna go ahead and create a Postgres database cluster the smallest one there right now is the $15 a month one for a small one this allows for backups and stuff and Reed pools and things like that fully managed Postgres right at our fingertips we're gonna go ahead and select the Jango V PC again because we want the Jango V PC we want these both of our droplet and our database to be inside at the same private network so the communication between them will happen over a private network and not go out over the public Internet and not cost us our public Internet bandwidth so we're gonna go ahead and call this the Django DB and we're gonna go ahead and create this cluster now creating a database cluster typically does take a little bit longer than creating a droplet whereas a droplet can be created in you know sometimes less than a minute to a minute and a half this will probably take anywhere from four to six minutes so don't get frustrated if it takes a little time it takes a while to stand all these up and once it's done we'll go ahead and continue on configuring our database and now our database is done provisioning so we need to go ahead and secure it as you can see it is positioned inside of our V PC network but as you can see there is a warning here that says our cluster is open to all incoming connections so we need to secure this database cluster by restricting access and the way we do that as we come here and we search for sources and we what we want to do is we want to select our Django web source and only allow traffic to come in across from that droplet so we're going to go ahead and save that and what this will now allows us to do is now the only traffic from that particular droplet we'll be able to reach our database which is very good the other thing we want to do is we want to create a new user for our database and create a new database for our application which we'll call polls more as to why we chose that name we'll have come about in a little bit so as you can see we can see our password for our user and we can always hide it and reshow it at any time and now we have created our polls database now the last thing we need to do is we need to go ahead and create a DNS record for this so whenever we secure our application using HTTP we can accurately do that using cert bot so we're gonna go ahead and go to our domain which I have pre-registered inside of digitalocean if you don't use digitalocean that's totally fine for this um go to your DNS registrar and create an a record pointing to your droplets IP address if you do not have a domain registered that is also fine you can do almost all of this video the thing you will be able to do is you won't be able to do the HTTP with cert bot because that requires a domain name so we're gonna go ahead and call this Jango web and we're going to call it jet and we're gonna direct it to our Jango web so we're gonna say django web Eggert codes will direct to django web and we're gonna go ahead and create this record and now if we copy this we should be able to SSH in as root and we say yes and now we are in our server so the first thing we're going to do now is we are going to go ahead and create a user for us to be able to do all of the things that we need to do and so we're not constantly running things as root so we're gonna do it add user Samy and we're gonna give them a password and then what we're gonna do is we're gonna do user mod - AG sudo Sammy and we are good to go there so now we can sudo in is Sammy so if we open up and as a staged out we will be able to do this so the next thing that we're going to do is we're going to go ahead and set our firewall the way we want to so ufw app list will show us the current applications that are installed that we can create a firewall rule for so we're gonna ufw allow open SSH which will now set our firewall to only allow connections on the SSH course this is port 22 we're now also going to ufw enable yes and then we're gonna go ahead and just do a quick ufw allow 8080 this is gonna be useful for us later for our django app so we're gonna need that port open later to test our app but we're gonna go ahead and open it now while we're thinking about it and while we're doing all of this so if we want to be able to SSH in as Sammy using the same key that we used as root we first need to create a dot SSH directory in Sammy's home directory and then we need to copy the note the authorized keys file from hours into Sammy's and then what we can do is we CH own - are for recursive Sammy : Sammy home Sammy SSH and now if we go into this directory it should be owned by Sammy and we should be able to SSH in so if we log out and then we log in as Sammy now we should be able to use our key and we are in as Sammy at Django - web so now the first thing we need to do is we need to do an app update to update all of our PP A's and be able to get the repo lists that we need and then we're going to do a sudo apt install pi 3 s python 3 - pip python 3 - dev python 3 - v end engine x and curl and we type in our password and we go ahead and start installing stuff and now that we're done installing we can go back to our web browser and since we installed nginx it will automatically start the engine X webserver for us which will not work because we have not allowed Engine X yet so let's do sudo ufw app list and as you can see we now have nginx full so let's go ahead and do sudo ufw allow Engine X full and now we have opened up port 80 and port 443 so we should be able to see the engine X welcome screen because we have installed Engine X now what we're gonna do is we're gonna go ahead and turn this off because we don't need it right now and if I could spell it would be even better cool so now nginx is off and now we can move forward so the next thing we need to do is we need to go ahead and download the code that we want to use for our applications so I have all of this code already on a github repository and this is basically a mile in my live stream repository if you go to the github repo of zelgius ze LGI us and I will include this in the bottom and go to my live stream repo there's a Django get started directory in there as you can see and we're gonna go ahead and just copy in actually we're needed for my care so I move everything from the Django get started back up a directory and now we have my site and requirements so the Django application that we're using is the basic pulls app so the Django tutorial walks you through how to build a polls app that basically just you know allows people to vote on certain things um it's kind of the hello world of Django so I will also have a link in the description below for the pulls app if you want to work all the way through this but this is just basically just the pulls app and there's no any added fluff or anything to it so what we're gonna go ahead and do is remove the live stream directory because we don't need it anymore and now we're going to create a virtual environment - MVN and we're just going to call it in and now we're going to activate this virtual environment E&V bin activate and as you can see we've now changed context over into our virtual environment this will allow us to install Python packages directly into this environment and not into the system Python or potential clashes and other sorts of misconfigurations could happen so now that we have that we're going to do a pip install - our requirements txt so this will install everything inside of our virtual environment because we do have the virtual environment activated and it usually gives you this weird failed building with wrapped but it will download a proper one for it this is just your failing to build the wheel but it will do it you know another way it installs it another way this is very common thing to happen in pip and then the other thing we're going to do is we're going to in pip install G you corn which is another library that we need and we're also going to pip install psy Co PG - - binary now you may be asking well why aren't these included in the requirements txt requirements txt really should be the data and the packages that are required for the library to run these are more for the things that are needed for the for the application to deploy now the PI psy C LPG - - binary probably should be in the requirements set txt but the poles app that I have uses sequel Lite instead of Postgres so for the current implementation that it is it is not required you could easily change that and then freeze it into your pip requirements and be totally fine so now we're going to set up our Django app to be configured to use the proper database and such so we're first thing we're going to do is open up my site settings PI and what we're gonna do is we're gonna change the allowed hosts so currently the allowed host is set to nothing which is works with default and debug but what we want to do is we want to set it to the fully qualified domain name of our server and localhost for testing this will allow us to access the actual Django app whenever it detects that the host that you try to access it over was that so when you send the request it'll say Django - web dagger doc coats and it'll be yes I can respond to that if you don't set this your app will not respond so the next thing that we're going to do is we're going to setup the database config as you can see this sample app used sqlite3 but we are not going to be using that the fields that we will need for this our engine name user which will be our Django user the pull name will be pulls because that is the name of our database that we created inside of our cloud dashboard the password we're actually going to use environment variables to set this environ get Django DB password and none if it doesn't come through the host we're going to get in a second as well as the port so for the engine real quick we actually have to use a special Django string here so Django dot DB back ends and then what we had earlier was SQLite but we're actually gonna use now is Postgres QL underscore PostgreSQL gotta spell the right P sy Co PG 2 and now for our hosts we can go back to our cloud dashboard and get the hosts that we need so we go back to prototypes we go back to our database we come down here and as you can see it has the hosts now we have to be careful here because you can see this is a public network host and this is the public access for it we don't want to use that we set all of our stuff up inside of AV PC using a private network so we're gonna use the private network host so that we can ensure that it is speaking across the private network so now we're gonna come over here and we're gonna paste our host in and it said our port was 25 0 6 0 so 25 0 6 0 and we are good with databases now the last thing we have to add is the static route settings whenever we deploy this we will need to pull in the static files for certain parts of the application primarily the admin database so by doing this this will allow us to run collect static which will bring all of the static files into a directory and then we can point our web server to them and have them properly served whenever you're running the Django app in development mode it kind of does this for you but whenever you want to run it in a production mode which we will want to do and we're gonna go ahead and do that real quick up here we're gonna set it to debug equal to false it will not do this for us very nicely at all so we set our debug to false and another thing is you would typically not have your secret key just out in the open here this would also be stored inside of the environment variables file that we're about to create and actually let's go ahead and just copy that and then let's do this so let's go ahead and create an environment variable file I'm gonna go ahead and call this secret key equals that and then we're also gonna have Django DB password you know we're gonna set empty quotes there we're gonna go back to our cloud dashboard and we're going to get the database user password from right here so that's our database user password and we're gonna come in here and we're gonna start right there now what you would typically do is you would basically write this file on deployment of your service and not store these in version control do not store this in version control that is how secrets get leaked so by doing it this way we are going to be able to use our our system D scripts to read this environment file and then you would have some sort of secret service maybe something similar to vault that would write this file on deployment and then start everything up and everything would go but for now having it here isn't too terribly bad it's it's it'll work so now that we have that we need to export we're going to go back to our my site settings and we're actually going to delete this secret key and we're gonna say oh s dot environ get secret key common nuttin and then what we're going to do is we're basically just going to cat the environment file and we're going to export all the things and then what we're gonna do real quick is we're going we are ready we're gonna run Python managed py run server 0.0.0.0 8080 this will allow us to broadcast our app on our external facing interface on port 8080 which is why we open that port earlier I did forget a comma in the my site settings dot py when I was running through it earlier so I had to go back in and add the comma after this right here otherwise it gave me an error so if we run it again as you can see the site is now running but it is saying hey you have migrations and you haven't applied them yet so let's go ahead and stop running stop this real quick and let's go ahead and apply those migrations so python managed py and we're just going to go ahead and run migrate and that is going to apply all of our migrations that we already have inside of our django app because the our migrations were stored in our version control if you didn't have your migrations stored in version control then you have to make migrations and then migrate them so we have that now now we're gonna run Python managed up py create super user and we're gonna go ahead and just create a real quick user at Sammy dot IO we're gonna create real quick user for us to be able to login to the admin interface with and we now have it and then we're gonna run one more command just to be ready for when we're done with this next step and we're gonna go and collect the static files that we need so now all of the static files for our admin stuff are now stored in this site so if we run this again we should be able to go to Jango - web Eggert codes colon 8080 slash Atman and we have the Django administration page now as you can see all the fancy CSS and stuff that is typically attributed with this is gone and I'm pretty sure this has to do with the fact that we are no longer in debug mode so running the server in but in non debug mode sometimes can make it a little bit cranky so if we go back and we change it real quick and we go back over here as you can see it works again our static files will be served properly when we're done with this but as of right now they're gonna look it's gonna look a little bit weird for this quick second so we're just gonna go ahead and reset this back to false so now that we know that our site can run the next thing we're going to do is we're going to set it up to be running as a system D service production eyes using engine X and G unicorn the next the last thing we're going to do in this step is we're going to deactivate our virtual environment because we do not need it any longer ok so now for setting up the last of our configuration we're gonna do a really quick sudo ufw deny 8080 we're gonna just close that that port real quick so we no longer need it we have no reason to keep it open we're going to go ahead and create a socket file for this so sudo vim Etsy system D system G unicorn I it's not horndog G unicorn dot socket and we're gonna go ahead and copy and paste this from the tutorial on digitalocean that uses this um there will be a link in the description below again for this tutorial so what this basically does it gives it a description it tells it which list and stream to run on which is gonna be the run slash gene a korndog socket and now the last thing we're gonna do is we're gonna do a sudo vim slash Etsy system D system G unicorn dot service so basically how this will work is the service the socket will sit there and start up at boot and we'll be listening for traffic if the traffic comes in then it will immediately start the service and the service will run and provide everything that we need this is again copied from the tutorial we're gonna go ahead and make a couple of a couple of modifications so the group will be Sammy and now for us to be able to use our environment of file that we made we have to do environment file equals slash home Sammy my site / env my project der was the default in the tutorial so we're gonna change that to my site because that's just what I named it our environment is at home Sammy env because what this is going to do is this is going to actually run the G unicorn that is associated inside of the path of our virtual environment so we're gonna be using G unicorn from our virtual environment so all those files in the Django and stuff will already be installed there and it won't need system Python so the virtual environment is at home Sammy /n and that's what we're gonna put it and then the last thing we have to change down here is my site from my project to my site this is a Python path that will essentially look for where is there a WSGI PI file and inside of it there'll be a variable application that will have a WSGI object and this is how it will actually serve our file um as you can see there will be three workers so this will be able to handle simultaneous requests that's the whole point of using G unicorn because if we just used normal Python it would be running in serial because python has the global interpreter lock and it doesn't really support full multi-processing um at least not in the traditional sense that most people would think of so we have to use the whiskey or the WSGI to create multiple workers so we can handle multiple requests at a time so we save this file now and now we run sudo systemctl start G unicorn dot socket and that will be now running and now we run sudo systemctl enabled G unicorn dot sockets so if our server were to to be rebooted or anything we want that to come up when it turns back on so now let's actually just check the status of it sudo systemctl status G unicorn dot socket and as you can see it is running and if we run a file on the slash run G unicorn dot sock we can see the socket file was created and it actually exists so now we can run a sudo systemctl status G unicorn and the sir current status is deactivated because nobody has hit the socket yet nobody has tried to access the data on the socket yet so it hasn't actually needed to start the service yet so we can really quickly start the service by running unit curl on a UNIX socket and then directing it to our socket file and then saying localhost this how will we set in our allowed host earlier to be able to enable it and as you see we got a 404 which is actually what we wanted because there is nothing at there is nothing at the index page of the server so while this may look like an error it's actually correct because it did serve the HTML so what we're gonna do now is we run status on G unicorn dot service again and you can see the thing is actually running and we're all ready to go so we now have G unicorns set up properly and our systemctl as a service running now the last thing we have to do is configure it into Engine X so we're going to go ahead and open up XE engine X sites available and we're going to call it in my site and then what we're going to do is we're going to copy and paste again out of this tutorial and Engine X config so this is the server is listening on port 80 we need to change the server name to Django - web edgar codes so that way whenever it actually comes in or whenever any sort of request comes in it knows that it will basically be listening there all for the the header to have that host and what it does is is hey I know where that goes and it directs me to the right place the root of my static files is in home Sami my site and then we can run it and then yeah so roots a me my site and then we have the proxy pass running and there's nothing else here that needs to happen so basically it will proxy the request to the current running socket on our server so we're good we can save it we need to do a quick SEM link to from sites available to sites unable to tell nginx that we are actually that this site is available and ready to go so Etsy Engine X sites enabled and then we can just run a quick engine X dash T to make sure our configuration is okay and it is and then now we can sudo systemctl restart Engine X to get that going and we've already set our engine X full firewall so we should be ready okay available to do it so if we go to this now and we just remove this we should get a 404 because it's not found and that is what we are looking for but if we go to polls should tell us that there are no polls available that's exactly what we wanted and if we go to admin we should get our admin site perfectly set up and the static files are being properly served through engine X now so we're good now the thing I would say is do not log in here yet because as you can see we are currently not secure we have not secured this site yet with HTTPS so let's go ahead and do that real quick as our final step we're going to run sudo apt install Python - cert bot - engine X that's gossip we want to install it we say yes and now what we do is we go ahead and run sudo cert bot - - engine X so that way it knows to do it French and X - D Jango - web dot a guru codes and it's gonna go ahead and ask me for an email address so I'll use my digitalocean email address I accept the Terms of Service I do not want to be emailed because I've already done that so it's gonna go ahead and do the check and get us our certificate and everything is ready and now it's gonna ask us do you want to allow traffic across HTTP or do you want to force everything to be HTTPS and in my opinion everything should be forced across HTTPS it is 20/20 there is no need for HTTP any more so now if we go over here and we log in and we refresh our page now you can see we have the little lock and now our connection is secure so I can log in and now I can create questions for our polls we'll go ahead and create a quick question I don't want to save that password we're gonna say did you enjoy this video tutorial I'm gonna go ahead and save it and we're gonna go ahead it back to polls add some choices we're gonna say yes and then we're gonna add one more choice come on sometimes my 4k monitor doesn't like my mouse we're gonna say no and if we now go to polls did you enjoy this tutorial I believe I did well who yes does have it so there we go you now have a Django website deployed on digitalocean using our hosted database as a service for your back-end and it is secured using nginx and cert BOTS and SSL so I hope you enjoyed this tutorial thank you very much for tuning in and I look forward to seeing you next time you

Info

Channel: DigitalOcean

Views: 10,884

Rating: undefined out of 5

Keywords: DigitalOcean, Digital Ocean, Cloud, Iaas, Developers, droplets, dbaas, django

Id: US9BkvzuIxw

Channel Id: undefined

Length: 32min 39sec (1959 seconds)

Published: Mon May 18 2020