11

I am writing a small web-app with django. It will have no more than 200 users, all internal to my company. I want to set it up as quickly as possible. I am new to django and web-apps.

As I read django's tutorial, they don't recommend using python manage.py runserver to deploy the production server, but they don't give any reasons.

I suspect that for my very modest purposes, django's runserver will do fine. Am I correct? What risks am I running?

becko
  • 263
  • 4
  • 10

1 Answers1

5

From the manage.py documentation:

DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay.

That's all you need to know to make a decision on this.

If you're deploying a python web app, even for a low-load, internal-use only project, it is still very much worth the extra work to learn a proper way to host the application, as it's quite likely that you'll need to use those skills at some point in the future.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • What does it mean that it is single-threaded? It means it won't be able to support multiple users using the web-app at the same time? That alone would convince me not to use it! I don't care much for security. As I said, it's for internal use inside a small group of persons. – becko Aug 28 '15 at 19:08
  • This is not my main job, so there is a high change that learning how to properly host a web application won't be that useful to me – becko Aug 28 '15 at 19:10
  • 3
    It will be able to do only one thing at a time, so if it's tied up with a large request from one user, all other users are going to have to wait. It's foolish to state "I don't care much for security". That is the kind of attitude that **will** end up getting your systems compromised. – EEAA Aug 28 '15 at 19:10
  • 1
    I know this isn't the answer you want to hear, but you asked a question on a site for professional systems administrators. So you're getting a professional answer. Taking shortcuts like this, even in a small environment, will always come back to haunt you in the future, and usually at a time when it's least convenient. – EEAA Aug 28 '15 at 19:16
  • Okay. So, if I want to do something as simple as possible, what deployment tool do you suggest? (as you probably noticed, I am very new to all this) – becko Aug 28 '15 at 19:17
  • If you want to ask about that, it would be advisable to post a separate question. Keep in mind, though, that product/tool recommendations are off-topic, and we expect that people have done their due diligence in researching things before coming here to ask a question. – EEAA Aug 28 '15 at 19:18
  • A wsgi server like Uwsgi or Gunicorn is fairly simple if you don't have firewall issues internally. Otherwise Apache+mod_wsgi is a very common and simple option. – wildintellect Aug 28 '15 at 20:07
  • 1
    See documentation [here](https://docs.djangoproject.com/en/1.8/ref/django-admin/#django-admin-option---nothreading). The development server *is multi-threaded by default*. Or am I missing something? Please fix this so I can accept your answer again. – becko Aug 31 '15 at 14:23
  • @becko Don't get hung up on threading. This quote from the page you linked to is all you should need: "DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay." Do. Not. Use. This. In. Production. – EEAA Aug 31 '15 at 15:04
  • I agree. I am reading about Apache and mod_wsgi, which seems to be the next simplest thing with Django. But still, you should fix this on your answer. – becko Aug 31 '15 at 15:09
  • @becko Done. Good luck with your application! – EEAA Aug 31 '15 at 15:11
  • Ok. And thanks for taking the time to convince me. – becko Aug 31 '15 at 15:20