Django Production Checklist (Everything You Must Do Before Going Live)
A comprehensive checklist for deploying a Django application to production. Ensure your app is secure, performant, and reliable with these essential pre-launch steps.
Before you deploy your Django app to production, there are several critical steps you must complete.
If you skip these, you risk:
- Broken static files
- Security vulnerabilities
- Performance issues
- Downtime
This checklist ensures your app is secure, stable, and production-ready.
β‘ Quick Checklist (Overview)
π§ 1. Django Settings (Critical)
Disable DEBUG
DEBUG = False
π Leaving this enabled is a major security risk
Set ALLOWED_HOSTS
ALLOWED_HOSTS = ['your-domain.com', 'your-server-ip']
Use environment variables
Never hardcode:
- Secret keys
- Database credentials
𧱠2. Static Files Setup
- Set
STATIC_ROOT - Run
collectstatic - Configure Nginx
python manage.py collectstatic
π Full guide: Django static files not loading
𧩠3. Media Files Setup
- Set
MEDIA_ROOT - Configure Nginx
π Full guide: Django media files not serving
βοΈ 4. Application Server (Gunicorn)
- Install Gunicorn
- Configure systemd
- Ensure it runs on boot
sudo systemctl enable gunicorn
π Full guide: Deploy Django with Nginx + Gunicorn
π 5. Web Server (Nginx)
- Reverse proxy to Gunicorn
- Serve static and media files
- Validate config
sudo nginx -t
ποΈ 6. Database (Production Setup)
Do NOT use SQLite in production.
Use:
- PostgreSQL (recommended)
Check:
- Migrations applied
- Database accessible
python manage.py migrate
π 7. HTTPS (Required)
Use Let's Encrypt for free SSL certificates.
sudo certbot --nginx
Also enable:
- Secure cookies
- HSTS headers
π 8. Security Settings
In settings.py:
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
π Prevents common vulnerabilities
π 9. File Permissions
sudo chown -R www-data:www-data /var/www/myproject
sudo chmod -R 755 /var/www/myproject
π Prevents access and runtime errors
π 10. Process Management
Ensure services restart automatically:
sudo systemctl enable gunicorn
sudo systemctl enable nginx
π§ͺ 11. Logging & Debugging
Check logs:
journalctl -u gunicorn
sudo tail -f /var/log/nginx/error.log
π Essential for troubleshooting
β‘ 12. Performance Basics
Set Gunicorn workers:
workers = (2 Γ CPU cores) + 1
- Enable gzip in Nginx
- Use caching headers
π§ 13. Environment Separation
Use:
.env files
Different settings for dev/prod
π Avoids configuration mistakes
π 14. Deployment Workflow
Before every deployment:
git pull
pip install -r requirements.txt
python manage.py migrate
python manage.py collectstatic
sudo systemctl restart gunicorn
π₯ Common Mistakes
π΄ DEBUG left on
π Security risk
π΄ Static files not configured
π Broken UI
π΄ No HTTPS
π Insecure site
π΄ Wrong permissions
π Runtime errors
π΄ No process restart
π Downtime after reboot
π Related Guides
- Deploy Django with Nginx + Gunicorn
- Set up HTTPS for Django
- Fix Django 502 Bad Gateway
- Django static files not loading
- Django media files not serving
β FAQ
Can I use SQLite in production?
Not recommended.
Use PostgreSQL for:
Performance Reliability
Do I need Docker?
Optionalβbut useful for:
- Consistency
- Easier deployments
How do I know everything works?
Use this checklist + test:
- Homepage
- Admin panel
- Static files
- Uploads
π― Final takeaway
A production-ready Django app requires:
- Correct configuration
- Proper security
- Reliable deployment setup
If you deploy oftenβ¦
Using a repeatable, pre-tested system saves time and prevents errors.