I currently have a running production Django application on Heroku. Unfortunately, I haven't been able to turn off the DEBUG setting on Heroku. Turning it off locally works fine, but when pushed to Heroku (after heroku config:set DEBUG=False), it doesn't apply.
The error pages are still the default DEBUG ones instead of the 404, 403, and 500 templates in our template root.
I have also tried using a DJANGO_DEBUG setting in case there were any environment conflicts with DEBUG, and casting the result to a boolean in the settings file. heroku config shows the settings in the environment are correct. This is on Django 1.3, Heroku Cedar.
Any tips or solutions?
Does your django settings.py file even look in the environment?
It does not, by default, care about anything you've set in the environment (via "config:set"). If you're "casting" the environment to a boolean, make sure you're casting it correctly. bool('False') is still True.
It's simplest just to detect if the environment variable exists so you don't have to worry about type casting or specific formats of the configuration.
DEBUG = os.environ.get('DEBUG', False)
To disable debug, remove the variable from the environment instead of trying to type cast... it just seems much more reliable and fool proof. config:unset DEBUG
The problem is that the environment variable is not a boolean, rather a string.
So do place below line in settings.py
DEBUG = (os.environ.get('DEBUG_VALUE') == 'True')
Related
I'm writing my first real project in Django and I have a problem with properly setting DEBUG in development and production. In my settings.py project file I have:
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = os.environ.get('DJANGO_DEBUG', 'True') == 'True'
So I expect that it should work as follows. By default DEBUG is set to True (I use this in my development). But on my production server I have an environmental variable DJANGO_DEBUG set to "False" so Django should set DEBUG to False.
But this does not work! When I go to my_website/notexistingurl I see Django detail error page which says that I have DEBUG set to True in my settings.py file. And to make this completely unclear to me, when I open a python shell on my server it says that os.environ.get('DJANGO_DEBUG', 'True') == 'True' is False.
Does anyone have an idea what I am missing? Because to me it looks like two completely contradictory things!
This is more a guess, but normally the Django server will not run under the same user as the "administrator". Indeed, as an extra security measure often such processes run under a separate user with limited privileges.
The aim is to prevent users that somehow can inject code in your Django application to gain more control. Indeed, imagine that a hacker found a way to evaluate arbitrary Python code by the Django server, then that hacker could eventually get control to all thinks the user that is running the Django app has control over such as files, devices, internet connections, etc. To limit this, often the Django app will run with a user that has that much privileges necessary to run the Django app, but not (much) more than that. While there might still be exploits to perform privilege escalation, this will at least make it more difficult and time-consuming.
This thus means that the environment of the user with which you are setting up the Django app, is not the user that runs the Django app, and therefore the environment variable probably is not set for that user. There is no universal way to solve this, since this likely depend on your hosting provider, but (very) likely there are ways to set environment variables for the django app user.
But nevertheless, it might be better to "reverse" the setting: right now you run in debug mode by default, and only in production when explicitly set. That is more risky, since things could get wrong when setting the environment variable, or deploying the application. When the Django app runs in debug mode it shows fragments of the source code, and one perhaps can manipulate the view that serves static/media files to serve more sensitive files. It might be better to run by default in production mode, and only run in debug mode when explicitly stated. For example with:
DEBUG = os.environ.get('DJANGO_DEBUG', 'False') == 'True'
You should run
heroku config:set "Set DEBUG VALUE"
Im using Python and Django to create a Heroku web app and Heroku gives me this error after the command 'git push heroku master': ModuleNotFoundError: No module named 'dlist.secret_settings' when attempting to do this:
#settings.py
from .secret_settings import *
# from secret_settings.py import * doesn't work for some reason.
Here is what secret_settings.py (which is in the same folder as settings.py) contains:
#secret_settings.py
SECRET_KEY = 'string here'
The problem is, this works when I test my web app on my local server (ie http://127.0.0.1:8000/), but its not working when I push these changes to Heroku. All I want to do is hide my SECRET_KEY, per others advice, as you can see. Ive looked at others suggestions and I can't seem to figure it out, choosing this method because it was understandable. Very frustrating. Beginner friendly answers/steps are greatly appreciated.
I'm guessing you've configured Git to ignore secret_settings.py. That's the only reason I can think of to create a separate file.
Heroku deploys are powered by Git. Since secret_settings.py isn't tracked by Git it doesn't get pushed to Heroku. You could add the file to your repository, but that would defeat the purpose of having a separate untracked file in the first place.
The solution is to use an environment variable. This is well-supported on Heroku.
In your settings.py file, set your SECRET_KEY using os.getenv() like this:
import os
SECRET_KEY = os.getenv('SECRET_KEY', 'Optional default value')
This tells Django to load your SECRET_KEY setting from an environment variable called SECRET_KEY. If no such environment variable exists it will fall back to the optional default value. On your development machine it's probably fine to use the default.
Finally, set the SECRET_KEY environment variable on Heroku. You can do this by running heroku config:set SECRET_KEY="YOUR_SECRET_KEY_VALUE" on your development machine, or via Heroku's web-based dashboard.
Your secret_settings.py file is no longer required.
I changed my secret key to an environment variable on my Heroku app. I changed it because I found out that keeping the secret key in settings.py was a security risk.
However, now it won't work locally when I use python manage.py runserver. It gives an error about the secret key.
How do I fix it so I can develop my Heroku app locally?
You can export your secret key as an environment variable locally.
export SECRET_KEY=mysecretkey
./manage.py runserver
Or you could change your settings.py to use a hardcoded secret key in DEBUG mode. If you do this, make sure you are running with DEBUG = False on Heroku.
import os
if DEBUG:
SECRET_KEY = 'mysecretkey'
else:
SECRET_KEY = os.environ['SECRET_KEY']
You have to set your environmental variables in your development environment.
Windows
Go to Computer > Properties > Advanced System Settings.
Go to the Advanced tab, and at the bottom there is an Environment Variables... button.
In there you can edit the variables as you like.
Linux
Edit /etc/environment to include:
SECRET_KEY = <yoursecretkey>
or
You should be using a virtual environment to isolate your system Python installation from your different projects (it solves conflicting version requirements) and to make deployment easier. Virtualenv Tutorial
To activate your virtual environment when you want to use it there is a shell script located at <your_virtualenv>/bin/activate that handles changing all the environmental variables that make the virtual environment work.
Add:
SECRET_KEY='<yoursecretkey>'
export SECRET_KEY
to the bottom of the activate file and when it is run it will add (export) the environmental variable.
I had a bit of trouble working this out too, found my answer here: Set up your local environment variables
If you are using heroku local to develop locally, this might work for you. I just needed to include this line in an .env file placed in the top directory with my Procfile:
SECRET_KEY = 'yourkey'
And in settings.py:
os.environ.get('SECRET_KEY')
This works great for me. Otherwise if for whatever reason you aren't using heroku local, maybe you could try importing your key from another file when working locally (and placing this file in your gitignore), and swapping back to the heroku config variable for deployment.
I have to debug some existing Django project build me other develeopers.
In my local developement environment all the static files have path like
/static/myapp/module/user.js
But when i see the html of testing on tetsing server then i can see the files like
static/myapp/module/user.42323gdb.js
Now i want to know why the system is using that file instead of user.js.
Is there any setting which i can fix or it is meant to do like that
Seems like your project uses one of the asset managers. I suspect you can find it in the INSTALLED_APPS setting.
UPDATE: By default the django-pipeline does this magic then the DEBUG = False. Which is the case for your development environment.
The other setting to enable/disable the pipeline is the PIPELINE_ENABLED. So you can have the "normal" file names on the production server too. But I suggest you to leave the pipeline enabled :-)
How do I use my production settings with heroku? This is my first attempt at any project deployment that I created ever, so I may be doing things completely wrong. I have a settings.py file and a settings_production file, but I can't seem to figure out how to get the production settings to work. I tried changing my manage.py from
"DJANGO_SETTINGS_MODULE", "myproject.settings"
to
"DJANGO_SETTINGS_MODULE", "myproject.settings_production"
then using the commands
git add .
git commit -m "production settings"
and I have also just tried changing DEBUG to False in my settings.py file. How do you commit changes to your settings in heroku or point to the correct file? I was able to get through the tutorial successfully, but I have not had luck trying to deploy my project. Also, should there be code that I add to manage.py that checks if it is a production or develop environment and uses the correct settings file accordingly, or do I manually change it? Still learning so I could be doing it completely wrong. Thanks for any help.
In Heroku, you can configure environment variables - they are called config vars.
The DJANGO_SETTINGS_MODULE environment variable should be set to myproject.settings_production.
Your manage.py is probably not being run in Heroku (there are other ways to run a Django app), which is why your change didn't work.