Separate settings between deployment and production

[djsite.git] / djsite / settings_prod.py

diff --git a/djsite/settings_prod.py b/djsite/settings_prod.py
new file mode 100644 (file)
index 0000000..968f2d6
--- /dev/null
+++ b/djsite/settings_prod.py
@@ -0,0 +1,46 @@
+import os
+from djsite.settings_common import *
+
+with open(os.path.join(BASE_DIR, "..", "secret_key")) as f:
+    SECRET_KEY = f.readline().strip()
+
+DEBUG = False
+
+ALLOWED_HOSTS = ['quotes.fperrin.net']
+
+# Database
+# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': 'djsite',
+        'USER': 'djsite',
+        'HOST': 'www.priv.fperrin.net',
+    }
+}
+
+with open(os.path.join(BASE_DIR, "..", "pg_secret")) as f:
+    DATABASES['default']['PASSWORD'] = f.readline().strip()
+
+STATIC_ROOT = os.path.normpath(os.path.join(BASE_DIR, "..", "static"))
+STATIC_URL = "https://quotes.fperrin.net/static/"
+
+### HTTPS-related settings from https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
+
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+
+SECURE_HSTS_SECONDS = 60
+SECURE_SSL_REDIRECT = True
+
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+
+X_FRAME_OPTIONS = 'DENY'
+
+SILENCED_SYSTEM_CHECKS = [
+    'security.W005', # SECURE_HSTS_INCLUDE_SUBDOMAINS, not applicable
+]