My requirement is to host django backend in local linux machine without using any web servers like apache or nginx. I would like to know how can i do that in a best possible way. Now I am running my backend using python manage.py runserver 0.0.0.0:7000 directly on my local linux machine. Soon, we will be building a machine with good configuration dedicated for backend server. Your suggestion would be highly valuable. Thank you in advance.
maybe python manage.py {ip address}:{port} work.
or run project with gunicorn instead runserver command.
but, this is not good choice.
and it’s possible host ip address via nginx.
For production, you shouldn’t use runserver at all - you’ll want a production-grade web server like gunicorn. runserver isn’t designed for production workloads, and your app can often run twice as fast, if not more, by using something designed for production workloads.
gunicorn however generally recommends having a web server in front of it, like nginx, as there are security issues around buffering which having a proxy in the middle helps with. What exactly is stopping you using an extra web server?
If you really need to not use a web server, you need to set the bind address to something publicly accessible (0.0.0.0 will bind to all IPv4 addresses). You’ll also want to set up TLS certificates, and point gunicorn at those, too.
theorangeone Thank you for the response. You asked the correct question “What exactly is stopping you using an extra web server?”. I am concerned about data privacy and in future we are aim to build a machine only dedicated to web server. I am cautious about using external web servers, especially when dealing with sensitive data. Do you have any more suggestions ?
There’s a big difference between an “external” web server, and an “extra” web server. You can absolutely run nginx on the same machine which runs gunicorn - and probably should all the time there’s only 1 server running Django.
When you scale up, you could move nginx out onto its own server, to act as the load balancer between the servers. You could also keep nginx and the TLS termination on the machine running Django, and use a simpler load balancer like HAProxy to balance between the servers. That way, traffic stays completely encrypted until it hits the server running Django.
Either way, I think the question you’re asking isn’t quite right. You do want to run an extra web server like nginx, for the reasons I outlined above. If you want to avoid running another web server externally (either another nginx server, or something like Cloudflare), just don’t use it. Nothing about your Django configuration needs to change, nor even does your infrastructure. Just point your domain at the server, have nginx listening on ports 80 and 443, and only have django listening on say localhost:8000.
(Yes, this is a lot of steps - this is what happens when you run an application on a machine directly - you have to deal with things like this).
1 Like
Welcome @JanaganAltrai !
If you’re concerned about security, then you absolutely want to run a real web server in front of your application. The best reason is specified in the Django documentation.
Quoting directly from the docs for runserver:
DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests.
Relying upon runserver as your production server makes your environment less secure, not more.
1 Like
I am getting it. I really appreciate your time.