""" Django settings for cPanel production deployment. Inherits from base settings and overrides for production environment. """ from .settings import * import os # Override DEBUG for production DEBUG = config("DEBUG", default=False, cast=bool) # Update ALLOWED_HOSTS - replace with your actual domain ALLOWED_HOSTS = [ 'yourdomain.com', 'www.yourdomain.com', 'api.yourdomain.com', # if using subdomain # Add your actual cPanel domain here # Remove localhost entries for production ] # Database configuration for cPanel # Check if your cPanel host supports PostgreSQL, otherwise switch to MySQL DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': config('DATABASE_NAME'), 'USER': config('DATABASE_USER'), 'PASSWORD': config('DATABASE_PASSWORD'), 'HOST': config('DATABASE_HOST', default='localhost'), 'PORT': config('DATABASE_PORT', default='3306'), 'OPTIONS': { 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", 'charset': 'utf8mb4', }, } } # Alternative MySQL configuration if PostgreSQL is not available # Uncomment and modify if needed # DATABASES = { # 'default': { # 'ENGINE': 'django.db.backends.mysql', # 'NAME': config('DATABASE_NAME'), # 'USER': config('DATABASE_USER'), # 'PASSWORD': config('DATABASE_PASSWORD'), # 'HOST': config('DATABASE_HOST', default='localhost'), # 'PORT': config('DATABASE_PORT', default='3306'), # 'OPTIONS': { # 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", # 'charset': 'utf8mb4', # }, # } # } # Static files configuration for cPanel STATIC_URL = '/static/' STATIC_ROOT = os.path.join(BASE_DIR, 'public_html', 'static') # Media files configuration (backup for non-Cloudinary files) MEDIA_URL = '/media/' MEDIA_ROOT = os.path.join(BASE_DIR, 'public_html', 'media') # Add WhiteNoise for static files serving (insert at position 1) if 'whitenoise.middleware.WhiteNoiseMiddleware' not in MIDDLEWARE: MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware') # WhiteNoise settings WHITENOISE_USE_FINDERS = True WHITENOISE_AUTOREFRESH = False # Set to False in production # Update CORS settings for production CORS_ALLOWED_ORIGINS = [ config('FRONTEND_URL', default='https://yourdomain.com'), config('SITE_URL', default='https://api.yourdomain.com'), # Add other allowed origins ] # CORS settings CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_ALL_ORIGINS = False # Set to False for security # Security settings for production if not DEBUG: # Security middleware settings SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True X_FRAME_OPTIONS = 'DENY' # SSL settings (enable if you have SSL certificate) # SECURE_SSL_REDIRECT = True # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # SECURE_HSTS_SECONDS = 31536000 # SECURE_HSTS_INCLUDE_SUBDOMAINS = True # SECURE_HSTS_PRELOAD = True # Session security SESSION_COOKIE_SECURE = False # Set to True if using HTTPS CSRF_COOKIE_SECURE = False # Set to True if using HTTPS SESSION_COOKIE_HTTPONLY = True CSRF_COOKIE_HTTPONLY = True # Email configuration for production EMAIL_BACKEND = config('EMAIL_BACKEND', default='django.core.mail.backends.smtp.EmailBackend') EMAIL_HOST = config('EMAIL_HOST', default='localhost') EMAIL_PORT = config('EMAIL_PORT', default=587, cast=int) EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=True, cast=bool) EMAIL_HOST_USER = config('EMAIL_HOST_USER', default='') EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD', default='') DEFAULT_FROM_EMAIL = config('DEFAULT_FROM_EMAIL', default='noreply@yourdomain.com') # Cloudinary settings (already configured in base settings) # These will use the values from your .env file # Logging configuration for cPanel LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'verbose': { 'format': '{levelname} {asctime} {module} {process:d} {thread:d} {message}', 'style': '{', }, 'simple': { 'format': '{levelname} {message}', 'style': '{', }, }, 'handlers': { 'file': { 'level': 'INFO', 'class': 'logging.FileHandler', 'filename': os.path.join(BASE_DIR, 'logs', 'django.log'), 'formatter': 'verbose', }, 'error_file': { 'level': 'ERROR', 'class': 'logging.FileHandler', 'filename': os.path.join(BASE_DIR, 'logs', 'django_error.log'), 'formatter': 'verbose', }, 'console': { 'level': 'DEBUG', 'class': 'logging.StreamHandler', 'formatter': 'simple', }, }, 'root': { 'handlers': ['console', 'file'], 'level': 'INFO', }, 'loggers': { 'django': { 'handlers': ['console', 'file', 'error_file'], 'level': 'INFO', 'propagate': False, }, 'django.request': { 'handlers': ['error_file'], 'level': 'ERROR', 'propagate': False, }, 'apps': { # Your custom apps logging 'handlers': ['console', 'file'], 'level': 'INFO', 'propagate': False, }, }, } # Cache configuration (optional - for better performance) CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache', 'LOCATION': os.path.join(BASE_DIR, 'cache'), } } # Performance settings if not DEBUG: # Template caching TEMPLATES[0]['OPTIONS']['loaders'] = [ ('django.template.loaders.cached.Loader', [ 'django.template.loaders.filesystem.Loader', 'django.template.loaders.app_directories.Loader', ]), ] # Site URLs (update these with your actual domains) SITE_URL = config('SITE_URL', default='https://api.yourdomain.com') FRONTEND_URL = config('FRONTEND_URL', default='https://yourdomain.com') # Additional security headers SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin' # DRF settings for production REST_FRAMEWORK.update({ 'DEFAULT_RENDERER_CLASSES': [ 'rest_framework.renderers.JSONRenderer', ] if not DEBUG else REST_FRAMEWORK.get('DEFAULT_RENDERER_CLASSES', [ 'rest_framework.renderers.JSONRenderer', 'rest_framework.renderers.BrowsableAPIRenderer', ]) }) # JWT settings remain the same from base settings # You can override them here if needed for production print(f"Django running in {'DEBUG' if DEBUG else 'PRODUCTION'} mode") print(f"Database: {DATABASES['default']['NAME']}@{DATABASES['default']['HOST']}") print(f"Allowed hosts: {ALLOWED_HOSTS}")