generated from bisco/codex-bootstrap
docs: add production readiness notes
This commit is contained in:
bisco
@@ -147,9 +147,20 @@ Deployment should follow least privilege:
|
||||
- avoid privileged containers;
|
||||
- use explicit image tags rather than `latest`;
|
||||
- persist PostgreSQL data in a named volume;
|
||||
- run production with `DJANGO_DEBUG=false`;
|
||||
- use a strong private `DJANGO_SECRET_KEY`;
|
||||
- restrict `DJANGO_ALLOWED_HOSTS` and `DJANGO_CSRF_TRUSTED_ORIGINS` to the real public deployment hosts;
|
||||
- keep `SITE_BASE_URL` set to the real public HTTPS URL so email and QR links are correct;
|
||||
- configure TLS for production;
|
||||
- serve static and media files without exposing private files.
|
||||
|
||||
Operational production notes:
|
||||
|
||||
- `.env.example` is for local development and examples only, not direct production use;
|
||||
- replace the console email backend with real SMTP settings before sending reservation emails;
|
||||
- create admin accounts explicitly and protect them with strong passwords and limited access;
|
||||
- keep verified database backups for the PostgreSQL volume before accepting live bookings.
|
||||
|
||||
## Logging
|
||||
|
||||
Logs should help diagnose operational issues without exposing sensitive data.
|
||||
|
||||
Reference in New Issue
Block a user