Deploying to Production

This section is geared towards helping you deploy this server properly for production use.

@powellc has put together an Ansible playbook for pypicloud, which can be found here: https://github.com/powellc/ansible-pypicloud

There is a docker container that you can deploy or use as a base image. The following configuration recommendations still apply.

Configuration

Remember when you generated a config file in getting started? Well we can do the same thing with a different flag to generate a default production config file.

$ ppc-make-config -p prod.ini

Warning

You should make sure that session.secure is true

You may want to tweak auth.scheme or auth.rounds for more speed or more security. See A Brief Discussion on Password Hashing for more context.

WSGI Server

You probably don’t want to use waitress for your production server, though it will work fine for small deploys. I recommend using uWSGI. It’s fast and mature.

After creating your production config file, it will have a section for uWSGI. You can run uWSGI with:

$ pip install uwsgi pastescript
$ uwsgi --ini-paste-logged prod.ini

Now uWSGI is running and listening on port 8080.

Warning

If you are using pypi.fallback = cache, make sure your uWSGI settings includes enable-threads = true. The package downloader uses threads.

HTTPS and Reverse Proxies

uWSGI has native support for SSL termination, but you may wish to use NGINX or an ELB to do the SSL termination plus load balancing. For this and other reverse proxy behaviors, you will need uWSGI to generate URLs that match what your proxy expects. You can do this with paste middleware. For example, to enforce https:

[app:main]
filter-with = proxy-prefix

[filter:proxy-prefix]
use = egg:PasteDeploy#prefix
scheme = https