Deploying to Production

This section is geared towards helping you deploy this server properly for production use.

@powellc has put together an Ansible playbook for pypicloud, which can be found here:

There is a docker container that you can deploy or use as a base image. The following configuration recommendations still apply.


Remember when you generated a config file in getting started? Well we can do the same thing with a different flag to generate a default production config file.

$ ppc-make-config -p prod.ini


You should make sure that is true

You may want to tweak auth.scheme or auth.rounds for more speed or more security. See A Brief Discussion on Password Hashing for more context.

WSGI Server

You probably don’t want to use waitress for your production server, though it will work fine for small deploys. I recommend using uWSGI. It’s fast and mature.

After creating your production config file, it will have a section for uWSGI. You can run uWSGI with:

$ pip install uwsgi pastescript
$ uwsgi --ini-paste-logged prod.ini

Now uWSGI is running and listening on port 8080.


If you are using pypi.fallback = cache, make sure your uWSGI settings includes enable-threads = true. The package downloader uses threads.

HTTPS and Reverse Proxies

uWSGI has native support for SSL termination, but you may wish to use NGINX or an ELB to do the SSL termination plus load balancing. For this and other reverse proxy behaviors, you will need uWSGI to generate URLs that match what your proxy expects. You can do this with paste middleware. For example, to enforce https:

filter-with = proxy-prefix

use = egg:PasteDeploy#prefix
scheme = https

To see more details about how this middleware works and what the other options are, the code can be found on github.