[1.8.x] Added ALLOWED_HOSTS and SERVER_EMAIL details to deployment checklist.

Backport of b34d16b78d from master
This commit is contained in:
Tim Graham 2015-06-11 10:00:33 -04:00
parent ffbb6d4742
commit 737ddb4d24
1 changed files with 18 additions and 0 deletions

View File

@ -86,6 +86,20 @@ you use a wildcard, you must perform your own validation of the ``Host`` HTTP
header, or otherwise ensure that you aren't vulnerable to this category of header, or otherwise ensure that you aren't vulnerable to this category of
attacks. attacks.
You should also configure the Web server that sits in front of Django to
validate the host. It should respond with a static error page or ignore
requests for incorrect hosts instead of forwarding the request to Django. This
way you'll avoid spurious errors in your Django logs (or emails if you have
error reporting configured that way). For example, on nginx you might setup a
default server to return "444 No Response" on an unrecognized host:
.. code-block:: nginx
server {
listen 80 default_server;
return 444;
}
:setting:`CACHES` :setting:`CACHES`
----------------- -----------------
@ -117,6 +131,10 @@ If you haven't set up backups for your database, do it right now!
If your site sends emails, these values need to be set correctly. If your site sends emails, these values need to be set correctly.
By default, Django will send email from root@localhost. However, some mail
providers reject all email from this address. To use a different sender
address, modify the :setting:`SERVER_EMAIL` setting.
:setting:`STATIC_ROOT` and :setting:`STATIC_URL` :setting:`STATIC_ROOT` and :setting:`STATIC_URL`
------------------------------------------------ ------------------------------------------------