Configuration an environment

Most app configuration is controlled via ENV vars, which are managed from the 'Configuration' panel in Azure.

To understand the full range of supported env vars and how they correlate to Django project configuration, take a good look through tate/settings/base.py. You might also want to check tate/settings/production.py for additional settings that may apply to production environments only.

NOTE: The Dockerfile included in project sets a few 'higher order' env vars for the container to use too (using the ENV statement). The DJANGO_SETTINGS_MODULE one is particularly important: Without it, the app will attempt to run with dev settings, which are intended for local development only.

The values you'll definitely want to set are:

• Configuration an environment
  • 1. The basics:
    • SECRET_KEY
    • DATABASE_URL
    • PRIMARY_HOST
  • 2. Media storage
    • AWS_STORAGE_BUCKET_NAME
    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • AWS_S3_CUSTOM_DOMAIN
  • 3. Redis (for internal caching)
    • REDIS_TLS_URL
    • REDIS_URL
  • 4. Elasticsearch (for content indexing and search)
    • ELASTICSEARCH_URL
    • ELASTICSEARCH_INDEX_NAME
    • ELASTICSEARCH_NUMBER_OF_SHARDS
    • ELASTICSEARCH_NUMBER_OF_REPLICAS
    • EXACT_QUERY_SEARCH_BOOST
  • 5. Email (SMTP)
    • SERVER_EMAIL
    • EMAIL_HOST
    • EMAIL_PORT
    • EMAIL_HOST_USER
    • EMAIL_HOST_PASSWORD
    • EMAIL_USE_TLS
    • EMAIL_USE_SSL
  • 6. Basic auth
    • BASIC_AUTH_ENABLED
    • BASIC_AUTH_LOGIN
    • BASIC_AUTH_PASSWORD

1. The basics:

SECRET_KEY

This must be a large random value and it must be kept secret.

Each environment should have a unique value. Particular care should be taken to ensure that the key used in production isn’t used anywhere else.

DATABASE_URL

Postgres connection string including the user, password, host, port and target database name in a single string,

e.g: postgres://USER:PASSWORD@HOST:PORT/DB_NAME

NOTE: The database 'DB_NAME' must already exist, but can be empty. The app will create any database tables / indexes it needs.

PRIMARY_HOST

The primary domain that will be used to access the Wagtail CMS for this environment.

e.g. staging.tate.org.uk.

2. Media storage

AWS_STORAGE_BUCKET_NAME

The name of the bucket to store uploaded media in.

e.g. tate-staging.

AWS_ACCESS_KEY_ID

Access credential for the AWS_STORAGE_BUCKET_NAME bucket.

e.g. AKIXRCHO54ALNGIYM9FK.

AWS_SECRET_ACCESS_KEY

Access credential for the AWS_STORAGE_BUCKET_NAME bucket.

e.g. LbxF12Yf0a8eDFVWxEvVcKRiFimLr5f/TxYImevS.

AWS_S3_CUSTOM_DOMAIN

Generally only set in production to put the S3 bucket behind a CDN using a custom domain.

e.g. staging-media.tate.org.uk.

3. Redis (for internal caching)

REDIS_TLS_URL

Connection string for a TLS-enabled Redis instance.

e.g. rediss://USER:PASSWORD@HOST:PORT/DB_NAME

REDIS_URL

Connection string for a Redis instance without TLS enabled.

e.g. redis://USER:PASSWORD@HOST:PORT/DB_NAME

4. Elasticsearch (for content indexing and search)

ELASTICSEARCH_URL

Connection string for an Elasticsearch 7.x instance, including the user, password, host and port.

e.g. http://USER:PASSWORD@HOST:PORT

ELASTICSEARCH_INDEX_NAME

Default: tate-wagtail

Name of the index within the Elasticsearch instance that should be used by the project.

ELASTICSEARCH_NUMBER_OF_SHARDS

Default: 2

Corresponds to the number_of_shards option in Elasticsearch.

Should ideally be set to 1 in dev/staging.

ELASTICSEARCH_NUMBER_OF_REPLICAS

Default: 1

Corresponds to the number_of_replicas option in Elasticsearch.

Should ideally be set to 0 in dev/staging.

EXACT_QUERY_SEARCH_BOOST

Default: 5

Controls the search result boost for positioning exact matches over fuzzy matches in site search.

5. Email (SMTP)

SERVER_EMAIL

Default: 'root@localhost'

The 'from' address that should be used for emails sent by the server to site admins and other users.

EMAIL_HOST

Default: 'localhost'

The host to use for sending email.

EMAIL_PORT

Default: 25

Port to use for the SMTP server defined in EMAIL_HOST.

EMAIL_HOST_USER

Default: '' (empty string)

Username to use for the SMTP server defined in EMAIL_HOST. If empty, Django won’t attempt authentication.

EMAIL_HOST_PASSWORD

Default: '' (Empty string)

Password to use for the SMTP server defined in EMAIL_HOST. This setting is used in conjunction with EMAIL_HOST_USER when authenticating to the SMTP server. If either of these settings is empty, Django won’t attempt authentication.

EMAIL_USE_TLS

Default: False

Whether to use a TLS (secure) connection when talking to the SMTP server. This is used for explicit TLS connections, generally on port 587. If you are experiencing hanging connections, see the implicit TLS setting EMAIL_USE_SSL.

EMAIL_USE_SSL

Default: False

Whether to use an implicit TLS (secure) connection when talking to the SMTP server. In most email documentation this type of TLS connection is referred to as SSL. It is generally used on port 465. If you are experiencing problems, see the explicit TLS setting EMAIL_USE_TLS.

NOTE: EMAIL_USE_TLS and EMAIL_USE_SSL are mutually exclusive, so only set one of those settings to True.

6. Basic auth

BASIC_AUTH_ENABLED

Should be set to True while the project is in development, to block robots and prevent unauthorised access to outsiders.

BASIC_AUTH_LOGIN

The login value that must be entered to bypass basic auth.

BASIC_AUTH_PASSWORD

The password value that must be entered to bypass basic auth.