Skip to main content

​
Overview

Bar Galileo uses Django 5.2.4 with a comprehensive settings configuration that supports both development and production environments. Settings are loaded from environment variables using python-dotenv.

​
Core Settings

​
Base Directory

BASE_DIR = Path(__file__).resolve().parent.parent
The base directory is automatically resolved and used for all relative paths throughout the project.

​
Debug Mode

​
DEBUG
boolean
default:"True"
Controls Django debug mode. Set to False in production.Accepts: 1, true, yes (case-insensitive) for True
Production Security: Always set DEBUG=False in production. Debug mode exposes sensitive information and should never be enabled on public-facing servers.

​
Secret Key

​
SECRET_KEY
string
required
Django secret key for cryptographic signing. Auto-generated if not provided.Source: secret_key environment variable
If secret_key is not set in environment variables, Django will auto-generate a random key using get_random_secret_key(). However, this is not recommended for production as the key will change on restart.

​
Allowed Hosts

​
ALLOWED_HOSTS
string
default:"* (if DEBUG=True)"
Comma-separated list of hosts/domains that this Django site can serve.Example: localhost,bar-galileo.com,www.bar-galileo.com
settings.py
ALLOWED_HOSTS = ['localhost', 'bar-galileo.com']

​
Installed Applications

Bar Galileo includes multiple Django applications organized by functionality:

​
Third-Party Apps

  • captcha - Django Simple CAPTCHA for form protection
  • channels - WebSocket support for real-time features
  • allauth - Authentication with Google OAuth support
  • dbbackup - Database backup functionality

​
Custom Applications

INSTALLED_APPS = [
    'core',              # Landing pages
    'products',          # Product management
    'accounts',          # User accounts
    'tables',            # Table & order management
    'roles',             # Role-based permissions
    'users',             # User profiles
]

​
Database Configuration

Bar Galileo uses MySQL/MariaDB as the primary database: 
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': os.getenv('DB_NAME', 'bar_galileo'),
        'USER': os.getenv('DB_USER', 'bar_galileo_user'),
        'PASSWORD': os.getenv('DB_PASSWORD', 'Galileo2025'),
        'HOST': os.getenv('DB_HOST', 'localhost'),
        'PORT': os.getenv('DB_PORT', '3306'),
        'OPTIONS': {
            'charset': 'utf8mb4',
            'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
        },
    }
}

​
Database Parameters

​
DB_NAME
string
default:"bar_galileo"
MySQL database name
​
DB_USER
string
default:"bar_galileo_user"
MySQL database user
​
DB_PASSWORD
string
default:"Galileo2025"
MySQL database password
​
DB_HOST
string
default:"localhost"
MySQL database host
​
DB_PORT
string
default:"3306"
MySQL database port
The default password Galileo2025 is for development only. Always use a strong, unique password in production.

​
Middleware Configuration

Middleware is executed in order for requests and in reverse for responses:
settings.py
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'roles.middleware.PermissionMiddleware',           # Custom permissions
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'accounts.middleware.AdminRedirectMiddleware',     # Custom admin redirect
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'allauth.account.middleware.AccountMiddleware',
]

​
Custom Middleware

  • PermissionMiddleware - Role-based permission checks
  • AdminRedirectMiddleware - Automatic admin user redirection

​
Static & Media Files

​
Static Files

​
STATIC_URL
string
default:"/static/"
URL prefix for static files
​
STATIC_ROOT
path
default:"BASE_DIR/staticfiles"
Directory where collectstatic will collect files for deployment
settings.py
STATIC_URL = '/static/'
STATICFILES_DIRS = [BASE_DIR / 'static']
STATIC_ROOT = BASE_DIR / 'staticfiles'

​
Media Files

​
MEDIA_URL
string
default:"/media/"
URL prefix for user-uploaded media files
​
MEDIA_ROOT
path
default:"BASE_DIR/media"
Directory where uploaded files are stored

​
Storage Configuration

Django 5.2+ uses the STORAGES setting for file storage backends:
settings.py
STORAGES = {
    "default": {
        "BACKEND": "django.core.files.storage.FileSystemStorage",
    },
    "staticfiles": {
        "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
    },
    "dbbackup": {
        "BACKEND": "django.core.files.storage.FileSystemStorage",
        "OPTIONS": {
            "location": str(BASE_DIR / "backups" / "backup_files" / "db"),
        },
    },
    "mediabackup": {
        "BACKEND": "django.core.files.storage.FileSystemStorage",
        "OPTIONS": {
            "location": str(BASE_DIR / "backups" / "backup_files" / "media"),
        },
    },
}

​
WebSocket Configuration

Bar Galileo uses Django Channels for real-time WebSocket connections:

​
ASGI Application

settings.py
ASGI_APPLICATION = 'bar_galileo.asgi.application'

​
Channel Layers

CHANNEL_LAYERS = {
    "default": {
        "BACKEND": "channels.layers.InMemoryChannelLayer",
    },
}
The in-memory channel layer is only suitable for development with a single server process. Use Redis for production deployments.

​
Authentication & Authorization

​
Authentication Backends

settings.py
AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'allauth.account.auth_backends.AuthenticationBackend',
]

​
Social Authentication (Google OAuth)

settings.py
SOCIALACCOUNT_PROVIDERS = {
    'google': {
        'SCOPE': ['profile', 'email'],
        'AUTH_PARAMS': {'access_type': 'online'},
        'OAUTH_PKCE_ENABLED': True,
    }
}

​
Login Configuration

​
LOGIN_URL
string
default:"/accounts/login/"
URL where users are redirected when authentication is required
​
LOGIN_REDIRECT_URL
string
default:"/"
URL where users are redirected after successful login

​
Email Configuration

​
SMTP Settings (Gmail)

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = os.getenv('emailHost')
EMAIL_HOST_PASSWORD = os.getenv('emailPassword')
DEFAULT_FROM_EMAIL = os.getenv('emailHost')
​
emailHost
string
required
Gmail email address for sending emails
​
emailPassword
string
required
Gmail app password (not your regular password)
Use Gmail App Passwords, not your regular Gmail password. Generate one at https://myaccount.google.com/apppasswords

​
Security Settings

​
Production Security

When DEBUG=False, the following security settings are automatically enabled:
settings.py
if not DEBUG:
    SECURE_SSL_REDIRECT = True
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True
    SECURE_HSTS_SECONDS = 31536000        # 1 year
    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
    SECURE_HSTS_PRELOAD = True
    SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin'

​
Security Features

  • SSL Redirect: All HTTP requests redirected to HTTPS
  • Secure Cookies: Cookies only sent over HTTPS
  • HSTS: HTTP Strict Transport Security for 1 year
  • CSRF Protection: Cross-Site Request Forgery protection enabled
These security settings require a valid SSL certificate. Ensure your server is properly configured with HTTPS before deploying to production.

​
Backup Configuration

Django-DBBackup settings for automated database and media backups:
settings.py
# Storage locations
DBBACKUP_STORAGE = 'dbbackup'
DBBACKUP_MEDIA_STORAGE = 'mediabackup'

# File naming
DBBACKUP_FILENAME_TEMPLATE = '{datetime}.psql'
DBBACKUP_MEDIA_FILENAME_TEMPLATE = '{datetime}.media.zip'

# Retention
DBBACKUP_CLEANUP_KEEP = 10
DBBACKUP_CLEANUP_KEEP_MEDIA = 10

# Compression
DBBACKUP_COMPRESS = True
DBBACKUP_COMPRESSION_LEVEL = 6  # 1-9

# Encryption (GPG)
DBBACKUP_ENCRYPTION = True
DBBACKUP_GPG_RECIPIENT = '[email protected]'
Backups are encrypted using GPG. Ensure you have GPG installed and the recipient’s public key imported.

​
CAPTCHA Settings

settings.py
CAPTCHA_LENGTH = 1
CAPTCHA_IMAGE_SIZE = (225, 75)
CAPTCHA_FONT_SIZE = 40
CAPTCHA_FLITE_PATH = '/usr/bin/flite'

​
Internationalization

​
LANGUAGE_CODE
string
default:"es-co"
Default language code (Spanish - Colombia)
​
TIME_ZONE
string
default:"UTC"
Default timezone for datetime storage
settings.py
LANGUAGE_CODE = 'es-co'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_TZ = True

​
Password Validation

Django enforces strong password requirements:
settings.py
AUTH_PASSWORD_VALIDATORS = [
    {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
    {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
    {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'},
]

​
Template Configuration

Multiple template directories for modular app structure:
settings.py
TEMPLATES = [{
    'BACKEND': 'django.template.backends.django.DjangoTemplates',
    'DIRS': [
        os.path.join(BASE_DIR, 'templates'),
        os.path.join(BASE_DIR, 'accounts', 'templates'),
        os.path.join(BASE_DIR, 'products', 'templates'),
        # ... additional app templates
    ],
    'APP_DIRS': True,
}]

Environment Variables

Complete list of environment variables

Deployment Guide

Production deployment instructions

Build docs developers (and LLMs) love

Get started for freeTalk to us