Skip to main content
This guide covers all configuration settings in proyecto/settings.py. Understanding these settings is essential for proper deployment and customization.

Core Settings

SECRET_KEY

SECRET_KEY = 'django-insecure-w5+n*kz&-_fw)h@yrei%7ax@^7c(v5hhoed5wagon52#p8%7b-'
CRITICAL SECURITY SETTING: The SECRET_KEY must be kept secret and changed for production deployments. Never commit production keys to version control.
The SECRET_KEY is used for:
  • Cryptographic signing of sessions and cookies
  • Password reset tokens
  • CSRF protection
Generate a new secret key for production: 
from django.core.management.utils import get_random_secret_key
print(get_random_secret_key())
Or use environment variables: 
import os
SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')

DEBUG

DEBUG = True
MUST be set to False in production! Running with DEBUG=True exposes sensitive information and creates security vulnerabilities.
When DEBUG = True:
  • Detailed error pages show stack traces and variables
  • Static files are served automatically
  • All SQL queries are tracked in memory
For production: 
DEBUG = False

ALLOWED_HOSTS

ALLOWED_HOSTS = ['192.168.100.102', '127.0.0.1']
Defines which hostnames can serve the application. This prevents HTTP Host header attacks. Production configuration: 
ALLOWED_HOSTS = [
    'yourdomain.com',
    'www.yourdomain.com',
    '192.168.100.102',
]
When DEBUG=False, requests with Host headers not in ALLOWED_HOSTS will return a 400 Bad Request error.

Application Configuration

INSTALLED_APPS

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'CTP',
]
Application breakdown:
  • django.contrib.admin - Django admin interface
  • django.contrib.auth - Authentication framework
  • django.contrib.contenttypes - Content type system
  • django.contrib.sessions - Session framework
  • django.contrib.messages - Messaging framework
  • django.contrib.staticfiles - Static file management
  • CTP - Proyecto’s core application for project management functionality
The CTP app contains all project management models, views, and templates. This is where the core business logic resides.

MIDDLEWARE

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Middleware components:
  • SecurityMiddleware - Security enhancements (HTTPS redirect, etc.)
  • SessionMiddleware - Manages sessions across requests
  • CommonMiddleware - Common utilities (URL normalization, etc.)
  • CsrfViewMiddleware - Cross-Site Request Forgery protection
  • AuthenticationMiddleware - Associates users with requests
  • MessageMiddleware - Cookie and session-based messaging
  • XFrameOptionsMiddleware - Clickjacking protection

URL Configuration

ROOT_URLCONF = 'proyecto.urls'
Points to the main URL configuration module at proyecto/urls.py.

Templates

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, 'templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]
Template configuration:
  • BACKEND - Uses Django’s template engine
  • DIRS - Searches for templates in the templates/ directory at the project root
  • APP_DIRS - Automatically searches for templates in each installed app’s templates/ subdirectory
  • context_processors - Add variables to every template context

WSGI Application

WSGI_APPLICATION = 'proyecto.wsgi.application'
Points to the WSGI application callable at proyecto/wsgi.py. This is used when deploying with WSGI servers like Gunicorn or uWSGI.

Database Configuration

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'Proyecto',
        'USER': 'postgres',
        'PASSWORD': '1204',
        'HOST': 'localhost',
        'PORT': '5432',
        'ATOMIC_REQUESTS': True,
    }
}
See the Database Setup guide for detailed database configuration.

ATOMIC_REQUESTS

ATOMIC_REQUESTS = True wraps each view in a database transaction. If the view produces an exception, Django rolls back the transaction. Otherwise, it commits.
This ensures data consistency but may impact performance on high-traffic sites.

Password Validation

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]
Validators enforce:
  1. Password not similar to user attributes
  2. Minimum password length (default: 8 characters)
  3. Password not in common passwords list
  4. Password not entirely numeric

Internationalization

LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
Settings explained:
  • LANGUAGE_CODE - Default language (en-us)
  • TIME_ZONE - Default timezone (UTC)
  • USE_I18N - Enable internationalization system
  • USE_L10N - Enable localized formatting
  • USE_TZ - Enable timezone-aware datetimes
Change TIME_ZONE to your local timezone for better UX:
TIME_ZONE = 'America/New_York'

Static Files

STATIC_URL = '/static/'
STATICFILES_DIRS = (
    BASE_DIR / 'static',
)
Static file configuration:
  • STATIC_URL - URL prefix for static files
  • STATICFILES_DIRS - Additional locations for static files
For production, add: 
STATIC_ROOT = BASE_DIR / 'staticfiles'
Then run: 
python manage.py collectstatic
The static/ directory at your project root contains CSS, JavaScript, and image files used across your application.

Media Files

MEDIA_URL = '/media/'
MEDIA_ROOT = BASE_DIR / 'media'
Media file configuration:
  • MEDIA_URL - URL prefix for user-uploaded files
  • MEDIA_ROOT - Filesystem path where uploaded files are stored
In production, serve media files through a web server (nginx/Apache) rather than Django.

Session Configuration

SESSION_COOKIE_AGE = 300  # seconds
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
Session settings:
  • SESSION_COOKIE_AGE = 300 - Sessions expire after 5 minutes of inactivity
  • SESSION_EXPIRE_AT_BROWSER_CLOSE = True - Sessions end when the browser closes
The 5-minute session timeout is very aggressive. Users will be logged out frequently. Consider increasing this for production:
SESSION_COOKIE_AGE = 3600  # 1 hour

Authentication

LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
Redirect users to the homepage after login/logout.

Default Field Type

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
Uses 64-bit integers for auto-incrementing primary keys, supporting up to 9 quintillion records.

Production Settings Checklist

Before deploying to production, review these critical settings:
1

Security Settings

  • Set DEBUG = False
  • Generate new SECRET_KEY
  • Configure ALLOWED_HOSTS with your domain
2

Database

  • Use environment variables for credentials
  • Create dedicated database user
  • Enable SSL connections if possible
3

Static & Media Files

  • Set STATIC_ROOT
  • Run collectstatic
  • Configure web server to serve static/media files
4

Session Security

  • Consider increasing SESSION_COOKIE_AGE
  • Add SESSION_COOKIE_SECURE = True (HTTPS only)
  • Add CSRF_COOKIE_SECURE = True (HTTPS only)

Environment-Specific Configuration

Use environment variables to manage different configurations: 
import os

# Detect environment
DEBUG = os.environ.get('DJANGO_DEBUG', 'False') == 'True'

# Security
SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')

# Database
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': os.environ.get('DB_NAME', 'Proyecto'),
        'USER': os.environ.get('DB_USER', 'postgres'),
        'PASSWORD': os.environ.get('DB_PASSWORD'),
        'HOST': os.environ.get('DB_HOST', 'localhost'),
        'PORT': os.environ.get('DB_PORT', '5432'),
        'ATOMIC_REQUESTS': True,
    }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us