From 73fcb14cd86fa320322437b9827e465115fb6043 Mon Sep 17 00:00:00 2001 From: Andrew Miller Date: Wed, 7 Aug 2024 14:47:05 +0100 Subject: [PATCH] [5.1.x] Refs #35591 -- Emphasized that runserver is not suitable for production. Backport of cec62fb99e8ff63f30c7871a048ab15081142668 from main. --- docs/howto/deployment/checklist.txt | 8 ++++++++ docs/howto/deployment/index.txt | 3 ++- docs/ref/django-admin.txt | 10 +++++----- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/howto/deployment/checklist.txt b/docs/howto/deployment/checklist.txt index 75c9735e86..0f4bd158f8 100644 --- a/docs/howto/deployment/checklist.txt +++ b/docs/howto/deployment/checklist.txt @@ -36,6 +36,14 @@ Some of the checks described below can be automated using the :option:`check --deploy` option. Be sure to run it against your production settings file as described in the option's documentation. +Switch away from ``manage.py runserver`` +======================================== + +The :djadmin:`runserver` command is not designed for a production setting. Be +sure to switch to a production-ready WSGI or ASGI server. For a few common +options, see :doc:`WSGI servers ` or +:doc:`ASGI servers `. + Critical settings ================= diff --git a/docs/howto/deployment/index.txt b/docs/howto/deployment/index.txt index e2fadba5b9..2f53a97bef 100644 --- a/docs/howto/deployment/index.txt +++ b/docs/howto/deployment/index.txt @@ -12,7 +12,8 @@ the scope of what Django can give you as guidance. Django, being a web framework, needs a web server in order to operate. And since most web servers don't natively speak Python, we need an interface to -make that communication happen. +make that communication happen. The :djadmin:`runserver` command starts a +lightweight development server, which is not suitable for production. Django currently supports two interfaces: WSGI and ASGI. diff --git a/docs/ref/django-admin.txt b/docs/ref/django-admin.txt index fa4f6e9ca8..0e0a79fdd7 100644 --- a/docs/ref/django-admin.txt +++ b/docs/ref/django-admin.txt @@ -870,11 +870,11 @@ are reserved for the superuser (root). This server uses the WSGI application object specified by the :setting:`WSGI_APPLICATION` setting. -DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through -security audits or performance tests. (And that's how it's gonna stay. We're in -the business of making web frameworks, not web servers, so improving this -server to be able to handle a production environment is outside the scope of -Django.) +.. warning:: DO NOT USE THIS SERVER IN A PRODUCTION SETTING. + + This lightweight development server has not gone through security audits or + performance tests, hence is unsuitable for production. Making this server + able to handle a production environment is outside the scope of Django. The development server automatically reloads Python code for each request, as needed. You don't need to restart the server for code changes to take effect.