Production Environment Variables
This section covers the environment and its required setup for running the care project in production. This involves setting up the secret keys, encryption keys, PostGIS database URLs etc. The project also employs other services such as Redis for caching and Sentry for logging.
The following list contains variables you will need during the production environment.
Variable Key
Required
Description
POSTGIS_URL
Yes
This variable is the URL to your Postgres database with the PostGIS extension. To obtain this, simply replace postgres://
with postgis://
in your DATABASE_URL
DJANGO_ADMIN_URL
Yes
This variable shall be used to access your Django admin dashboard. For security purposes, it is a good idea to keep it as a short random string.
DJANGO_SECRET_KEY
Yes
A secret key used by Django for generating session cookies and other purposes. An online search will provide several methods for generating it.
FERNET_SECRET_KEY
Yes
A secret key used for encrypting patient records in the database. This can be generated in the same way as the Django secret key. A change in the fernet key will cause all data to be corrupted, please make sure this variable is always handled with care. The development version has a hardcoded fernet key to avoid issues.
DJANGO_SETTINGS_MODULE
Yes
This variable specifies which settings to use in the production environment. Set the value to config.settings.production
to point it to the production settings file in the project. development builds can use config.settings.staging
defaults to local settings
USE_S3
No
Set this variable to True
if you want to use Amazon S3 buckets for storing your static files in production. Defaults to 'False'. The backend copies the static files on start, the Gunicorn server serving the backend does not perform well with static files so it is advised to configure S3 as a static file server.
AWS_STORAGE_BUCKET_NAME
No
This variable is used to store the bucket name to store your static files during the collectstatic step. Note that this is used only if USE_S3
is set to True
.
AWS_ACCESS_KEY_ID
No
The AWS Access Key of your account used to access your S3 bucket. Note that this is used only when USE_S3
is set to True
.
AWS_SECRET_ACCESS_KEY
No
The AWS Secret Key of your account used to access your S3 bucket. Note that this is used only when USE_S3
is set to True
.
REDIS_URL
Yes
The URL to your Redis instance for use in caching. Redis is also used as the background job management
CELERY_BROKER_URL
Yes
The URL to your Redis instance for use in celery worker management.
SENTRY_DSN
Yes
GOOGLE_RECAPTCHA_SITE_KEY
No
The configured site key for your recaptcha. Recaptcha is used to prevent brute-force attacks while logging into care.
GOOGLE_RECAPTCHA_SECRET_KEY
No
The secret key for your recaptcha.
DJANGO_ALLOWED_HOSTS
Yes
This is used to store a JSON type array of hosts you want to allow access to your backend API. Requests with other Host fields will not be able to complete successfully. Set it to ['*']
to allow all hosts. Defaults to ['*']
.
CSRF_TRUSTED_ORIGINS
Yes
Contains a JSON array of hosts that are allowed to make cross site requests to the backend API. Defaults to []
.
DJANGO_SECURE_SSL_REDIRECT
No
Use this option to set whether or not you want to redirect from HTTP to HTTPS automatically. Defaults to True
.
RATE_LIMIT
No
A string value of the form requests/time to be set for rate limiting. For eg., if you want to allow not more than 5 requests from a user in 10 mins, provide 5/10m
as the value. Defaults to 5/10m
. Ratelimiting is only enforced for the login and signup endpoint to prevent brute-forcing, after the limit every request required a captcha to be present.
MAINTENANCE_MODE
No
Set this variable to 1 to put the site/API into maintenance. Defaults to 0.
POSTGRES_DB
Yes
Your PostGIS DB name. This is used to check if the postgres db is connected before performing db migrations
POSTGRES_HOST
Yes
Your Postgres host address.
POSTGRES_USER
Yes
Your Postgres username.
POSTGRES_PASSWORD
Yes
Your POSTGRES_USER
password.
POSTGRES_PORT
Yes
Your Postgres instance port number.
SNS_ACCESS_KEY
Yes
AWS SNS access key for sending SMS messages
SNS_SECRET_KEY
Yes
AWS SNS Secret key for sending SMS messages
VAPID_PUBLIC_KEY
Yes
Vapid Public key for sending Web push notifications, Defaults to publicly visible certificates
VAPID_PRIVATE_KEY
Yes
Vapid Private key for sending Web push notifications, Defaults to publicly visible certificates
FILE_UPLOAD_BUCKET
Yes
AWS S3 bucket name with no public access to store confidential patient files
FILE_UPLOAD_KEY
Yes
AWS Access key to access the File Upload Bucket
FILE_UPLOAD_SECRET
Yes
AWS Secret key to access the File Upload Bucket
EMAIL_HOST
Yes
SMTP Email Host
EMAIL_USER
Yes
SMTP Email User
EMAIL_PASSWORD
Yes
SMTP Email Password
Last updated