I recently released DJ Checkup which is a fork from the now defunct Pony Checkup site. It’s a free security resource that will scan your Django site for common security errors and suggest how to fix them.
The architecture of the site needs a lot of work but the security checks are sound and it makes great recommendations. I’m currently working on a rewrite that makes it easier to add and remove checks in the future. Currently, to add a new check requires code changes throughout the site which is not great.
The site is running on a Vultr VPS on the US West Coast. It’s a fairly straight forward Django 3.1 app with a small PostgreSQL database and Redis server as a queue. A worker server uses Django-RQ to pick up tasks from the queue and run the checks. This is the same architecture I describe in the Advanced Django-RQ Example post. I’m also using Django-Storages for the first time—I’ll post a tutorial about this soon—and this is used to offload static files to an S3 bucket which is fronted by Cloudfront CDN.
I took this opportunity to do a deep dive on Terraform, and so I’m using this to fully provision all infrastructure in the dev, test, and production environments. Once the infrastructure is deployed, I use Ansible to configure the servers and deploy the app, which is using Docker for automation. This means the whole process is automated, repeatable and documented with code.