./manage.py runserver with https

Question

./manage.py runserver 0.0.0.0:8000

I am using the line above as part of the code I borrowed from github (https://github.com/ribeiroit/boh-puppe

Answer 1

While cezar's recommendation of django-extensions is valid to run a server with https, neither runserver or runserver_plus should ever be used in a production setting.

Quoting Django's documentation:

DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay. We’re in the business of making Web frameworks, not Web servers, so improving this server to be able to handle a production environment is outside the scope of Django.)

Quoting django-extensions' documentation:

WARNING: This should never be used in any kind of production environment. Not even for a quick problem check. I cannot emphasize this enough. The interactive debugger allows you to evaluate python code right against the server. You’ve been warned.

Now yes, this warning from the django-extensions documentation is in reference to a single feature, the interactive console, which will theoretically not be exposed if DEBUG is set to False. But this is precisely how Patreon got hacked, and probably others as well. Why even risk it?

Instead, it would be far better to deploy your application using one of the officially recommended WSGI servers such as gunicorn or uWSGI.

Answer 2

For this purpose I use the the third-party app django-extensions, which offers some nice additional functionalities.

One of those extras is RunServerPlus.

You can then start the server like this:

python manage.py runserver_plus --cert-file /path/to/your/certificate

and open https://localhost:8000 in your browser.