features.md

RT cookiecutter template selling points

Main features

• Cookiecutter template allowing long term support using Cruft update mechanism
• Docker and docker compose for easy & simple (c) development and deployment
• Latest python from 3.11 line
• Latest Django LTS release
• Gunicorn for running WSGI instances on prod
• Uvicorn for ASGI instances on prod
• Nginx as high-performance reverse proxy with automatic SSL certificate renewal
• Postgres with psycopg3 for database
• Task management via celery with scheduled tasks support (using celery-beat)
• Multiple workers & queues supported (if you need to divide / prioritize tasks and apply different levels of concurrency)

Self-hosted configuration

• Persistent redis for task management backend
• Celery task monitoring via flower

Cloud configuration options

• AWS support: terraform to deploy RDS, SQS, ELB etc
• Vultr: terraform for deploying application on cheap VPS servers
• Support for transaction-based database connection pooling

Configuration

• .env files for configuration; preconfigured .env for both local and prod environments
• django-debug-toolbar (enabled for local environment) for debugging app performance
• ipython included for nice interactive django shell
• django-extensions for drawing graph of models and more

Continuous integration

• Github Actions for CI/CD
• nox for workflow automation
• ruff for linting & auto fixing python code
• shellcheck for linting & auto fixing shell scripts
• pytest with xdist for efficient parallel testing

Deployment

• 2-stage docker image build for clean app image (both debian-based and alpine-based base images are supported)
• Easy deployment based on git push production master
• Redeployment doesn't stop db, redis and nginx containers -> non-interrupted deployments
• Migrations are done during deployment, before application startup -> application won't be run on unmigrated database

Security & performance

• CORS headers preconfigured
• CSP integrated
• BREACH attack mitigation
• Brotli compression support
• 0-RTT TLS 1.3 Early Data support
• http/2 support
• TLS 1.2&1.3 via letsencrypt with auto-renewal
• Forward secrecy ciphers
• Overall ssllabs security class: A+ 100/100/90/90 (to keep compatibility with some older clients)
• Optional fingerprinting of users on backend and frontend sides

Reliability

• Cost-efficient & secure automatic database backups
  • B2 cloud storage using a writeFiles-only key with and option to store them locally or send them over email
  • zstd compression for efficient storage & excellent speed for both backup and restore
• Scripted and repeatable procedure for restoring the system from a backup
• Sentry error tracking preconfigured
• Grafana for metrics and log aggregation (Grafana Loki)
  • Prometheus for data collection
  • Grafana Loki for log aggregation with Promtail for log shipping
  • Generic host dashboard section optimized for both VM and physical machines
  • Integration of framework allowing easy addition of new application-level metrics
  • nginx-level dashboard section for http/ws statistics
  • Active monitoring dashboard (http ping)
  • Alert history dashboard
• Alertmanager for detecting issues and alerting