[Chapter 16 - Security] Issue with DJANGO_DEBUG

[mnoah66]

Going to http://127.0.0.1:8000/debug results in a proper Not Found error in the browser. However, when running docker-compose exec web python manage.py check --deploy, I still get the warning that DEBUG is True in production. Also, it was mentioned that after building image from new docker-compose-prod.yml file, it would destroy items in my database. It didn't do that either.

Anyone able to nudge me in the right direction?

settings.py DEBUG = env.bool("DJANGO_DEBUG")

docker-compose-prod.yml

version: '3.8'

services:
  web:
    build: .
    command: python /code/manage.py runserver 0.0.0.0:8000
    volumes:
      - .:/code
    ports:
      - 8000:8000
    depends_on:
      - db
    environment: 
      - "DJANGO_SECRET_KEY=&qhzy1r$$_9f5dks*!l_jhrg_wnm=m!q%0@(06!+^0wpxbu5k6_"
      - "DJANGO_DEBUG=False"
  db:
    image: postgres:11
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    environment:
      - "POSTGRES_HOST_AUTH_METHOD=trust"
volumes:
  postgres_data:

Commands Run

docker-compose down
docker-compose -f docker-compose-prod.yml up -d --build
docker-compose exec web python manage.py migrate

Also, if I run docker-compose exec web python then:

$ import os
$ d = os.environ.get("DJANGO_DEBUG")
$ d
'True'

[jurgenvt]

Having the exact same issue here. i found that:

After:

docker-compose -f docker-compose-prod.yaml up -d --build

docker-compose exec web python manage.py check --deploy

i am also getting: ?: (security.W018) You should not have DEBUG set to True in deployment.

the deploy check seems to read/check the variables from docker-compose.yaml and not from docker-compose-prod.yaml

However the logic of showing/hiding the debug toolbar in the website works.

I tried rebuilding, restarting docker but ended up editing my docker-compose.yaml file, which should not be the way here in this exercise.

[mnoah66]

Thank you @jurgenvt

I re-ran the check --deploy command, this time specifying the production file...

docker-compose -f docker-compose-prod.yml python manage.py check --deploy

...and I got the expected results. Like you said I guess the docker-compose command, regardless of what you are doing after it, always looks at your docker-compose.yml file.

@wsvincent any ideas?

[wsvincent]

Hi @mnoah66 and @jurgenvt,

Thanks for the comments. Finishing the 4.0 update as we speak so this feedback is helpful and something I've been aware of back when you made it. To the questions...

• the database isn't deleted when we rebuild the image. I've changed the wording so that's not confusing in the update. The underlying Docker container has a volumes mount and that is where the db exists. If you deleted the container then the db would go away too. But that's not what we're doing, just rebuilding the image.
• the default for docker-compose is to use a docker-compose.yml file so we have to explicitly set and use the -f flag to make it check our docker-compose-prod.yml file