init

backend/config/settings/production.py

@@ -0,0 +1,21 @@
+from .base import *
+
+DEBUG = False
+
+# Security settings for production
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_REDIRECT_EXEMPT = []
+SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+X_FRAME_OPTIONS = 'DENY'
+
+# 🔹 Exempt /metrics from the redirect so Prometheus can scrape over HTTP
+SECURE_REDIRECT_EXEMPT = [r"^metrics$"]
+
+# Logging for production
+# LOGGING['handlers']['file']['filename'] = '/var/log/django/django.log'