CLI tool to auto-generate production-grade Nginx configs for Django
Project description
A CLI tool to auto-generate production-grade Nginx configurations for Django projects—featuring SSL/TLS hardening, Brotli/Gzip compression, proxy caching, observability, and Django-aware location blocks.
Table of Contents
Features
- Project Discovery: Automatically locates your Django project root by finding
manage.py. - Django-Aware URLs: Reads
STATIC_URL,MEDIA_URL,FORCE_SCRIPT_NAME, andUSE_X_FORWARDED_HOSTto generate accuratelocationblocks. - Global Tuning: Includes
worker_processes auto;,sendfile on;,tcp_nopush on;,tcp_nodelay on;, anduse epollfor high concurrency. - SSL/TLS Hardening: Supports OCSP stapling, session caching, strong ECC ciphers, and HSTS, with optional Let’s Encrypt ACME hooks.
- Caching & Compression: Implements multi-level proxy caching and Brotli + Gzip compression for static and dynamic content.
- Observability: Exposes
stub_statusfor Prometheus, customlog_format, and syslog integration. - Security Headers & Rate-Limiting: Adds
X-Frame-Options,Content-Security-Policy, and rate-limits (limit_req_zone) to mitigate abuse. - Specialized Blocks: Auto-generates
locationfor/static/,/media/,/admin/,/api/,/ws/, and health-check endpoints.
Installation
Install from PyPI for immediate use:
pip install django-nginx-generator
This command installs the tool and its dependencies (click, jinja2, Django) into your active environment.
Usage
Run generate_nginx anywhere—project root is auto-discovered, or override with --project-root.
generate_nginx \
--ssl-cert /etc/letsencrypt/live/example.com/fullchain.pem \
--ssl-key /etc/letsencrypt/live/example.com/privkey.pem \
--http2 \
--enable-certbot \
--socket-path /run/gunicorn.sock \
--output /etc/nginx/sites-available/example.com.conf
Use generate_nginx --help to view all options and examples.
Options
| Flag | Required | Default | Description |
|---|---|---|---|
--project-root PATH |
no | auto-discover | Directory containing manage.py. |
--ssl-cert PATH |
no | none | SSL certificate file (fullchain.pem). |
--ssl-key PATH |
no | none | SSL private key file (privkey.pem). |
--http2 / --no-http2 |
no | --no-http2 |
Enable HTTP/2 on port 443. |
--enable-certbot / --no-enable-certbot |
no | --no-enable-certbot |
Include ACME challenge block for Let’s Encrypt. |
--socket-path PATH |
no | fall back to 127.0.0.1:8000 |
Unix socket for Gunicorn/Uvicorn or TCP address for dev server. |
--force-https-when-no-ssl / --no-force |
no | --no-force |
Redirect HTTP→HTTPS even without certs (useful in staging). |
--output PATH |
no | ./<project>_nginx.conf |
Path to write the generated Nginx configuration. |
Example
Below is an excerpt from a generated config for example.com (static files served from /srv/myproject/static):
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_stapling on;
add_header Strict-Transport-Security "max-age=31536000; preload" always;
location /static/ {
alias /srv/myproject/static;
try_files $uri =404;
expires 365d;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
proxy_pass http://django;
include proxy_params;
}
}
This config demonstrates HTTP→HTTPS redirect, SSL/TLS hardening, immutable caching for static assets, and proxying to your Django backend.
Contributing
Contributions are welcome! Please:
- Fork the repo
- Create a feature branch (
git checkout -b feature/x) - Commit your changes (
git commit -m "Add feature") - Push to your branch (
git push origin feature/x) - Open a Pull Request
See CONTRIBUTING.md for more details.
License
This project is licensed under the MIT License – see LICENSE for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_nginx_generator-1.1.0.tar.gz.
File metadata
- Download URL: django_nginx_generator-1.1.0.tar.gz
- Upload date:
- Size: 10.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a6f6b0b5e2d71372350c6fdd0090959137dfe1abb040a989f5ab035eb2770aa4
|
|
| MD5 |
f0823cec417bf98d2d8075c4d985ccc8
|
|
| BLAKE2b-256 |
4b6bc780c79d79bed589c143f5ae4b6b0bd616de1be897589977250585eb3ee0
|
File details
Details for the file django_nginx_generator-1.1.0-py3-none-any.whl.
File metadata
- Download URL: django_nginx_generator-1.1.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aef12bb4d26e3dd67572f84fbc6b6a8c235e4f0ae7240bceec33892179bcf88c
|
|
| MD5 |
3c1bff61e4f4bbc2f48c14d2666b482f
|
|
| BLAKE2b-256 |
76cc2e2ae54f61a0cc3d0526ef34ed80ef341f0001007307e4bf9787e5ae5e43
|
