I'm trying to understand the simplest way to deploy a Django application in production.
Many recommend nginx or Apache along with uwsgi or gunicorn. I think that is more than my situation requires, and I would like know if my thinking is correct.
This application is nothing more than an API that sends JSON to the client application. There are static files for an admin page, but that page is for developers only, so extremely low traffic. In other words, most responses have very small payloads, and requests for static resources are rare.
Also, since this is just an API, serving on port 8000 is fine.
I would be happy to leave out the complication of nginx/Apache if uWSGI is sufficient for my situation, but it isn't clear to me what other advantages a real server might offer, and how to determine if it is necessary.
I realize that this question is subjective, but I'm inexperienced in the Python/Django world, and it seems all of the advice is focused on the more typical case where actual web pages are served. Are there best practices for deployment of Django APIs?
Security, what this is ultimately about, is and always has been a very complicated matter. The open internet is one of the most dangerous places. No matter how small and insignificant your server seems to be, people will find it and try to break it. If a web server is not designed from the ground up to handle all the culprits of the open internet, it is not secure.
Gunicorn is designed as a Python application server. Even though it handles HTTP requests, it is not designed as a full web server. As the docs say:
I don't have any experience with uWSGI, but I wouldn't be surprised if the same was true.