Django on Google Cloud SQL PostgreSQL

Status: Production Ready Last Updated: 2026-01-24 Dependencies: None Latest Versions: Django@5.1, psycopg2-binary@2.9.9, gunicorn@23.0.0, google-cloud-sql-connector@1.12.0

Quick Start (10 Minutes) 1. Install Dependencies pip install Django psycopg2-binary gunicorn

For Cloud SQL Python Connector (recommended for local dev):

pip install "cloud-sql-python-connector[pg8000]"

Why this matters:

psycopg2-binary is the PostgreSQL adapter for Django gunicorn is required for App Engine Standard (Python 3.10+) Cloud SQL Python Connector provides secure connections without SSH tunneling 2. Configure Django Settings

settings.py (production with Unix socket):

import os

Detect App Engine environment

IS_APP_ENGINE = os.getenv('GAE_APPLICATION', None)

if IS_APP_ENGINE: # Production: Connect via Unix socket DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ['DB_NAME'], 'USER': os.environ['DB_USER'], 'PASSWORD': os.environ['DB_PASSWORD'], 'HOST': f"/cloudsql/{os.environ['CLOUD_SQL_CONNECTION_NAME']}", 'PORT': '', # Empty for Unix socket } } else: # Local development: Connect via Cloud SQL Proxy DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ.get('DB_NAME', 'mydb'), 'USER': os.environ.get('DB_USER', 'postgres'), 'PASSWORD': os.environ.get('DB_PASSWORD', ''), 'HOST': '127.0.0.1', 'PORT': '5432', } }

CRITICAL:

App Engine connects via Unix socket at /cloudsql/PROJECT:REGION:INSTANCE Local development requires Cloud SQL Auth Proxy on 127.0.0.1:5432 Never hardcode connection strings - use environment variables 3. Create app.yaml runtime: python310 entrypoint: gunicorn -b :$PORT myproject.wsgi:application

env_variables: DB_NAME: "mydb" DB_USER: "postgres" CLOUD_SQL_CONNECTION_NAME: "project-id:region:instance-name"

Cloud SQL connection

beta_settings: cloud_sql_instances: "project-id:region:instance-name"

handlers: - url: /static static_dir: static/ - url: /.* script: auto secure: always

CRITICAL:

beta_settings.cloud_sql_instances enables the Unix socket at /cloudsql/... DB_PASSWORD should be set via gcloud app deploy or Secret Manager, not in app.yaml The 6-Step Setup Process Step 1: Create Cloud SQL Instance

Create PostgreSQL instance

gcloud sql instances create myinstance \ --database-version=POSTGRES_15 \ --tier=db-f1-micro \ --region=us-central1

Create database

gcloud sql databases create mydb --instance=myinstance

Create user

gcloud sql users create postgres \ --instance=myinstance \ --password=YOUR_SECURE_PASSWORD

Key Points:

Use POSTGRES_15 or later for best compatibility db-f1-micro is cheapest for dev ($7-10/month), use db-g1-small or higher for production Note the connection name: PROJECT_ID:REGION:INSTANCE_NAME Step 2: Configure Django Project

requirements.txt:

Django>=5.1,<6.0 psycopg2-binary>=2.9.9 gunicorn>=23.0.0 whitenoise>=6.7.0

settings.py additions:

import os

Security settings for production

DEBUG = os.environ.get('DEBUG', 'False') == 'True' ALLOWED_HOSTS = [ '.appspot.com', '.run.app', 'localhost', '127.0.0.1', ]

Static files with WhiteNoise

STATIC_URL = '/static/' STATIC_ROOT = os.path.join(BASE_DIR, 'static') MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware') STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'

Database connection pooling

DATABASES['default']['CONN_MAX_AGE'] = 60 # Keep connections open for 60 seconds

Why these settings:

CONN_MAX_AGE=60 reduces connection overhead (Cloud SQL has connection limits) WhiteNoise serves static files without Cloud Storage ALLOWED_HOSTS must include .appspot.com for App Engine Step 3: Set Up Local Development with Cloud SQL Proxy

Install Cloud SQL Auth Proxy:

macOS

brew install cloud-sql-proxy

Linux

curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.14.1/cloud-sql-proxy.linux.amd64 chmod +x cloud-sql-proxy

Run the proxy:

Authenticate first

gcloud auth application-default login

Start proxy (runs on 127.0.0.1:5432)

./cloud-sql-proxy PROJECT_ID:REGION:INSTANCE_NAME

Or with specific port

./cloud-sql-proxy PROJECT_ID:REGION:INSTANCE_NAME --port=5432

Set environment variables for local dev:

export DB_NAME=mydb export DB_USER=postgres export DB_PASSWORD=your_password export DEBUG=True

Key Points:

Proxy creates a secure tunnel to Cloud SQL No need to whitelist your IP address Works with both password and IAM authentication Step 4: Run Migrations

Local (with proxy running)

python manage.py migrate

Verify connection

python manage.py dbshell

For production migrations (via Cloud Build or local with proxy):

Option 1: Run locally with proxy

./cloud-sql-proxy PROJECT:REGION:INSTANCE & python manage.py migrate

Option 2: Use Cloud Build (recommended)

See references/cloud-build-migrations.md

Step 5: Configure Gunicorn

gunicorn.conf.py (optional, for fine-tuning):

import multiprocessing

Workers

workers = 2 # App Engine Standard limits this threads = 4 worker_class = 'gthread'

Timeout (App Engine has 60s limit for standard, 3600s for flexible)

timeout = 55

Logging

accesslog = '-' errorlog = '-' loglevel = 'info'

Bind (App Engine sets $PORT)

bind = f"0.0.0.0:{os.environ.get('PORT', '8080')}"

app.yaml entrypoint options:

Simple (recommended for most cases)

entrypoint: gunicorn -b :$PORT myproject.wsgi:application

With config file

entrypoint: gunicorn -c gunicorn.conf.py myproject.wsgi:application

With workers and timeout

entrypoint: gunicorn -b :$PORT -w 2 -t 55 myproject.wsgi:application

Key Points:

App Engine Standard limits workers (F1: 1 worker, F2: 2 workers) Use gthread worker class for I/O-bound Django apps Set timeout < 60s to avoid App Engine killing requests Step 6: Deploy to App Engine

Collect static files

python manage.py collectstatic --noinput

Deploy

gcloud app deploy app.yaml

Set DB password via environment

gcloud app deploy --set-env-vars="DB_PASSWORD=your_secure_password"

View logs

gcloud app logs tail -s default

Verify deployment:

Open in browser

gcloud app browse

Check database connection

gcloud app logs read --service=default | grep -i database

Critical Rules (Django + Cloud SQL)

ALWAYS DO:

Use Unix socket path /cloudsql/PROJECT:REGION:INSTANCE on App Engine Set PORT='' (empty string) for Unix socket connections Use Cloud SQL Auth Proxy for local development Set CONN_MAX_AGE for connection pooling (30-60 seconds) Use environment variables for database credentials Use Secret Manager for production passwords

NEVER DO:

Put database password in app.yaml (use Secret Manager or env vars at deploy time) Use HOST='localhost' on App Engine (must use Unix socket path) Forget beta_settings.cloud_sql_instances in app.yaml Set CONN_MAX_AGE=None (unlimited) - can exhaust connection pool Skip SSL on Cloud SQL (it's enforced by default) Known Issues Prevention

This skill prevents 12 documented issues:

Issue #1: OperationalError - No such file or directory

Error: django.db.utils.OperationalError: could not connect to server: No such file or directory Source: https://cloud.google.com/sql/docs/postgres/connect-app-engine-standard Why It Happens: App Engine can't find the Unix socket because beta_settings.cloud_sql_instances is missing in app.yaml Prevention: Always include beta_settings.cloud_sql_instances: "PROJECT:REGION:INSTANCE" in app.yaml

Issue #2: Connection Refused on Local Development

Error: django.db.utils.OperationalError: connection refused or could not connect to server: Connection refused Source: https://cloud.google.com/sql/docs/postgres/connect-auth-proxy Why It Happens: Cloud SQL Auth Proxy is not running or bound to wrong port Prevention: Start cloud-sql-proxy PROJECT:REGION:INSTANCE before running Django locally. Verify it's running on port 5432.

Issue #3: FATAL: password authentication failed

Error: FATAL: password authentication failed for user "postgres" Source: https://cloud.google.com/sql/docs/postgres/create-manage-users Why It Happens: Wrong password in environment variable, or user doesn't exist in Cloud SQL instance Prevention: Verify password with gcloud sql users list --instance=INSTANCE. Reset if needed: gcloud sql users set-password postgres --instance=INSTANCE --password=NEW_PASSWORD

Issue #4: Too Many Connections

Error: FATAL: too many connections for role "postgres" or remaining connection slots are reserved Source: https://cloud.google.com/sql/docs/postgres/quotas#connection_limits Why It Happens: Each request opens a new connection without pooling, exhausting the 25-100 connection limit Prevention: Set CONN_MAX_AGE = 60 in Django settings. For high traffic, use PgBouncer or django-db-connection-pool.

Issue #5: App Engine Request Timeout

Error: DeadlineExceededError or request terminated after 60 seconds Source: https://cloud.google.com/appengine/docs/standard/python3/how-requests-are-handled Why It Happens: Database query or migration takes longer than App Engine's 60-second limit Prevention: Set Gunicorn timeout to 55 seconds. For long-running tasks, use Cloud Tasks or Cloud Run Jobs.

Issue #6: Static Files 404 in Production

Error: Static files return 404, CSS/JS not loading Source: https://cloud.google.com/appengine/docs/standard/serving-static-files Why It Happens: Missing static/ handler in app.yaml or collectstatic not run before deploy Prevention: Run python manage.py collectstatic --noinput before deploy. Include static handler in app.yaml.

Issue #7: CSRF Verification Failed

Error: Forbidden (403) CSRF verification failed Source: Django documentation on CSRF Why It Happens: CSRF_TRUSTED_ORIGINS not set for appspot.com domain Prevention: Add CSRF_TRUSTED_ORIGINS = ['https://*.appspot.com'] to settings.py

Issue #8: Database Not Found After Deployment

Error: django.db.utils.OperationalError: FATAL: database "mydb" does not exist Source: https://cloud.google.com/sql/docs/postgres/create-manage-databases Why It Happens: Database exists in Cloud SQL but DB_NAME environment variable is wrong Prevention: Verify database name: gcloud sql databases list --instance=INSTANCE. Ensure DB_NAME matches exactly.

Issue #9: IAM Authentication Failure

Error: FATAL: Cloud SQL IAM user authentication failed Source: https://cloud.google.com/sql/docs/postgres/iam-logins Why It Happens: App Engine service account doesn't have roles/cloudsql.instanceUser role Prevention: Grant role: gcloud projects add-iam-policy-binding PROJECT --member="serviceAccount:PROJECT@appspot.gserviceaccount.com" --role="roles/cloudsql.instanceUser"

Issue #10: Migrations Fail in Production

Error: Migrations timeout or can't run during deployment Source: https://cloud.google.com/sql/docs/postgres/connect-build Why It Happens: App Engine deploy doesn't provide a migration step; running in entrypoint times out Prevention: Run migrations separately via Cloud Build, or locally with Cloud SQL Proxy before deploying.

Issue #11: SECRET_KEY Exposed

Error: Security warning about hardcoded SECRET_KEY Source: Django deployment checklist Why It Happens: SECRET_KEY is in settings.py instead of environment variable or Secret Manager Prevention: Use SECRET_KEY = os.environ.get('SECRET_KEY') and set via gcloud app deploy --set-env-vars or Secret Manager.

Issue #12: Cold Start Database Timeout

Error: First request after idle period times out Source: https://cloud.google.com/appengine/docs/standard/how-instances-are-managed Why It Happens: App Engine instance cold start + Cloud SQL activation delay (if using "on demand" activation) Prevention: Use App Engine warmup requests, or keep Cloud SQL instance "always on" (increases cost). Set app_engine_apis: true and add /_ah/warmup handler.

Configuration Files Reference settings.py (Complete Production Example) import os from pathlib import Path

BASE_DIR = Path(file).resolve().parent.parent

Security

SECRET_KEY = os.environ.get('SECRET_KEY', 'dev-key-change-in-production') DEBUG = os.environ.get('DEBUG', 'False') == 'True' ALLOWED_HOSTS = [ '.appspot.com', '.run.app', 'localhost', '127.0.0.1', ]

CSRF for App Engine

CSRF_TRUSTED_ORIGINS = [ 'https://.appspot.com', 'https://.run.app', ]

Application definition

INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', # Your apps here ]

MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'whitenoise.middleware.WhiteNoiseMiddleware', # Static files 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]

ROOT_URLCONF = 'myproject.urls'

TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [BASE_DIR / 'templates'], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ]

WSGI_APPLICATION = 'myproject.wsgi.application'

Database

IS_APP_ENGINE = os.getenv('GAE_APPLICATION', None)

if IS_APP_ENGINE: DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ['DB_NAME'], 'USER': os.environ['DB_USER'], 'PASSWORD': os.environ['DB_PASSWORD'], 'HOST': f"/cloudsql/{os.environ['CLOUD_SQL_CONNECTION_NAME']}", 'PORT': '', 'CONN_MAX_AGE': 60, 'OPTIONS': { 'connect_timeout': 10, }, } } else: DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ.get('DB_NAME', 'mydb'), 'USER': os.environ.get('DB_USER', 'postgres'), 'PASSWORD': os.environ.get('DB_PASSWORD', ''), 'HOST': os.environ.get('DB_HOST', '127.0.0.1'), 'PORT': os.environ.get('DB_PORT', '5432'), 'CONN_MAX_AGE': 60, } }

Static files

STATIC_URL = '/static/' STATIC_ROOT = BASE_DIR / 'static' STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'

Default primary key field type

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

Logging

LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'handlers': { 'console': { 'class': 'logging.StreamHandler', }, }, 'root': { 'handlers': ['console'], 'level': 'INFO', }, 'loggers': { 'django': { 'handlers': ['console'], 'level': os.getenv('DJANGO_LOG_LEVEL', 'INFO'), 'propagate': False, }, }, }

app.yaml (Complete Example) runtime: python310 entrypoint: gunicorn -b :$PORT -w 2 -t 55 --threads 4 myproject.wsgi:application

instance_class: F2

env_variables: DB_NAME: "mydb" DB_USER: "postgres" CLOUD_SQL_CONNECTION_NAME: "project-id:us-central1:instance-name" DEBUG: "False"

beta_settings: cloud_sql_instances: "project-id:us-central1:instance-name"

handlers: - url: /static static_dir: static/ secure: always

• url: /.* script: auto secure: always

automatic_scaling: min_instances: 0 max_instances: 2 target_cpu_utilization: 0.65

Why these settings:

F2 instance class allows 2 Gunicorn workers min_instances: 0 saves costs when idle target_cpu_utilization: 0.65 scales before overload requirements.txt Django>=5.1,<6.0 psycopg2-binary>=2.9.9 gunicorn>=23.0.0 whitenoise>=6.7.0

Common Patterns Pattern 1: Environment-Aware Database Configuration import os

def get_database_config(): """Return database config based on environment.""" is_production = os.getenv('GAE_APPLICATION', None)

if is_production:
    return {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': os.environ['DB_NAME'],
        'USER': os.environ['DB_USER'],
        'PASSWORD': os.environ['DB_PASSWORD'],
        'HOST': f"/cloudsql/{os.environ['CLOUD_SQL_CONNECTION_NAME']}",
        'PORT': '',
        'CONN_MAX_AGE': 60,
    }
else:
    return {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': os.environ.get('DB_NAME', 'mydb'),
        'USER': os.environ.get('DB_USER', 'postgres'),
        'PASSWORD': os.environ.get('DB_PASSWORD', ''),
        'HOST': '127.0.0.1',
        'PORT': '5432',
        'CONN_MAX_AGE': 60,
    }

DATABASES = {'default': get_database_config()}

When to use: Standard Django project needing local/production parity

Pattern 2: Secret Manager Integration from google.cloud import secretmanager

def get_secret(secret_id, version_id='latest'): """Retrieve secret from Google Secret Manager.""" client = secretmanager.SecretManagerServiceClient() project_id = os.environ.get('GOOGLE_CLOUD_PROJECT') name = f"projects/{project_id}/secrets/{secret_id}/versions/{version_id}" response = client.access_secret_version(request={"name": name}) return response.payload.data.decode('UTF-8')

Usage in settings.py

if os.getenv('GAE_APPLICATION'): SECRET_KEY = get_secret('django-secret-key') DB_PASSWORD = get_secret('db-password')

When to use: Production deployments requiring proper secret management

Pattern 3: Cloud SQL Python Connector (Alternative to Proxy)

For local development without Cloud SQL Auth Proxy

from google.cloud.sql.connector import Connector

def get_db_connection(): connector = Connector() return connector.connect( "project:region:instance", "pg8000", user="postgres", password=os.environ["DB_PASSWORD"], db="mydb", )

In settings.py for local dev (requires pg8000 driver)

DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': 'mydb', 'USER': 'postgres', 'OPTIONS': { 'get_conn': get_db_connection, }, } }

When to use: Local development when you can't install Cloud SQL Auth Proxy

Pattern 4: Health Check Endpoint with Database Verification

views.py

from django.http import JsonResponse from django.db import connection

def health_check(request): """Health check endpoint for App Engine.""" try: with connection.cursor() as cursor: cursor.execute("SELECT 1") return JsonResponse({ 'status': 'healthy', 'database': 'connected', }) except Exception as e: return JsonResponse({ 'status': 'unhealthy', 'database': str(e), }, status=503)

urls.py

urlpatterns = [ path('_ah/health', health_check, name='health_check'), ]

When to use: Load balancer health checks, monitoring database connectivity

Using Bundled Resources Templates (templates/) templates/settings_snippet.py - Copy-paste database configuration templates/app.yaml - Complete App Engine configuration templates/requirements.txt - Production dependencies References (references/) references/cloud-sql-proxy-setup.md - Detailed proxy installation and usage references/iam-authentication.md - IAM-based authentication (no passwords) references/secret-manager.md - Storing secrets properly references/migrations-in-production.md - Running migrations safely

When Claude should load these:

Load cloud-sql-proxy-setup.md when user has local connection issues Load iam-authentication.md when setting up passwordless auth Load migrations-in-production.md before first production deployment Advanced Topics IAM Database Authentication

Instead of password authentication, use IAM for service-to-service auth:

Enable IAM authentication on instance

gcloud sql instances patch INSTANCE --database-flags cloudsql.iam_authentication=on

Create IAM user

gcloud sql users create SERVICE_ACCOUNT@PROJECT.iam \ --instance=INSTANCE \ --type=CLOUD_IAM_SERVICE_ACCOUNT

Grant connect permission

gcloud projects add-iam-policy-binding PROJECT \ --member="serviceAccount:PROJECT@appspot.gserviceaccount.com" \ --role="roles/cloudsql.instanceUser"

Django settings for IAM auth:

DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ['DB_NAME'], 'USER': f"{os.environ['SERVICE_ACCOUNT']}@{os.environ['PROJECT_ID']}.iam", 'HOST': f"/cloudsql/{os.environ['CLOUD_SQL_CONNECTION_NAME']}", 'PORT': '', # No PASSWORD needed with IAM auth } }

Connection Pooling with PgBouncer

For high-traffic applications, deploy PgBouncer on Cloud Run:

Cloud Run service for PgBouncer

See references/pgbouncer-setup.md for full configuration

Why PgBouncer:

Cloud SQL limits connections (25-4000 depending on tier) Django's CONN_MAX_AGE helps but doesn't pool across processes PgBouncer provides true connection pooling Running Migrations Safely

Option 1: Cloud Build (Recommended)

cloudbuild.yaml

steps: - name: 'gcr.io/cloud-builders/gcloud' args: ['sql', 'connect', 'INSTANCE', '--quiet']

• name: 'python:3.10' entrypoint: 'bash' args:
  • '-c'
  • | pip install -r requirements.txt python manage.py migrate --noinput env:
  • 'DB_NAME=mydb'
  • 'DB_USER=postgres'
  • 'DB_HOST=/cloudsql/PROJECT:REGION:INSTANCE' secretEnv: ['DB_PASSWORD']

availableSecrets: secretManager: - versionName: projects/PROJECT/secrets/db-password/versions/latest env: 'DB_PASSWORD'

Option 2: Local with Proxy (Simple)

./cloud-sql-proxy PROJECT:REGION:INSTANCE & python manage.py migrate

Dependencies

Required:

Django>=5.1 - Web framework psycopg2-binary>=2.9.9 - PostgreSQL adapter gunicorn>=23.0.0 - WSGI server for App Engine

Recommended:

whitenoise>=6.7.0 - Static file serving python-dotenv>=1.0.0 - Local environment variables

Optional:

google-cloud-secret-manager>=2.20.0 - Secret Manager integration cloud-sql-python-connector[pg8000]>=1.12.0 - Python-native Cloud SQL connector django-db-connection-pool>=1.2.5 - Connection pooling (alternative to CONN_MAX_AGE) Official Documentation Cloud SQL for PostgreSQL: https://cloud.google.com/sql/docs/postgres App Engine Python 3: https://cloud.google.com/appengine/docs/standard/python3 Cloud SQL Auth Proxy: https://cloud.google.com/sql/docs/postgres/connect-auth-proxy Django on App Engine: https://cloud.google.com/python/django/appengine Cloud SQL Python Connector: https://github.com/GoogleCloudPlatform/cloud-sql-python-connector Secret Manager: https://cloud.google.com/secret-manager/docs Package Versions (Verified 2026-01-24) { "dependencies": { "Django": ">=5.1,<6.0", "psycopg2-binary": ">=2.9.9", "gunicorn": ">=23.0.0", "whitenoise": ">=6.7.0" }, "optional": { "google-cloud-secret-manager": ">=2.20.0", "cloud-sql-python-connector": ">=1.12.0" } }

Production Example

This skill is based on production Django deployments on App Engine:

Use Case: Multi-tenant SaaS application Traffic: 10K+ daily requests Database: Cloud SQL PostgreSQL (db-g1-small, 25 connections) Errors: 0 (all 12 known issues prevented) Validation: Unix socket connection, connection pooling, static files, CSRF Troubleshooting Problem: No such file or directory for socket

Solution:

Verify beta_settings.cloud_sql_instances in app.yaml Check connection name format: PROJECT:REGION:INSTANCE Ensure Cloud SQL instance exists: gcloud sql instances list Problem: Connection works locally but fails on App Engine

Solution:

Verify HOST uses Unix socket path, not 127.0.0.1 Check environment variables are set in app.yaml Verify App Engine service account has Cloud SQL Client role Problem: Migrations timeout during deployment

Solution:

Don't run migrations in app.yaml entrypoint Use Cloud Build or run locally with proxy before deploying For large migrations, increase Cloud SQL tier temporarily Problem: Static files 404 after deploy

Solution:

Run python manage.py collectstatic --noinput before deploy Verify static/ handler in app.yaml points to correct directory Check WhiteNoise is in MIDDLEWARE list Complete Setup Checklist Cloud SQL PostgreSQL instance created Database and user created in Cloud SQL Cloud SQL Auth Proxy installed locally Django settings configured for Unix socket (production) and localhost (dev) beta_settings.cloud_sql_instances in app.yaml CONN_MAX_AGE set for connection pooling Environment variables configured (DB_NAME, DB_USER, etc.) DB_PASSWORD stored securely (not in app.yaml) Static files collected and handler configured CSRF_TRUSTED_ORIGINS includes *.appspot.com Migrations run (locally with proxy) before first deploy Deployed with gcloud app deploy Verified database connection in production logs

Questions? Issues?

Check the troubleshooting section above Verify all environment variables are set correctly Check official docs: https://cloud.google.com/python/django/appengine Ensure Cloud SQL instance is running: gcloud sql instances list

Last verified: 2026-01-24 | Skill version: 1.0.0