Centos7.0 Minimal部署Django_centos 7.0mini

Centos7.0 Minimal部署Django

购买了一个VPS，部署Django，大致步骤是，安装python3，nginx，uwsgi， django使用2.2。
另外将安装celery等工具

先修改时间！！

# 修改时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# 手动修改时间
date -s "2019-12-21 01:59:00"
# 写入bios 重启不会失效
hwclock -w
1
2
3
4
5
6

自动同步校准时间

# 先检测是否已开启
systemctl status ntpd
# 安装NTP
yum -y install ntp
# 动ntpd daemon，持续校准时间
systemctl start ntpd
# 查看状态
systemctl status ntpd
# 开机启动
systemctl enable ntpd
1
2
3
4
5
6
7
8
9
10

安装工具

安装 wget

yum install -y wget
1

安装Python3

安装依赖包

包括gcc编译器等编译工具和python的依赖。

yum -y groupinstall "Development tools"
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
1
2

下载 python3.6.2

建立文件夹并cd到该目录下

mkdir /usr/local/python3
cd /usr/local/python3
1
2

下载 python

wget https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz
1

安装

解压，然后配置编译并安装

tar -xvJf  Python-3.6.2.tar.xz
cd Python-3.6.2
./configure --prefix=/usr/local/python3
make && make install
1
2
3
4

建立软链

ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
1
2

安装nginx

配置目录

mkdir /usr/local/nginx
cd /usr/local/nginx
1
2

下载

wget https://nginx.org/download/nginx-1.14.0.tar.gz
tar zxf nginx-1.14.0.tar.gz
cd nginx-1.14.0
1
2
3

配置编译安装

注意这里如果要开启https协议的话，要安装加上 --with-http_ssl_module 模块

./configure --prefix=/usr/local/nginx --with-http_ssl_module
make && make install
1
2

启动停止重启

先查看安装的路径

whereis nginx
nginx: /usr/local/nginx
1
2

cd 到nginx的sbin目录

cd /usr/local/nginx/sbin
1

启动停止重启命令

# 启动
./nginx
# 结束 待nginx进程处理任务完毕进行停止
./nginx -s quit
# 停止 直接强制杀死进程
./nginx -s stop
# 重启
./nginx -s reload
1
2
3
4
5
6
7
8

配置软连接

建立软链

ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
1

配置 http 80 端口

进入 nginx.conf 文件

vi /usr/local/nginx/conf/nginx.conf
1

修改为如下文件

#user  nobody;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    # 转发到 conf.d/*.conf 下
	include       conf.d/*.conf;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

创建 conf.d 目录

mkdir conf.d
cd conf.d
1
2

编辑项目文件

vi project.conf
1

修改为如下文件

server {
    listen 80; #暴露给外部访问的端口
    server_name localhost;
        charset utf-8;
    location / {
        include uwsgi_params;
        # 端口为 uwsgi 配置的端口
        uwsgi_pass 127.0.0.1:8996;
    }
    location /static/ {
        root /home/www/daipao/; #项目静态路径设置
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13

配置 https 443 端口

将 1_bundle.crt 和 2.key 文件放在conf目录下。

/nginx/conf/conf.d目录下
创建文件ssl.conf

vi ssl.conf
1

server {
        listen 443;
        server_name www.baidu.cn;# 网站
        ssl on;
        ssl_certificate 1_www.baid.cn_bundle.crt; # 更改网站
        ssl_certificate_key 2_www.daipaosport.cn.key; # 更改网站
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
                        include uwsgi_params;
                        uwsgi_pass 127.0.0.1:8996;
                }
                location /static/ {
                        root /home/www/xxxxx/; #更改项目跟目录
                }
    }

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

重启nginx，如果出现下面的错误，则是之前nginx没有安装 --with-http_ssl_module

nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/conf.d/ssl.conf:4
1

解决方法:

1. 重新编译nginx，带上 SSL 模块

cd /usr/local/nginx/nginx-1.42/
./configure --prefix=/usr/local/nginx/ --with-http_ssl_module
make
//make (没有make install)
1
2
3
4

2. 备份nginx的二进制文件

 cp -rf /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
1

3. 覆盖nginx的二进制文件

cp objs/nginx /usr/local/nginx/sbin/nginx
cp：是否覆盖"/usr/local/nginx-1.13.5/sbin//nginx"？ y
cp: 无法创建普通文件"/usr/local/nginx-1.13.5/sbin//sbin/nginx": 
文本文件忙 （nginx二进制文件繁忙，可以停止nginx，再试一次就可以了）
1
2
3
4

5. 重启nginx

测试发现首页没有nginx页面，端口开放情况

[root@djlee]netstat -tlnp | |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      30579/nginx: master
1
2

端口已经开放，查看防火墙

[root@djlee conf.d]# firewall
-bash: firewall: command not found
[root@djlee conf.d]# iptables
iptables v1.4.21: no command specified
Try `iptables -h' or 'iptables --help' for more information.
1
2
3
4
5

即没有firewall，也没有iptables
查看发现有 firewall

[root@djlee conf.d]# ps aux | grep firewall
root       325  0.0  1.3 327548 21252 ?        Ssl  12:14   0:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
root     31424  0.0  0.0 112716   940 pts/1    S+   16:34   0:00 grep --color=auto firewall
1
2
3

firewalld 基本使用

firewall与iptables一样都是服务，所以可以使用systemctl服务管理工具来操作

基本命令

# 查看状态
systemctl status firewalld
# 停止
systemctl stop firewalld
# 启动
systemctl start firewalld
# 重启
systemctl restart firewalld
1
2
3
4
5
6
7
8

操作端口

# 查看端口
firewall-cmd --zone=public --list-ports

# 开启一个端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
# --permanent 永久生效，没有此参数重启后失效

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/16" port protocol="tcp" port="8432" accept'
# 查看rich-rules
firewall-cmd --zone=public --list-rich-rules
# 关闭一个端口
firewall-cmd --zone=public --remove-port=9898/tcp --permanent
# --permanent 表示永久生效，没有此参数重启后失效

# 拒绝ip
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="34.142.182.144" reject'

# 删除规则
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="34.142.182.144" reject'

# 使操作生效
firewall-cmd --reload 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

开放GRE协议

完整的应该是
防火墙配置
添加masquerade

firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade
firewall-cmd --query-masquerade

查看服务

firewall-cmd --list-services
firewall-cmd --list-port

添加PPTP端口和GRE协议

firewall-cmd --permanent --zone=public --add-port=1723/tcp
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i ethxxx(填入网卡名称) -p gre -j ACCEPT

重启防火墙

firewall-cmd --reload

可能出现的问题

执行systemctl start firewalld 超时
解决方法：
systemctl stop firewalld;先停止
pkill -f firewalld;关闭firewalld进程
systemctl start firewalld;启动命令
官方解释可能原因： systemd didn’t know about the process that it didn’t start in the first place of course

配置 celery

先安装redis，然后再安装celery，之后配置celery和django。

安装 redis

下载并解压

mkdir /usr/local/redis
cd /usr/local/redis
wget https://download.redis.io/releases/redis-6.2.1.tar.gz
tar -zxvf redis-6.2.1.tar.gz
1
2
3
4

编译安装

cd redis-6.2.1
make MALLOC=libc
cd src && make install
1
2
3

配置后台启动
打开 redis-6.2.1 目录下的redis.conf

# 必须修改
将 daemonize no
设置为 daemonize yes
# 修改内网bind
bind 10.0.8.12
# 同时设置保护模式
protected-mode no
# 增加log输出
logfile "/var/log/redis.log"
1
2
3
4
5
6
7
8
9

# redis 检查dump文件位置
CONFIG GET dir
1) "dir"
2) "/usr/local/redis"
CONFIG GET dbfilename
1) "dbfilename"
2) "dump.rdb"
1
2
3
4
5
6
7

把 redis.conf 复制到 redis-6.2.1/src下，即与redis-server同一目录下。如果不复制到与 redis-server 同一目录下的话会出现

Redis "Fatal error, can't open config file ‘xxx’
1

然后在/usr/local/redis下创建文件 redis_6379，用于守护redis-server进程，注意使用Unix的换行（LR）

#!/bin/sh
#
# Simple Redis init.d script conceived to work on Linux systems
# as it does use of the /proc filesystem.

REDISPORT=6379
EXEC=/usr/local/redis/redis-6.2.1/src/redis-server # 此处填写redis-server的路径
CLIEXEC=/usr/local/bin/redis-cli

PIDFILE=/var/run/redis_${REDISPORT}.pid
CONF="/usr/local/redis-6.2.1/src/redis.conf" # 填写redis.conf的路径

case "$1" in
    start)
        if [ -f $PIDFILE ]
        then
                echo "$PIDFILE exists, process is already running or crashed"
        else
                echo "Starting Redis server..."
                $EXEC $CONF
        fi
        ;;
    stop)
        if [ ! -f $PIDFILE ]
        then
                echo "$PIDFILE does not exist, process is not running"
        else
                PID=$(cat $PIDFILE)
                echo "Stopping ..."
                $CLIEXEC -p $REDISPORT shutdown
                while [ -x /proc/${PID} ]
                do
                    echo "Waiting for Redis to shutdown ..."
                    sleep 1
                done
                echo "Redis stopped"
        fi
        ;;
    *)
        echo "Please use start or stop as first argument"
        ;;
esac

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

然后就可以启动停止redis了

# !!!!注意这里必须先cd到/usr/local/redis/再启动!!!
cd /usr/local/redis/
./redis_6379 start [stop]
1
2
3

安装 celery

进入虚拟环境下安装celery。以下proj均代表为项目名。

cd /home/www/proj
source venv/bin/activate
# 安装celery
pip install celery
1
2
3
4

配置 celery

以下内容大概是安装官方给出的教程配置的。

第一步：在 /etc/default 下创建 celeryd ，作为默认配置。

# Names of nodes to start
#   most people will only start one node:
CELERYD_NODES="worker"
#   but you can also start multiple and configure settings
#   for each in CELERYD_OPTS
#CELERYD_NODES="worker1 worker2 worker3"
#   alternatively, you can specify the number of nodes to start:
#CELERYD_NODES=10

# Absolute or relative path to the 'celery' command:
CELERY_BIN="/home/www/proj/venv/bin/celery" # 此处修改为项目虚拟环境下的celery
#CELERY_BIN="/virtualenvs/def/bin/celery"

# App instance to use
# comment out this line if you don't use an app
CELERY_APP="proj" # 此处修改为项目名
# or fully qualified:
#CELERY_APP="proj.tasks:app"

# Where to chdir at start.
CELERYD_CHDIR="/home/www/proj/" # 此处修改为项目路径

# Extra command-line arguments to the worker
CELERYD_OPTS="--time-limit=300 --concurrency=2" # 此处‘2’可以修改为核心数，是 celery 启动的进程数
# Configure node-specific settings by appending node name to arguments:
#CELERYD_OPTS="--time-limit=300 -c 8 -c:worker2 4 -c:worker3 2 -Ofair:worker1"

# Set logging level to DEBUG
#CELERYD_LOG_LEVEL="DEBUG"

# %n will be replaced with the first part of the nodename.
CELERYD_LOG_FILE="/var/log/celery/%n%I.log"
CELERYD_PID_FILE="/var/run/celery/%n.pid"

# Workers should run as an unprivileged user.
#   You need to create this user manually (or you can choose
#   a user/group combination that already exists (e.g., nobody).
CELERYD_USER="root"
CELERYD_GROUP="root"

# If enabled pid and log directories will be created if missing,
# and owned by the userid/group configured.
CELERY_CREATE_DIRS=1

# killed when runned 10 tasks
# worker_max_tasks_per_child = 10
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

第二步：配置 celery 守护进程。

官方给出的守护进程 celerybeat 和 celeryd 放在 /etc/rc.d/init.d下面

https://github.com/celery/celery/tree/3.1/extra/generic-init.d

# 先启动celeryd
/etc/rc.d/init.d/celeryd start {start|stop|force-reload|restart|try-restart|status}
# 再启动celerybeat
/etc/rc.d/init.d/celerybeat start {start|stop|force-reload|restart|try-restart|status}
1
2
3
4

这里必须先启动celeryd 再启动celerybeat，不然会出现任务结果无法写进数据库的问题

配置 django 项目

在项目下/home/www//proj/proj下创建文件 celery.py

from __future__ import absolute_import, unicode_literals
import os
from celery import Celery

# set the default Django settings module for the 'celery' program.
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'daipao.settings')

app = Celery('proj')

# Using a string here means the worker doesn't have to serialize
# the configuration object to child processes.
# - namespace='CELERY' means all celery-related configuration keys
#   should have a `CELERY_` prefix.
app.conf.broker_url = 'redis://localhost:6379/0'

# 这里我使用django orm 作为结果数据库
app.conf.result_backend = 'django-db'

app.conf.broker_transport_options = {'visibility_timeout': 3600}

# 这里规定了setting内可以以CELERY作为前辍配置celery
app.config_from_object('django.conf:settings', namespace='CELERY')

# Load task modules from all registered Django app configs.
app.autodiscover_tasks()

app.conf.update(
    CELERYBEAT_SCHEDULE={
        'keep-ps-alive': {
            'task': 'order.tasks.keep_ps_alive',
            'schedule':  1800, #这里设置的是 order App 下的task.py 下 keep_ps_alive() 函数每隔半小时运行一次，单位是秒
        }
})


@app.task(bind=True)
def debug_task(self):
    print('Request: {0!r}'.format(self.request))
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

这里我是使用 django orm 作为结果存储数据库，故要安装 django_celery_results 模块

pip install django_celery_results
1

需要在 /proj/setting.py 下引入该模块

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'xxx',
    'django_celery_results',
    'xxx',
]
1
2
3
4
5
6
7
8
9
10
11

然后在/proj/__init__.py下加入下面代码

from __future__ import absolute_import, unicode_literals

# This will make sure the app is always imported when
# Django starts so that shared_task will use this app.
from .celery import app as celery_app

__all__ = ('celery_app', )
1
2
3
4
5
6
7

部署

创建虚拟环境

pip3 install virtualenv
python3 -m virtualenv ./venv
# 进入虚拟环境
source ./venv/bin/activate
# 退出
deactivate
1
2
3
4
5
6

安装uwsgi

出现错误 python.h not found

解决方法：

1.安装编译工具

yum install -y gcc* pcre-devel openssl-devel
1

2.安装python-devel(重要)

yum search python36-devel
# 或者
yum search python3-devel
# 找到类似如下
python36-devel.x86_64 : Libraries and header files needed for Python development的
# 然后
yum install -y python3-devel.x86_64
1
2
3
4
5
6
7

之后就可去pip安装uwsgi了

启动uwsgi时一直报错sqlite3版本不对

出现错误

django.core.exceptions.ImproperlyConfigured: SQLite 3.8.3 or later
1

python manage.py 没有错误,但是启动uwsgi仍然报错,解决方法如下:

删除原来的版本并且安装新的版本
步骤：

1.备份旧版程序

利用命令找出旧版本的位置，将原来的程序拷贝为sqlite3_back作为备份，同时删除/usr/lib64/libsqlite3.so.0以及/usr/lib64/libsqlite3.so.0.8.6(也可以选择备份)，你的文件所在位置可能与我不同，可以利用find / -name libsqlite3* 找到这两个文件，名称是一致的

2.安装新版程序

获取源码：wget https://www.sqlite.org/snapshot/sqlite-snapshot-202011020040.tar.gz
tar -zxvf sqlite-snapshot-202011020040.tar.gz&./configure &makemake install即可

3.库文件拷贝(重要)

cp /usr/local/lib/libsqlite3.so.0 /usr/lib64/
这里的目标位置就是我们刚才备份旧文件的位置

# 启动xml的
uwsgi -x xxxxx.xml
# 或者ini
uwsgi --ini xxxxx.ini
# 停止必须要有文件
uwsgi --stop uwsgi.pid
1
2
3
4
5
6

安装mysql8

python 的 mysqlclient依赖

yum install mysql-devel -y
1

删除 mariadb

rpm -e mariadb-libs-5.5.60-1.el7_5.x86_64 --nodeps
1

# 配置源
rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
# yum安装
yum --enablerepo=mysql80-community install mysql-community-server
# 开启服务
service mysqld start
# 查看状态
service mysqld status
1
2
3
4
5
6
7
8

# 获得初始密码
grep "A temporary password" /var/log/mysqld.log
# 登录
mysql -uroot -p
# 修改密码
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'
# 密码无法修改，设置密码策略
set global validate_password.policy=0;
# 修改root@loacalhost为%
use mysql;
update user set host = '%' where user ='root'; 
ALTER USER 'root'@'%' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER; #更改加密方式
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password'
# 创建用户
create user 'username'@'%' IDENTIFIED WITH mysql_native_password BY 'password'
# 授权
# 允许用户对db1进行任何操作
grant all privileges on db1.* to "username"@'%';
# 查看编码
show variables like 'character%';
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

其他参照
https://blog.csdn.net/our_times/article/details/98882701

配置supervisor

# 安装
yum install supervisor
# 开机自启
systemctl enable supervisord
# 启动sup
systemctl start supervisord
# 必须要先执行这个命令！
supervisord [-c /etc/supervisord.conf]
# 查看状态
systemctl status supervisord
1
2
3
4
5
6
7
8
9
10

默认配置文件/etc/supervisord.conf 中已经配置了include supervisord.d/*.ini
在/etc/supervisord.d/中增加类似如下配置

[program:beatscript]
directory=/home/www/AnchorManagement
command= /home/www/AnchorManagement/venv/bin/python manage.py beatscript
user=root
autostart=false
startsecs=5
autorestart=true
startretries=3
redirect_stderr=true
stopasgroup=true
killasgroup=true
loglevel=info
stdout_logfile=/var/log/beatscript/out.log # 这里要先创建指定的文件
stderr_logfile=/var/log/beatscript/err.log # 这里要先创建指定的文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14

运行supervisor指令

#启动supervisor，-c制定让其读取的配置文件
supervisord [-c /etc/supervisord.conf]
#关闭supervisor
supervisorctl shutdown

#重新加载supervisor配置文件，并重启superivisor
supervisorctl reload

#添加或删除配置文件后更新
supervisorctl update

#管理supervisor的服务
###启动程序
supervisorctl start all
supervisorctl start program_name 
###关闭程序
supervisorctl stop all
supervisorctl stop program_name 
###查看程序
supervisorctl status [program_name]
###重新启动所有程序或者是某个程序
supervisorctl restart all
supervisorctl restart program_name 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

配置V.P.N

就4个命令

yum install -y pptp pptp-setup
pptpsetup --create VPN_NAME --server VPN_IP --username VPN用户名 --password VPN密码 --encrypt
cp /usr/share/doc/ppp-2.4.5/scripts/po{n,ff} /sbin/
chmod 755 /sbin/po{n,ff}

然后就可以用命令来连接和断开连接
pon VPN_NAME
poff VPN_NAME
1
2
3
4
5
6
7
8
9
10