很久不寫django了,把以前的筆記寫一下node
python manage.py check --deploy
DEBUG=False ALLOWED_HOSTS=['*']
# 保持HTTPS鏈接時間 SECURE_HSTS_SECONDS = 3600 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True # 自動重定向到安全鏈接 SECURE_SSL_REDIRECT = True # 避免瀏覽器自做聰明推斷內容類型 SECURE_CONTENT_TYPE_NOSNIFF = True # 避免跨站腳本攻擊 SECURE_BROWSER_XSS_FILTER = True # COOKIE只能經過HTTPS進行傳輸 SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True # 防止點擊劫持攻擊手段 - 修改HTTP協議響應頭 # 當前網站是不容許使用<iframe>標籤進行加載的 X_FRAME_OPTIONS = 'DENY'
SECRET_KEY = os.environ["SECRET_KEY"] DB_USER = os.environ['DB_USER'] DB_PASS = os.environ['DB_PASS'] REDIS_AUTH = os.environ['REDIS_AUTH']
yum -y install wget gcc zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel
wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
xz -d Python-3.7.0.tar.xz tar -xvf Python-3.7.0.tar
cd Python-3.7.0 ./configure --prefix=/usr/local/python37 --enable-optimizations
make&& make install
cd ~ vim .bash_profile ... 此處省略上面的代碼... export PATH=$PATH:/usr/local/python37/bin ... 此處省略下面的代碼... source .bash_profile
ln -s /usr/local/python37/bin/python3.7 /usr/bin/python3 ln -s /usr/local/python37/bin/pip3.7 /usr/bin/pip3
python3 --version python --version
假設項目文件夾爲project,下面的四個子目錄分別是:conf、logs、src和venv分別用來保存項目的配置文件、日誌文件、源代碼和虛擬環境。其中,conf目錄下的子目錄cert中保存了配置HTTPS須要使用的證書和密鑰;src目錄下的項目代碼能夠經過版本控制工具從代碼倉庫中檢出;虛擬環境能夠經過venv或其餘工具進行建立。python
project ├── conf │ ├── cert │ │ ├── 214915882850706.key │ │ └── 214915882850706.pem │ ├── nginx.conf │ └── uwsgi.ini ├── logs │ ├── access.log │ ├── error.log │ └── uwsgi.log ├── requirements.txt ├── src │ └── fang │ ├── common │ ├── fang │ ├── forum │ ├── manage.py │ ├── README.md │ ├── rent │ ├── static │ └── templates │ └── venv ├── bin │ ├── activate │ ├── activate.csh │ ├── activate.fish │ ├── celery │ ├── celerybeat │ ├── celeryd │ ├── celeryd-multi │ ├── coverage │ ├── coverage3 │ ├── coverage-3.7 │ ├── django-admin │ ├── django-admin.py │ ├── easy_install │ ├── easy_install-3.7 │ ├── pip │ ├── pip3 │ ├── pip3.7 │ ├── __pycache__ │ ├── pyrsa-decrypt │ ├── pyrsa-decrypt-bigfile │ ├── pyrsa-encrypt │ ├── pyrsa-encrypt-bigfile │ ├── pyrsa-keygen │ ├── pyrsa-priv2pub │ ├── pyrsa-sign │ ├── pyrsa-verify │ ├── python -> python3 │ ├── python3 -> /usr/bin/python3 │ └── uwsgi ├── include ├── lib │ └── python3.7 ├── lib64 -> lib ├── pip-selfcheck.json └── pyvenv.cfg
python3 -m venv venv source venv/bin/activate
pip install -r requirements.txt
pip install uwsgi
[uwsgi] # 配置前導路徑 base=/root/project # 配置項目名稱 name=fang # 守護進程 master=true # 進程個數 processes=4 # 虛擬環境 pythonhome=%(base)/venv # 項目地址 chdir=%(base)/src/%(name) # 指定python解釋器 pythonpath=%(pythonhome)/bin/python # 指定uwsgi文件 module=%(name).wsgi # 通訊的地址和端口(本身服務器的IP地址和端口) socket=172.18.61.250:8000 # 日誌文件地址 logto = %(base)/logs/uwsgi.log
說明:能夠先將「通訊的地址和端口」項等號前面改成http來進行測試,若是沒有問題再改回 成socket,而後經過Nginx來實現項目的「動靜分離」(靜態資源交給Nginx處理,動態內容交給 uWSGI處理)。按照下面的方式能夠啓動uWSGI服務器mysql
uwsgi --ini uwsgi.ini &
# 配置用戶 user root; # 工做進程數(建議跟CPU的核數量一致) worker_processes auto; # 錯誤日誌 error_log /var/log/nginx/error.log; # 進程文件 pid /run/nginx.pid; # 包含其餘的配置 include /usr/share/nginx/modules/*.conf; # 工做模式和鏈接上限 events { use epoll; worker_connections 1024; } # HTTP服務器相關配置 http { # 日誌格式 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # 訪問日誌 access_log /var/log/nginx/access.log main; # 開啓高效文件傳輸模式 sendfile on; # 用sendfile傳輸文件時有利於改善性能 tcp_nopush on; # 禁用Nagle來解決交互性問題 tcp_nodelay on; # 客戶端保持鏈接時間 keepalive_timeout 15; types_hash_max_size 2048; # 包含MIME類型的配置 include /etc/nginx/mime.types; # 默認使用二進制流格式 default_type application/octet-stream; # 包含其餘配置文件 include /etc/nginx/conf.d/*.conf; # 包含項目的Nginx配置文件 include /root/project/conf/*.conf; }
server { listen 80; server_name _; access_log /root/project/logs/access.log; error_log /root/project/logs/error.log; location / { include uwsgi_params; uwsgi_pass 172.18.61.250:8000; } location /static/ { alias /root/project/src/fang/static/; expires 30d; } } server { listen 443; server_name _; ssl on; access_log /root/project/logs/access.log; error_log /root/project/logs/error.log; ssl_certificate /root/project/conf/cert/214915882850706.pem; ssl_certificate_key /root/project/conf/cert/214915882850706.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { include uwsgi_params; uwsgi_pass 172.18.61.250:8000; } location /static/ { alias /root/project/src/fang/static/; expires 30d; } }
到此爲止,咱們能夠啓動Nginx來訪問咱們的應用程序,HTTP和HTTPS都是沒有問題的,若是Nginx已經運行,在修改配置文件後,咱們能夠用下面的命令從新啓動Nginx。nginx
nginx -s reload
說明:能夠對Django項目使用python manage.py collectstatic命令將靜態資源收集到指定目錄下,要作到這點只須要在項目的配置文件settings.py中添加STATIC_ROOT配置便可。sql
下面的配置中咱們使用Nginx實現負載均衡,爲另外的三個Nginx服務器(經過Docker建立)提供反向代理服務。docker
docker run -d -p 801:80 --name nginx1 nginx:latest docker run -d -p 802:80 --name nginx2 nginx:latest docker run -d -p 803:80 --name nginx3 nginx:latest
修改配置文件django
user root; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; }
爲HTTP服務配置負載均衡json
http { upstream fang.com { server x.x.x.x:801; server x.x.x.x:802; server x.x.x.x:803; } server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl; listen [::]:443 ssl; ssl on; access_log /root/project/logs/access.log; error_log /root/project/logs/error.log; ssl_certificate /root/project/conf/cert/214915882850706.pem; ssl_certificate_key /root/project/conf/cert/214915882850706.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; proxy_pass http://fang.com; } }
}vim
當使用Nginx進行負載均衡配置時,要考慮負載均衡服務器宕機的狀況。爲此可使用Keepalived來實現負載均衡主機和備機的熱切換,從而保證系統的高可用性。Keepalived的配置仍是比較複雜,一般由專門作運維的人進行配置瀏覽器
下面仍是基於Docker來演示如何配置MySQL主從複製。咱們事先準備好MySQL的配置文件以及保存MySQL數據和運行日誌的目錄,而後經過Docker的數據卷映射來指定容器的配置、數據和日誌文件的位置。
root └── mysql ├── conf │ ├── master │ │ └── mysqld.cnf │ ├── slave1 │ │ └── mysqld.cnf │ ├── slave2 │ │ └── mysqld.cnf │ └── slave3 │ └── mysqld.cnf └── data ├── master ├── slave1 ├── slave2 └── slave3
[mysqld] pid-file=/var/run/mysqld/mysqld.pid socket=/var/run/mysqld/mysqld.sock datadir=/var/lib/mysql log-error=/var/log/mysql/error.log server-id=1 log_bin=/var/log/mysql/mysql-bin.log expire_logs_days=30 max_binlog_size=256M symbolic-links=0
docker run -d -p 3306:3306 --name mysql57 \ -v /root/mysql/conf/master:/etc/mysql/mysql.conf.d \ -v /root/mysql/data/master:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=123456 mysql:5.7 docker exec -it mysql57 /bin/bash mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.7.23-log MySQL Community Server (GPL) Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> grant replication slave on *.* to 'slave'@'%' identified by 'iamslave'; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> show master status; +------------------+----------+--------------+------------------+-------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set | +------------------+----------+--------------+------------------+-------------------+ | mysql-bin.000001 | 590 | | | | +------------------+----------+--------------+------------------+-------------------+ 1 row in set (0.00 sec) mysql> quit Bye exit
上面建立Docker容器時使用的-v參數(--volume)表示映射數據卷,冒號前是宿主機的目錄,冒號後是容器中的目錄,這樣至關於將宿主機中的目錄掛載到了容器中
docker run -d -p 3307:3306 --name mysql57-slave-1 \ -v /root/mysql/conf/slave1:/etc/mysql/mysql.conf.d \ -v /root/mysql/data/slave1:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=123456 \ --link mysql57:mysql57 mysql:5.7 docker exec -it mysql57-slave-1 /bin/bash
接下來能夠如法炮製配置出slave2和slave3,這樣就能夠搭建起一個「一主帶三從」的主從複製環境。上面建立建立容器時使用的--link參數用來配置容器在網絡上的主機名(網絡地址別名)