項目部署指南

很久不寫django了,把以前的筆記寫一下node

1 上線前的檢查工做
python manage.py check --deploy
2 將DEBUG設置爲False並配置ALLOWED_HOSTS
DEBUG=False
ALLOWED_HOSTS=['*']
3 安全相關配置。
# 保持HTTPS鏈接時間
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

# 自動重定向到安全鏈接
SECURE_SSL_REDIRECT = True

# 避免瀏覽器自做聰明推斷內容類型
SECURE_CONTENT_TYPE_NOSNIFF = True

# 避免跨站腳本攻擊
SECURE_BROWSER_XSS_FILTER = True

# COOKIE只能經過HTTPS進行傳輸
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

# 防止點擊劫持攻擊手段 - 修改HTTP協議響應頭
# 當前網站是不容許使用<iframe>標籤進行加載的
X_FRAME_OPTIONS = 'DENY'
4 敏感信息放到環境變量或文件中
SECRET_KEY = os.environ["SECRET_KEY"]

DB_USER = os.environ['DB_USER']
DB_PASS = os.environ['DB_PASS']

REDIS_AUTH = os.environ['REDIS_AUTH']
更新服務器python環境到3.x
1.安裝底層依賴庫
yum -y install wget gcc zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel
2 下載python源代碼
wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
3 解壓縮和解歸檔
xz -d Python-3.7.0.tar.xz
tar -xvf Python-3.7.0.tar
4 執行配置生成Makefile(構建文件)
cd Python-3.7.0
./configure --prefix=/usr/local/python37 --enable-optimizations
5構建和安裝
make&& make install
6 配置PATH環境變量並激活
cd ~
vim .bash_profile

... 此處省略上面的代碼...
export PATH=$PATH:/usr/local/python37/bin
... 此處省略下面的代碼...


source .bash_profile
7 註冊軟連接
ln -s /usr/local/python37/bin/python3.7 /usr/bin/python3
ln -s /usr/local/python37/bin/pip3.7 /usr/bin/pip3
8 測試python環境是否更新成功
python3 --version
 python --version
項目目錄結構

假設項目文件夾爲project,下面的四個子目錄分別是:conf、logs、src和venv分別用來保存項目的配置文件、日誌文件、源代碼和虛擬環境。其中,conf目錄下的子目錄cert中保存了配置HTTPS須要使用的證書和密鑰;src目錄下的項目代碼能夠經過版本控制工具從代碼倉庫中檢出;虛擬環境能夠經過venv或其餘工具進行建立。python

project
├── conf
│   ├── cert
│   │   ├── 214915882850706.key
│   │   └── 214915882850706.pem
│   ├── nginx.conf
│   └── uwsgi.ini
├── logs
│   ├── access.log
│   ├── error.log
│   └── uwsgi.log
├── requirements.txt
├── src
│   └── fang
│       ├── common
│       ├── fang
│       ├── forum
│       ├── manage.py
│       ├── README.md
│       ├── rent
│       ├── static
│       └── templates
│      
└── venv
    ├── bin
    │   ├── activate
    │   ├── activate.csh
    │   ├── activate.fish
    │   ├── celery
    │   ├── celerybeat
    │   ├── celeryd
    │   ├── celeryd-multi
    │   ├── coverage
    │   ├── coverage3
    │   ├── coverage-3.7
    │   ├── django-admin
    │   ├── django-admin.py
    │   ├── easy_install
    │   ├── easy_install-3.7
    │   ├── pip
    │   ├── pip3
    │   ├── pip3.7
    │   ├── __pycache__
    │   ├── pyrsa-decrypt
    │   ├── pyrsa-decrypt-bigfile
    │   ├── pyrsa-encrypt
    │   ├── pyrsa-encrypt-bigfile
    │   ├── pyrsa-keygen
    │   ├── pyrsa-priv2pub
    │   ├── pyrsa-sign
    │   ├── pyrsa-verify
    │   ├── python -> python3
    │   ├── python3 -> /usr/bin/python3
    │   └── uwsgi
    ├── include
    ├── lib
    │   └── python3.7
    ├── lib64 -> lib
    ├── pip-selfcheck.json
    └── pyvenv.cfg
uWSGI的配置
1 在project目錄下建立並激活虛擬環境
python3 -m venv venv
source venv/bin/activate
2 安裝項目依賴
pip install -r requirements.txt
3 經過pip安裝uWSGI
pip install uwsgi
4 修改uWSGI的配置文件 (/root/project/conf/uwsgi.ini)
[uwsgi]
# 配置前導路徑
base=/root/project
# 配置項目名稱
name=fang
# 守護進程
master=true
# 進程個數
processes=4
# 虛擬環境
pythonhome=%(base)/venv
# 項目地址
chdir=%(base)/src/%(name)
# 指定python解釋器
pythonpath=%(pythonhome)/bin/python
# 指定uwsgi文件
module=%(name).wsgi
# 通訊的地址和端口(本身服務器的IP地址和端口)
socket=172.18.61.250:8000
# 日誌文件地址
logto = %(base)/logs/uwsgi.log

說明:能夠先將「通訊的地址和端口」項等號前面改成http來進行測試,若是沒有問題再改回 成socket,而後經過Nginx來實現項目的「動靜分離」(靜態資源交給Nginx處理,動態內容交給 uWSGI處理)。按照下面的方式能夠啓動uWSGI服務器mysql

5 啓動服務器
uwsgi --ini uwsgi.ini &
nginx配置
1 修改全局配置文件(/etc/nginx/nginx.conf)
# 配置用戶
user root;
# 工做進程數(建議跟CPU的核數量一致)
worker_processes auto;
# 錯誤日誌
error_log /var/log/nginx/error.log;
# 進程文件
pid /run/nginx.pid;
# 包含其餘的配置
include /usr/share/nginx/modules/*.conf;
# 工做模式和鏈接上限
events {
     use epoll;
      worker_connections 1024;
}
# HTTP服務器相關配置
http {
   # 日誌格式
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
    # 訪問日誌
    access_log  /var/log/nginx/access.log  main;
        # 開啓高效文件傳輸模式
        sendfile            on;
    # 用sendfile傳輸文件時有利於改善性能
    tcp_nopush          on;
    # 禁用Nagle來解決交互性問題
    tcp_nodelay         on;
    # 客戶端保持鏈接時間
    keepalive_timeout   15;
    types_hash_max_size 2048;
    # 包含MIME類型的配置
    include             /etc/nginx/mime.types;
    # 默認使用二進制流格式
    default_type        application/octet-stream;
    # 包含其餘配置文件
    include /etc/nginx/conf.d/*.conf;
    # 包含項目的Nginx配置文件
    include /root/project/conf/*.conf;
}
2 編輯局部配置文件(/root/project/conf/nginx.conf)
server {
    listen      80;
    server_name _;
    access_log /root/project/logs/access.log;
    error_log /root/project/logs/error.log;
    location / {
        include uwsgi_params;
        uwsgi_pass 172.18.61.250:8000;
    }
    location /static/ {
        alias /root/project/src/fang/static/;
        expires 30d;
    }
}
server {
    listen      443;
    server_name _;
    ssl         on;
    access_log /root/project/logs/access.log;
    error_log /root/project/logs/error.log;
    ssl_certificate     /root/project/conf/cert/214915882850706.pem;
    ssl_certificate_key /root/project/conf/cert/214915882850706.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        include uwsgi_params;
        uwsgi_pass 172.18.61.250:8000;
    }
    location /static/ {
        alias /root/project/src/fang/static/;
        expires 30d;
    }
}

到此爲止,咱們能夠啓動Nginx來訪問咱們的應用程序,HTTP和HTTPS都是沒有問題的,若是Nginx已經運行,在修改配置文件後,咱們能夠用下面的命令從新啓動Nginx。nginx

3 重啓nginx服務器
nginx -s reload

說明:能夠對Django項目使用python manage.py collectstatic命令將靜態資源收集到指定目錄下,要作到這點只須要在項目的配置文件settings.py中添加STATIC_ROOT配置便可。sql

負載均衡配置

下面的配置中咱們使用Nginx實現負載均衡,爲另外的三個Nginx服務器(經過Docker建立)提供反向代理服務。docker

docker run -d -p 801:80 --name nginx1 nginx:latest
docker run -d -p 802:80 --name nginx2 nginx:latest
docker run -d -p 803:80 --name nginx3 nginx:latest

修改配置文件django

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

爲HTTP服務配置負載均衡json

http {   
    upstream fang.com {
        server x.x.x.x:801;
        server x.x.x.x:802;
        server x.x.x.x:803;
    }

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    listen       443 ssl;
    listen       [::]:443 ssl;

   ssl on;
    access_log /root/project/logs/access.log;
    error_log /root/project/logs/error.log;
    ssl_certificate /root/project/conf/cert/214915882850706.pem;
    ssl_certificate_key /root/project/conf/cert/214915882850706.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_pass http://fang.com;
    }
}

}vim

當使用Nginx進行負載均衡配置時,要考慮負載均衡服務器宕機的狀況。爲此可使用Keepalived來實現負載均衡主機和備機的熱切換,從而保證系統的高可用性。Keepalived的配置仍是比較複雜,一般由專門作運維的人進行配置瀏覽器

MySQL主從複製

下面仍是基於Docker來演示如何配置MySQL主從複製。咱們事先準備好MySQL的配置文件以及保存MySQL數據和運行日誌的目錄,而後經過Docker的數據卷映射來指定容器的配置、數據和日誌文件的位置。

root
└── mysql
    ├── conf
    │   ├── master
    │   │   └── mysqld.cnf
    │   ├── slave1
    │   │   └── mysqld.cnf
    │   ├── slave2
    │   │   └── mysqld.cnf
    │   └── slave3
    │       └── mysqld.cnf
    └── data
        ├── master
        ├── slave1
        ├── slave2
        └── slave3
1 MySQL的配置文件(master和slave的配置文件須要不一樣的server-id)。
[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysqld/mysqld.sock
datadir=/var/lib/mysql
log-error=/var/log/mysql/error.log
server-id=1
log_bin=/var/log/mysql/mysql-bin.log
expire_logs_days=30
max_binlog_size=256M
symbolic-links=0
2 建立和配置master
docker run -d -p 3306:3306 --name mysql57 \
-v /root/mysql/conf/master:/etc/mysql/mysql.conf.d \
-v /root/mysql/data/master:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 mysql:5.7

docker exec -it mysql57 /bin/bash

mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.7.23-log MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant replication slave on *.* to 'slave'@'%' identified by 'iamslave';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> show master status;
+------------------+----------+--------------+------------------+-------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+------------------+----------+--------------+------------------+-------------------+
| mysql-bin.000001 |      590 |              |                  |                   |
+------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)

mysql> quit
Bye
exit

上面建立Docker容器時使用的-v參數(--volume)表示映射數據卷,冒號前是宿主機的目錄,冒號後是容器中的目錄,這樣至關於將宿主機中的目錄掛載到了容器中

3 建立和配置slave。
docker run -d -p 3307:3306 --name mysql57-slave-1 \
-v /root/mysql/conf/slave1:/etc/mysql/mysql.conf.d \
-v /root/mysql/data/slave1:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
--link mysql57:mysql57 mysql:5.7

docker exec -it mysql57-slave-1 /bin/bash

接下來能夠如法炮製配置出slave2和slave3,這樣就能夠搭建起一個「一主帶三從」的主從複製環境。上面建立建立容器時使用的--link參數用來配置容器在網絡上的主機名(網絡地址別名)

相關文章
相關標籤/搜索