bind智能DNS + bindUI管理系統(postgresql + bind dlz)

時間  2020-05-02
標籤 bind 智能 dns bindui 管理 系統 postgresql dlz 欄目 系統網絡 简体版
原文   原文鏈接

 # 軟件環境:javascript

* Centos 7.6css

* bind-9.14.1.tar.gzhtml

* postgresql 11java

* python 3.7node

* django 2.2.1python

QPS:單節點1590 qps mysql

 

# 目前測試性能最高的方案linux

* bind-9.12.4/bind-9.12.一、postgresql 十一、Centos 7.6,4核心8G的ESXi虛擬機,開4線程,單節點查詢性能可達68842 qpsnginx

zone數據使用文件配置加載到內存方式(即不使用數據庫)的測試性能可達:80514 qpsc++

 

## 測試其餘說明

bind-9.12.四、mysql開多線程則奇慢無比

bind-9.13.3到bind-9.15.0都只有單線程,即便啓動參數配置多線程,實際運行也是單線程,通過測試,這些版本與mysql結果性能會比postgresql高一些,mysql性能2300 qps左右,postgresql性能1600 qps,基本範圍1400-2400 qps

從bind-9.13.3及以後的版本不支持 --enable-threads 配置參數,即多線程的支持,bind-9.13.2還支持 

 

# 安裝基本包

yum install -y bind-utils traceroute wget man sudo ntp ntpdate screen patch make gcc gcc-c++ flex bison zip unzip ftp net-tools --skip-broken 

關聯動態庫 

# vi /etc/ld.so.conf                         添加以下內容

include /etc/ld.so.conf.d/*.conf

/usr/local/lib

/usr/local/lib64

/lib

/lib64

/usr/lib

/usr/lib64

 

編輯完ld.so.conf,執行 

ldconfig 

使動態庫生效

 

# 安裝postgresql

參考地址:https://www.postgresql.org/download/linux/redhat/

yum -y install https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-redhat11-11-2.noarch.rpm

yum -y install postgresql11

yum -y install postgresql11-server

yum -y install postgresql11-libs

yum -y install postgresql11-devel

/usr/pgsql-11/bin/postgresql-11-setup initdb
systemctl enable postgresql-11

 

## 添加環境變量

把/usr/pgsql-11/bin加入到 /etc/profile系統環境變量裏

如:

## PATH
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:$JAVA_HOME/bin:/usr/pgsql-11/bin

. /etc/profile

 

## postgresql設置

/var/lib/pgsql/11/data/postgresql.conf

listen_addresses = '*'
port = 5432
max_connections = 5120

tail -n 20 /var/lib/pgsql/11/data/pg_hba.conf

規則從上往下匹配,匹配到一條後就中止往下匹配了

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
## host    all             all             127.0.0.1/32            ident
host all all 127.0.0.1/32 md5 host all all 0.0.0.0/0 md5
# IPv6 local connections:
host    all             all             ::1/128                 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            ident
#host    replication     all             ::1/128                 ident

 

## 啓動postgresql

systemctl start postgresql-11

 

## 建立用戶、數據庫

su postgres
psql
create user bind_ui_wr with encrypted password 'ww123456'; # encrypted 表示用加密方式保存密碼,若是不指定,則是根據配置文件中的password_encryption參數決定

create database bind_ui owner bind_ui_wr ENCODING=utf8;

## 建立只讀用戶

CREATE USER bind_ui_r WITH ENCRYPTED PASSWORD 'rr123456';

alter user bind_ui_r set default_transaction_read_only=on;  # 設置默認事務只讀

GRANT CONNECT ON DATABASE bind_ui to bind_ui_r; # 賦予用戶鏈接數據庫bind_ui的權限

\c bind_ui # 切換到指定庫bind_ui

GRANT USAGE ON SCHEMA public to bind_ui_r; # 把當前庫現有的全部在public這個schema下的表的使用權限賦給用戶

ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO bind_ui_r; # 默認把當前庫以後新建在public這個schema下的表的使用權限賦給bind_ui_r

GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO bind_ui_r; # 賦予用戶bind_ui_r全部public下的序列的查看權

GRANT SELECT ON ALL TABLES IN SCHEMA public TO bind_ui_r; # 賦予用戶bind_ui_r全部public下的表的select權

## 刪除只讀用戶方法

revoke USAGE ON SCHEMA public from bind_ui_r; # 回收schema的usage權限

revoke SELECT ON ALL TABLES IN SCHEMA public from bind_ui_r; # 回收public下全部表的查詢權限

revoke SELECT ON ALL SEQUENCES IN SCHEMA public from bind_ui_r; # 回收public下全部序列的查詢權限

ALTER DEFAULT PRIVILEGES IN SCHEMA public revoke SELECT ON TABLES from bind_ui_r; # 回收默認權限

revoke CONNECT ON DATABASE foo from bind_ui_r; # 關閉數據庫鏈接權限

alter user bind_ui_r set default_transaction_read_only=off; # 關閉默認只讀事務設置

\ddp # 查看權限是否爲空了

drop user bind_ui_r; # 刪除用戶

 

## 測試鏈接

psql -h 127.0.0.1 -p 5432 -U bind_ui_wr -d bind_ui

 

# 安裝bind

cd /usr/local/src

wget http://ftp.isc.org/isc/bind9/9.14.1/bind-9.14.1.tar.gz

wget https://www.openssl.org/source/openssl-1.0.2r.tar.gz

tar -zxvf openssl-1.0.2r.tar.gz; cd openssl-1.0.2r; ./config; make; make install

 

export LDFLAGS=-L/usr/pgsql-11/lib # 指定pgsql lib,要指定多個路徑時,使用:分隔,這對須要擴展多種數據庫驅動時頗有用,路徑查找postgresql lib dir: pg_config --libdir,mysql lib查找方法mysql_config --libs

./configure --prefix=/usr/local/bind_9.14.1 --with-dlz-postgres=yes --enable-threads --enable-epoll --enable-largefile --with-openssl=/usr/local/src/openssl-1.0.2r

make; make install

ln -s /usr/local/bind_9.14.1 /usr/local/bind

ln -s /usr/local/bind/etc /etc/named

groupadd -g 25 named

useradd named -M -u 25 -g 25 -s /sbin/nologin

chown -R named:named /usr/local/bind/var

mkdir -p /var/log/named  /usr/local/bind/etc/conf.d; chown -R named.named /var/log/named

 

systemctl 啓動腳本

cat /usr/lib/systemd/system/named.service

[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
 
[Service]
Type=forking
PIDFile=/usr/local/bind/var/named.pid
ExecStart=/usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf
ExecReload=/bin/sh -c '/usr/local/bind/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/local/bind/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
Restart=always
RestartSec=10
 
[Install]
WantedBy=multi-user.target

注意: /usr/local/bind/sbin/named -n 1 線程數

經測試,bind-9.1三、bind-9.14已經與線程數量無關,均爲單線程了。設置-n 4與-n 1性能都同樣 

bind-9.12.四、postgresql 11開多線程,性能很高

 

systemctl enable named;

cd /usr/local/bind/etc/ 

/usr/local/bind/sbin/rndc-confgen > rndc.conf 

tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf    #內容相似下面這樣:

key "rndc-key" {
    algorithm hmac-sha256;
    secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};
 
controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

 

cat /etc/name/named.conf

key "rndc-key" {
    algorithm hmac-sha256;
    secret "vCQLvxUeXxvcdKkt8JSNI9p6eB+/ZE9DKg6Wyq1g7Uo=";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
};

options {
    listen-on port 53 { any; };    # 開啓偵聽53端口,any表示接受任意ip鏈接
    directory "/usr/local/bind/var";
    dump-file "/usr/local/bind/var/named_dump.db"; # 執行rndc dumpdb [-all|-cache|-zones|-adb|-bad|-fail] [view ...]時保存數據的導出文件
    pid-file "named.pid";  # 文件內容就是named進程的id  
    allow-query{ any; };     # 容許任意ip查詢
    allow-query-cache { any; }; # 容許任意ip查詢緩存
    recursive-clients 60000;
    forwarders{ # 設置轉發的公網ip
        202.96.128.86;
        223.5.5.5;
    };
    forward only; # 置只使用forwarders DNS服務器作域名解析,若是查詢不到則返回DNS客戶端查詢失敗。
    # forward first; 設置優先使用forwarders DNS服務器作域名解析,若是查詢不到再使用本地DNS服務器作域名解析。
    max-cache-size 4g;
    dnssec-enable no; # 9.1三、9.14版本的bind作轉發時須要設置關閉DNS安全設置,不然轉發失敗,報broken trust chain/broken trust chain錯
    dnssec-validation no; # 9.1三、9.14版本的bind作轉發時須要設置關閉DNS安全驗證設置
};

logging {
    channel query_log {    # 查詢日誌
        file "/var/log/named/query.log" versions 20 size 300m;
        severity info;
        print-time yes;
        print-category yes;
    };
 
    channel error_log {    # 報錯日誌
        file "/var/log/named/error.log" versions 3 size 10m;
        severity notice;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
 
    category queries { query_log; };
    category default { error_log; };
};


# acl
include "/etc/named/conf.d/cn_dx.acl";
include "/etc/named/conf.d/cn_lt.acl";
include "/etc/named/conf.d/cn_yd.acl";
include "/etc/named/conf.d/cn_jy.acl";
include "/etc/named/conf.d/cn.acl";


# view
include "/etc/named/conf.d/cn_dx.conf";
include "/etc/named/conf.d/cn_lt.conf";
include "/etc/named/conf.d/cn_yd.conf";
include "/etc/named/conf.d/cn_jy.conf";
include "/etc/named/conf.d/cn.conf";
include "/etc/named/conf.d/default.conf";    # default view 放最後

 

 

日誌級別:

在定義通道的語句中,severity是指定記錄消息的級別。在bind中主要有如下幾個級別(按照嚴重性遞減的順序):

critical
error
warning
notice
info
debug [ level ]
dynamic

 

versions 20:保留20個文件

named-checkconf /etc/named/named.conf # 檢測配置文件合法性

 

acl配置:

存放目錄:/etc/named/conf.d

ip列表:https://ip.cn/chnroutes.html

示例:

cat cn_yd.acl 

# 中國移動
# 2017101711, 74 routes

acl cn_yd {
36.128.0.0/10;
39.128.0.0/10;
42.83.200.0/23;
43.239.172.0/22;
43.241.112.0/22;
43.251.244.0/22;
45.121.68.0/22;
45.121.72.0/22;
45.121.172.0/22;
45.121.176.0/22;
45.122.96.0/21;
45.123.152.0/22;
45.124.36.0/22;
45.125.24.0/22;
58.83.240.0/21;
59.153.68.0/22;
61.14.244.0/22;
103.20.112.0/22;
103.21.176.0/22;
103.35.104.0/22;
103.37.176.0/23;
103.40.12.0/22;
103.43.124.0/22;
103.45.160.0/22;
103.61.156.0/22;
103.61.160.0/22;
103.62.24.0/22;
103.62.204.0/22;
103.62.208.0/22;
103.83.72.0/22;
103.192.0.0/22;
103.192.144.0/22;
103.193.140.0/22;
103.205.116.0/22;
103.227.48.0/22;
111.0.0.0/10;
111.235.182.0/24;
112.0.0.0/10;
114.66.68.0/22;
117.128.0.0/10;
118.187.40.0/21;
118.191.248.0/21;
118.194.165.0/24;
120.192.0.0/10;
121.255.0.0/16;
131.228.96.0/24;
163.53.56.0/22;
183.192.0.0/10;
202.141.176.0/20;
211.103.0.0/17;
211.136.0.0/13;
211.148.224.0/19;
211.155.236.0/24;
218.200.0.0/13;
221.130.0.0/15;
221.176.0.0/19;
221.176.32.0/20;
221.176.48.0/21;
221.176.56.0/24;
221.176.58.0/23;
221.176.60.0/22;
221.176.64.0/18;
221.176.128.0/17;
221.177.0.0/16;
221.178.0.0/15;
221.180.0.0/14;
223.64.0.0/11;
223.96.0.0/12;
223.112.0.0/14;
223.116.0.0/15;
223.118.2.0/24;
223.118.10.0/24;
223.118.18.0/24;
223.120.0.0/13;
};

其餘相似

 

view配置:

存放目錄:/etc/named/conf.d

這裏鏈接數據庫的賬號只須要只讀權限就能夠了

cat cn_yd.conf       # match-clients要與定義的acl匹配

view "cn_yd" {
match-clients { cn_yd; };

dlz "Postgres zone" {
    database "postgres 2
        {host=127.0.0.1 dbname=bind_ui port=5432 user=bind_ui_r password=rr123456}
        {select zone_name from \"DnsRecord_zonetag\" where zone_name = '$zone$'}
        {select ttl, type, mx_priority, 
            case when lower(type)='txt' then
                concat('\"', data, '\"')
            when lower(type) = 'soa' then
                concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
            else
                data
            end
            from \"DnsRecord_zonetag\" inner join \"DnsRecord_record\" on \"DnsRecord_record\".zone_tag_id = \"DnsRecord_zonetag\".id
                and \"DnsRecord_zonetag\".zone_name = '$zone$'
                and \"DnsRecord_record\".host = '$record$'
                where \"DnsRecord_zonetag\".status = 'on'
                    and \"DnsRecord_record\".status = 'on'
                    and (\"DnsRecord_record\".resolution_line = '103' or \"DnsRecord_record\".resolution_line = '0')
        }
    ";
};

};

 

注意:這裏

DnsRecord_record.resolution_line 的值要與 bindUI定義值相同,以區別不一樣的解析線路

其餘相似

 

 cat default.conf    # 默認view,any  acl表示全部,不須要定義,因此默認view須要放在配置中全部view的最後

 

view "default" {
match-clients { any; };

dlz "Postgres zone" {
    database "postgres 2
        {host=127.0.0.1 dbname=bind_ui port=5432 user=bind_ui_r password=rr123456}
        {select zone_name from \"DnsRecord_zonetag\" where zone_name = '$zone$'}
        {select ttl, type, mx_priority, 
            case when lower(type)='txt' then
                concat('\"', data, '\"')
            when lower(type) = 'soa' then
                concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum)
            else
                data
            end
            from \"DnsRecord_zonetag\" inner join \"DnsRecord_record\" on \"DnsRecord_record\".zone_tag_id = \"DnsRecord_zonetag\".id
                and \"DnsRecord_zonetag\".zone_name = '$zone$'
                and \"DnsRecord_record\".host = '$record$'
                where \"DnsRecord_zonetag\".status = 'on'
                    and \"DnsRecord_record\".status = 'on'
                    and \"DnsRecord_record\".resolution_line = '0'
        }
    ";
};

};

 

# 安裝python 3.7

cd /usr/loca/src; wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tar.xz

tar -Jxvf Python-3.7.3.tar.xz; cd Python-3.7.3

./configure --prefix=/usr/local/python_3.7.3; make; make install

能夠把 /usr/local/python_3.7.3/bin 添加系統環境變量,這樣使用更簡單

/usr/local/python_3.7.3/bin/pip install --upgrade pip

/usr/local/python_3.7.3/bin/pip install virtualenv

 

## 更換國內pipy源,安裝python擴展更快

參考:https://www.cnblogs.com/meelo/p/4636340.html

cat ~/.pip/pip.conf

[global]
index-url = https://mirrors.aliyun.com/pypi/simple/

[install]
trusted-host = mirrors.aliyun.com

 

 

 

## 建立用於運行BindUI項目的python虛擬環境

mkdir -p /data/pyvenv/

/usr/local/python_3.7.3/bin/pyvenv /data/pyvenv/BindUI

要進虛擬python環境操做方法

. /data/pyvenv/BindUI/bin/activate

退出虛擬環境

deactivate

 

# 部署BindUI項目

mkdir -p /data/webroot

cd /data/webroot

yum -y install git

git clone https://github.com/cucker0/BindUI.git

rm -rf /data/webroot/BindUI/.git # 爲網站安全

 

## 設置配置信息,設置鏈接數據庫信息

/data/webroot/BindUI/bindUI/settings.py

註釋下面這兩行

# import pymysql
# pymysql.install_as_MySQLdb()

 這裏的賬號須要有寫讀權限

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'bind_ui',
        'USER': 'bind_ui_wr',
        'PASSWORD': 'ww123456',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    }
}

 

## 安裝依賴組件

cd /data/webroot/BindUI

. /data/pyvenv/BindUI/bin/activate

pip install --upgrade pip

pip install django Pillow pymysql IPy xlrd xlwt psycopg2

 

## 初始化數據庫

python manage.py migrate
python manage.py makemigrations
python manage.py migrate

 

 

## 建立超級用戶

python manage.py createsuperuser

 

## 運行django

python manage.py runserver 0.0.0.0:8080

此時能夠經過下面的URL訪問BindUI控制檯

http://服務器IP:8080

使用上面的登記登陸

 

* 登陸

 

* 首頁

 

* 添加域名

 

* 設置NS主機,可設置多個

 

 

* 添加起始受權主機、NS主機相應的記錄

NS主機設置了多個就須要創建多個,起始受權主機只有一個

 

 

建一個反向解析域

一樣也須要設置NS主機

創建PTR記錄,與NS主機記錄對應

 

 

此時就能建其餘記錄了

## 給bind_ui_r用戶添加相應表的只讀權限

上面受權時,由於下面這些表尚未建立,因此是沒有授到權的,須要從新執行一次。

su postgres
psql
\c bind_ui
GRANT SELECT ON "DnsRecord_record" TO bind_ui_r;
GRANT SELECT ON "DnsRecord_zonetag" TO bind_ui_r;

 

## 啓動bind服務

systemctl start named

bind啓動調試模式方法

/usr/local/bind/sbin/named -n 1 -u named -c /usr/local/bind/etc/named.conf -d 4 -g

 

此時就能夠解析了

 

# Django Nginx+ uWSGI 運行django項目

前面運行的django 在bash控制上,如今以守護進程方式運行,參考https://www.cnblogs.com/linkenpark/p/6560787.html

 

## 安裝uwsgi

/usr/local/python_3.7.3/bin/pip install uwsgi

id uwsgi

uid=1000(uwsgi) gid=1000(uwsgi) groups=1000(uwsgi)

 

/usr/local/python_3.7.3/bin/uwsgi --http 0.0.0.0:8000 -H /data/pyvenv/BindUI --chdir /data/webroot/BindUI/ --wsgi-file bindUI/wsgi.py

這時在瀏覽器上能看到除了樣式外的頁面

退出uwsgi

 

## 配置uwsgi

mkdir /etc/uwsgi 

vi /etc/uwsgi/uwsgi9090.ini

[uwsgi]
socket=127.0.0.1:9090
chdir=/data/webroot/BindUI/
wsgi-file=bindUI/wsgi.py
# 開啓主進程
master=True
# 設置多進程
processes=8
uid=uwsgi
gid=uwsgi
# 最大併發
max-requests=20480
# 當服務中止的時候自動移除unix Socket和Pid文件
vacuum=True
# 虛擬環境
home=/data/pyvenv/BindUI
# 日誌
daemonize=/var/log/uwsgi/uwsgi9090.log

 

chown -R uwsgi:uwsgi /data/webroot/BindUI//upload/user_image # 上傳用戶頭像的目錄可寫,其餘目錄只須要只讀權限便可。

 

## 設置uwsgi自動啓動腳本

cat /etc/systemd/system/uwsgi.service

[Unit]
Description=uWSGI Emperor
After=syslog.target

[Service]
ExecStart=/usr/local/python_3.7.3/bin/uwsgi --emperor /etc/uwsgi
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all

[Install]
WantedBy=multi-user.target

systemctl enable uwsgi

systemctl start uwsgi

 

## 更新項目代碼

當python項目代碼有更新時,要讓其生效,重載或重啓 uwsgi服務便可

systemctl reload uwsgi

 

## 安裝nginx

cd /usr/local/src

wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz

wget http://nginx.org/download/nginx-1.16.0.tar.gz

tar -zxvf pcre-8.43.tar.gz; cd pcre-8.43; ./configure --enable-jit; make; make install

ldconfig

yum -y install zlib zlib-devel gd gd-devel --skip-broken

useradd nginx -M -s /sbin/nologin

cd /usr/local/src

tar -zxvf nginx-1.16.0.tar.gz; cd nginx-1.16.0

./configure --prefix=/usr/local/nginx_1.16.0 --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.43 --with-http_realip_module --with-http_image_filter_module --with-http_gzip_static_module --with-openssl=/usr/local/src/openssl-1.0.2r --with-openssl-opt="enable-tlsext" --with-stream --with-stream_ssl_module --with-http_v2_module

make; make install

mkdir /usr/local/nginx/conf/conf.d

ln -s /usr/local/nginx_1.16.0 /usr/local/nginx

ln -s /usr/local/nginx/conf /etc/nginx

/usr/local/nginx/sbin 添加到系統環境變量中

. /etc/profile # 從新加載環境變量

 

## nginx自動啓動腳本

cat /usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target

 

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

systemctl enable nginx

systemctl start nginx

 

## nginx配置

cat /etc/nginx/nginx.conf

user nginx nginx;
worker_processes auto;
worker_cpu_affinity auto;

error_log  logs/error.log notice;
pid        logs/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections 65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`"$request"`'
                      '$status`$body_bytes_sent`"$http_referer"`'
                      '"$http_user_agent"`"$request_time"`'
                      '$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';

    log_format  access  '$remote_addr`[$time_local]`"$request"`'
                      '$status`$body_bytes_sent`"$http_referer"`'
                      '"$http_user_agent"`"$http_x_forwarded_for"`'
                      '$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';

#    proxy_ignore_client_abort on;
    proxy_headers_hash_max_size 2048;
    proxy_headers_hash_bucket_size 256;
    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;
    keepalive_timeout 60;
    server_tokens off;

    gzip    on;
    gzip_min_length 1k;
    gzip_buffers    4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types  text/plain  application/x-javascript text/css application/xml;
    gzip_vary on;

    client_max_body_size 100m;
    client_body_buffer_size 128k;
    client_body_temp_path /dev/shm/client_body_temp;
    proxy_connect_timeout 600;
    proxy_read_timeout 600;
    proxy_send_timeout 600;
    proxy_buffer_size 16k;
    proxy_buffers 32 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    proxy_temp_path /dev/shm/proxy_temp;

    include /etc/nginx/conf.d/*.conf;

}

 

/etc/nginx/conf.d/bind_ui.conf

upstream dns_bind_com {
    server 127.0.0.1:9090 weight=10 max_fails=0;
}

server {
    listen       80;
    server_name  dns.bind.com;
    charset utf-8;
    access_log  logs/dns.bind.com.log  main;

    location /static/system/ {
        alias /data/webroot/BindUI/upload/system/;
    }


    location /static/user_image/ {
        alias /data/webroot/BindUI/upload/user_image/;
    }

    location /static {
        alias /data/webroot/BindUI/static;
    }

    location / {            
        include uwsgi_params;
        uwsgi_pass dns_bind_com;
    }
}

nginx -t

systemctl restart nginx

 

## django admin靜態文件加載不了問題

在/data/webroot/BindUI/bindUI/settings.py 最後添加下面設置

STATIC_ROOT = os.path.join(BASE_DIR, "static")
STATICFILES_FINDERS = (
    "django.contrib.staticfiles.finders.FileSystemFinder",
    "django.contrib.staticfiles.finders.AppDirectoriesFinder"
)

cd /data/webroot/BindUI

. /data/pyvenv/BindUI/bin/activate

python manage.py collectstatic #生產靜態問題,詢問覆蓋時,輸入yes,這時生成了這個目錄 /data/webroot/BindUI/static/admin

再把上面添加的配置刪除或註釋

deactivate

 

最終訪問效果:

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程