Project deployment: website deployment to aws server (python)
1. Preparation:
- Any cloud server (Ali Cloud, AWS, Baidu Cloud, all)
- A completed WEB project
2. Start deployment
2-1. Set server security group
tips: The security group of each server is different, you can refer to how to set your own server
Open frequently used ports (masters can specify ports by themselves)
- 80/80 Nginx default port
- 3306/3306 mysql default port
- 6379/6379 default port of redis
- 23/23
- 443/433
- 22/22
- 80/80
- 3389/3389
2-2. Install the Python environment (this time 3.7 is an example, if the server has it, you don't need to install it)
-
Install dependent packages:
yum install opensll-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ opensll-devel libffi-devel python-devel mariadb-devel
-
Download Python source code
wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz
Downloadtar -xzvf Python-3.7.3.tgz -C /tmp
Unzip to /tmpcd /tmp/Python-3.7.3
Switch to tmp -
Install Python3.7 to the /usr/local directory
./configure --prefix=/usr/local
make
make altinstall
# This step is time-consuming -
Change the /usr/bin/python link
ln -s /usr/local/bin/python3.7 /usr/bin/python3
ln -s /usr/local/bin/pip3.7 /usr/bin/pip3
tips: When there is a link, you can execute -sf overwrite
ln -sf /usr/local/bin/python3.7 /usr/bin/python3
ln -sf /usr/local/bin/pip3.7 /usr/bin/pip3
2-3. Install MySQL
-
Download MySQL yum package
wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
-
Install MySQL source
rpm -Uvh mysql57-community-release-el7-10.noarch.rpm
-
It takes some time to install the MySQL server
yum install -y mysql-community-server
-
The download speed is too slow when installing Mysql server?
The following four files can be downloaded locally through the domestic source download:
Recommended source: http://uni.mirrors.163.com/mysql/Downloads/
Downloaded files (take mysql5.7.26 as an example):
mysql-community-client-5.7 .26-1.el7.x86_64.rpm
mysql-community-common-5.7.26-1.el7.x86_64.rpm
mysql-community-libs-5.7.26-1.el7.x86_64.rpm
mysql-community-server- 5.7.26-1.el7.x86_64.rpm -
Start MySQL
systemctl start mysqld.service
# Start in the background -
Check if the startup is successful
systemctl status mysqld.service
-
Obtain a temporary password, MySQL 5.7 randomly generates a password for the root user
grep 'temporary password' /var/log/mysqld.log
-
Log in to MySQL with a temporary password to modify the password
mysql -uroot -p
-
Because the MySQL password rules need to be very complicated, we generally don’t set it like this, so we modify it globally
mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;
change Password
ALTER USER 'root'@'localhost' IDENTIFIED BY '你的密码';
-
Authorize other machines to log in remotely
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '你的密码' WITH GRANT OPTION;
`FLUSH PRIVILEGES;`
-
After the above operations, the remote connection cannot be made. Remember to check the cloud server security group and open the corresponding port.
-
Set MySQL's character set to UTF-8 so that it supports Chinese
vim /etc/my.cnf
[mysql]
default-character-set=utf8
-
Restart MySQL
systemctl restart mysqld.service
-
View MySQL running status
ps -aux|grep mysqld
2-4. Install Redis
-
Install redis
yum install redis
-
Start redis
systemctl start redis
2-5. Install Virtual Environment
tips:
Using a virtual environment, when there are many projects, it is more convenient to maintain and manage, here is pipenv as an example
pip3 install pipenv
Install virtual environment- mkdir your folder create your own folder
2-6. Two methods to upload project to server
2-6-1. Method 1, upload project using FileZilla
The download address and installation method can be Baidu. All simple
-
Export the local environment for installation on the server
pip freeze > requirements.txt
-
Install the local environment to the server
pip install -r requirements.txt
-
Create database
create database bbs charset=utf8;
-
Remapping the database (take the flask framework as an example)
# 删除原有的映射文件
rm -rf migrations/
python manage.py db init
python manage.py db migrate
python manage.py db upgrade
- After the mapping is completed, visit via ip
http://xxx.xxx.xxx.xxx:port/
2-6-2. Upload using scp command
-
There is
scp -i 你的pem -r 文件目录 用户名@主机IP:保存到的路径
an example of uploading xxx.pem :
scp -i C:\Users\Administrator\Desktop\xxx.pem -r G:\ceshi\job\xxx [email protected]:/home/centos/project
-
When xxx.pem is not needed
scp -p 22 文件 h@主机地址:desktop/文件路径
-
Tips:
Specify -r when passing a directory, do not specify that you can only pass in files instead of directories
2-7. Install uwsgi
Introduction:
uwsgi is an application server, and network requests for non-static files must be completed through him. It can also act as a static file server, but it is not his
strong point. uwsgi is written in python, so pip3 install uwsgi is fine. (uwsgi must be installed in the system-level Python
environment, not in the virtual environment). Then create a configuration file called uwsgi.ini:
[uwsgi]
# 必须全部为绝对路径
# 项目的路径
chdir = /root/flask-project/bbs/
# flask的wsgi文件
wsgi-file = /root/flask-project/bbs/bbs.py
# 回调的app对象
callable = app
# Python虚拟环境的路径 pipenv --venv 进入到虚拟环境,目录里面执行
home = /root/.local/share/virtualenvs/flask-project--bwy33Ao
# 进程相关的设置
# 主进程
master = true
# 最大数量的工作进程
processes = 10 http = :5000
# 设置socket的权限
chmod-socket = 666
# 退出的时候是否清理环境
vacuum = true
Exit the virtual environment: deactivate
orexit
Dependent environment installation
yum install -y gcc* pcre-devel openssl-devel
run
uwsgi --ini uwsgi.ini
Close uwsgi
pkill -f uwsgi -9
** Run uwsgi in the background **
uwsgi -d --ini uwsgi.ini
Check if it is feasible
. Visit http://ip address:5000 in the browser. If you can access
the page (maybe there is no static file), it means there is no problem with uwsgi configuration.
2-8. Install and configure nginx
Nginx introduction:
Although uwsgi can deploy our project normally. But we still have to use nginx as the web server. Using nginx as a web
server has the following advantages:
- Uwsgi is not good at handling static file resources, including response speed and caching.
- As a professional web server, nginx is more secure than uwsgi when exposed on the public network.
- Operation and maintenance are more convenient. For example, to write certain IPs into the blacklist, nginx can write them in very conveniently. And uwsgi may have to write a lot of code to achieve.
1. Installation:
yum install nginx
2.Nginx simple operation naming
- start up:
systemctl start nginx
- shut down:
systemctl stop nginx
- Restart:
systemctl restart nginx
3. Add configuration file
In the /etc/nginx/conf.d
directory, create a new file called bbs.conf, and then paste the following code into it:
upstream bbs{
server 127.0.0.1:5000; }
# 配置服务器 server {
# 监听的端口号
listen 80;
# 域名
server_name 47.xxx.xxx.30;
charset utf-8;
# 最大的文件上传尺寸
client_max_body_size 75M;
# 静态文件访问的url
location /static {
# 静态文件地址
alias /root/flask-project/bbs/static;
}
# 最后,发送所有非静态文件请求到flask服务器
location / {
uwsgi_pass 127.0.0.1:5000;
# uwsgi_params文件地址
include /etc/nginx/uwsgi_params;
}
}
After writing the configuration file, in order to test whether the configuration file is set successfully, run the command: service nginx configtest. If no error is reported, it means
success. Remember to run systemctl start nginx every time you modify the configuration file.
Supplement : If there is no conf.d file, please refer to:
https://blog.csdn.net/qq_39377418/article/details/104548107
tips:
When bash appears, you need to set environment variables
Method:
vim /etc/profile
Type in the last line:
export PATH="$PATH:/需要添加的路径"
In execution
source /etc/profile
2-9 nginx configuration ssl
-
Preparation:
SSL certificate file (free ssl domain name certificate can be applied to the domain name):- 1_cloud.tencent.com_bundle.crt certificate file
- 2_cloud.tencent.com.key private key file
-
cd etc\nginx\
Enter the nginx directory and put the two certificates -
Enter your nginx configuration file and add ssl as follows
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name cloud.tencent.com;
#证书文件名称
ssl_certificate 1_cloud.tencent.com_bundle.crt;
#私钥文件名称
ssl_certificate_key 2_cloud.tencent.com.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /var/www/cloud.tencent.com;
index index.html index.htm;
}
}
2-10 Part of nginx configuration cannot be accessed, 400 badrequest referer error
Configure nginx as follows [under server]
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
Python engineering project, use the background to start the input log log file
nohup python -u app.py > ../nohup.log 2>&1 &
Close the background python project:
ps -ef | grep 文件名
query the process number
kill -9 进程号
close the project with the process number
2-11 SSL file transfer to pem
Confirm that openssl crt to pem is installed locally
:
openssl x509 -in 要转换的文件.crt -out 被转换成的命名.pem
Bold style
openssl rsa -in 要转换的文件.key -out 被转成的文件命名.pem