Deploy website to aws server

Project deployment: website deployment to aws server (python)

1. Preparation:

• Any cloud server (Ali Cloud, AWS, Baidu Cloud, all)
• A completed WEB project

2. Start deployment

2-1. Set server security group

tips: The security group of each server is different, you can refer to how to set your own server

Open frequently used ports (masters can specify ports by themselves)

• 80/80 Nginx default port
• 3306/3306 mysql default port
• 6379/6379 default port of redis
• 23/23
• 443/433
• 22/22
• 80/80
• 3389/3389

2-2. Install the Python environment (this time 3.7 is an example, if the server has it, you don't need to install it)

1. Install dependent packages:
   yum install opensll-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ opensll-devel libffi-devel python-devel mariadb-devel

2. Download Python source code
   wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgzDownload

   tar -xzvf Python-3.7.3.tgz -C /tmp Unzip to /tmp

   cd /tmp/Python-3.7.3 Switch to tmp

3. Install Python3.7 to the /usr/local directory

   ./configure --prefix=/usr/local

   make

   make altinstall # This step is time-consuming

4. Change the /usr/bin/python link

   ln -s /usr/local/bin/python3.7 /usr/bin/python3

   ln -s /usr/local/bin/pip3.7 /usr/bin/pip3

   tips: When there is a link, you can execute -sf overwrite

   ln -sf /usr/local/bin/python3.7 /usr/bin/python3

   ln -sf /usr/local/bin/pip3.7 /usr/bin/pip3

2-3. Install MySQL

1. Download MySQL yum package
   wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm

2. Install MySQL source
   rpm -Uvh mysql57-community-release-el7-10.noarch.rpm

3. It takes some time to install the MySQL server
   yum install -y mysql-community-server

4. The download speed is too slow when installing Mysql server?
   The following four files can be downloaded locally through the domestic source download:
   Recommended source: http://uni.mirrors.163.com/mysql/Downloads/
   Downloaded files (take mysql5.7.26 as an example):
   mysql-community-client-5.7 .26-1.el7.x86_64.rpm
   mysql-community-common-5.7.26-1.el7.x86_64.rpm
   mysql-community-libs-5.7.26-1.el7.x86_64.rpm
   mysql-community-server- 5.7.26-1.el7.x86_64.rpm

5. Start MySQL
   systemctl start mysqld.service# Start in the background

6. Check if the startup is successful
   systemctl status mysqld.service

7. Obtain a temporary password, MySQL 5.7 randomly generates a password for the root user
   grep 'temporary password' /var/log/mysqld.log

8. Log in to MySQL with a temporary password to modify the password
   mysql -uroot -p

9. Because the MySQL password rules need to be very complicated, we generally don’t set it like this, so we modify it globally
   mysql> set global validate_password_policy=0;
mysql> set global validate_password_length=1;

   change Password
   ALTER USER 'root'@'localhost' IDENTIFIED BY '你的密码';

10. Authorize other machines to log in remotely
    GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '你的密码' WITH GRANT OPTION;

`FLUSH PRIVILEGES;`

11. After the above operations, the remote connection cannot be made. Remember to check the cloud server security group and open the corresponding port.

12. Set MySQL's character set to UTF-8 so that it supports Chinese
    vim /etc/my.cnf

[mysql] 
default-character-set=utf8

13. Restart MySQL
    systemctl restart mysqld.service

14. View MySQL running status
    ps -aux|grep mysqld

2-4. Install Redis

1. Install redis
   yum install redis

2. Start redis
   systemctl start redis

2-5. Install Virtual Environment

tips:
Using a virtual environment, when there are many projects, it is more convenient to maintain and manage, here is pipenv as an example

• pip3 install pipenv Install virtual environment
• mkdir your folder create your own folder

2-6. Two methods to upload project to server

2-6-1. Method 1, upload project using FileZilla

The download address and installation method can be Baidu. All simple

1. Export the local environment for installation on the server
   pip freeze > requirements.txt

2. Install the local environment to the server
   pip install -r requirements.txt

3. Create database
   create database bbs charset=utf8;

4. Remapping the database (take the flask framework as an example)

# 删除原有的映射文件 
rm -rf migrations/ 
python manage.py db init 
python manage.py db migrate 
python manage.py db upgrade

5. After the mapping is completed, visit via ip
   http://xxx.xxx.xxx.xxx:port/

2-6-2. Upload using scp command

1. There is
   scp -i 你的pem -r 文件目录 用户名@主机IP:保存到的路径
   an example of uploading xxx.pem :
   scp -i C:\Users\Administrator\Desktop\xxx.pem -r G:\ceshi\job\xxx [email protected]:/home/centos/project

2. When xxx.pem is not needed
   scp -p 22 文件 h@主机地址:desktop/文件路径

3. Tips:
   Specify -r when passing a directory, do not specify that you can only pass in files instead of directories

2-7. Install uwsgi

Introduction:
uwsgi is an application server, and network requests for non-static files must be completed through him. It can also act as a static file server, but it is not his
strong point. uwsgi is written in python, so pip3 install uwsgi is fine. (uwsgi must be installed in the system-level Python
environment, not in the virtual environment). Then create a configuration file called uwsgi.ini:

[uwsgi] 
# 必须全部为绝对路径 
# 项目的路径 
chdir = /root/flask-project/bbs/ 
# flask的wsgi文件 
wsgi-file = /root/flask-project/bbs/bbs.py 
# 回调的app对象 
callable = app 
# Python虚拟环境的路径 pipenv --venv 进入到虚拟环境,目录里面执行 
home = /root/.local/share/virtualenvs/flask-project--bwy33Ao 
# 进程相关的设置 
# 主进程 
master = true 
# 最大数量的工作进程 
processes = 10 http = :5000 
# 设置socket的权限 
chmod-socket = 666 
# 退出的时候是否清理环境 
vacuum = true

Exit the virtual environment: deactivate orexit

Dependent environment installation
yum install -y gcc* pcre-devel openssl-devel

run
uwsgi --ini uwsgi.ini

Close uwsgi
pkill -f uwsgi -9

** Run uwsgi in the background **
uwsgi -d --ini uwsgi.ini

Check if it is feasible
. Visit http://ip address:5000 in the browser. If you can access
the page (maybe there is no static file), it means there is no problem with uwsgi configuration.

2-8. Install and configure nginx

Nginx introduction:
Although uwsgi can deploy our project normally. But we still have to use nginx as the web server. Using nginx as a web
server has the following advantages:

1. Uwsgi is not good at handling static file resources, including response speed and caching.
2. As a professional web server, nginx is more secure than uwsgi when exposed on the public network.
3. Operation and maintenance are more convenient. For example, to write certain IPs into the blacklist, nginx can write them in very conveniently. And uwsgi may have to write a lot of code to achieve.

1. Installation:
yum install nginx

2.Nginx simple operation naming

• start up:systemctl start nginx
• shut down:systemctl stop nginx
• Restart:systemctl restart nginx

3. Add configuration file
In the /etc/nginx/conf.ddirectory, create a new file called bbs.conf, and then paste the following code into it:

upstream bbs{
    
    
		server 127.0.0.1:5000; }

# 配置服务器 server { 
	# 监听的端口号 
	listen 80; 
	# 域名 
	server_name 47.xxx.xxx.30; 
	charset utf-8; 
	# 最大的文件上传尺寸 
	client_max_body_size 75M; 
	# 静态文件访问的url 
	location /static {
    
     
	# 静态文件地址 
	alias /root/flask-project/bbs/static;
}
# 最后，发送所有非静态文件请求到flask服务器 
location / {
    
     
	uwsgi_pass 127.0.0.1:5000; 
	# uwsgi_params文件地址 
	include /etc/nginx/uwsgi_params;
	}
}

After writing the configuration file, in order to test whether the configuration file is set successfully, run the command: service nginx configtest. If no error is reported, it means
success. Remember to run systemctl start nginx every time you modify the configuration file.

Supplement : If there is no conf.d file, please refer to:
https://blog.csdn.net/qq_39377418/article/details/104548107
tips:
When bash appears, you need to set environment variables
Method:
vim /etc/profile

Type in the last line:
export PATH="$PATH:/需要添加的路径"

In execution
source /etc/profile

2-9 nginx configuration ssl

1. Preparation:
   SSL certificate file (free ssl domain name certificate can be applied to the domain name):

   1. 1_cloud.tencent.com_bundle.crt certificate file
   2. 2_cloud.tencent.com.key private key file

2. cd etc\nginx\ Enter the nginx directory and put the two certificates

3. Enter your nginx configuration file and add ssl as follows

server {
    
    
     #SSL 访问端口号为 443
     listen 443 ssl; 
     #填写绑定证书的域名
     server_name cloud.tencent.com; 
     #证书文件名称
     ssl_certificate 1_cloud.tencent.com_bundle.crt; 
     #私钥文件名称
     ssl_certificate_key 2_cloud.tencent.com.key; 
     ssl_session_timeout 5m;
     #请按照以下协议配置
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
     #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
     ssl_prefer_server_ciphers on;
     location / {
    
    
        #网站主页路径。此路径仅供参考，具体请您按照实际目录操作。
         root /var/www/cloud.tencent.com; 
         index  index.html index.htm;
     }
 }

2-10 Part of nginx configuration cannot be accessed, 400 badrequest referer error

Configure nginx as follows [under server]

location / {
    
     
		proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
	}

Python engineering project, use the background to start the input log log file
nohup python -u app.py > ../nohup.log 2>&1 &

Close the background python project:
ps -ef | grep 文件名query the process number
kill -9 进程号close the project with the process number

2-11 SSL file transfer to pem

Confirm that openssl crt to pem is installed locally
:
openssl x509 -in 要转换的文件.crt -out 被转换成的命名.pem

Bold style
openssl rsa -in 要转换的文件.key -out 被转成的文件命名.pem