HTTPS
- HTTPS协议使用443端口。
- HTTPS协议加密报文传输内容,更加安全。
- HTTPS协议耗费CPU计算资源和时间。
准备
- 公网IP
- 域名
- SSL证书
项目目录
root@iZ8vbgll9tzu0dgfcvf6s4Z:~# cd /home/deployment/django_deployment/
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment#
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment# ll
total 28
drwxr-xr-x 5 root root 4096 Mar 29 23:20 ./
drwxr-xr-x 3 root root 4096 Mar 29 22:10 ../
-rw-r--r-- 1 root root 0 Mar 29 22:40 db.sqlite3
-rw-r--r-- 1 root root 330 Mar 29 23:19 django-uwsgi.ini
drwxr-xr-x 3 root root 4096 Mar 29 22:40 django_deployment/
drwxr-xr-x 2 root root 4096 Mar 29 23:21 log/
-rwxr-xr-x 1 root root 637 Mar 29 22:10 manage.py*
drwxr-xr-x 2 root root 4096 Mar 29 23:32 pid/
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment#
部署步骤
项目环境的安装
- 进入项目目录
cd /home/deployment/django_deployment
- Ubuntu下安装项目所需的Python模块
pip install -r packages.txt
- 安装uwsgi
pip install uswgi
数据准备
- 创建数据库
create database db1 default charset 'utf8';
- 执行migrate命令创建表
python manage.py makemigrations
python manage.py migrate
- 导入公共基础数据。
收集静态文件
- 创建静态文件目录
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment# mkdir static
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment#
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment# ll
total 32
drwxr-xr-x 6 root root 4096 Mar 30 11:05 ./
drwxr-xr-x 3 root root 4096 Mar 29 22:10 ../
-rw-r--r-- 1 root root 0 Mar 29 22:40 db.sqlite3
-rw-r--r-- 1 root root 330 Mar 30 10:53 django-uwsgi.ini
drwxr-xr-x 3 root root 4096 Mar 29 22:40 django_deployment/
drwxr-xr-x 2 root root 4096 Mar 29 23:21 log/
-rwxr-xr-x 1 root root 637 Mar 29 22:10 manage.py*
drwxr-xr-x 2 root root 4096 Mar 30 10:54 pid/
drwxr-xr-x 2 root root 4096 Mar 30 11:05 static/
root@iZ8vbgll9tzu0dgfcvf6s4Z:/home/deployment/django_deployment#
- 修改
settings.py
配置文件添加配置项
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATICFILES_DIRS = (os.path.join(BASE_DIR, 'common_static'),)
- STATIC_ROOT 是在执行pyhtonmanage.pycollectstatic时所有的静态文件存放的目录,django会自动查找APP中static目录下的文件并复制到STATIC_ROOT目录下。
- STATICFILES_DIRS:STATICFILES_DIRS告诉django APP以外的静态文件位置。
- 执行命令收集静态文件
python manage.py collectstatic
uWSGI
- 项目根目录下创建django-uwsgi.ini文件
[uwsgi]
chdir=/home/deployment/django_deployment
module=django_deployment.wsgi
# wsgi-file=ds/wsgi.py # module和wsgi-file只能配置一个
http-socket=:8000
# http = :8000 # http-socker和http只能配置一个
master=True
processes=4
threads=2
vacuum=True
# static-map=/static=static # Django静态文件
# 后台启动
# 日志文件位置
daemonize=%(chdir)/log/uwsgi-8000.log
# 日志文件大小byte
log-maxsize = 1024000000 # 1G
# 进程id信息
pidfile = %(chdir)/pid/uwsgi-8000.pid
-
- 创建对应文件夹
# mkdir log
# mkdir pid
- 启动:
uwsgi --ini django-uwsgi.ini
停止:uwsgi --stop pid/uwsgi-8000.pid
Nginx
修改Nginx配置文件,完成反向代理配置
- 保存HTTPS部署需要的[.pem/.crt]和.key文件至自定义目录ssl下
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# mkdir ssl
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# ll ssl
total 16
drwxr-xr-x 2 root root 4096 Apr 1 22:56 ./
drwxr-xr-x 9 root root 4096 Apr 1 09:46 ../
-rw-r--r-- 1 root root 1675 Apr 1 22:56 5421319_lilinfeng.work.key
-rw-r--r-- 1 root root 3663 Apr 1 22:56 5421319_lilinfeng.work.pem
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
- 备份默认配置文件nginx.conf
# 备份nginx.conf默认配置文件
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# cp nginx.conf nginx.conf.bac
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# cp nginx.conf sites-available/nginx-uwsgi-https.conf
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# cd sites-available/
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx/sites-available# ls
default nginx-uwsgi-https.conf
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx/sites-available#
- 修改配置nginx-uwsgi-https.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# 新增
upstream uwsgi {
server 127.0.0.1:8000;
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# 新增
server {
listen 80;
# 域名,.表示映射一级域名和二级域名,多个使用空格分隔
server_name .lilinfeng.work 39.101.136.188;
# http请求重定向至HTTPS
return 301 https://lilinfeng.work$request_uri;
}
server {
listen 443 ssl;
# server_name 域名/ip
server_name .lilinfeng.work;
# 证书文件
ssl_certificate /etc/nginx/ssl/5421319_lilinfeng.work.pem;
# 秘钥文件
ssl_certificate_key /etc/nginx/ssl/5421319_lilinfeng.work.key;
# 协议
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
charset utf-8;
# 日志文件位置
access_log /var/log/nginx/nginx-uwsgi-https.log;
location / {
proxy_pass http://uwsgi;
}
location /static {
alias /home/deployment/django_deployment/static;
}
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
- 覆盖默认配置文件
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# rm nginx.conf
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# ln -s sites-available/nginx-uwsgi-https.conf nginx.conf
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
- 启动NGINX
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx# sudo nginx
root@iZ8vbgll9tzu0dgfcvf6s4Z:/etc/nginx#
停止:sudo nginx -s stop
停止:sudo nginx -s quit
热加载配置:sudo nginx -s reload
访问浏览器
域名
- 实名认证域名。
- 解析域名至对应公网IP。
- 域名需要进行ICP工信部备案,可以使用阿里云APP办理,未备案的域名暂时无法访问。已取得备案号的域名必须可以访问且网站下方须有备案号标识,备案号必须与实际备案号一致。
- 公安备案。