焦点要闻:网站部署上线一条龙文档
2023-05-09 21:25:24
来源:博客园
项目部署上线
想要将django项目部署在服务器上,本质上需要三大部分:
【资料图】
上传代码的方式有很多种,例如:FTP工具、scp命令、rsync服务、svn等,不过目前公司主流的都是使用git+代码托管平台。
本地电脑,安装git并使用git命令上传代码。代码仓库,创建仓库。服务器,安装git并使用git命令获取最新代码。1.1 本地上传在本地电脑上本质上需要执行如下步骤:
全局配置(只需要配置一次)
git config --global user.name "武沛齐"git config --global user.email "wupeiqi@live.com"进入项目目录
初始化
git init配置远程地址
git remote add origin https://gitee.com/i__feng/order-trading-platform.git本地版本提交
git add .git commit -m "提交说明..."提交到远程仓库
git push origin master在项目中创建一个 .gitignore的文件,在里面写上文件名或文件夹,可以git忽略一些文件,不要进行版本控制。
https://github.com/github/gitignore/blob/main/Python.gitignore将Python的ignore文件内存拷贝并保存至项目目录下。
这样,就可以控制git忽略某些文件。
注意: 在使用.gitignore的时候 如果不起作用 -> 我们可以强行删除gitee中代码仓库 然后删掉pycharm文件中的.git(相当于没有做过之前的git操作了) 最后重新上传代码(git init...)
学会这个知识点之后,接下来再来讲一个关于配置文件的常见操作,.即:local_settings.py
项目中所有数据都提交了,如果仓库是公开的,有些敏感数据会泄露。
# 在settings.py中加入代码块 -> 在.gitignore中会将local_settings忽略try: from .local.settings import * except Exception as e: pass如果本次开发和线上开发一些配置不同(eg: mysql中配置密码的不同),就可以放在这个文件。
本地:local_settings.py 编写本地特有配置。线上:local_settings.py 编写线上特有配置。而在settings.py中编写所有环境都有的配置。
1.1.2 每次提交(push)都需要输入密码,太烦了。方法一:
https://gitee.com/i__feng/order-trading-platform.git
git remote remove origin git remote add origin `https://用户名:@gitee.com/i__feng/order-trading-platform.git` -> 缺点是直接将密码暴露在自己电脑上了git push origin master 方式二:
1.使用ssh生成秘钥(在git中)
ssh-keygen -t rsa2.读取公钥 cat ~/.ssh/id_rsa.pub内容并上传到代码托管仓库
3.基于ssh链接. 推拉数据
git remote remove origin -> 删除掉原始的记录git remote add origin git@gitee.com:i__feng/order-trading-platform.gitgit push origin mastergit clone git@gitee.com:i__feng/order-trading-platform.gitgit log -> 可以看到所有修改代码的日志git reset --hard 版本号 -> 回滚到指定版本git reflog -> 查看提交记录ssh root@ip地址输入密码yum install git git clone git@gitee.com:i__feng/order-trading-platform.git -> 克隆代码(这是项目第一次下载代码)# 如果后期项目有改动. 我们可以先cd到项目目录source /envs/day06/bin/activate # 进入虚拟环境git pull origin master # 拉代码重启服务器...ssh-keygen -t rsacat ~/.ssh/id_rsa.pub centos系统
3.1 Mysql3.1.1 安装yum install mariadb-server -yyum install mariadb -ysystemctl enable mariadb -> 开机自启动systemctl start mariadb systemctl stop mariadb insert into mysql.user (user, host, password) values ("ifeng", "%", password("xxxx"));create database order_system default charset utf8 collate utf8_general_ci;grant all privileges on order_system.* to ifeng@"%"; -- %表示所有ip都可以访问flush privileges;show grant for ifeng; -- 查看用户权限DATABASES = { "default": { "ENGINE": "django.db.backends.mysql", "NAME": "order_system", "USER": "", "PASSWORD": "", "HOST": "", "PORT": 3306 }}delete from mysql.user where host="localhost" and user=""; delete from mysql.user where host="vm-16-9-centos" and user="";MariaDB [(none)]> select user, password, host from mysql.user;+-------+-------------------------------------------+----------------+| user | password | host |+-------+-------------------------------------------+----------------+| root | | localhost || root | | vm-16-9-centos || root | | 127.0.0.1 || root | | ::1 || ifeng | *2CEB53858B8FDD17DA02602D2BBB334BEB6CDED4 | % |+-------+-------------------------------------------+----------------+5 rows in set (0.00 sec)登录: Mysql -u ifeng -p
到安全组(vpc)中开放端口
22 SSH
80 浏览器输入IP
443 https方式访问
3306
3.2 redis3.2.1 安装yum install redis -y打开文件vim /etc/redis.conf寻找requirepass?requirepass进入编辑状态i退出并保存点击esc -> :wqsystemctl enable redissystemctl start redissystemctl stop redis注意:
只支持本机链接 -> bind 127.0.0.1 requirepass qwe123456
想要任何地方都能链接:
bind 0.0.0.0requirepass qwe123456安全组配置6379端口安装gcc,用于后续安装Python时编译源码。
yum install gcc -y安装Python3相关依赖
yum install zlib zlib-devel -yyum install bzip2 bzip2-devel -yyum install ncurses ncurses-devel -yyum install readline readline-devel -yyum install openssl openssl-devel -yyum install xz lzma xz-devel -yyum install sqlite sqlite-devel -yyum install gdbm gdbm-devel -yyum install tk tk-devel -yyum install mysql-devel -yyum install python-devel -yyum install libffi-devel -y下载Python源码,https://www.python.org/ftp/python/
cd /data/wget https://www.python.org/ftp/python/3.9.5/Python-3.9.5.tgz注意:如果没有wget,则先安装 yum install wget
编译安装
解压
tar -xvf Python-3.9.5.tgz进入目录并编译安装
cd Python-3.9.5./configuremake allmake install测试
python3 --version/usr/local/bin/python3/usr/local/bin/pip3/usr/local/bin/pip3.9配置豆瓣源(腾讯云服务器,默认腾讯源)
pip3.9 config set global.index-url https://pypi.douban.com/simple/pip3 install virtualenvmkdir /envsvirtualenv /envs/day06 --python=python3.9# 在项目终端pip freeze > requirements.txt# 后续将代码上传到gitee仓库可创建文件夹将文件分类git clone git@gitee.com:i__feng/order-trading-platform.git- 激活虚拟环境(如果是虚拟环境的话)source /envs/day06/bin/activate- 下载(先进入到有requirement.txt的目录)pip3 install -r requirement.txt# importlib-metadata==4.11.3 demjson -> demjson 包的设置命令中使用了无效的 use_2to3 参数导致报错>>> touch local_settings.py>>> vim local_settings.py # 编辑配置DEBUG = False ALLOWED_HOSTS = ["*"]# 配置mysqlDATABASES = { "default": { "ENGINE": "django.db.backends.mysql", "NAME": "order_system", "USER": "ifeng", "PASSWORD": "th20190410", "HOST": "127.0.0.1", "PORT": 3306 }}# cache缓存CACHES = { "default": { "BACKEND": "django_redis.cache.RedisCache", "LOCATION": "redis://127.0.0.1:6379", "OPTIONS": { "CLIENT_CLASS": "django_redis.client.DefaultClient", "CONNECTION_POOL_KWARGS": {"max_connections": 100}, "PASSWORD": "123456", } }}# 关于静态资源. 后续希望将django中每个app中所有的静态资源收集至此 -> nginx控制寻找静态目录# STATIC_ROOT = ""import osfrom pathlib import PathBASE_DIR = Path(__file__).resolve().parent.parent.parent # 找到根目录外面一级STATIC_ROOT = os.path.join(BASE_DIR, "allstatic") # 将配置文件都保存到allstatic中source /envs/day06/bin/activatepython manage.py collectstatic # 可以看到相关命令"""注意: 后续静态资源有变动. 需要重新收集"""source /envs/day06/bin/activatepip install uwsgi# 进入项目目录cd order-trading-platformuwsgi --http :80 --chdir /root/order-trading-platform --wsgi-file /root/order-trading-platform/Order/wsgi.py --master --processes 4 --static-map /static=/allstatic创建 uwsgi_order.ini(不使用nginx)
[uwsgi]http = 0.0.0.0:8001chdir = /root/order-trading-platformwsgi-file = /root/order-trading-platform/Order/wsgi.pyprocesses = 4static-map = /static=/allstaticvirtualenv = /envs/day06# 执行命令uwsgi --ini uwsgi_order.iniyum install nginx -yvim /etc/nginx/nginx.conf修改nginx.conf配置文件:
user root;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;}http { log_format main "$remote_addr - $remote_user [$time_local] "$request" " "$status $body_bytes_sent "$http_referer" " ""$http_user_agent" "$http_x_forwarded_for""; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # include /etc/nginx/conf.d/*.conf; upstream django { server 127.0.0.1:8001; } server { listen 80; listen [::]:80; # server_name day06.pythonav.com; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf;location /static { alias /root/allstatic/; } location / { uwsgi_pass django; include uwsgi_params; } }}修改uwsgi配置(uwsgi_order):
[uwsgi]socket = 127.0.0.1:8001chdir = /root/order-trading-platformwsgi-file = /root/order-trading-platform/Order/wsgi.pyprocesses = 4virtualenv = /envs/day06bug总结:
1.访问静态文件如果出现404 not found -> 就是文件的路径设置错误. 应设置绝对路径(/root/allstatic)2.访问静态文件如果出现403 forbidden -> 大概率是权限问题, 将nginx.conf配置的第一行user nginx改成user root# 启动systemctl start nginx# 开机启动systemctl enable nginxuwsgi --ini uwsgi_order.inisudo netstat -tulpn | grep :8001kill -9 process_id#!/usr/bin/env bashecho -e "\033[34m--------------------wsgi process--------------------\033[0m" # 输出ps -ef|grep uwsgi_order.ini | grep -v grep # 搜索有没有叫uwsgi_order.ini的进程sleep 0.5 echo -e "\n--------------------going to close--------------------"ps -ef |grep uwsgi_order.ini | grep -v grep | awk "{print $2}" | xargs kill -9 # 杀掉nginx的进程idsleep 0.5echo -e "\n----------check if the kill action is correct----------"/envs/day06/bin/uwsgi --ini uwsgi_order.ini & >/dev/null # 重新启动echo -e "\n\033[42;1m----------------------started...----------------------\033[0m"sleep 1ps -ef |grep uwsgi_order.ini | grep -v grep # 再将进程罗列出来# 执行脚本chmod 755 reboot.sh # 赋予可执行权限./reboot.sh#!/usr/bin/env bashecho -e "\033[34m--------------------wsgi process--------------------\033[0m"ps -ef |grep uwsgi_order.ini | grep -v grepsleep 0.5echo -e "\n--------------------going to close--------------------"ps -ef |grep uwsgi_order.ini | grep -v grep | awk "{print $2}" | xargs kill -9sleep 0.5登录线上服务器. 执行数据库迁移python manage.py makemigrationspython manage.py migrate
在.gitignore中
# database migrations*/migrations/*.py!*/migrations/__init__.py原因:redis配置没有重启。问题:关于错误应该尽可能的去避免。 -> 加上try...except... 加上日志
3.12 域名租域名(阿里云) ->iifeng.cn域名解析域名 -> IP
备案www.pythonav.com -> 101.43.208.130
3.13 https设置https协议有一个大前提: 你的网站得公安备案并通过
这是说明文档, 可白嫖一年的
https://developer.aliyun.com/article/1030571?spm=5176.21213303.J_6704733920.7.62bc53c9HksD9I&scm=20140722.S_community%40%40%E6%96%87%E7%AB%A0%40%401030571._.ID_community%40%40%E6%96%87%E7%AB%A0%40%401030571-RL_ssl%E5%85%8D%E8%B4%B9%E8%AF%81%E4%B9%A6-LOC_main-OR_ser-V_2-P0_0将证书文件上传至服务器,例如:上传至项目目录的ssl文件夹下。
window可以直接用xshell拖拽文件上传
3.13.3 修改nginx配置原来的配置
user root;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;}http { log_format main "$remote_addr - $remote_user [$time_local] "$request" " "$status $body_bytes_sent "$http_referer" " ""$http_user_agent" "$http_x_forwarded_for""; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # include /etc/nginx/conf.d/*.conf; upstream django { server 127.0.0.1:8001; } server { listen 80; listen [::]:80; root /root; # server_name day06.pythonav.com; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; location /static { alias /root/allstatic/; } location / { uwsgi_pass django; include uwsgi_params; } }}修改成https请求的配置文件
user root;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;}http { log_format main "$remote_addr - $remote_user [$time_local] "$request" " "$status $body_bytes_sent "$http_referer" " ""$http_user_agent" "$http_x_forwarded_for""; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. # include /etc/nginx/conf.d/*.conf; upstream django { server 127.0.0.1:8001; } server { listen 80; server_name www.iifeng.cn; rewrite ^(.*) https://$server_name$1 redirect; } server { listen 443 ssl; server_name www.iifeng.cn; #证书文件 ssl_certificate /root/ssl/9960948_iifeng.cn.pem; #私钥文件 ssl_certificate_key /root/ssl/9960948_iifeng.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { uwsgi_pass django; include uwsgi_params; } location /static { alias /root/allstatic/; } }}现在就可以用https访问我们的网站了!
标签:
