如何使用nginx和letsencrypt ssl设置ubuntu 18.04上的arkbot
时间:2020-02-23 14:44:56 来源:igfitidea点击:
Askbot是一个开源问题,答案Web论坛,看起来类似于stackoverflow。
Askbot基于Django框架,大多数零件都以Python编程语言编写,具有一些基于业力的系统,投票和内容审核等良好功能。
Askbot由Ask-Fedoraproject和Ask-OpenStack项目使用,以使用户能够提出问题并让社区其他成员提供贡献。
在我们在Ubuntu 18.04上的AskBot安装中,我们将设置以下准备工作:
数据库服务器 - MySQL/MariaDB/PostgresqluwsgiWeb服务器 - Nginx
第1步:安装askbot依赖项
首先安装所有必需的依赖项,这将是Python软件包和PIP包管理器。
更新和升级系统包:
sudo apt-get update && sudo apt-get upgrade
安装Python依赖项:
sudo apt-get install -y python-dev python-setuptools python-pip libmysqlclient-dev
第2步:安装和配置数据库
对于数据库服务器,我们将使用MariaDB数据库服务器。
请参阅下面的教程,了解如何在Ubuntu 18.04上安装和配置MariaDB数据库服务器:在Ubuntu 18.04和CentOS 7上安装MariaDB 10.3
如果我们有兴趣使用MySQL Server,请检查在CentOS 7/CentOS 6上安装MySQL Server
安装数据库服务器后,为AskBot创建数据库和关联用户:
Hyman@theitroad:~# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 21 Server version: 10.3.7-MariaDB-1:10.3.7+maria~bionic mariadb.org binary distribution Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE askbot_db; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> create user Hyman@theitroad identified by 'Password'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> grant all privileges on askbot_db.* to Hyman@theitroad; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit Bye
第3步:安装和配置AskBot
现在我们已经安装了我们需要安装kiskbot的软件包,我们准备好了一个数据库,让我们安装arkbot应用程序。
我们将使用Python Virtualenv为此。
首先创建AskBot用户:
Hyman@theitroad:~# adduser askbot Adding user `askbot' ... Adding new group `askbot' (1000) ... Adding new user `askbot' (1000) with group `askbot' ... Creating home directory `/home/askbot' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for askbot Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y Hyman@theitroad:~# id askbot uid=1000(askbot) gid=1000(askbot) groups=1000(askbot)
将AskBot用户添加到Sudo Group:
$sudo usermod -aG sudo askbot
安装virtualenv:
$sudo pip install virtualenv Collecting virtualenv Downloading https://files.pythonhosted.org/packages/b6/30/96a02b2287098b23b875bc8c2f58071c35d2efe84f747b64d523721dc2b5/virtualenv-16.0.0-py2.py3-none-any.whl (1.9MB) 100% |████████████████████████████████| 1.9MB 526kB/s Installing collected packages: virtualenv Successfully installed virtualenv-16.0.0
为AskBot内容创建一个目录:
# mkdir /srv/askbot # chown askbot:askbot /srv/askbot/ # su - askbot $cd /srv/askbot/
安装VirtualEnv软件包后,为AskBot创建虚拟环境:
$virtualenv venv New python executable in /srv/askbot/venv/bin/python Installing setuptools, pip, wheel...done.
来源ENV开始使用它:
$cd venv/ $Hyman@theitroad:/srv/askbot/venv$source bin/activate (venv) Hyman@theitroad:/srv/askbot/venv$
然后安装AskBot和MySQL Python模块:
$pip install askbot gunicorn mysqlclient mysql-python
Setup AskBot:
(venv) Hyman@theitroad:/srv/askbot/venv$mkdir askbot-app (venv) Hyman@theitroad:/srv/askbot/venv$cd askbot-app
运行命令 askbot-setup安装问。
(venv) Hyman@theitroad:/srv/askbot/venv/askbot-app$askbot-setup Deploying Askbot - Django Q&A forum application Problems installing? -> please email Hyman@theitroad To CANCEL - hit Ctr-C at any time Enter directory path (absolute or relative) to deploy askbot. To choose current directory - enter "." > . Please select database engine: 1 - for postgresql, 2 - for sqlite, 3 - for mysql, 4 - oracle type 1/2/3/4: 3 Please enter database name (required) > askbot_db Please enter database user (required) > askbot Please enter database password (required) > Password Copying files: * __init__.py * manage.py * urls.py * django.wsgi Creating settings file settings file created copying directories: * doc * cron * upfiles Done. Please find further instructions at http://askbot.org/doc/
生成静态文件到Askbot安装目录:
$python manage.py collectstatic
如果我们收到"TypeError:在调用MetaClass Bases时出错"的错误,则会有修复。
我们需要安装六个1.10.0版本。
卸载最新版本并安装v1.10.0
(venv) Hyman@theitroad:/srv/askbot/askbot-app$pip uninstall six (venv) Hyman@theitroad:/srv/askbot/askbot-app$pip install six==1.10.0
完成后,将静态文件生成arkbot安装目录:
$python manage.py collectstatic
输入"是",然后按Enter键继续完成文件的生成。
然后运行 makemigrations和 migrate命令
(venv) Hyman@theitroad:/srv/askbot/askbot-app$python manage.py makemigrations WARNING!!! You are using a 'locmem' (local memory) caching backend, which is OK for a low volume site running on a single-process server. For a multi-process configuration it is neccessary to have a production cache system, such as redis or memcached. With local memory caching and multi-process setup you might intermittently see outdated content on your site. System check identified some issues: WARNINGS: django_authopenid.UserPasswordQueue.user: (fields.W342) Setting unique=True on a ForeignKey has the same effect as using a OneToOneField. HINT: ForeignKey(unique=True) is usually better served by a OneToOneField. group_messaging.SenderList.recipient: (fields.W342) Setting unique=True on a ForeignKey has the same effect as using a OneToOneField. HINT: ForeignKey(unique=True) is usually better served by a OneToOneField. Migrations for 'askbot': 0013_auto_20160630_1518.py: - Change Meta options on activity - Change Meta options on award - Change Meta options on badgedata - Change Meta options on favoritequestion - Change Meta options on postflagreason - Change Meta options on postrevision - Change Meta options on replyaddress - Change Meta options on repute - Change Meta options on threadtogroup - Change Meta options on vote - Alter field frequency on emailfeedsetting - Alter field primary_language on userprofile
使用选项生成MySQL数据库 migrate。
(venv) Hyman@theitroad:/srv/askbot/askbot-app$python manage.py migrate
我们也可以使用:
$python manage.py syncdb ... Synchronizing apps without migrations: Creating tables... Running deferred SQL... Installing custom SQL... Running migrations: No migrations to apply. You have installed Django's auth system, and don't have any superusers defined. Would you like to create one now? (yes/no): yes Username (leave blank to use 'askbot'): askbot Email address: Hyman@theitroad Password: Password (again): Superuser created successfully.
当脚本询问我们如果要创建超级用户时,请在答案中应答,如果要创建一个。
默认情况下,AskBot为自动创建的第一个用户设置管理状态(超级用户),但也支持此表单。
使用:测试AskBot安装:
(venv):/srv/askbot/askbot-app$python manage.py runserver 0.0.0.0:8080
访问服务器IP和端口8080.如果一切正常,则应到达下面的仪表板:
步骤5:安装和配置UWSGI&nginx
从APT安装UWSGI:
$sudo apt-get install uwsgi
为AskBot创建UWSGI配置文件:
$sudo vim /etc/uwsgi/apps-enabled/askbot.ini
添加内容:
[uwsgi] # uwsgi configurations master = true processes = 5 uid = www-data gid=www-data listen.owner = www-data listen.group = www-data # App configurations chdir=/srv/askbot/askbot-app wsgi-file=/srv/askbot/askbot-app/django.wsgi virtualenv=/srv/askbot/venv socket = /srv/askbot/askbot.sock chown-socket = www-data:www-data chmod-socket = 664 vacuum = true die-on-term = true logto = /var/log/uwsgi.log log-master-stream = true
相应地修改文件,然后保存它。
安装nginx:
$sudo apt-get install nginx
重新启动UWSGI服务 www-data作为套接字文件所有者:
$sudo systemctl restart uwsgi
安装CERTBOT for生成Letsencrypt SSL证书:
# wget https://dl.eff.org/certbot-auto -P /usr/local/bin # chmod a+x /usr/local/bin/certbot-auto
生成Letsencrypt SSL证书:
# systemctl stop nginx # export DOMAIN='ask.theitroad.com' # export EMAIL="Hyman@theitroad" # certbot-auto certonly --standalone -d $DOMAIN \ --preferred-challenges http --agree-tos -n -m $EMAIL \ --keep-until-expiring
如果成功,Certbot将为我们提供成功的信息:
Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/ask.theitroad.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/ask.theitroad.com/privkey.pem Your cert will expire on 2016-09-28. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG/Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
创建nginx配置文件:
$sudo vim /etc/nginx/conf.d/askbot.conf
确保将变量替换为有效值,然后保存文件。
# Askbot Nginx cofiguration
# cofiguration for https
server {
listen 443 ssl http2;
server_name ask.theitroad.com www.ask.theitroad.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/ask.theitroad.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ask.theitroad.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location /static {
alias /srv/askbot/askbot-app/static;
}
location/{
include uwsgi_params;
uwsgi_pass unix:/srv/askbot/askbot.sock;
}
}
# http to https redirect
server {
listen 80;
server_name ask.theitroad.com www.ask.theitroad.com;
return 301 https://$server_name$request_uri;
}
确认语法是可以的:
$sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
重新启动两者 uwsgi和 nginx改变后的服务。
$sudo systemctl restart uwsgi nginx
