Django + uWSGI + Nginx

证书准备工作

  • Install https

    配置说明
    https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E

    安装 acme.sh

    curl  https://get.acme.sh | sh
    

    acme.sh 会被安装到 home 目录下

    cd ~/.acme.sh/
    

    并创建 一个 bash 的 alias, 方便使用:

    alias acme.sh=~/.acme.sh/acme.sh
    

    从阿里云 申请 key / secret

    export Ali_Key="LTAIGeWI5I4X1qNi"
    export Ali_Secret="8ypTj8BiFstqStRaaPOziGMpqmKGjK"
    

    生成证书

      acme.sh --issue --dns dns_ali -d "*.example.top" -d example.top
    

    记录保存路径

    [Tue May 22 08:13:47 EDT 2018] Your cert is in  /root/.acme.sh/*.example.top/*.example.top.cer
    ### important
    [Tue May 22 08:13:47 EDT 2018] Your cert key is in  /root/.acme.sh/*.example.top/*.example.top.key
    [Tue May 22 08:13:47 EDT 2018] The intermediate CA cert is in  /root/.acme.sh/*.example.top/ca.cer
    ### important
    [Tue May 22 08:13:47 EDT 2018] And the full chain certs is there:  /root/.acme.sh/*.example.top/fullchain.cer
    

Django + uWSGI + nginx

安装 Django

pip3 install django

安装 uWSGI

pip3 install uwsgi

创建 django 项目

# /root/projects/demo
django-admin startproject demo

配置 uwsgi.ini

#/root/projects/script/uwsgi.ini

[uwsgi]
http=127.0.0.1:8080
chdir=/root/projects/demo
module=demo.wsgi
daemoize=/var/log/demo.log
static-map=/static=/root/projects/demo/static
pidfile=/root/projects/demo/demo.pid

配置 nginx VM

在 /etc/nginx/sites-available/ 下 创建 example.top.conf 配置文件。

建议名称和你的域名一致

server{
      listen 80;
      #root   /var/www/example.top/public_html/;
      #index  index.html;
      server_name example.top;
      rewrite ^(.*)$  https://$host$1 permanent;
  }

  server{
      listen 443 ssl http2;
      root    /var/www/example.top/public_html/;
      index   index.html;
      add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
      ssl         on;
      ssl_certificate     /root/.acme.sh/*.example.top/fullchain.cer;
      ssl_certificate_key /root/.acme.sh/*.example.top/*.example.top.key;
      #ssl_certificate        /root/.acme.sh/example.top/fullchain.cer;
      #ssl_certificate_key    /root/.acme.sh/example.top/example.top.key;
      ssl_prefer_server_ciphers   on;
      ssl_session_timeout 10m;
      ssl_protocols   TLSv1.2 TLSv1.3;
      ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:EECDH+ECDSA+AES128:EECDH+aRSA+AES128!MD5;
      server_name example.top;

      location /{
          proxy_pass http://127.0.0.1:8080; # 这里要和前面uswgi.ini 配置文件 内 一致
      }
  }

站点的符号链接,真正起效的在 /etc/nginx/sites-enabled/,所以设置一个软链接

  sudo ln -s /etc/nginx/sites-available/example.top /etc/nginx/sites-enabled/

测试Nginx配置的正确语法:

  sudo nginx -t

nginx 重新加载

  systemctl restart nginx

运行 uwsgi (后台运行)

  nohup uwsgi --ini uwsgi.ini &

你可能感兴趣的:(Django + uWSGI + Nginx)