[从零开始]Flask+Nginx在云服务器上部署服务
服务器:百度智能云轻量应用服务器 2H4G
换源
mv /etc/apt/sources.list /etc/apt/sources_bak.list
vi /etc/apt/sources.list
- 清华源
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
- 中科大源
deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
vim
- 方向键变ABCD
echo "set nocp" >> ~/.vimrc
source ~/.vimrc
- backspace无法删除 - 卸载旧版的vim重新安装
apt remove vim-common
apt install vim
Miniconda3
- 安装
# 官网 - https://conda.io/en/latest/miniconda.html
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
bash Miniconda3-latest-Linux-x86_64.sh
# 如果环境变量没有自动写入则修改环境变量
# echo "export PATH=/root/Miniconda3/bin:\$PATH" >> ~/.bashrc
source ~/.bashrc
- pip换源 - 创建
~/.pip/pip.conf,写入以下内容
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host = https://pypi.tuna.tsinghua.edu.cn
- 创建虚拟环境 - 防止包冲突
conda create -n envname python=x.x.x
Flask
- 安装
pip install flask
- 编写一个简单的服务端
from flask import Flask
app = Flask(__name__)
@app.route('/')
def index():
return "hello world";
if __name__ == '__main__':
app.run('127.0.0.1', '8080', debug=True)
使用nginx代理需要获取真实的IP
from flask import Flask
app = Flask(__name__)
@app.route('/')
def index():
return "hello world";
def fix_werkzeug_logging():
from werkzeug.serving import WSGIRequestHandler
def address_string(self):
return"[%s]-[%s]" % (self.headers.get('X-Forwarded-For', self.client_address[0]), self.headers.get('X-Real-Ip', self.client_address[0]))
WSGIRequestHandler.address_string = address_string
if __name__ == '__main__':
fix_werkzeug_logging()
app.run('127.0.0.1', '8080', debug=True)
Nginx
- 安装
# install
apt install nginx
# 查找位置
whereis nginx
# nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz
# 启动服务
service nginx start
- 修改配置文件实现域名/IP访问服务
配置文件在
/etc/nginx里面,使用vim打开nginx.conf可以看到一系列配置,网站的访问主要在http里面,创建一个server即一个访问路由,根据域名跳转到本地IP和端口。其中listen的端口号为80才能实现原始域名访问,否则需要在域名后面加入端口号。
# 在http中创建一个监听服务
http {
server {
listen 80; # 监听的端口
server_name youname.com www.youname.com; # 域名 (也可以是IP)
location /{
proxy_pass http://127.0.0.1:8080; # 本地ip和端口
proxy_set_header X-Real-IP $remote_addr; # flask中获取原始ip需要这个
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 获取代理ip之前的原始ip
}
}
}
以下内容需要有域名
- 配置SSL安全访问 https
SSL证书可以免费申请,下载下来的包括一个
crt文件和一个key文件,然后配置到Nginx中,需要注意的是listen端口变成了443。如果要把http访问全部转成https则把http的server监听并重定向。
需要注意的是每一个SSL证书只对应一个域名,二级域名实现SSL需要重新申请。
http {
server {
listen 443 ssl;
server_name youname.com;
# 配置crt
ssl_certificate "/path/to/xxx.crt";
# 配置key
ssl_certificate_key "/path/to/xxx.key";
location /{
proxy_pass http://127.0.0.1:8090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect default;
}
}
server {
listen 80;
server_name *.youname.com youname.com; # 泛解析形式,不管二级域名是什么都直接跳转,还要补一个没有前缀的
rewrite ^(.*)$ https://$host$1 permanent; # 把http访问的域名转换到https
}
}
配置完成后可以先测试,成功后重启服务就可以使用https访问了。
nginx -t
# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# nginx: configuration file /etc/nginx/nginx.conf test is successful
service nginx restart
- 禁用IP访问
server {
listen 80 default;
server_name _;
return 403;
}
server {
listen 443 ssl default;
server_name _;
# 随便选一个就行
ssl_certificate "/path/to/xxx.crt";
ssl_certificate_key "/path/to/xxx.key";
return 403;
}