1. casa
  2. Domanda e risposta
  3. uwsgi upstart su amazon linux

uwsgi upstart su amazon linux

2014-11-28 18 views
8

Ho creato un file uwsgi seguendo questo tutorial https://uwsgi.readthedocs.org/en/latest/Upstart.html su Amazon Linux. Anche se non sembra funzionare come Nginx dice solo gateway male. Se faccio funzionare il /etc/init/uwsgi.confuwsgi upstart su amazon linux

description "uwsgi tiny instance" 
start on runlevel [2345] 
stop on runlevel [06] 

exec /home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini

se faccio eseguire il seguente in guscio, poi corre applicazione Python.

/home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini

uwsgi-prod_demo.ini

[uwsgi] 
socket = :8080 
chdir = /home/ec2-user/prod_demo 
master = True 
venv = /home/ec2-user/venv 
callable = app 
wsgi-file = /home/ec2-user/prod_demo/manage.py 
enable-threads = True 
https = =0,/home/ec2-user/xxx.com.au.pem,/home/ec2-user/newkey.pem,HIGH

nginx.conf

user ec2-user; 
worker_processes 1; 

error_log /var/log/nginx/error.log; 
#error_log /var/log/nginx/error.log notice; 
#error_log /var/log/nginx/error.log info; 

pid  /var/run/nginx.pid; 


events { 
    worker_connections 1024; 
} 


http { 
    include  /etc/nginx/mime.types; 
    default_type application/octet-stream; 

    log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
         '$status $body_bytes_sent "$http_referer" ' 
         '"$http_user_agent" "$http_x_forwarded_for"'; 

    access_log /var/log/nginx/access.log main; 

    sendfile  on; 
    #tcp_nopush  on; 

    #keepalive_timeout 0; 
    keepalive_timeout 65; 

    #gzip on; 

    # Load modular configuration files from the /etc/nginx/conf.d directory. 
    # See http://nginx.org/en/docs/ngx_core_module.html#include 
    # for more information. 
    include /etc/nginx/conf.d/*.conf; 

    server { 
    listen 80; 
    listen 443 ssl; 
    ssl_certificate /home/ec2-user/xxx.com.au.pem; 
    ssl_certificate_key /home/ec2-user/newkey.pem; 
    server_name import.xxx.com.au *.import.xxx.com.au; 
    access_log /var/log/prod_demo/access_log; 

    root /home/ec2-user/prod_demo; 

    location/{ 
     uwsgi_pass 127.0.0.1:8080; 
     include uwsgi_params; 
    } 

    location /static { 
     alias /home/ec2-user/prod_demo/app/static; 
    } 

    location = /favicon.ico { 
      alias /home/ec2-user/prod_demo/app/static/images/favicon.ico; 
    } 
    } 
}

fonte

2014-11-28 darwindave

risposta

13

Per risolvere questo ho fatto un paio di cose. - Spostato tutti gli script dalla directory sede di un/var/www/ - ha creato un gruppo di www e user www e chown/var/www a www: www

istruzioni complete

  1. Creare un utente e gruppo www e www

    sudo groupadd www 
sudo adduser www -g www

  2. creare una directory in cui l'applicazione pallone sarà cioè/var/www/

    sudo chown -R www:www /var/www

  3. /etc/nginx/nginx.conf

    # /etc/nginx/nginx.conf 

# For more information on configuration, see: 
# * Official English Documentation: http://nginx.org/en/docs/ 
# * Official Russian Documentation: http://nginx.org/ru/docs/ 

user www; 
worker_processes 1; 

error_log /var/log/nginx/error.log; 
#error_log /var/log/nginx/error.log notice; 
#error_log /var/log/nginx/error.log info; 

pid  /var/run/nginx.pid; 


events { 
    worker_connections 1024; 
} 


http { 
    include  /etc/nginx/mime.types; 
    default_type application/octet-stream; 

    log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
         '$status $body_bytes_sent "$http_referer" ' 
         '"$http_user_agent" "$http_x_forwarded_for"'; 

    access_log /var/log/nginx/access.log main; 

    sendfile  on; 
    #tcp_nopush  on; 
    client_max_body_size 20M; 

    #keepalive_timeout 0; 
    keepalive_timeout 0; 

    uwsgi_read_timeout 86400; 
    uwsgi_send_timeout 86400; 

    #gzip on; 

    # Load modular configuration files from the /etc/nginx/conf.d directory. 
    # See http://nginx.org/en/docs/ngx_core_module.html#include 
    # for more information. 
    include /etc/nginx/conf.d/*.conf; 

    server { 
    listen 80; 
    listen 443 ssl; 
    ssl_certificate /var/www/test.com.au.pem; 
    ssl_certificate_key /var/www/newkey.pem; 
    server_name demo.test.com.au; 
    access_log /var/log/prod_demo/access_log; 

    root /var/www/prod_demo; 

    location/{ 
     uwsgi_pass 127.0.0.1:28080; 
     include uwsgi_params; 
    } 

    location /static { 
     alias /var/www/prod_demo/app/static; 
    } 

    location = /favicon.ico { 
      alias /var/www/prod_demo/app/static/images/favicon.ico; 
    } 
    } 

    server { 
    listen 80; 
    listen 443 ssl; 
    ssl_certificate /var/www/test.com.au.pem; 
    ssl_certificate_key /var/www/newkey.pem; 
    server_name ajtravel.test.com.au; 
    access_log /var/log/prod_demo_two/access_log; 

    root /var/www/prod_demo_two; 

    location/{ 
     uwsgi_pass 127.0.0.1:28082; 
     include uwsgi_params; 
    } 

    location /static { 
     alias /var/www/prod_demo_two/app/static; 
    } 

    location = /favicon.ico { 
      alias /var/www/prod_demo_two/app/static/images/favicon.ico; 
    } 
    } 

    #test config 

    server { 
    listen 80; 
    listen 443 ssl; 
    ssl_certificate /var/www/test.com.au.pem; 
    ssl_certificate_key /var/www/newkey.pem; 
    server_name demo.test.test.com.au; 
    access_log /var/log/prod_demo/access_log; 

    root /var/www/prod_demo; 

    location/{ 
     uwsgi_pass 127.0.0.1:28080; 
     include uwsgi_params; 
    } 

    location /static { 
     alias /var/www/prod_demo/app/static; 
    } 

    location = /favicon.ico { 
      alias /var/www/prod_demo/app/static/images/favicon.ico; 
    } 
    } 

    server { 
    listen 80; 
    listen 443 ssl; 
    ssl_certificate /var/www/test.com.au.pem; 
    ssl_certificate_key /var/www/newkey.pem; 
    server_name ajtravel.test.test.com.au; 
    access_log /var/log/prod_demo_two/access_log; 

    root /var/www/prod_demo_two; 

    location/{ 
     uwsgi_pass 127.0.0.1:28082; 
     include uwsgi_params; 
    } 

    location /static { 
     alias /var/www/prod_demo_two/app/static; 
    } 

    location = /favicon.ico { 
      alias /var/www/prod_demo_two/app/static/images/favicon.ico; 
    } 
    } 
}

  4. /etc/init/uwsgi-prod-demo.conf

    # https://uwsgi.readthedocs.org/en/latest/Upstart.html 
# /etc/init/uwsgi.conf 
# simple uWSGI script 

description "uwsgi tiny instance" 
#start on runlevel [2345] 
#stop on runlevel [06] 

start on started elastic-network-interfaces 

exec /var/www/venv/bin/uwsgi --ini /var/www/uwsgi-prod_demo.ini

  5. /var/www/uwsgi-prod_demo.ini

    [uwsgi] 
uid = www 
gid = www 
socket = :28080 
chdir = /var/www/prod_demo 
master = True 
venv = /var/www/venv 
callable = app 
wsgi-file = /var/www/prod_demo/manage.py 
enable-threads = True

fonte

2014-12-01 03:49:30 darwindave

+0

io uso all'utente gruppo EC2 www-data, è che ok.I trovato file di progetto mossa sotto/var/www/è una buona pratica. – tyan

+0

@tyan Non sono ancora esperto in questa sicurezza, anche se non penso che sia una buona idea. Nel caso di un difetto di sicurezza nella tua applicazione, l'utente potrebbe essere in grado di elevarsi a root. L'utente www che ho configurato non può usare il su. – darwindave

+0

ma nginx ha come valore predefinito www-data su ubuntu. perché dovremmo impostare un altro usr e un nuovo gruppo invece di usare il predefinito> – tyan

 Problemi correlati

  • Nessun problema correlato^_^