在Debian上配置Nginx+uwsgi+flask

0x00 前提说明


测试机器:腾讯云云主机
相关配置说明

)
操作系统 Debian 7.8 32位
CPU 1核
内存 1GB
系统盘 20GB(本地磁盘
数据盘 0GB
公网带宽 1Mbps

好奇= = 那个)咋来的= =
看的没错就是那个腾讯云学生1元服务器,体验上Debian不是很好,或许跟用Centos/ubuntu较多有关吧..阿里的比较好
测试时为刚重装= =

0x01 Install Nginx


0x0101 修改源


wget

wget http://nginx.org/keys/nginx_signing.key

import key

apt-key add nginx_signing.key

修改源

nano /etc/apt/sources.list
添加如下:
deb http://nginx.org/packages/debian/ wheezy nginx
deb-src http://nginx.org/packages/debian/ wheezy nginx
deb http://ftp.cn.debian.org/debian sid main
#第三个为openssl准备的= =ctrl 0/ctrl X

update

apt-get update

突变= =

apt-get install openssl
#在安装结束后
openssl version
#现在版本应该是
OpenSSL 1.0.2g  1 Mar 2016
注:腾讯云竟然Failed to fetch Debian镜像源,将源的cn改为hk吧,Debian主要映像站好像没中国了,只有香港和台湾= =速度慢的可怕
换163的


0x0110 install nginx


手动升级参考Debian升级Python

或者

sudo apt-get install python-setuptools
sudo easy_install pip
sudo pip install virtualenv

可能pip无法安装,可以手动

wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
其实wget也很慢
sudo apt-get install python-pip
0x01100 手动安装nginx

之前写的,搬过来啦,腾讯云太坑啦= = download

wget http://nginx.org/download/nginx-1.9.10.tar.gz
tar -zxvf nginx-1.9.10.tar.gz 
cd nginx-1.9.10/

configure

./configure \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=www-data \
--group=www-data \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--without-http_fastcgi_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-http_memcached_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_v2_module

next:
make
finally:
make install
check:

[email protected]:/etc/nginx# nginx -V
nginx version: nginx/1.9.10
built by gcc 5.3.1 20160205 (Debian 5.3.1-8) 
built with OpenSSL 1.0.2f  28 Jan 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_v2_module
[email protected]:/etc/nginx#

http2.0

config(nginx.conf):
# HTTPS server
#
server {
    listen       443 ssl http2;
    server_name  www.ist-802.net;

    ssl_certificate /etc/nginx/ssl/1.crt;
    ssl_certificate_key /etc/nginx/ssl/1.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /var/www/html;
        index  index.html index.htm;
    }
}

ssl_ciphers 可能不好用
then

nginx -t
nginx -s reload
0x01101 …

明天继续更新= =
pip install flask都失败了= =

继续上面的坑,pip install virtualenv或许提示md5 err相关问题,用 easy_install virtualenv or apt-get install python-virtualenv(py3)

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install build-essential python python-dev

安装完后访问ip 115.159.107.56

sudo pip install uwsgi

注:用户为root = =
切换到var/www目录下,mkdir ysbot
cd ysbot
virtualenv venv
实在搞不定这,网络问题,剩下的用虚拟机补上吧= =
如果不是root自行更改权限:chown -R xxx:xxx /var/www/ysbot
另外虚拟环境一定要的= =
激活:. venv/bin/act (tab补全)
就是这样(venv) [email protected]:/var/www/ysbot# 接着可以安装自己所需的东西(本文已安装CTFd为例)

apt-get install git
git clone https://github.com/isislab/CTFd.git
自己移动一下
然后安装需要的包或者 ./prepare.sh

删除nginx默认配置

rm /etc/nginx/sites-enabled/default 

手动的可能在/etc/nginx/conf.d/目录
方便项目的管理直接在ysbot下新建一个ysbot.conf

server {
listen     443 ssl http2 ;
#    callable = app
ssl on;
server_name go.ist-802.net;
ssl_certificate      /var/www/ysbot/ssl/2.crt;
ssl_certificate_key  /var/www/ysbot/ssl/2.key;
ssl_session_timeout 5m;
  	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset     utf-8;
ssl_ciphers CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
location / { try_files $uri @yourapplication; }
location @yourapplication {
    include uwsgi_params;
    uwsgi_pass 127.0.0.1:9192;
	#uwsgi_pass unix:/var/www/go/go.sock;
    }
}
server {
	listen 80;
	server_name go.ist-802.net ;
	return 301 https://go.ist-802.net$request_uri;
}

然后一个链接过去

ln -s /var/www/ysbot/ysbot.conf /etc/nginx/conf.d
nginx -t
nginx -s reload

接着配置uwsgi,在ysbot目录下新建ysbot.ini

[uwsgi]
#application's base folder
base = /var/www/ysbot
socket = 127.0.0.1:9192
master=true
processes=2
threads=2
max-requests=6000 
#python module to import
app = server #就是python主程序的name
module = %(app)
 
home = %(base)/venv
pythonpath = %(base)
 
#socket file's location
#socket = /var/www/go/%n.sock
	 
#permissions for the socket file
chmod-socket    = 664
uid =nginx
gid =nginx
	 
#the variable that holds a flask application inside the 	module imported at line #6
callable = app
 
#location of log files
logto = /var/log/uwsgi/ysbot/%n.log
#log
daemonize = /var/log/uwsgi/ysbotx.log

注:uid/gid可能不是nginx,自己看一下,手动的可能是www-data


路径一定要全,不全的话杀死重新运行

另外记录log日志的用户改为nginx所属用户

0x10 End


Serving Flask With Nginx

另外在配置uwsgi时大多数人都推荐用socket方式而不是ip的方式
uWSGI Options

Standalone WSGI Containers -Gunicorn

吐槽:

94% |██████████████████████████████  | 4.5MB 316bytes/s eta 0:14:59
难道是我的姿势不对= =

0x11 Update


姿势:上面的姿势可能不对,但是部署nginx+flask+uwsgi是正确的

重新update姿势ok

sudo apt-get install uwsgi
pip install uwsgi -I
#好想要解决依赖

ctf.conf:

server{
    listen 8080;
    server_name localhost;
    charset utf-8;
    client_max_body_size 75M;

    #	location / { try_files $uri @yourapplication;}
    location / {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/uwsgi.sock;
        #uwsgi_pass 127.0.0.1:8081;
    }
}

在CTFd根目录

uwsgi -s /tmp/uwsgi.sock -w ”CTFd:create_app()“

刷新浏览器,可能出现502
update uwsgi.sock权限为777

*****
Written by ysicing on 22 March 2016