【docker-compose】Django不分离项目 + SSL部署
文件/文件夹 - 映射
# django在处理数据库或者媒体文件持久时需要用到
# nginx在读取媒体文件的时候需要用到
1: 移动静态文件(static media db.sqlite3等) 到定义的宿主机路径: /usr/graduation下
-- /usr/graduation/static
-- /usr/graduation/media
-- /usr/graduation/db.sqlite3
-- /usr/graduation/ssl # 如果有SSL部署,把文件复制到这个目录下
docker-compose
# 配置django与nginx的映射磁盘文件,以及启动容器的配置镜像,方便后面的读取
version: '3.4'
services:
django:
image: graduation-web
build:
context: .
container_name: graduation-web
volumes:
# 宿主机路径 : 容器路径
- /usr/graduation/static:/apps/graduation/static
- /usr/graduation/media:/apps/graduation/media
- /usr/graduation/db.sqlite3:/apps/graduation/db.sqlite3
ports:
- 端口号:端口号
nginx:
image: nginx
restart: always
container_name: graduation-nginx
ports:
- 80:80
- 443:443
volumes:
# nginx.conf的访问路径要跟这个一样
- ./nginx.conf:/etc/nginx/nginx.conf
- /usr/graduation/media:/media # 映射到容器里面的/media
- /usr/graduation/static:/static # 映射到容器里面的/static
- /usr/graduation/ssl:/ssl # 映射到容器里面的/ssl证书文件
depends_on:
- django
Dockerfile
# 配置容器里面的django环境
FROM python:3.9
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
WORKDIR /apps
COPY . /apps/graduation/
COPY ./static /static
WORKDIR /apps/graduation/
RUN pip install -i https://pypi.tuna.tsinghua.edu.cn/simple -r requirements.txt
RUN chmod +x /apps/graduation/ready.sh
# 需要配置启动脚本 SH
CMD ["/bin/sh", "/apps/graduation/ready.sh"]
ready.sh
# 数据库连接,迁移操作,以及django使用graduation启动
echo "==============> 测试数据库连接"
python manage.py makemigrations
python manage.py migrate
echo "==============> 迁移完成 启动程序"
exec gunicorn -c gunicorn_config.py graduation.wsgi:application
echo "==============> 完成"
gunicorn_config.py
# graduation启动时的参数配置
bind = "0.0.0.0:端口号"
workers = 4
timeout = 120
nginx.conf
# HTTP:配置nginx的反向代理端口与 静态文件访问路径
user nginx;
worker_processes auto; # 正确的位置
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/conf.d/*.conf; # 这里包含了其他配置文件
server {
listen 80;
server_name IP地址/域名;
# 反向映射
location / {
proxy_pass http://IP地址/域名:端口号/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 映射静态文件 与 docker-compose 的容器路径一致
location /static {
alias /static;
}
location /media {
alias /media;
}
}
}
SSL部署
1:下载证书的crt与key文件,存放到服务器上
2: 由于开启了SSL,所以需要给django信任域
seetings.py - > DEBUG = False
CSRF_TRUSTED_ORIGINS = ['https://www.bysj996.com', 'https://bysj996.com']
3:修改nginx.conf
# 添加一个server:所有HTTP请求都转发到HTTPS
server {
listen 80;
server_name www.bysj996.com bysj996.com;
return 301 https://$server_name$request_uri;
}
# 修改原来的SERVER
server {
listen 443 ssl;
server_name www.bysj996.com bysj996.com;
# SSL
ssl_certificate /ssl/bysj.crt;
ssl_certificate_key /ssl/bysj.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# 反向映射
location / {
proxy_pass http://IP:PORT/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer $http_referer;
}
location /static {
alias /static;
}
location /media {
alias /media;
}
}
Python全栈(后端、数据分析、脚本、爬虫、EXE客户端) / 前端(WEB,移动,H5) / Linux / SpringBoot / 机器学习
