使用ngnix通过uwsgi app容器部署django项目
nginx再linux下可以自己编译,我采用的编译选项为:
--prefix=/home/hzh/soft/softy/nginx-1.18.0 \ --with-threads \ --with-file-aio \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module \ --with-http_image_filter_module \ --with-http_geoip_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_perl_module \ --with-perl=/usr/bin/perl \ --with-mail \ --with-mail_ssl_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module \ --with-stream_ssl_preread_module \ --with-cpp_test_module \ --with-compat \ --with-pcre \ --with-pcre-jit \ --with-libatomic \ --with-debug \ --with-perl_modules_path=/home/hzh/soft/softy/nginx-1.18.0/perl_modules
这里的 --with-perl_modules_path 是指nginx代码编译出来的调用perl的一个中间模块需要存放的位置,就是nginx自己的东西,放在安装目录即可。
如果perl没安装,可以使用以下的命令安装:
sudo apt install -y perl libperl-dev libgd3 libgd-dev libgeoip1 libgeoip-dev geoip-bin libxml2 libxml2-dev libxslt1.1 libxslt1-dev
uwsgi 采用 pip 来安装:
$ vf activate env3.8.2
$ pip install uwsgi
nginx和uwsgi部署django项目的文档大致有如下参考:
https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html
https://docs.djangoproject.com/en/3.1/howto/deployment/wsgi/uwsgi/
https://uwsgi-docs.readthedocs.io/en/latest/Management.html
首先,如果要在远程(非 localhost)访问web,必须在django项目里的settings里添加/修改ALLOWED_HOSTS,示例: ALLOWED_HOSTS = ["web的域名或ip地址", "localhost", "127.0.0.1"]
我的部署示例:
我的django项目位于: /home/hzh/develop/u-chuang/webs/device_register
项目目录结构:
device_register
├── db.sqlite3
├── device_register
│ ├── asgi.py
│ ├── __init__.py
│ ├── __pycache__
│ ├── settings.py
│ ├── urls.py
│ └── wsgi.py
├── manage.py
├── register
│ ├── admin.py
│ ├── apps.py
│ ├── __init__.py
│ ├── migrations
│ │ ├── 0001_initial.py
│ │ ├── 0002_auto_20201127_0317.py
│ │ ├── 0003_auto_20201127_0512.py
│ │ ├── 0004_auto_20201127_0515.py
│ │ ├── 0005_auto_20201127_0630.py
│ │ ├── 0006_auto_20201128_1122.py
│ │ ├── 0007_auto_20201128_1403.py
│ │ ├── __init__.py
│ │ └── __pycache__
│ ├── models.py
│ ├── __pycache__
│ ├── static
│ │ └── register
│ │ └── style.css
│ ├── templates
│ │ └── register
│ │ └── waiting_lists.html
│ ├── tests.py
│ ├── urls.py
│ └── views.py
├── static
│ ├── admin
│ ├── grappelli
│ └── register
│ └── style.css
└── templates
└── admin-hzh
├── actions.html
├── app_list.html
├── base_site.html
├── change_list_results.html
└── index.html
其中 device_register/static 目录是静态目录,里面包含了app register的目录及 grappelli(一个admin美化模块) 目录。
部署配置文件结构:
nginx-uwsgi-config
├── nginx-config
│ ├── mime.types
│ ├── my-nginx.conf
│ ├── nginx.conf
│ └── uwsgi_params
└── uwsgi-config
└── uwsgi.ini
其中的 mime.types 和 uwsgi_params 是nginx自带的,没有任何改变; nginx.conf 大部分是nginx自带的,有点改变,全文如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include /tmp/hzh/my-nginx.conf;
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
其中 my-nginx.conf 是与自己项目相关的配置:
# the upstream component nginx needs to connect to
upstream django {
server unix:/tmp/hzh/device_register-uwgsi-nginx.sock; # for a file socket
# server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 8000;
# the domain name it will serve for
server_name example.com; # substitute your machine's IP address or FQDN
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /path/to/your/mysite/media; # your Django project's media files - amend as required
}
location /static {
alias /home/hzh/develop/u-chuang/webs/device_register/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/hzh/soft/nginx/conf/uwsgi_params; # the uwsgi_params file you installed
}
}
其中 uwsgi.ini 是uwsgi的配置文件:
[uwsgi]
# Django-related settings
# the base directory (full path)
chdir = /home/hzh/develop/u-chuang/webs/device_register
# Django's wsgi file
module = device_register.wsgi:application
# the virtualenv (full path)
home = /home/hzh/.virtualenvs/env3.8.2
env = DJANGO_SETTINGS_MODULE=device_register.settings
# process-related settings
# master
master = true
# maximum number of worker processes
processes = 10
# the socket (use the full path to be safe
socket = /tmp/hzh/device_register-uwgsi-nginx.sock
# ... with appropriate permissions - may be needed
chmod-socket = 664
pidfile = /tmp/hzh/device_register-uwsgi.pid
# clear environment on exit
vacuum = true
重要,建议nginx与uwsgi通信使用 file socket,而不是使用 port socket,因为 port socket 相当于暴露了 uwsgi 给外部,安全级别不好。
这些配置文件准备好后,就可以运行uwsgi和nginx了:
$ uwsgi --ini uwsgi.ini
$ /home/hzh/soft/nginx/sbin/nginx -c /tmp/hzh/nginx-uwsgi-config/nginx-config/nginx.conf
重要,uwsgi使用emperor(皇帝,相当于管理者)和vassals(臣子,相当于每个被管理的app)模式,实现同一个服务器同时运行多个web app:
参考文档地址:
https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html
https://uwsgi.readthedocs.io/en/latest/tutorials/Django_and_nginx.html#emperor-mode
总体思路就是一个emperor管理多个vassals,实现同一个服务器同时运行多个web app。
下面是我的示例:
我的项目1: lottery,其目录结构如下: 是一个标准的django项目。 把它作为uwsgi的vassals的方法就是在项目里包含一个项目自己的uwsgi.ini文件,这里我们看到的是位于: uwsgi-config/uwsgi.ini
lottery/ ├── calculate │ ├── admin.py │ ├── apps.py │ ├── __init__.py │ ├── migrations │ ├── models.py │ ├── __pycache__ │ ├── static │ ├── templates │ ├── tests.py │ ├── urls.py │ └── views.py ├── db.sqlite3 ├── lottery │ ├── asgi.py │ ├── __init__.py │ ├── __pycache__ │ ├── settings.py │ ├── urls.py │ └── wsgi.py ├── manage.py ├── static │ └── calculate -> ../calculate/static/calculate └── uwsgi-config └── uwsgi.ini
其中 uwsgi.ini的内容为:
[uwsgi] # Django-related settings # the base directory (full path) chdir = /home/hzh/github/hzh/lottery # Django's wsgi file module = lottery.wsgi:application # the virtualenv (full path) home = /home/hzh/.virtualenvs/env3.8.2 env = DJANGO_SETTINGS_MODULE=lottery.settings # process-related settings # master master = true # maximum number of worker processes processes = 10 # the socket (use the full path to be safe socket = /tmp/lottery-uwgsi-nginx.sock # ... with appropriate permissions - may be needed chmod-socket = 664 pidfile = /tmp/lottery-uwsgi.pid # clear environment on exit vacuum = true
# enable-threads = true # 如果你在python里使用了thread,则需要这个配置,比如 apscheduler 就使用了thread
上面就是每个app作为uwsgi的vassals的配置。
以下是 nginx 及uwsgi 的配置与运行方法:
nginx 及uwsgi emperor配置的目录结构:
nginx-uwsgi-config/ ├── nginx-config │ ├── mime.types │ ├── my-nginx.conf │ ├── nginx.conf │ └── uwsgi_params └── uwsgi-emperor-config ├── uwsgi-emperor.ini └── vassals └── lottery.ini -> /home/hzh/github/hzh/lottery/uwsgi-config/uwsgi.ini
最重要的就是vassals目录,里面放的是所有vassals的配置的符号链接,uwsgi以 --emperor-nofollow 模式运行后,emperor将会自动管理vassals目录的所有配置,如果这些配置发生改变(其mtime 改变),则会自动加载该app,不需要重启uwsgi。
其中uwsgi-emperor.ini 就是emperor的配置。
其中mime.types 和 uwsgi_params 是nginx自带的,没有任何改变; nginx.conf 大部分是nginx自带的,有点改变,全文如下:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include /home/hzh/github/hzh/nginx-uwsgi-config/nginx-config/my-nginx.conf; server { #listen 80; #server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; #location / { # root html; # index index.html index.htm; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root html; #} # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
其中 my-nginx.conf 是自定义的配置,这里只有一个server的配置,请自行为其它server创建自己的配置,内容都差不多,my-nginx.conf 内容如下:
# the upstream component nginx needs to connect to upstream lottery { server unix:/tmp/lottery-uwgsi-nginx.sock; # for a file socket # server 127.0.0.1:8001; # for a web port socket (we'll use this first) } # configuration of the server server { # the port your site will be served on listen *:28888; # the domain name it will serve for server_name 192.168.1.20; # substitute your machine's IP address or FQDN charset utf-8; # max upload size client_max_body_size 0M; # adjust to taste # Django media location /media { alias /path/to/your/mysite/media; # your Django project's media files - amend as required } location /static { alias /home/hzh/github/hzh/lottery/static; # your Django project's static files - amend as required } # Finally, send all non-media requests to the Django server. location / { uwsgi_pass lottery; include /home/hzh/github/hzh/nginx-uwsgi-config/nginx-config/uwsgi_params; # the uwsgi_params file you installed } }
其中 uwsgi-emperor.ini 的内容如下:
[uwsgi]
# vassals 的目录 emperor = ./vassals # vassal-set = processes=8 # vassal-set = enable-metrics=1
web服务器的运行方法为:
# --emperor-nofollow 与 --emperor 功能相同,但是--emperor-nofollow 更好,它的意思是在监控 mtime 的时候,不跟踪符号链接,即 do not follow symlinks when checking for mtime $ uwsgi --emperor-nofollow ./uwsgi-emperor.ini 1>/dev/null 2>&1 & $ /home/hzh/soft/nginx/sbin/nginx -c /home/hzh/github/hzh/nginx-uwsgi-config/nginx-config/nginx.conf
要手动让uwsgi reload某个app,可以直接touch这个app的vassals符号链接文件即可,但是touch最好带上 --no-dereference 参数,尽量不改变原文件的mtime,即:
$ touch --no-dereference uwsgi-emperor-config/vassals/lottery.ini
支付宝扫一扫捐赠
微信公众号: 共鸣圈
欢迎讨论,邮件: 924948$qq.com 请把$改成@
QQ群:263132197
QQ: 924948