1.线上部署一般会使用https的方式进行部署,本身django框架是不支持的,所以需要。。。
1)安装扩展
pip install django-extensions django-werkzeug-debugger-runserver pyOpenSSL
2)添加配置项settings.py文件中
INSTALLED_APPS = [ 'werkzeug_debugger_runserver', 'django_extensions', 'corsheaders', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'mozilla_django_oidc', ]
这样就可以使用启动命令来启动服务了
python manage.py runserver_plus 0.0.0.0:8000 --cert-file=/etc/certs/xxx.com.crt --key-file=/etc/certs/xxx.com.key
即可启动一个https://0.0.0.0:8000的django服务了
但是这种这能监听一个接口,提供服务, django3.0+提供了异步特性, 同时支持uvicorn的部署方式
2.supervisor+uvicorn+nginx部署
1)安装uvicorn
uvicorn采用了uvloop 用Cython改写了python里面asyncio的时间循环, 将asyncio的效率提高了4倍以上
pip3 install uvicorn
运行项目方式:
uvicorn [项目主目录].asgi.application 即可
2)安装supervisor, 这个的安装我之前的文章中也有详细的说明, 这里就略过,详见https://www.cnblogs.com/xingxia/p/supervisor_all.html
添加项目配置项:
[fcgi-program:xxx] socket=tcp://localhost:8000 directory=/opt/xxx/ command=/opt/xxx/env/bin/uvicorn --fd 0 xxx.asgi:application --ssl-certfile=/etc/certs/xxx.com_bundle.crt --ssl-keyfile=/etc/certs/xxx.com.key numprocs=4 autostart=true process_name=service-%(process_num)d stdout_logfile=/var/log/supervisord/xxx.log ; stdout log path, NONE for none; default AUTO stdout_logfile_maxbytes=100MB ; max # logfile bytes b4 rotation (default 50MB) stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) stderr_logfile=/var/log/supervisord/xxx_error.log ; stderr log path, NONE for none; default AUTO stderr_logfile_maxbytes=100MB ; max # logfile bytes b4 rotation (default 50MB) stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)
说明:
socket为对外暴露的接口 可以是unix 也可以是一个网络端口 端口的形式可以见官方文档
command为执行命令
directory为项目路径
numprocs是处理器个数
process_name是处理进程的名称
添加完成之后, 更新supervisor
supervisorctl update # 更新配置 supervisorctl start uvicorn:* supervisorctl stop uvicorn:* supervisorctl restart uvicorn:* *的作用是所有进程: start <name> Start a process start <gname>:* Start all processes in a group start <name> <name> Start multiple processes or groups start all Start all processes
3)nginx配置
配置文件中添加反向代理
1)http
server { listen 80; server_name localhost charset UTF-8; access_log /home/log/xxx_access.log; error_log /home/log/xxx_error.log; client_max_body_size 75M; location / { proxy_pass http://127.0.0.1:8000; } }
2)https
server { listen 443 ssl; server_name xxx.com; access_log /var/log/nginx/xxx.com_access.log main; error_log /var/log/nginx/xxx.com_error.log warn; ssl_certificate /etc/certs/xxx.com_bundle.crt; ssl_certificate_key /etc/certs/xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /opt/XXX/dist; index index.html; #proxy_pass http://127.0.0.1:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ ^/(admin|user|oidc|backend|astatic) { proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_pass https://127.0.0.1:8000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }