亚马逊 Linux 上的 uwsgi 新贵
Posted
技术标签:
【中文标题】亚马逊 Linux 上的 uwsgi 新贵【英文标题】:uwsgi upstart on amazon linux 【发布时间】:2015-01-27 14:12:45 【问题描述】:我按照本教程 https://uwsgi.readthedocs.org/en/latest/Upstart.html 在 amazon linux 上创建了一个 uwsgi 文件。虽然它似乎没有运行,因为 nginx 只是说网关不好。如果我运行
/etc/init/uwsgi.conf
description "uwsgi tiny instance"
start on runlevel [2345]
stop on runlevel [06]
exec /home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini
如果我在 shell 中运行以下命令,那么 python 应用程序就会运行。
/home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini
uwsgi-prod_demo.ini
[uwsgi]
socket = :8080
chdir = /home/ec2-user/prod_demo
master = True
venv = /home/ec2-user/venv
callable = app
wsgi-file = /home/ec2-user/prod_demo/manage.py
enable-threads = True
https = =0,/home/ec2-user/xxx.com.au.pem,/home/ec2-user/newkey.pem,HIGH
nginx.conf
user ec2-user;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events
worker_connections 1024;
http
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server
listen 80;
listen 443 ssl;
ssl_certificate /home/ec2-user/xxx.com.au.pem;
ssl_certificate_key /home/ec2-user/newkey.pem;
server_name import.xxx.com.au *.import.xxx.com.au;
access_log /var/log/prod_demo/access_log;
root /home/ec2-user/prod_demo;
location /
uwsgi_pass 127.0.0.1:8080;
include uwsgi_params;
location /static
alias /home/ec2-user/prod_demo/app/static;
location = /favicon.ico
alias /home/ec2-user/prod_demo/app/static/images/favicon.ico;
【问题讨论】:
【参考方案1】:为了解决这个问题,我做了一些事情。 - 将所有脚本从主目录移动到 /var/www/ - 创建了一个 www 组和 www 用户并将 /var/www chown 到 www:www
完整说明
创建用户和组 www 和 www
sudo groupadd www
sudo adduser www -g www
创建一个目录,您的烧瓶应用程序将在其中,即 /var/www/
sudo chown -R www:www /var/www
/etc/nginx/nginx.conf
# /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user www;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events
worker_connections 1024;
http
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
client_max_body_size 20M;
#keepalive_timeout 0;
keepalive_timeout 0;
uwsgi_read_timeout 86400;
uwsgi_send_timeout 86400;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name demo.test.com.au;
access_log /var/log/prod_demo/access_log;
root /var/www/prod_demo;
location /
uwsgi_pass 127.0.0.1:28080;
include uwsgi_params;
location /static
alias /var/www/prod_demo/app/static;
location = /favicon.ico
alias /var/www/prod_demo/app/static/images/favicon.ico;
server
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name ajtravel.test.com.au;
access_log /var/log/prod_demo_two/access_log;
root /var/www/prod_demo_two;
location /
uwsgi_pass 127.0.0.1:28082;
include uwsgi_params;
location /static
alias /var/www/prod_demo_two/app/static;
location = /favicon.ico
alias /var/www/prod_demo_two/app/static/images/favicon.ico;
#test config
server
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name demo.test.test.com.au;
access_log /var/log/prod_demo/access_log;
root /var/www/prod_demo;
location /
uwsgi_pass 127.0.0.1:28080;
include uwsgi_params;
location /static
alias /var/www/prod_demo/app/static;
location = /favicon.ico
alias /var/www/prod_demo/app/static/images/favicon.ico;
server
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name ajtravel.test.test.com.au;
access_log /var/log/prod_demo_two/access_log;
root /var/www/prod_demo_two;
location /
uwsgi_pass 127.0.0.1:28082;
include uwsgi_params;
location /static
alias /var/www/prod_demo_two/app/static;
location = /favicon.ico
alias /var/www/prod_demo_two/app/static/images/favicon.ico;
/etc/init/uwsgi-prod-demo.conf
# https://uwsgi.readthedocs.org/en/latest/Upstart.html
# /etc/init/uwsgi.conf
# simple uWSGI script
description "uwsgi tiny instance"
#start on runlevel [2345]
#stop on runlevel [06]
start on started elastic-network-interfaces
exec /var/www/venv/bin/uwsgi --ini /var/www/uwsgi-prod_demo.ini
/var/www/uwsgi-prod_demo.ini
[uwsgi]
uid = www
gid = www
socket = :28080
chdir = /var/www/prod_demo
master = True
venv = /var/www/venv
callable = app
wsgi-file = /var/www/prod_demo/manage.py
enable-threads = True
【讨论】:
我使用用户 ec2 组 www-data ,可以吗。我发现在 /var/www/ 下移动项目文件是一个非常好的做法。 @tyan 我仍然不是这种安全方面的专家,尽管我认为这不是一个好主意。如果您的应用程序中存在安全漏洞,用户可能能够将自己提升为 root。我设置的www用户不能使用su。 但 nginx 在 ubuntu 上默认为 www-data 。为什么我们要设置另一个 usr 和一个新组而不是使用默认值 >以上是关于亚马逊 Linux 上的 uwsgi 新贵的主要内容,如果未能解决你的问题,请参考以下文章
使用Nginx+uwsgi在亚马逊云服务器上部署python+django项目完整版——云服务器申请及配置
使用Nginx+uwsgi在亚马逊云服务器上部署python+django项目完整版——部署配置及相关知识
phpmyadmin 无法在亚马逊 ec2 实例上的 linux ami 中的 nginx Web 服务器上工作