2020-01-17 上線檢查

  1. 上線前的檢查
    python [圖片上傳失敗...(image-d41cc-1579252119950)]

manage.py check --deploy

保持HTTPS連接的時(shí)間

SECURE_HSTS_SECONDS = 3600

SECURE_HSTS_INCLUDE_SUBDOMAINS = True

SECURE_HSTS_PRELOAD = True

自動(dòng)重定向到安全連接

SECURE_SSL_REDIRECT = True

避免瀏覽器自作聰明推斷內(nèi)容類型

SECURE_CONTENT_TYPE_NOSNIFF = True

避免跨站腳本攻擊

SECURE_BROWSER_XSS_FILTER = True

COOKIE只能通過HTTPS進(jìn)行傳輸

SESSION_COOKIE_SECURE = True

CSRF_COOKIE_SECURE = True

防止點(diǎn)擊劫持攻擊手段 - 修改HTTP協(xié)議響應(yīng)頭

當(dāng)前網(wǎng)站是不允許使用<iframe>標(biāo)簽進(jìn)行加載的

X_FRAME_OPTIONS = 'DENY'

  1. 創(chuàng)建項(xiàng)目文件夾
    mkdir -p ~/project/{code, conf, logs, stat}
    cd project

  2. 克隆項(xiàng)目到code文件夾
    cd code
    git clone --depth=1 git@gitee.com:jackfrued/blog.git

  3. 創(chuàng)建虛擬環(huán)境重建依賴項(xiàng)
    cd ..
    pip3 install virtualenv
    virtualenv --python=/usr/bin/python3 venv
    source venv/bin/activate
    pip install -r code/blog/requirements.txt
    pip install uwsgi

  4. 編寫uWSGI的配置文件 - conf/uwsgi.ini
    [uwsgi]

配置前導(dǎo)路徑

base=/root/project

配置守護(hù)進(jìn)程

master=true

配置進(jìn)程數(shù)

processes=4

虛擬環(huán)境路徑

pythonhome=%(base)/venv

項(xiàng)目路徑

chdir=%(base)/code/blog

指定python解釋器

pythonpath=%(pythonhome)/bin/python

指定wsgi文件對(duì)應(yīng)的模塊

module=blog.wsgi

通信的地址和端口(自己服務(wù)器的IP地址和端口)

socket=[圖片上傳失敗...(image-ab35dd-1579252119949)]

172.18.61.250:80

日志文件地址

logto=%(base)/logs/uwsgi.log

  1. 啟動(dòng)uWSGI
    uwsgi --ini conf/uwsgi.ini &

  2. 動(dòng)靜分離部署
    yum install -y nginx
    vim /etc/nginx/nginx.conf

全局Nginx配置文件 - /etc/nginx/nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/.conf;
events {
worker_connections 1024;
}
http {
log_format main 'remote_addr -remote_user [time_local] "request" '
'statusbody_bytes_sent "http_referer" ' '"http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/.conf;

include /root/project/conf/nginx.conf;

}

局部配置 - conf/nginx.conf
server {
listen 80;
server_name _;

root /root/project/stat/html;

location /api/ {
    include uwsgi_params;
    uwsgi_pass [圖片上傳失敗...(image-a33e0d-1579252119948)]

172.18.61.250:8000;
}

location /upload/ {
    include uwsgi_params;
    uwsgi_pass [圖片上傳失敗...(image-daf6ac-1579252119948)]

172.18.61.250:8000;
}

location /media/ {
    alias /root/project/code/blog/media/;
    expires 30d;
}

location /static/ {
    alias /root/project/stat/;
    expires 30d;
}

}

修改配置文件 - code/blog/blog/[圖片上傳失敗...(image-9143b1-1579252119948)]

settings.py
STATIC_ROOT = '/root/project/stat/'

收集靜態(tài)資源 - code/blog
python [圖片上傳失敗...(image-68283-1579252119948)]

manage.py collectstatic

啟動(dòng)Nginx
systemctl start nginx

  1. 部署HTTPS
    server {
    listen 443 ssl;
    server_name _;

    ssl_certificate /root/project/cert/jackfrued.top.pem;
    ssl_certificate_key /root/project/cert/jackfrued.top.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    root /root/project/stat/html;

    location /api/ {
    include uwsgi_params;
    uwsgi_pass [圖片上傳失敗...(image-5eea52-1579252119947)]

172.18.61.250:8000;
}

location /upload/ {
    include uwsgi_params;
    uwsgi_pass [圖片上傳失敗...(image-978528-1579252119947)]

172.18.61.250:8000;
}

location /media/ {
    alias /root/project/code/blog/media/;
    expires 30d;
}

location /static/ {
    alias /root/project/stat/;
    expires 30d;
}

}

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容