0. RHEL 설치 후 Server Registration 메시지가 나온다면 아래 참조
https://blog.daonelab.com/post/33/1911/
1. 설치
dnf upgrade
# 아래 모듈 미리 설치한다. 설치하지 않으면 python 설치시 오류발생
dnf install zlib
dnf install zlib-devel
dnf install openssl
dnf install openssl-devel
# 아래 모듈 미리 설치한다. 설치하지 않으면 whacthdog 설치시 ModuleNotFoundError: No module named '_ctypes'오류발생
dnf install libffi
dnf install libffi-devel
# hostname변경
vi /etc/hostname
RHEL8.daonelab.com
# Python3.10설치
wget https://www.python.org/ftp/python/3.10.6/Python-3.10.6.tgz
tar xvf Python-3.10.6.tgz
cd Python-3.10.6/
./configure --enable-optimizations
make
make install
ln -s /usr/local/bin/python3 /usr/bin/python
ln -s /usr/local/bin/pip3 /usr/bin/pip
# 정상설치확인. 오류 없다면 정상설치 된것이다.
python
import ssl
# App 셋팅
cd /home
mkdir webapp
cd webapp
mkdir blog.daonelab.com
python -m venv BlogVenv
source BlogVenv/bin/activate
pip install Django
pip install channels
pip install channels-redis
pip install psycopg2-binary
pip install uwsgi
pip install Pillow
pip install pytz
pip install django-tagging
pip install django-disqus
pip install django-mptt
pip install django-allauth
pip install django-apscheduler
pip install django-debug-toolbar
pip install watchdog
deactivate
# PostgreSQL 14설치
dnf update
# Install the repository RPM
dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# Disable the built-in PostgreSQL module:
dnf -qy module disable postgresql
# Install PostgreSQL
dnf install -y postgresql14-server
# initialize the database and enable automatic start
/usr/pgsql-14/bin/postgresql-14-setup initdb
systemctl list-unit-files --type=service | grep postgre
systemctl enable postgresql-14
systemctl start postgresql-14
systemctl status postgresql-14
# 저장소 추가 및 확인
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf repolist
# redis-server7 설치 (repository에 remi-safe가 있어야 된다.)
dnf module list redis
---------------------------------
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
redis remi-5.0 common [d] Redis persistent key-value database
redis remi-6.0 common [d] Redis persistent key-value database
redis remi-6.2 common [d] Redis persistent key-value database
redis remi-7.0 common [d] Redis persistent key-value database
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Name Stream Profiles Summary
redis 5 [d][e] common [d] [i] Redis persistent key-value database # 5버전이 활성화 되어있다.
redis 6 common [d] Redis persistent key-value database
dnf module reset redis
dnf module enable -y redis:remi-7.0
--------------------------------------------
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
redis remi-5.0 common [d] Redis persistent key-value database
redis remi-6.0 common [d] Redis persistent key-value database
redis remi-6.2 common [d] Redis persistent key-value database
redis remi-7.0 [e] common [d] Redis persistent key-value database # 7버전으로 활성화 변경
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Name Stream Profiles Summary
redis 5 [d] common [d] Redis persistent key-value database
redis 6 common [d] Redis persistent key-value database
# 설치
dnf install redis
systemctl enable redis
systemctl start redis
systemctl status redis
# Nginx 1.20 설치
dnf module list nginx
dnf module reset nginx
dnf module list nginx
dnf module enable -y nginx:1.20
dnf module list nginx
dnf install -y nginx
systemctl enable nginx
systemctl start nginx
systemctl status nginx
yum 과 dnf 차이 : https://thirdnsov.github.io/linux/2020/11/19/yum_vs_dnf.html
2. 방화벽오픈
systemctl status firewalld
firewall-cmd --permanent --zone=public --list-service
firewall-cmd --permanent --zone=public --add-service=ssh # default로 되어 있더라
firewall-cmd --permanent --zone=public --add-service=postgresql
firewall-cmd --permanent --zone=public --add-service=redis
firewall-cmd --permanent --zone=public --list-port
firewall-cmd --permanent --add-port={80/tcp,8000/tcp,443/tcp}
3. DB 복사
# full 백업파일에서 계정의 암호관련 부분 주석처리
vi backup.sql
: set enc=utf-8
# 생성할 DB를 미리 만들필요는 없다.
su - postgres
psql -U postgres -f backup.sql
4. SELinux Disable처리 사용하면 좋으나... 난 document을 봐도 모르겠다.
vi /etc/selinux/config
SELINUX=disabled
reboot
5. APP Source webroot로 복사
6. channel_layer 설정 테스트
(BlogVenv) [root@RHEL8 blog.daonelab.com]# python manage.py shell --settings=Blog.settings.settings_prd
/home/webapp/blog.daonelab.com/BlogVenv/lib/python3.10/site-packages/apscheduler/util.py:436: PytzUsageWarning: The localize method is no longer necessary, as this time zone supports the fold attribute (PEP 495). For more details on migrating to a PEP 495-compliant implementation, see https://pytz-deprecation-shim.readthedocs.io/en/latest/migration.html
return tzinfo.localize(dt)
Python 3.10.6 (main, Sep 3 2022, 13:44:32) [GCC 8.5.0 20210514 (Red Hat 8.5.0-10)] on linux
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> import channels.layers
>>> from asgiref.sync import async_to_sync
>>> channel_layer = channels.layers.get_channel_layer()
>>> async_to_sync(channel_layer.send)('test_channel', {'type': 'hello'})
>>> async_to_sync(channel_layer.receive)('test_channel')
{'type': 'hello'}
7. uWSGI Service Start
uWSGI Service 작성
vi /usr/lib/systemd/system/blog.daonelab.com.uwsgi.service[Unit]
Description=blog.daonelab.com`s uWSGI Service
After=postgresql-14.service
[Service]
ExecStart=/home/webapp/blog.daonelab.com/BlogVenv/bin/uwsgi --ini /home/webapp/blog.daonelab.com/.security/uwsgi.ini
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.targetuWSGI 실제가동을 위한 환경설정파일 작성
vi /home/webapp/blog.daonelab.com/.security/uwsgi.ini[uwsgi]
# Start
# /home/webapp/blog.daonelab.com/BlogVenv/bin/uwsgi --ini /home/webapp/blog.daonelab.com/.security/uwsgi.ini
# Stop
# /home/webapp/blog.daonelab.com/BlogVenv/bin/uwsgi --stop /var/run/uwsgi_blog.daonelab.com.pid
# the virtualenv
home = /home/webapp/blog.daonelab.com/BlogVenv
# base directory
chdir = /home/webapp/blog.daonelab.com
# wsgi.py path
module = Blog.wsgi.wsgi_prd
# process-related settings
uid = root
gid = root
master = true
processes = 5
enable-threads = true
pidfile = /run/blog.daonelab.com.uwsgi.pid
socket = /run/blog.daonelab.com.uwsgi.sock
chmod-socket = 666
chown-socket = root:root
# when stopped uwsgi, auto clean
vacuum = true
# https://uwsgi-docs.readthedocs.io/en/latest/Logging.html#logging-to-files
# 20MB
logger=file:logfile=/home/webapp/blog.daonelab.com/logs/uwsgi.log,maxsize=20971520
log-reopen = true
# By default it is 4k. If you receive a bigger request (for example with big cookies or query string) you may need to increase
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#buffer-size
buffer-size = 65535 # 16kService 등록 및 가동
ln -s /usr/lib/systemd/system/blog.daonelab.com.uwsgi.service /etc/systemd/system/multi-user.target.wants/blog.daonelab.com.uwsgi.servicesystemctl daemon-reload
systemctl enable blog.daonelab.com.uwsgi.service
systemctl start blog.daonelab.com.uwsgi.service자세한 uwsig service 설정 : https://blog.daonelab.com/post/35/1639/
8. Certbot 설치
dnf update -y
dnf install certbot python3-certbot-nginx mod_ssl
certbot certonly --manual -d blog.daonelab.com
인증서 생성 참조 : https://blog.daonelab.com/post/35/1793/
9. 일단 Daphne 작동하는지만 확인!
daphne -b 0.0.0.0 -p 8000 Blog.asgi.asgi_prd:application
10. Daphne Service Start
Daphne Service 작성
vi /usr/lib/systemd/system/blog.daonelab.com.daphne.service[Unit]
Description=blog.daonelab.com`s Daphne Service
After=postgresql-14.service
[Service]
User=root
Group=root
WorkingDirectory=/home/webapp/blog.daonelab.com/
ExecStart=/home/webapp/blog.daonelab.com/BlogVenv/bin/daphne -u /run/blog.daonelab.com.daphne.sock --access-log /home/webapp/blog.daonelab.com/logs/daphne.log Blog.asgi.asgi_prd:application
Restart=always
KillSignal=SIGQUIT
#Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.target
Service 등록 및 가동
ln -s /usr/lib/systemd/system/blog.daonelab.com.daphne.service /etc/systemd/system/multi-user.target.wants/blog.daonelab.com.daphne.servicesystemctl daemon-reload
systemctl enable blog.daonelab.com.daphne.service
systemctl start blog.daonelab.com.daphne.service
11. Nginx Service Start
nginx실제가동을 위한 환경설정파일 작성
vi /home/webapp/blog.daonelab.com/.security/nginx_default.conf# https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html?highlight=charset#configure-nginx-for-your-site
# https://docs.nginx.com/nginx/admin-guide/web-server/app-gateway-uwsgi-django/
upstream http_uwsgi {
server unix:/run/blog.daonelab.com.uwsgi.sock;
keepalive 16;
}
upstream ws_daphne {
server unix:/run/blog.daonelab.com.daphne.sock;
keepalive 16;
}
server {
listen 8000;
server_name 127.0.0.1;
location / {
# return 301을 이용해 http -> https로 redirect
# $host <- server_name
# $request_uri <- host 하위uri
return 301 https://$host$request_uri;
# 301로 redirect는 브라우저에 영구적으로 캐싱되기때문에 잘못된 설정은 되돌릴 수 없으므로, 캐싱방지 헤더를 추가한다.
expires epoch;
}
}
server {
listen 443 ssl;
server_name 127.0.0.1;
charset utf-8;
root /home/webapp/blog.daonelab.com;
ssl_certificate /etc/letsencrypt/live/blog.daonelab.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.daonelab.com/privkey.pem;
# max upload size
client_max_body_size 100M;
#access_log /var/log/nginx/blog.daonelab.com_access.log;
#error_log /var/log/nginx/blog.daonelab.com_error.log;
location = favicon.ico {access_log off; log_not_found off;}
location / {
uwsgi_pass http_uwsgi;
include /etc/nginx/uwsgi_params;
}
location /static {
alias /home/webapp/blog.daonelab.com_static;
access_log off;
expires 1M;
add_header Cache-Control "public";
}
location /ws {
proxy_pass http://ws_daphne;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
send_timeout 60; # client로 응답을 전송하는데 설정된 timeout 시간(초)이다.
proxy_connect_timeout 60; # proxied server 와 연결을 맺는데(establishing) 설정한 timeout 시간(초)이다.
proxy_read_timeout 60; # 지정한 시간(초)안에 proxied server가 아무것도 전송하지 않으면 connection은 닫힌다.
proxy_send_timeout 60; # 지정한 시간(초)안에 proxied server가 아무것도 받지 못하면 connection은 닫힌다.
}
}ln -s /home/webapp/blog.daonelab.com/.security/nginx_default.conf /etc/nginx/conf.d/default.confsystemctl daemon-reload
systemctl enable nginx
systemctl start nginx자세한 nginx service 설정 : https://blog.daonelab.com/post/35/1640/