 |
Welcome to A!Die Software Studio |
CentOS + Apache + mod_python + Django + MySQL 的 Web 主机配置
by adie
2011-11-21 16:41:25
2011-11-21 16:41:25
1. 网卡配置
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=BC:AE:C5:29:83:1F (MAC地址)
BROADCAST=192.168.1.255(广播地址)
IPADDR=192.168.1.237 (IP地址)
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=192.168.1.1 (网关)
TYPE=Ethernet
2. 配置 DNS
sudo vi /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 8.8.8.8 (Google 的 DNS 服务器)
search localdomain
3. 设置默认路由
sudo route add -net default gw <网关IP> <网卡 eth0|eh1>
3. 安装 SVN
sudo yum install subversion.x86_64
4. 更新基本组件
sudo yum update openssl
sudo yum update httpd
sudo yum install mod_ssl mod_python
sudo yum update mysql-server
sudo yum install mysql-devel
sudo yum install curl curl-devel python-pycurl
sudo yum install mysql-client
5. 修改 Mysql 的默认编码为 UTF-8
sudo vi /etc/my.cnf
如果没有 /etc/my.cnf 文件, 则拷贝一份 /usr/share/mysql/my-medium.cnf
[client]
default-character-set = utf8
[mysql]
default-character-set=utf8
[mysqld]
character_set_server = utf8
character_set_client = utf8
启动服务器
sudo /sbin/service mysqld start
如果出现
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL: [FAILED]
错误,可以先执行下:
sudo /usr/bin/mysql_install_db
然后重新启动服务器.
确认修改成功,进入 mysql 命令行:
show variables like 'character_set%';
6. 修改 MySQL root 密码
方法1: 用SET PASSWORD命令
mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpass');
方法2:用mysqladmin
mysqladmin -u root password "newpass"
如果root已经设置过密码,采用如下方法
mysqladmin -u root password oldpass "newpass"
方法3: 用UPDATE直接编辑user表
mysql -u root
mysql> use mysql;
mysql> UPDATE user SET Password = PASSWORD('newpass') WHERE user = 'root';
mysql> FLUSH PRIVILEGES;
在丢失root密码的时候,可以这样
mysqld_safe --skip-grant-tables&
mysql -u root mysql
mysql> UPDATE user SET password=PASSWORD("new password") WHERE user='root';
mysql> FLUSH PRIVILEGES;
退出 mysqld_safe:
$ jobs
$ fg 1
Ctrl + Z
7. 建立 Django 程序所需要的数据库和用户
mysql> create database xxx;
mysql> GRANT ALL PRIVILEGES ON xxx.* to 'username'@'localhost' IDENTIFIED BY 'password';
8. 安装 Django
CentOS 源自带的 MySQLdb-python 为 1.2.1 版本, Django 1.2.4 要求 1.2.1p2 后的版本,如果是 32 为机器:
wget http://linux4u.jinr.ru/LinuxArchive/Ftp/CERN/EGEE/gLite/egee-SA1/i386/MySQL-python-1.2.1_p2-1.el5.i386.rpm
sudo rpm -ivh MySQL-python-1.2.1_p2-1.el5.i386.rpm
如果是 64 位(查看机器位数可用命令 uname -a):
wget http://quattorsrv.lal.in2p3.fr/packages/egee-SA1/release/sl5/x86_64/MySQL-python-1.2.1_p2-1.el5.x86_64.rpm
sudo yum erase MySQL-python.x86_64
sudo yum install mx
sudo yum install MySQL-shared-compat
sudo rpm -ivh MySQL-python-1.2.1_p2-1.el5.x86_64.rpm
使用 yum list MySQL-python 确认 1.2.1_p2-1.el5 已经安装
wget http://pypi.python.org/packages/source/s/simplejson/simplejson-2.1.3.tar.gz#md5=58d9b1d8fa17ea4ce205cea088607e02
tar -zxvf simplejson-2.1.3.tar.gz
cd simplejson-2.1.3
sudo python setup.py install
wget http://www.djangoproject.com/download/1.2.4/tarball/
tar -zxvf Django-1.2.4.tar.gz
cd Django-1.2.4
sudo python setup.py install
确认 django 安装:
python
>>> import django
>>> django.get_version()
9. HTTPS 配置
确认 mod_ssl 已经安装,
cd /etc/httpd/conf
rm -rf ssl.*/server.* 删除默认或残留的服务器证书相关文件
openssl genrsa -out www.adintr.com.key 1024 建立服务器密钥
openssl req -new -key www.adintr.com.key -out www.yang.com.csr 建立服务器公钥
openssl x509 -req -days 365 -in www.adintr.com.csr -signkey www.yang.com.key -out www.yang.com.crt 建立服务器证书
10. 配置防火墙
CentOS安装好,默认只打开了22端口,如果页面无法显示,有可能是防火墙配置问题.
查看防火墙的端口:
$ sudo iptables -L -n
打开端口:
$ sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
$ sudo /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT
保存更改:
/etc/rc.d/init.d/iptables save
或者修改 iptables 的配置文件来打开端口:
在 /etc/sysconfig/iptables 添加
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
11. check out 网站代码, 建立数据库
$ cd srv
$ sudo mkdir xxx
$ sudo chown user.user xxx
$ cd xxx
$ svn checkout https://www.xxx.com/xxx ./
$ cd src
$ sudo vi /usr/lib/python2.4/site-packages/mywork.pth
增加一行: /srv/xxx/src
$ cd projectname
$ python manage.py syncdb
如果启用了 SELinux, 还需要:
$ sudo chcon -R -thttpd_sys_content_t /srv/xxx/
12. 配置 Apache 服务器
$ sudo vi /etc/httpd/conf/httpd.conf
修改 ServerAdmin
修改 DocumentRoot
修改 <Directory "/var/www/html"> 的 "/var/www/html" 为和 DocumentRoot 对应的目录
取消 NameVirtualHost *:80 前的 # 注释
$ sudo vi /etc/httpd/conf.d/vh.conf
<Location />
SetHandler python-program
PythonHandler django.core.handlers.modpython
PythonInterpreter xxx
SetEnv DJANGO_SETTINGS_MODULE xxx.settings
PythonDebug On
</Location>
<Location /media>
SetHandler None
</Location>
<Location /Favicon.ico>
SetHandler None
</Location>
<VirtualHost *:80>
ServerAdmin webmaster@yyy.com
ServerName *
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.yyy\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.yyy.com/$1 [QSA,L,R]
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@yyy.com
DocumentRoot /yyy/media
ServerName yyy.com
ServerAlias yyy.net
ErrorLog logs/yyy.error_log
CustomLog logs/yyy.access_log common
RewriteEngine On
RewriteCond %{HTTP_HOST} !^yyy\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://yyy.com/$1 [QSA,L,R]
<Location />
SetHandler python-program
PythonHandler django.core.handlers.modpython
PythonInterpreter yyy
SetEnv DJANGO_SETTINGS_MODULE yyy.settings
PythonDebug Off
</Location>
<Location /media>
SetHandler None
</Location>
<Location /Favicon.ico>
SetHandler None
</Location>
</VirtualHost>
<Directory "/yyy/media">
Order allow,deny
Allow from all
</Directory>
13. 限制 /admin/ 只能用 https 访问
$ vi /etc/httpd/conf.d/ssl.conf
在全局空间中添加:
<Location "/admin/">
Deny from ALL
</Location>
在 <VirtualHost _default_:443> 和 </VirtualHost> 之间添加:
<Location "/admin/">
Allow from ALL
</Location>
到此基本结束.
