流水账式记录一下我部署 Python 环境的过程

安装 Python 虚拟环境 pyenv

1. 通过 yum 安装相应依赖

yum update
yum install @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils git -y

2. pyenv 官方文档方法安装 pyenv，并安装 python 3.6.5

curl https://pyenv.run | bash
pyenv install -l # Choose you python version
pyenv install 3.6.5

安装 Caddy

1. 安装与开启防火墙相应端口

yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

2. 配置 Caddyfile

/etc/caddy/caddyfile:

[you_domain]
root * /usr/share/caddy/[git_name]/[django_project_name]/
file_server

# except django static files
@notStatic {
    not path /static/*
}

reverse_proxy @notStatic unix//run/gunicorn.sock

安装 MariaDb

1. yum 安装

yum install mariadb-server mariadb-devel

2. 配置安全选项与 root 密码

mysql_secure_installation

3. 导入数据库，先登陆创建数据表后导入

mysql -u root -p
CREATE DATABASE [database_name] CHARACTER SET UTF8;
mysql -u root -p [database_name] < /path/to/you/sql/file.sql

克隆网站源码并设定虚拟环境

git clone --recurse-submodules -j8 git@github.com:[username]/[git_name].git
mv [git_name] /usr/share/caddy
cd /usr/share/caddy/[git_name]
pyenv lcoal bgp

Python 依赖安装与配置

1. 安装依赖

cd /usr/share/caddy/[git_name]
pip install -r requirements.txt

2. 配置 gunicorn 用 systemd 运行

/etc/systemd/system/gunicorn.service:

Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target

[Service]
Type=notify
# the specific user that our service will run as
User=root
Group=caddy
# another option for an even more restricted service is
# DynamicUser=yes
# see http://0pointer.net/blog/dynamic-users-with-systemd.html
RuntimeDirectory=gunicorn
WorkingDirectory=/usr/share/caddy/[git_name]
ExecStart=/root/.pyenv/shims/gunicorn [applicationname].wsgi
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

/etc/systemd/system/gunicorn.socket:

[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/gunicorn.sock
# Our service won't need permissions for the socket, since it
# inherits the file descriptor by socket activation
# only the nginx daemon will need access to the socket
SocketUser=caddy
# Optionally restrict the socket permissions even more.
# SocketMode=600

[Install]
WantedBy=sockets.target

最后配置

1. 生成 Django 静态文件

python manage.py collectstatic

2. 设置开机启动

systemctl daemon-reload
systemctl enable gunicorn.service
systemctl enable gunicorn.socket
systemctl enable mariadb
systemctl enable caddy.service

3. 启动所有程序

systemctl start mariadb
systemctl start caddy.service
systemctl start gunicorn.service
systemctl start gunicorn.socket

参考引用

• Caddy django static setup
• Gunicorn systemd setup
• FirewallD Setup