blog安装到新服务器配置步骤

一、git所有文件

二、安装python的虚拟化环境

apt install -y python3-full python3-venv

创建虚拟化环境

python3 -m venv venv

激活

source /home/blog/venv/bin/activate

三、安装数据库

apt install -y mariadb-server

四、配置数据库

CREATE DATABASE ass DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

CREATE USER 'ass'@'localhost' IDENTIFIED BY 'xxx';

GRANT ALL PRIVILEGES ON ass.* TO 'ass'@'localhost';

FLUSH PRIVILEGES;
EXIT;

导入数据

mysql -u ass -p ass < xx.sql

没有任何提示就是成功。

五 配置生产运行环境

1. pip install -r requirements.txt

3.目录下建立 logs 文件夹

六 生成安全码

python -c "import secrets; print(secrets.token_hex(32))"

Environment="SECRET_KEY=安全码"

七 编辑自启动脚本

nano /etc/systemd/system/blog.service

[Service]
Type=notify
User=root
Group=root
WorkingDirectory=/home/blog
Environment="PATH=/home/blog/venv/bin:/usr/local/bin:/usr/bin:/bin"
Environment="FLASK_ENV=production"
Environment="SECRET_KEY=安全码"
ExecStart=/home/blog/venv/bin/gunicorn -c /home/blog/gunicorn_config.py wsgi:application --name blog
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
Restart=always
RestartSec=10

九 反代理站点便于访问

创建目录并赋权

mkdir -p /var/www/certbot
chown -R www-data:www-data /var/www/certbot

申请ssl

certbot certonly \
 --webroot \
 -w /var/www/certbot \
 -d rongyi.site

配置 nginx

rongyi.site.conf

server
 {
    listen 80;
    #listen [::]:80;
    server_name rongyi.site ;
     
# ============ HTTP 80 ============
server
{
  listen 80;
  server_name rongyi.site;

  # certbot 验证
  location /.well-known/acme-challenge/ {
    root /var/www/certbot;
  }

  # 所有 http 跳转 https
  location / {
    return 301 https://$host$request_uri;
  }
}

# ============ HTTPS 443 ============
server
{
  listen 443 ssl http2;
  server_name rongyi.site;

  ssl_certificate   /etc/letsencrypt/live/rongyi.site/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/rongyi.site/privkey.pem;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers off;

  

  # 安全增强
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  location / {
    proxy_pass http://127.0.0.1:8000;

    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;

    proxy_buffering off;
    proxy_read_timeout 300;
  }
}

验证重启

/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload