1. 实验项目
$ django-admin startproject myweb $ cd myweb/ $ python manage.py startapp poll 1. 配置使用MySQL vim myweb/settings.py DATEBASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'OPTIONS': { 'read_default_file': os.path.join(BASE_DIR, 'cfg/my.cnf'), 'init_command': 'SET SESSION transaction_isolation="READ-COMMITTED"', }, } } 2. 配置使用日志 vim myweb/settings.py LOGGING = { 'version': 1, 'formatters': { 'standard': { 'format': '%(asctime)s [%(name)s:%(lineno)d] [%(module)s:%(funcName)s] [%(levelname)s]-%(message)s' }, }, 'handlers': { 'null': { 'level': 'DEBUG', 'class': 'logging.NullHandler' }, 'console': { 'level': 'INFO', 'class': 'logging.StreamHandler', 'formatter': 'standard', }, 'db_console': { 'level': 'DEBUG', 'class': 'logging.StreamHandler', 'formatter': 'standard', }, 'debug': { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': os.path.join(BASE_DIR, 'logs', 'debug.log'), 'maxBytes': 1024 * 1024 * 5, 'backupCount': 5 'formatter': 'standard', }, }, 'loggers': { 'django': { 'handlers': ['console', 'debug'], 'level': 'INFO', 'propagate': True }, 'django.request': { 'handlers': ['debug'], 'level': 'INFO', 'propagate': True }, 'django.db.backends': { 'handlers': ['db_console'], 'level': 'DEBUG', 'propagate': True }, 'info': { 'handlers': ['console'], 'level': 'INFO', 'propagate': True }, } } 3. 导入poll app vim myweb/settings.py INSTALLED_APPS = [ .... 'poll.apps.PollConfig', ] ALLOWED_HOSTS = ['*'] 4. 引入poll urls vim myweb/urls.py from django.conf.urls import url, include urlpatterns = [ .... url(r'^poll/', include('poll.urls')), ] 5. 配置 poll/urls.py vim poll/urls.py from django.conf.urls import url from . import views urlpatterns = [ url(r'^$', views.index, name='index') ] 6. 设置 poll/models.py vim poll/models.py from django.db import models class Student(models.Model): name = models.CharField(max_length=30) sex = models.BooleanField(default=False) class Meta: db_table = 'student' 7. 设置 poll/views.py vim poll/views.py from django.http import HttpResponse from .models import Student def index(request): s = Student(name='tim', sex=True) s.ave() return HttpResponse('Hello World') 8. 设置 cfg/my.cnf vim cfg/my.cnf [client] database=db_t1 host=localhost user=tim password=123456 default-character-set=utf8 9. 准备目录 mkdir logs/ 10. 迁移数据 python manage.py makemigrations python manage.py migrate
2. 配置 firewall
firewall-cmd --permanent --zone=public --add-port=8080/tcp firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --reload
3. 部署 django
mkdir /web/ cp -rf myweb /web/. vim /etc/httpd/conf.d/myweb.conf LoadModule wsgi_module modules/mod_wsgi.so <VirtualHost *:80> # user/group 指定 tim 用户运行wsgi WSGIDaemonProcess 'myweb' python-path=/web/myweb user=tim group=tim processes=2 threads=3 display-name=${GROUP} WSGIProcessGroup 'myweb' WSGIScriptAlias / /web/myweb/myweb/wsgi.py Alias /static/ /web/myweb/static/ <Directory /web/myweb/static/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <Directory /web/myweb/myweb/> Require all granted </Directory> ErrorLog /var/log/httpd/myweb.log LogLevel info </VirtualHost> chown -R tim:tim /web/myweb # 没有以下配置,开启的 SELinux 将阻止访问 httpd chcon -R -t httpd_sys_content_t /web/myweb/ chcon -R -t httpd_log_t /web/myweb/logs
setsebool -P httpd_can_network_connect_db on # 如果需要连接到远程数据库,需要开启该值
setsebool -P httpd_can_network_connect on # 如果需要连接到LDAP进行认证,需要开启该值
更多bool 值(httpd_can_network_connect_db 属于bool值),可通过semanage boolean -l | grep 'httpd_' 进行查看 (policycoreutils-python 包内)
更多type 值(httpd_sys_content_t 属于type值),可通过 seinfo -t | grep 'httpd_' 进行查看 (setools-console 包内)
systemctl enable httpd.service
systemctl start httpd.service
ps -ef | grep 'FOREGROUND'
tim ...... (wsgi:myweb) -DFOREGROUND # 两个进程,每个进程内3个线程,运行用户为 tim
tim ...... (wsgi:myweb) -DFOREGROUND
apache ... /usr/sbin/httpd -DFOREGROUND ...
一些参考资料:
https://hub.packtpub.com/selinux-highly-secured-web-hosting-python-based-web-applications/