Install and Configure Nginx+Django+uWSGI on Ubuntu 10.04 LTS
Getting Nginx+Django+uWSGI to work together via repositories is fairly easy. The same goes for getting this setup working from source.. You just have to have good instructions. Here’s a very simple and quick install guide.
Install packages required to build and install from source. Also, Nginx is installed to take care of some of the prerequisites and to install configuration files.
|
1 |
apt-get install build-essential supervisor python python-dev python-setuptools python-pip nginx libxml2-dev libpcre3 libpcre3-dev unzip |
Remove and purge Nginx installation. Configuration and startup files are left behind.
|
1 2 |
apt-get remove nginx apt-get purge nginx |
Install Django
|
1 |
pip install django |
If using memcached, Install the memcached client
|
1 |
easy_install python-memcached |
Create the install structure and download/extract the required files
|
1 2 3 4 5 6 |
mkdir /root/installs cd /root/installs wget http://projects.unbit.it/downloads/uwsgi-0.9.9.2.tar.gz wget http://nginx.org/download/nginx-1.0.10.tar.gz tar zxvf nginx-1.0.10.tar.gz tar zxvf uwsgi-0.9.9.2.tar.gz |
Build and Install uWSGI
|
1 2 3 |
cd uwsgi-0.9.9.2 make cp uwsgi /usr/sbin/ |
Some preperations to before building Nginx
|
1 2 3 |
mkdir /var/log/nginx touch /var/log/nginx/error.log touch /var/log/nginx/access.log |
Build and Install Nginx
|
1 2 3 4 5 6 |
cd ../nginx-1.0.10 ./configure --conf-path=/etc/nginx/nginx.conf \ --sbin-path=/usr/sbin \ --error-log-path=/var/log/nginx/error.log make make install |
Create structure and build your DEMO Django project
|
1 2 3 4 5 6 7 8 9 10 11 12 |
mkdir -p /var/www/mobile cd /var/www/mobile django-admin.py startproject MobileTicketSales cd MobileTicketSales vi wsgi_app.py #! /usr/bin/env python import sys import os import django.core.handlers.wsgi sys.path.append('/var/www/mobile/') os.environ['DJANGO_SETTINGS_MODULE'] = 'MobileTicketSales.settings' application = django.core.handlers.wsgi.WSGIHandler() |
Configure init daemon to control your uWSGI application
|
1 2 3 4 5 6 7 8 9 10 11 |
vi /etc/init/mobile.conf description "uWSGI server for Project Foo" start on runlevel [2345] stop on runlevel [!2345] respawn exec /usr/sbin/uwsgi --socket /var/run/mobile.sock --chmod-socket --module wsgi_app --pythonpath /var/www/mobile/MobileTicketSales -p 1 |
Start your uWSGI
|
1 2 |
initctl reload-configuration service mobile start |
Configure Nginx to start your Site
|
1 2 3 4 5 6 7 8 9 |
cd /etc/nginx cp nginx.conf nginx.conf.orig vi nginx.conf # include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; For additional security add the following to your nginx.conf cd /etc/nginx cp nginx.conf nginx.conf.orig vi nginx.conf |
# You may also add the below section to secure Nginx a bit
# NOTE: Nginx default keepalive_timeout might currently be set. Comment out the default and use the below setting.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
######################################################## # Security Directives # ######################################################## #Start: Size Limits & Buffer Overflows client_body_buffer_size 1K; client_header_buffer_size 1k; client_max_body_size 1k; large_client_header_buffers 2 1k; #Start: Timeouts client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; #Store session states in zone slimits - 32,000 sessions with 32 bytes/session/1m limit_zone slimits $binary_remote_addr 5m; # Restricts connections from a single ip address limit_conn slimits 4; } |
Create some configuration directories. This is where you drop Site files
# Make sure the following directories exist. If not, create them
|
1 2 |
mkdir sites-available mkdir sites-enabled |
Remove the default Site if you like. If you plan to leave this site alone, you must configure your uWSGI applicaiton to run on a alternative port
|
1 |
rm sites-enabled/default |
Create your Site (VirtualHost)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
vi sites-available/mobile.conf ######################################################## # Server Directives # ######################################################## server { listen 80; server_name m.example.com; ######################################################## # Location Directives # ######################################################## location / { uwsgi_pass unix://var/run/mobile.sock; include uwsgi_params; } location /static/ { alias /var/www/mobile/MobileTicketSales/static/; } location /s/ { alias /var/www/mobile/MobileTicketSales/static/; } location /media/ { alias /var/www/mobile/MobileTicketSales/media/; } } For additional security add the following to your site configuration file. This should be added above the "Location" Directive ######################################################## # Security Directives # ######################################################## # Only requests to m.example.com are allowed # if ($host !~ ^(example.com|m.example.com)$ ) { return 444; } #Only allow these request methods if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } #Block download agents if ($http_user_agent ~* LWP::Simple|BBBike|wget|Baiduspider|Jullo) { return 403; } #Block some robots if ($http_user_agent ~* msnbot|scrapbot) { return 403; } #Deny certain Referers if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) ) { return 403; } |
Enable your new Site
|
1 2 |
cd sites-enabled ln -s ../sites-available/mobile.conf . |
Modify Nginx init with the new installation PATH
|
1 2 3 |
vi /etc/init.d/nginx # Add the following to PATH :/usr/local/nginx |
Update Site permissions
|
1 |
chown -R www-data:www-data /var/www/mobile |
Start/restart your Nginx Service
|
1 |
service nginx restart |