reg88.com

fine...I'll blog too

Install and Configure Nginx+Django+uWSGI on Ubuntu 10.04 LTS

Getting Nginx+Django+uWSGI to work together via repositories is fairly easy.  The same goes for getting this setup working from source.. You just have to have good instructions. Here’s a very simple and quick install guide.

Install packages required to build and install from source. Also, Nginx is installed to take care of some of the prerequisites and to install configuration files.

1
apt-get install build-essential supervisor python python-dev python-setuptools python-pip nginx libxml2-dev libpcre3 libpcre3-dev unzip

Remove and purge Nginx installation. Configuration and startup files are left behind.

1
2
apt-get remove nginx
apt-get purge nginx

Install Django

1
pip install django

If using memcached, Install the memcached client

1
easy_install python-memcached

Create the install structure and download/extract the required files

1
2
3
4
5
6
mkdir /root/installs
cd /root/installs
wget http://projects.unbit.it/downloads/uwsgi-0.9.9.2.tar.gz  
wget http://nginx.org/download/nginx-1.0.10.tar.gz  
tar zxvf nginx-1.0.10.tar.gz
tar zxvf uwsgi-0.9.9.2.tar.gz

Build and Install uWSGI

1
2
3
cd uwsgi-0.9.9.2
make
cp uwsgi /usr/sbin/

Some preperations to before building Nginx

1
2
3
mkdir /var/log/nginx
touch /var/log/nginx/error.log
touch /var/log/nginx/access.log

Build and Install Nginx

1
2
3
4
5
6
cd ../nginx-1.0.10
./configure –conf-path=/etc/nginx/nginx.conf \
–sbin-path=/usr/sbin \
–error-log-path=/var/log/nginx/error.log
make
make install

Create structure and build your DEMO Django project

1
2
3
4
5
6
7
8
9
10
11
12
mkdir -p /var/www/mobile
cd /var/www/mobile
django-admin.py startproject MobileTicketSales
cd MobileTicketSales
vi wsgi_app.py
#! /usr/bin/env python  
import sys
import os
import django.core.handlers.wsgi
sys.path.append(‘/var/www/mobile/’)
os.environ['DJANGO\_SETTINGS\_MODULE'] = ‘MobileTicketSales.settings’
application = django.core.handlers.wsgi.WSGIHandler()

Configure init daemon to control your uWSGI application

1
2
3
4
5
6
7
8
9
10
11
vi /etc/init/mobile.conf
description “uWSGI server for Project Foo”
start on runlevel [2345]
stop on runlevel [!2345]
respawn
exec /usr/sbin/uwsgi
–socket /var/run/mobile.sock
–chmod-socket
–module wsgi_app
–pythonpath /var/www/mobile/MobileTicketSales
-p 1

Start your uWSGI

1
2
initctl reload-configuration
service mobile start

Configure Nginx to start your Site

1
2
3
4
5
6
7
8
9
cd /etc/nginx
cp nginx.conf nginx.conf.orig
vi nginx.conf
\# include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
For additional security add the following to your nginx.conf
cd /etc/nginx
cp nginx.conf nginx.conf.orig
vi nginx.conf

# You may also add the below section to secure Nginx a bit
# NOTE: Nginx default keepalive_timeout might currently be set. Comment out the default and use the below setting.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
########################################################  
\# Security Directives #
########################################################  
#Start: Size Limits & Buffer Overflows  
client\_body\_buffer_size 1K;
client\_header\_buffer_size 1k;
client\_max\_body_size 1k;
large\_client\_header_buffers 2 1k;

#Start: Timeouts  
client\_body\_timeout 10;
client\_header\_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;

#Store session states in zone slimits – 32,000 sessions with 32 bytes/session/1m  
limit\_zone slimits $binary\_remote_addr 5m;

\# Restricts connections from a single ip address
limit_conn slimits 4;
}

Create some configuration directories. This is where you drop Site files
# Make sure the following directories exist. If not, create them

1
2
mkdir sites-available
mkdir sites-enabled

Remove the default Site if you like. If you plan to leave this site alone, you must configure your uWSGI applicaiton to run on a alternative port

1
rm sites-enabled/default

Create your Site (VirtualHost)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
vi sites-available/mobile.conf
########################################################  
\# Server Directives #
########################################################  
server {
listen 80;
server_name m.example.com;

########################################################  
\# Location Directives #
########################################################  
location / {
uwsgi_pass unix://var/run/mobile.sock;  
include uwsgi_params;
}

location /static/ {
alias /var/www/mobile/MobileTicketSales/static/;
}

location /s/ {
alias /var/www/mobile/MobileTicketSales/static/;
}

location /media/ {
alias /var/www/mobile/MobileTicketSales/media/;
}
}
For additional security add the following to your site configuration file. This should be added above the “Location” Directive
########################################################  
\# Security Directives #
########################################################  
\# Only requests to m.example.com are allowed #
if ($host !~ ^(example.com|m.example.com)$ )
{
return 444;
}

#Only allow these request methods  
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 444;
}

#Block download agents  
if ($http\_user\_agent ~* LWP::Simple|BBBike|wget|Baiduspider|Jullo)
{
return 403;
}

#Block some robots  
if ($http\_user\_agent ~* msnbot|scrapbot)
{
return 403;
}

#Deny certain Referers  
if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) )
{
return 403;
}

Enable your new Site

1
2
cd sites-enabled
ln -s ../sites-available/mobile.conf .

Modify Nginx init with the new installation PATH

1
2
3
vi /etc/init.d/nginx
\# Add the following to PATH
:/usr/local/nginx

Update Site permissions

1
chown -R www-data:www-data /var/www/mobile

Start/restart your Nginx Service

1
service nginx restart