flask+nginx+uwsgi+https搭建

介绍如何搭建flask服务器

三者关系

1. nginx是web服务器
2. flask是web框架
3. wsgi只用于python的,连接web服务器与web框架

安装nginx

yum install -y nginx
systemctl enable nginx.service
systemctl start nginx

nginx缺省使用80端口，这是可以访问127.0.0.1:80或者是云服务器的对外网址也能看到服务正常启动了

安装uwsgi

yum install -y uwsgi uwsgi-plugin-python

安装virtualenv

pip install virtualenv

配置Python虚拟环境

mkdir -p /data/website/myapp
cd /data/website/myapp
virtualenv env

激活虚拟环境且安装flask

source env/bin/activate

这是会看到命令提示符出现env字眼，表示进入到

pip install flask

创建第一个flask程序

创建/data/website/myapp/run.py并修改如下内容

from flask import Flask
app = Flask(__name__)
@app.route('/')
def index():
    return "<h1>hello, myapp</h1>"
if __name__ == "__main__":
    app.run(host="0.0.0.0",port=5000,debug=True)

使用python run.py执行，在浏览器输入127.0.0.1:5000会看到内容

配置uwsgi

创建/data/website/myapp/run.py并修改如下内容

[uwsgi]
socket = 127.0.0.1:5000
pythonpath = /data/website/myapp
module = run
callable = app
processes = 4
threads = 2

执行uwsgi uwsgi.ini –plugin python 无误就按ctrl c杀掉进程

解释说明下uwsgi的配置参数内容：

• socket：通讯端口，外界可以通过127.0.0.1:8001访问，相当于我们在本地运行flask，并通过127.0.0.1:5000访问；并负责与nginx通信。
• pythonpath：项目目录。
• module：启动文件的文件名，我们可以在本地用Python run.py启动flask项目。
• callable：程序内启用的application变量名。
• processes：处理器个数。
• threads：线程数。

注意：最好不要在配置文件写中文注释，别问我为什么

配置nginx

不同版本不同的配置路劲，我的是修改/etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                include        uwsgi_params;
                uwsgi_pass     127.0.0.1:5000;
                uwsgi_param UWSGI_PYHOME /data/website/myapp/env;
                uwsgi_param UWSGI_CHDIR /data/website/myapp;
                uwsgi_param UWSGI_SCRIPT run:app;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

修改部分就是http/server/location部分

重启nginx服务

systemctl restart nginx

启动uwsgi

使用后台常驻运行

cd /data/website/myapp
nohup uwsgi uwsgi.ini --plugin python &

完成

通过浏览器输出你的域名或者你的serverip来获取之前在127.0.0.1:5000的页面

进阶配置https

生成https证书

cd /etc/nginx/
mkdir crt
cd crt
openssl genrsa -out server.key 1024 # 生成密钥
openssl req -new -key server.key -out server.csr # 生成证书请求
openssl x509 -req -in server.csr -signkey server.key -out server.crt # 使用之前的私钥来证书

配置nginx开启https

server {
        listen 443 ssl;
        listen 80;
        server_name testweb;
        ssl_certificate /etc/nginx/crt/server.crt;
        ssl_certificate_key /etc/nginx/crt/server.key;
        ssl_protocols  TLSv1;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout  5m;
        charset utf-8;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 50m;
        client_body_buffer_size 256k;
        proxy_connect_timeout 30;
        proxy_send_timeout 30;
        proxy_read_timeout 60;
        proxy_buffer_size 256k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_temp_file_write_size 256k;
        location / {
                proxy_set_header        X-Forwarded-Protocol  $scheme;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass      http://127.0.0.1:5000;  # 指向flask地址
                access_log logs/testweb.log;
                error_log logs/testweb-error.log;
        }
}

重启nginx

nginx -t 
nginx -s reload

浏览器查看

浏览器会报不安全站点

可以找一家云供应商免费有一年的证书使用，例如腾讯云，这样就是正规的证书了

参考文献

如何理解Nginx、uWSGI和Flask之间的关系？