Centos7 Nginx + Gunicorn

nginx_gunicorn.sh

yum -y install epel-release
yum -y update
yum -y install nginx

# INSTALLING PYTHON 3.6
yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install python36u python36u-pip python36u-devel python36u-setuptools

# SETTING UP IPTABLES
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables-save

# SETING UP NGINX
mkdir /etc/nginx/sites-availible
mkdir /etc/nginx/sites-enabled

# create basic site
cat << EOF > /etc/nginx/sites-availible/gunicorn.site
upstream app_server {
        server unix:/run/gunicorn/socket fail_timeout=0;
}

server {
        listen 80 default_server;

        location / {

                try_files \$uri @proxy_to_app;
        }

        location @proxy_to_app {
                proxy_set_header Host \$host;
                proxy_redirect off;
                proxy_pass http://app_server;
        }
}
EOF

ln -s /etc/nginx/sites-availible/gunicorn.site /etc/nginx/sites-enabled/

# modify nginx.conf bit
sed -i '38,60d' /etc/nginx/nginx.conf
sed -i '37 a\    server { return 404; }\n' /etc/nginx/nginx.conf
sed -i '37 a\    include /etc/nginx/sites-enabled/*.site;' /etc/nginx/nginx.conf

nginx -s reload

# INSTALLING GUNICORN

pip3.6 install gunicorn

useradd gunicorn

# setting up gunicorn service
cat << EOF > /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target

[Service]
PermissionsStartOnly=True
PIDFile=/run/gunicorn/pid
User=gunicorn
Group=gunicorn
WorkingDirectory=/var/www/gun
ExecStart=/usr/bin/gunicorn --pid /run/gunicorn/pid   \
          --bind unix:/run/gunicorn/socket -c config app:app
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/bin/kill -s TERM \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

cat << EOF > /etc/systemd/system/gunicorn.socket
[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/gunicorn/socket

[Install]
WantedBy=sockets.target
EOF

echo "d /run/gunicorn 0755 gunicorn gunicorn -" > /etc/tmpfiles.d/gunicorn.conf

mkdir -p /var/www/gun
# change context for selinux
chcon -Rt httpd_sys_content_t /var/www/gun

cat << EOF > /var/www/gun/app.py
def app(environ, start_response):
    """Simplest possible application object"""
    data = b'Hello, World!\n'
    status = '200 OK'
    response_headers = [
        ('Content-type','text/plain'),
        ('Content-Length', str(len(data)))
    ]
    start_response(status, response_headers)
    return iter([data])
EOF

cat << EOF > /var/www/gun/config
import multiprocessing

# simple configuration
workers = multiprocessing.cpu_count() * 2 + 1
accesslog = "/var/log/gunicorn/access.log"
errorlog = "/var/log/gunicorn/error.log"
EOF

mkdir -p /var/log/gunicorn
chown -R gunicorn:gunicorn /var/log/gunicorn

systemctl enable gunicorn.service
systemctl start gunicorn.service
chown -R gunicorn:gunicorn /run/gunicorn