Last active
June 23, 2020 02:23
-
-
Save vandorjw/8294866 to your computer and use it in GitHub Desktop.
Turn Fedora 20 into Webserver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a step by step tutorial on how to run uwsgi in emperor mode, | |
# behind nginx on Fedora 20. I'll add to the tutorial as time goes on. | |
# SeLinux will likely be a pain (even in permissive mode), so please see my comment on how to fix it. | |
sudo yum upgrade | |
sudo yum install nano yum-utils gcc uwsgi-plugin-python3 nginx | |
yum-builddep python3-psycopg2 | |
yum-builddep python3-Pillow | |
1. usermod -a nginx -G uwsgi | |
2. ??? | |
3. Place the following in /etc/uwsgi.d/me_vandorjw.ini | |
# | |
# me_vandorjw.ini | |
# | |
[uwsgi] | |
#variables | |
projectname = vandorjw | |
base = /var/sites/me/vandorjw | |
plugins = python3 | |
chdir = %(base)/src/%(projectname) | |
pythonpath = %(base)/src/%(projectname) | |
virtualenv = %(base)/venv/%(projectname) | |
env = DJANGO_SETTINGS_MODULE=%(projectname).settings | |
module = django.core.handlers.wsgi:WSGIHandler() | |
socket = /run/uwsgi/%n.socket | |
chmod-socket = 660 | |
logto = %(base)/logs/uwsgi.log | |
4. sudo chown uwsgi:uwsgi /etc/uwsgi.d/me_vandorjw.ini | |
5. place the following in /etc/nginx/conf.d/me_vandorjw.conf | |
server { | |
listen 80; | |
server_name vandorjw.me; | |
access_log /var/sites/me/vandorjw/logs/access.log; | |
error_log /var/sites/me/vandorjw/logs/error.log; | |
location /static/ { | |
alias /var/sites/me/vandorjw/static/; | |
} | |
location /media/ { | |
alias /var/sites/me/vandorjw/media/; | |
} | |
location / { | |
uwsgi_pass unix:///run/uwsgi/me_vandorjw.socket; | |
include uwsgi_params; | |
} | |
error_page 404 /404.html; | |
location = /40x.html { | |
root /usr/share/nginx/html; | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
} | |
5. Grab this script. Place it in your home dir, calling it pyvenv3.py | |
http://docs.python.org/3/library/venv.html#an-example-of-extending-envbuilder | |
6. sudo mkdir -p /var/sites/me/vandorjw/ | |
7. sudo chown -R fedora /var/sites | |
7b. alternatively, use ACL | |
8. cd /var/sites/me/vandorjw/ | |
9. mkdir venv logs media static src | |
10. python3 ~/pyvenv3.py venv/vandorjw | |
11. source venv/vandorjw/bin/activate | |
12. pip install django, south, pillow, psycopg2 | |
13. cd src | |
14. django-admin.py startproject vandorjw | |
15. cd .. | |
15. sudo semanage fcontext -a -t httpd_log_t -r s0 "/var/sites/me/vandorjw/logs(/.*)?" | |
16. sudo restorecon -R logs/ | |
17. touch /var/sites/me/vandorjw/logs/uwsgi.log | |
17. sudo chgrp uwsgi /var/sites/me/vandorjw/logs | |
17. sudo chown uwsgi:uwsgi /var/sites/me/vandorjw/logs/uwsgi.log | |
17. sudo systemctl enable nginx.service | |
18. sudo systemctl enable uwsgi.service | |
19. Place the following line in /etc/tmpfiles.d/uwsgi.conf | |
D /run/uwsgi 0770 uwsgi uwsgi - | |
Restart Server - Enjoy Life |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Fix SELINUX
Run all these commands are root
You'll likely see messages like this:
time->Thu Jan 9 01:45:37 2014
type=SYSCALL msg=audit(1389231937.166:58): arch=c000003e syscall=42 success=no exit=-13 a0=10 a1=7f27e09931f8 a2=6e a3=7fffb8952460 items=0 ppid=542 pid=543 auid=4294967295 uid=998 gid=997 euid=998 suid=998 fsuid=998 egid=997 sgid=997 fsgid=997 ses=4294967295 tty=(none) comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1389231937.166:58): avc: denied { write } for pid=543 comm="nginx" name="me_vandorjw.socket" dev="tmpfs" ino=10313 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
echo " the long error message" | audit2why
EXAMPLE
echo "avc: denied { write } for pid=543 comm="nginx" name="me_vandorjw.socket" dev="tmpfs" ino=10313 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file" | audit2why
echo "avc: denied { write } for pid=543 comm="nginx" name="me_vandorjw.socket" dev="tmpfs" ino=10313 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file" | audit2allow -M nginx-uwsgi
reboot
Alternatively --Edit /etc/sysconfig/selinux to disable selinux
(bad alternative)