[PYTHON] I tried to create a server environment that runs on Windows 10

Currently, I'm making a strategy game that runs on the Web, but I was in trouble because I canceled the rented server for various reasons.

Money ... no ... ;;;

So, on my PC, it is Windows 10, but I investigated whether an experimental environment could be created locally, and when I actually tried it, I managed to do it, so I will deploy it. If you have a personal computer, you can set up a web environment without spending money, so even if you are in trouble, give it a try!

However, security is almost ignored because it is a "naughty environment". Also, building a server on Windows 10 and publishing it on the web is a violation of Microsoft's license, so ** Never do it **. Only by using the local experimental environment.

table of contents

• Premise
• Operation image
• Environment construction
• Install nginx
• Install python
• Install uwsgi
• Install postgreSQL
• Prepare Test Source
• Cygwin test
• Issue SSL Certificate
• setup nginx
• Start and Stop (#iRunStop)
• Referenced sites / articles

Premise

It is suitable for apps that are typed from a web browser. Basically, it is a front operation with HTML5 and Javascript, but it is assumed that complicated calculations and outputs will be processed by Python on a virtual server. Make it possible to handle the database as well.

** Software requirements **

• Windows10
• python3
• nginx (web server)
• PostgreSQL (DB server)
• uWsgi (web → python execution application)
• cygwin (uwsgi installation environment + execution environment)
• OS default encoding: utf-8

There is a version of nginx compatible with Windows, so use that. Also, flask is used as a framework between uwsgi and nginx.

Operation image

There is a statement that uwsgi used in the virtual server is supported on Windows, but in fact it cannot be run directly on Windows (it does not work ...). Instead, uwsgi can be virtually run on the terminal software "cygwin" that runs on Windows. The process flow is an image of passing an input action from the Web to Cygwin via nginx, processing Python and PostgreSQL, and returning it to nginx.

As an image, cygwin is uwsgi and postgreSQL server.

Environment

Actually set up the environment. Here, install the following application.

• nginx
• python3
• uwsgi
• postgreSQL

1. Install nginx. Get the archive from: I basically use the stable version. Unzip the obtained archive to a location of your choice. 　nginx HP

1-1. Start the command prompt in the destination nginx-X.X.X. 1-2. Start Enter nginx to execute. 1-3. Display http: // localhost in your browser. Allow if blocked by a firewall. If "Welcome to nginx!" Is displayed, the setup is normal. Enter 1-4.nginx -s quit to exit.

2. Install python and the required libraries. Get the installer from: Basically use * web-based installer. Set it up anywhere you like with the installer you got. 　python HP

You should check Add Python x.x to Path. For others, select the default or the option according to your environment. I will test it after the installation is completed.

# python -V
Python 3.8.2
* For Windows, it seems to be python, not python3.

# pip3 install flask requests requests_oauthlib python-dateutil psycopg2
~ Omitted ~

# pip3 list
～ Omitted below ～

3. Install uwsgi. Here, we will use Cygwin Terminal to install it on the Linux emulator. Set it up anywhere you like with the installer you got. 　Cygwin HP

Select the following for the package (note that otherwise it will be skipped):

• python3-pip
• wget
• libcrypt-devel
• libintl-devel
• libssl-dev
• libreadline-deval
• zlib
• zlib-devel
• make
• gcc-core
• unzip
• gettext
• Python3 is duplicated as item 2, but since it is an installation for the Cygwin environment, it is also applied here.
• If you do not select all the above libraries, you will not be able to set up normally.

Choose the default or the option that suits your environment. The virtual environment can be under the current set up.

After setting up, start cygwin and set up uwsgi.

Check the home user name ★ After that[Cygwin user]Unify with
# echo $USER
* By default, the login user name of Windows(folder)Will have the same name as

apt with wget-Get cyg
$ wget https://raw.githubusercontent.com/transcode-open/apt-cyg/master/apt-cyg
$ chmod 755 apt-cyg
$ mv apt-cyg /usr/local/bin

For system commands
$ apt-cyg install procps

Get the python3 library
$ apt-cyg install python3-devel

Download uwsgi from git and set it up.

$ wget https://github.com/unbit/uwsgi/archive/[Release archive name]
$ unzip [Archive name]
$ cd uwsgi-[Version name]
$ python3 setup.py install
* Specify the release version for the archive
* It takes a long time because the compilation works.

By the way, check the default encoding just in case. If it is Linux-based, uft-8 is basic, but Cygwin is utf-8 by default, so there should be no problem.

$ python3
>>> import sys
>>> sys.getdefaultencoding()
'utf-8'
>>> exit
[ctrl+D]* End by key input

What if it wasn't utf-8? Add the encoding to the profile.

$ vi /home/[Cygwin user]/.bash_profile

export LANG=ja_JP.UTF-8

:wq

After adding, execute the following to load it.

$ source ~/.bash_profile

4. Install postgreSQL.

4-1. Obtain the source code from the following. 　postgresql HP
Select the .qz format.

$ wget [Source code URL]

4-2. Compile and install the source code.

$ tar -xvzf [Archive file name]
$ cd [Unzipped folder]
$ mkdir make_dir
$ cd make_dir
$ ../configure --enable-nls --enable-thread-safety
$ make
$ make install
$ cd src/interfaces/libpq
$ make
$ make install

4-3. Add environment variables to .bash_profile.

$ vi /home/[Cygwin user]/.bash_profile

export PATH=/usr/local/pgsql/bin:/usr/local/pgsql/lib:$PATH
export PGHOST=localhost
export PGLIB=/usr/local/pgsql/lib
export PGDATA=/usr/local/pgsql/data

:wq

After adding, execute the following to load it.

source ~/.bashrc
source ~/.bash_profile

4-4. Initial setting.

$ /usr/sbin/cygserver.exe &
$ initdb -U postgres

This will change the postgreSQL superuser name to [postgres].

4-5. Start the postgreSQL server and check if you can log in.

$ pg_ctl start
$ pg_ctl status
$ psql -l
$ psql postgres -U postgres

=>

=> \q

If there are no errors, it's OK.

4-6. Login Next, set the superuser password, create a database, and perform simple password authentication.

• Peer and md5 are recommended if possible
• This example is assumed to be used in Star Region. The user name and database name will be [strgdb].
• Of course, if you forget your password, you will not be able to access it, so don't forget it! I can't take responsibility. (Although it can be reset as it is)

$ createuser strgdb -U postgres
$ createdb -O strgdb strgdb -U postgres

Superuser[postgres]Log in with
$ psql postgres -U postgres

Superuser[postgres]Set a password for
=> alter role postgres with password '[postgres master password]';  

User for Star Region[strgdb]Set a password for.
=> alter role strgdb with password '[DB password]';  
=> alter role strgdb with login;  
=> \q  

Edit the permissions file.
$ vi /etc/local/pgsql/data/pg_hba.conf

From L95 to trust → password set as follows

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
###local   all             all                                     trust
local   all             all                                     password
# IPv4 local connections:
###host    all             all             127.0.0.1/32            trust
host    all             all             127.0.0.1/32            password
# IPv6 local connections:
###host    all             all             ::1/128                 trust
host    all             all             ::1/128                 password
# Allow replication connections from localhost, by a user with the
# replication privilege.
###local   replication     all                                     trust
###host    replication     all             127.0.0.1/32            trust
###host    replication     all             ::1/128                 trust

:wq

When finished, pg_Restart sql
$ pg_ctl start

$ psql postgres -U postgres
Password for user postgres:* Enter the superuser password

=> 

=> \q

$ psql strgdb -U strgdb
Password for user strgdb:* Enter the password of the strgdb user
=> 
=> \q
If you can log in, it's OK.

5. Prepare the test source.

nginx (Windows) side
/www/index.html
Appropriately.

uwsgi (Cygwin) side
/home/[Lucida(User name)]/uwsgi/test.py
python test source

#!/usr/bin/python
# coding: UTF-8
def application(env, start_response):
    start_response('200 OK', [('Content-Type','text/html')])
    return [b"Hello World"]

6. Start cygwin and test start the uwsgi server.

uwsgi --http :9090 --wsgi-file uwsgi/test.py
*** Starting uWSGI 2.0.18 (64bit) on [Tue Aug 25 17:58:48 2020] ***
~ Omitted ~
*** uWSGI is running in multiple interpreter mode ***

Allow if blocked by a firewall. Access the following in your browser.

http://localhost:9090

If Hello World is displayed, it's OK. Stop the uwsgi server with Ctrl + C.

8. Issue an SSL certificate. The following certificates are required to use SSL.

• Root CA certificate (for clients)
• Intermediate CA certificate
• Server certificate

If you do not have these, you can either purchase and obtain one or issue a self-signed certificate. The following shows the procedure for issuing a self-signed certificate.

8-1. Open the openssl.cnf file with a text editor and edit the following. [cygwin installation folder] /etc/pki/tls/openssl.cnf

L91 : default_days	  = 825

L150: countryName_default = JP
L155: stateOrProvinceName_default =XXXXXX * Prefecture
L158: localityName_default        =XXXXXX * Municipalities
L161: 0.organizationName_default  =XXXXXX * Organization name
* The line seems to change depending on the version of openssl

8-2. Create a certificate authority private key and a root CA certificate. It will be work with cygwin.

$ mkdir /etc/pki/CA
$ chmod 700 /etc/pki/CA
$ cd /etc/pki/CA
$ openssl genrsa -des3 -out ca.key 2048
Enter pass phrase for ca.key:* Certificate authority pass Appropriately
Verifying - Enter pass phrase for ca.key:* Same as on the certificate authority pass

$ openssl req -x509 -new -nodes -key ca.key -sha256 -out ca.pem
Enter pass phrase for ca.key:* Same as on the certificate authority pass
~ Omitted ~
Common Name (eg, your name or your server's hostname) []:* Name of certificate authority
* Other than that, no input
~ Omitted ~

8-3. Install the certificate authority certificate on the client. In Windows → Settings, search for "Certificate". Open Manage User Certificates. Right-click on a trusted root certification authority, All Tasks → Import. Select the current user, ca.pem, select the root certification authority, and OK.

8-4. Create a server certificate. It will be work with cygwin.

$ mkdir /etc/pki/Server
$ chmod 700 /etc/pki/Server
$ cd /etc/pki/Server
$ openssl genrsa -out server.key 2048
$ openssl req -new -key server.key -out server.csr
~ Omitted ~
Common Name (eg, your name or your server's hostname) []:* IP address and host name as appropriate
* Other than that, no input
~ Omitted ~
$ vi server.txt
---------
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
---------\wq
$ openssl x509 -req -in server.csr -CA ../CA/ca.pem -CAkey ../CA/ca.key -CAcreateserial -out server.crt -sha256 -extfile server.txt
Enter pass phrase for ../CA/ca.key:* Certificate authority pass

9. nginx Config settings Adjust nginx.config in 9-1.nginx. [nginx installation folder] /config/nginx.conf

#user  nobody;
worker_processes auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

worker_rlimit_nofile 2048;
events {
### worker_connections 1024;
	worker_connections 2048;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include [HTML source folder]/source/nginx/*.conf;
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    include [HTML source folder]/source/nginx/sites-enabled/*; 
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Add these two lines
    
###    server {
###        listen       80;
###        server_name  localhost;
###
###        #charset koi8-r;
###
###        #access_log  logs/host.access.log  main;
###
###        location / {
###            root   html;
###            index  index.html index.htm;
###        }
###
###        #error_page  404              /404.html;
###
###        # redirect server error pages to the static page /50x.html
###        #
###        error_page   500 502 503 504  /50x.html;
###        location = /50x.html {
###            root   html;
###        }

~ Omitted ~
    }
~ Omitted ~
}

9-2. Prepare the Config for the nginx server. Prepare a file different from the default. [Appropriate folder] /nginx/https.conf

server {
	listen 443 ssl http2;
	server_name localhost;

	ssl_protocols TLSv1.2;
	ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
	ssl_ecdh_curve prime256v1;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_certificate [Cygwin installation folder]/etc/pki/Server/server.crt;
　　　　　　　　　　　　　~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Server certificate
	ssl_certificate_key [Cygwin installation folder]/etc/pki/Server/server.key;
　　　　　　　　　　　　　~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Server private key

	keepalive_timeout 70;
	sendfile on;
	client_max_body_size 0;
	root [HTML source folder]
　　　　　　　~~~~~~~~~~~~~~~~~~~~~
	server_tokens off;
	charset utf-8;

	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
	add_header Strict-Transport-Security "max-age=31536000";

	location / {
		index index.html;
	}

	location /uwsgi {
		include uwsgi_params;
		proxy_pass https://127.0.0.1:9090;
	}

}

9-3. Test start the server.

Start cygwin.
$ uwsgi --master --https 127.0.0.1:9090,/etc/pki/Server/server.crt,/etc/pki/Server/server.key --wsgi-file strg_uwsgi/test.py
  
Start nginx at the Windows DOS prompt.
$ [nginx installation drive]:
$ cd [nginx installation folder]
$ start nginx
  
Access the following two places with a browser.
　https://localhost/
It is OK if the top of the web page is displayed.

　https://localhost/uwsgi
If Hello World is displayed, it's OK.

Stop nginx and uwsgi server once. uwsgi is Ctrl+Stop at C.
$ nginx -s quit
  

that's all. Then do whatever you want.

Start and end

Start with the following command.

nginx (Windows) side
# start nginx

cygwin side
# /usr/sbin/cygserver.exe &
# pg_ctl start
# pg_ctl status
# uwsgi --master --https 127.0.0.1:9090,/etc/pki/Server/server.crt,/etc/pki/Server/server.key --wsgi-file uwsgi/test.py

To end, use the following command.

nginx (Windows) side
# nginx -s stop

cygwin side
※Ctrl+Press C
# pg_ctl stop
# pg_ctl status

Quit Cygwin

Referenced sites / articles

The titles are omitted below.

• Setting up uwsgi on Windows (in my miscellaneous notes)
• Start cygserver.exe (WinOfSQL)
• Procedure for creating SSL self-signed certificate without SSL error (snyomo)