[PYTHON] Creating and understanding a test app Ubuntu 18.04 + Nginx + Flask + Let's lencript

environment

Sakura's VPS Name dot com ubuntu18.04 ubuntu username: ubuntu (match your username) SSH connection software: Teraterm (copy and paste can be used, great) python3.6.9 nginx/1.14.0

reference: https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uswgi-and-nginx-on-ubuntu-18-04

The first spell for the time being. Install git for the time being

sudo apt update
sudo apt upgrade
sudo apt install git

Prepare the python environment

python installation

sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools

#Verification
python3.6 -V

Create a virtual environment for python

sudo apt install python3-venv

#Create environment directory
mkdir ~/myproject
cd ~/myproject

#Create and start virtual environment
python3.6 -m venv myprojectenv
source myprojectenv/bin/activate
#How to deactivate is [deactivate]

Install Flask and uwsgi

pip install wheel
pip install uwsgi flask

Create a sample app

sudo nano ~/myproject/myproject.py

from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return "<h1 style='color:#ff0000'>Hello Flask!</h1>"

if __name__ == "__main__":
    app.run(host='0.0.0.0')

** Open custom port 5000 from the Sakura VPS network information. ** **

python myproject.py

http://"your_ipadress":5000にアクセス

sudo nano ~/myproject/wsgi.py

wsgi.py


from myproject import app

if __name__ == "__main__":
    app.run()

uwsgi test

uwsgi --socket 0.0.0.0:5000 --protocol=http -w wsgi:app

http://"your_ipadress":5000へアクセスして確認

Creating a uWSGI configuration file

deactivate
sudo nano ~/myproject/myproject.ini

myproject.ini


[uwsgi]
module = wsgi:app

master = true
processes = 5

socket = myproject.sock
chmod-socket = 660
vacuum = true

die-on-term = true

Create systemd

sudo nano /etc/systemd/system/myproject.service

/etc/systemd/system/myproject.service


[Unit]
Description=uWSGI instance to serve myproject
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/myproject
Environment="PATH=/home/ubuntu/myproject/myprojectenv/bin"
ExecStart=/home/ubuntu/myproject/myprojectenv/bin/uwsgi --ini myproject.ini

systemd startup / automatic startup / status check

sudo systemctl start myproject
sudo systemctl enable myproject
sudo systemctl status myproject

OK if you say activate (running)

** * [Stop] sudo systemctl stop my project ** ** * [Automatic start / stop] sudo systemctl disable my project **

Start and configure Nginx

sudo apt install -y nginx
Verification
ls /etc/nginx/sites-available/
>>If it says default, the installation file is ready, so it's OK.

sudo nano /etc/nginx/sites-available/myproject

/etc/nginx/sites-available/myproject


server {
    listen 80;
    server_name <your_ipadress> www.<your_ipadress>;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/ubuntu/myproject/myproject.sock;
    }
}

To enable the Nginx server block configuration you created, link the file to the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled

Test: `` `sudo nginx -t``` Finally, if you say test is successful, k

restart nginx

sudo systemctl restart nginx

Site confirmation http://"your_ipadress"

Confirmation of LOG system

sudo less /var/log/nginx/error.log: Check the Nginx error log.
sudo less /var/log/nginx/access.log: Check the Nginx access log.
sudo journalctl -u nginx: Check the log of Nginx process.
sudo journalctl -u myproject: Check the uWSGI log for the Flask app.

Domain settings

Use of name dot com

[Acquisition of domain / setting of name server] Log in to Name.com Domain acquisition Name server registration from domain details From others Name server 1: ** ns1.dns.ne.jp ** Name server 2: ** ns2.dns.ne.jp ** To set. Done. ** One day later? Do you reflect it? ?? maybe** There was information image.png

[Domain settings] Access Domain Navi "Domain settings"-> "DNS-related function settings" Select the target domain and go to the next "Use DNS record settings" Enter the required items and click "Add" to add to the bottom.

Server-side settings

sudo nano /etc/nginx/sites-available/myproject

Make your_ipadress your_domain. In short, rewrite to the set original domain.

/etc/nginx/sites-available/myproject


server {
    listen 80;
    server_name <your_DOMAIN> www.<your_DOMAIN>;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/ubuntu/myproject/myproject.sock;
    }
}

Let's Encrypt

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx

sudo certbot --nginx -d your_domain -d www.your_domain
>>output is the following minutes

output


Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter](press 'c' to cancel):

Select ENTER. The configuration will be updated and Nginx will reload to get the new settings. The certbot process is successful and you will see a message telling you where the certificate is stored.

output


IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your_domain/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your_domain/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Stop HTTP on NGINX

sudo ufw delete allow 'Nginx HTTP'

Verification https://"your-domain"

Conclusion

Surprisingly easy. LINEBOT etc. must be converted to Https, so you can make it with this. It may be good to put together management commands.

Recommended Posts

Creating and understanding a test app Ubuntu 18.04 + Nginx + Flask + Let's lencript
Creating a simple app with flask
Let's make a Mac app with Tkinter and py2app
Python: Introduction to Flask: Creating a number identification app using MNIST
Creating a web application using Flask ②
Creating a Flask server with Docker
Creating a web application using Flask ①
Creating a web application using Flask ③
Creating a web application using Flask ④