python-uwsgi-nginx/install.sh

raw link view readme
1 yum install epel-release -y
2
3 yum install policycoreutils-python -y
4 semanage fcontext -at httpd_sys_rw_content_t "/srv/webapi(/.*)?"
5 semanage fcontext -at httpd_sys_content_t "/srv/common(/.*)?"
6
7 yum install firewalld -y
8 systemctl start firewalld
9 systemctl enable firewalld
10 firewall-cmd --permanent --zone=public --add-interface=eth0
11 firewall-cmd --permanent --add-service=http --add-service=https --zone=public
12 firewall-cmd --reload
13
14 # Just for testing...
15
16 mkdir /srv/common
17 cat > /srv/common/robots.txt << EOF
18 User-agent: ia_archiver
19 Disallow: /
20 EOF
21
22 # UWSGI
23
24 yum install uwsgi uwsgi-plugin-python3 -y
25
26 chown -R nobody:uwsgi /etc/uwsgi.d
27 chmod -R g+s /etc/uwsgi.d
28
29 cat > /etc/uwsgi.d/webapi.ini << EOF
30 [uwsgi]
31 project = content
32 base = /srv/webapi/content
33 virtualenv = /srv/webapi
34
35 chdir = %(base)
36 home = %(virtualenv)
37 module = app:webapi_start
38
39 master = true
40 processes = 5
41
42 socket = %(base)/%(project).sock
43 chmod-socket = 660
44 uid = uwsgi
45 gid = uwsgi
46 vacuum = true
47
48 plugins = python3
49 EOF
50
51 # App
52
53 yum install python34 python-pip -y 2> /dev/null
54 yum install git -y
55 pip install --upgrade pip
56 pip install --upgrade virtualenv
57 cd /srv
58 virtualenv -p python3 webapi
59 chmod -R 2750 /srv/webapi
60 setfacl -m d:o:--- /srv/webapi
61 cd /srv/webapi
62 source bin/activate
63 git clone https://github.com/davidbetz/pywebapi content
64 cd /srv/webapi/content
65 pip install -r requirements.txt
66 deactivate
67
68 chown -R nobody:uwsgi /srv/webapi
69 restorecon -R /srv
70
71 #Nginx
72
73 cat > /etc/yum.repos.d/nginx.repo << EOF
74 [nginx]
75 name=nginx repo
76 baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
77 gpgcheck=0
78 enabled=1
79 EOF
80
81 yum install -y nginx
82
83 export PUBLIC_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
84
85 mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.disabled
86 cat > /etc/nginx/conf.d/webapi.conf << EOF
87 server {
88 listen $PUBLIC_IP:80;
89
90 location /robots.txt {
91 alias /srv/common/robots.txt;
92 }
93
94 location / {
95 include uwsgi_params;
96 uwsgi_pass unix:/srv/webapi/content/content.sock;
97
98 proxy_redirect off;
99 proxy_set_header Host \$host;
100 proxy_set_header X-Real-IP \$remote_addr;
101 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
102 proxy_set_header X-Forwarded-Host \$server_name;
103 }
104 }
105 EOF
106
107 usermod nginx -aG uwsgi
108
109 systemctl start uwsgi
110 systemctl enable uwsgi
111
112 systemctl start nginx
113 systemctl enable nginx
114
115 # Test
116
117 curl $PUBLIC_IP/robots.txt
118 curl $PUBLIC_IP/item/1
119