blob: 2dcaac79005bc6577f55a503aa9fc7d360b2ee84 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# Running a Flask based website on Nginx
This article assumes you have completed up to setting up Nginx based on the [Last Article](/articles/rpilinuxserver/), or that you already have a server setup.
## Configuring Nginx
First, make your folder for the website, this is where your website will live:
<pre><code>
sudo mkdir -p /var/www/websiteName
</pre></code>
Next, we need to set the proper permissions to make sure everything works:
<pre><code>
sudo chown -R nginx /var/www/websiteName
sudo chmod -R 755 /var/www/websiteName
</pre></code>
Now, we will create the config file for website:
<pre><code>
sudo nano /etc/nginx/conf.d/websiteName.conf
</pre></code>
and paste the following into the file:
<pre><code>
server {
listen 80;
server_name example.com www.example.com;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /;
}
}
</pre></code>
Now, confirm that the nginx configuration is ok:
<pre><code>
sudo nginx -t
</pre></code>
Restart nginx:
<pre><code>
sudo systemctl restart nginx
sudo systemctl status nginx
</pre></code>
Next, set SELinux to permissive mode:
<pre><code>
sudo setenforce permissive
sudo getenforce
</pre></code>
Now, we will need to set SELinux to permissive mode permanently:
<pre><code>
sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
</pre></code>
## Running the Flask App
### Install Gunicorn
To run the your Flask website you need to install gunicorn.
<pre><code>
pip install gunicorn
sudo cp ~/.local/bin/gunicorn /usr/bin/gunicorn
</pre></code>
### Configure Systemd
You will need to create a systemd service for gunicorn.
In `/etc/systemd/system/yourapp.service`
<pre><code>
[Unit]
Description = yourapp
After = network.target
[Service]
PermissionsStartOnly = true
PIDFile = /run/yourapp/yourapp.pid
User = gunicorn
Group = gunicorn
WorkingDirectory = /var/www/yourapp
ExecStartPre = /bin/mkdir /run/yourapp
ExecStartPre = /bin/chown -R gunicorn:gunicorn /run/yourapp
ExecStart = /usr/bin/gunicorn main:app -b 0.0.0.0:8000 --pid /run/yourapp/yourapp.pid
ExecReload = /bin/kill -s HUP $MAINPID
ExecStop = /bin/kill -s TERM $MAINPID
ExecStopPost = /bin/rm -rf /run/yourapp
PrivateTmp = true
[Install]
WantedBy = multi-user.target
</pre></code>
Now you will need to run the following commands:
<pre><code>
sudo systemctl daemon-reload
sudo systemctl enable yourapp
sudo systemctl start yourapp
</pre></code>
At this point when you navigate to your website, it should load.
## Installing and Running Certbot
To install Certbot run:
<pre><code>
sudo dnf install certbot python3-certbot-nginx
</pre></code>
To get SSL certificates for your websites run:
<pre><code>
sudo certbot --nginx
</pre></code>
Answer the prompts that show up on screen as you wish.
To configure auto renewal of the SSL certificate run:
<pre><code>
crontab -e
</pre></code>
and add the following line:
<pre><code>
0 12 * * * /usr/bin/certbot renew --quiet
</pre></code>
This will check everyday at noon to see if the certificate will expire in the
next month, if so it will renew the certificate.
Now your website should be operational.
|
