[从零开始]Flask+Nginx在云服务器上部署服务

服务器：百度智能云轻量应用服务器 2H4G

mv /etc/apt/sources.list /etc/apt/sources_bak.list
vi /etc/apt/sources.list

清华源

deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse

中科大源

deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

方向键变ABCD

echo "set nocp" >> ~/.vimrc
source ~/.vimrc

backspace无法删除 - 卸载旧版的vim重新安装

apt remove vim-common
apt install vim

安装

# 官网 - https://conda.io/en/latest/miniconda.html
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
bash Miniconda3-latest-Linux-x86_64.sh

# 如果环境变量没有自动写入则修改环境变量
# echo "export PATH=/root/Miniconda3/bin:$PATH" >> ~/.bashrc
source ~/.bashrc

pip换源 - 创建~/.pip/pip.conf，写入以下内容

[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[install]
trusted-host = https://pypi.tuna.tsinghua.edu.cn

创建虚拟环境 - 防止包冲突

conda create -n envname python=x.x.x

安装

pip install flask

编写一个简单的服务端

from flask import Flask
app = Flask(__name__)

@app.route('/')
def index():
	return "hello world";
    
if __name__ == '__main__':
    app.run('127.0.0.1', '8080', debug=True)

使用nginx代理需要获取真实的IP

from flask import Flask
app = Flask(__name__)

@app.route('/')
def index():
	return "hello world";

def fix_werkzeug_logging():
    from werkzeug.serving import WSGIRequestHandler

    def address_string(self):
        return"[%s]-[%s]" % (self.headers.get('X-Forwarded-For', self.client_address[0]), self.headers.get('X-Real-Ip', self.client_address[0]))
    WSGIRequestHandler.address_string = address_string
    
if __name__ == '__main__':
    fix_werkzeug_logging()
    app.run('127.0.0.1', '8080', debug=True)

安装

# install
apt install nginx
# 查找位置
whereis nginx
# nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz
# 启动服务
service nginx start

修改配置文件实现域名/IP访问服务

配置文件在/etc/nginx里面，使用vim打开nginx.conf可以看到一系列配置，网站的访问主要在http里面，创建一个server即一个访问路由，根据域名跳转到本地IP和端口。其中listen的端口号为80才能实现原始域名访问，否则需要在域名后面加入端口号。

# 在http中创建一个监听服务
http {
	server {
		listen 80; # 监听的端口
		server_name youname.com www.youname.com; # 域名 (也可以是IP)
		location /{
			proxy_pass http://127.0.0.1:8080; # 本地ip和端口
			proxy_set_header X-Real-IP $remote_addr; # flask中获取原始ip需要这个
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 获取代理ip之前的原始ip
		}
	}
}

配置SSL安全访问 https

SSL证书可以免费申请，下载下来的包括一个crt文件和一个key文件，然后配置到Nginx中，需要注意的是listen端口变成了443。如果要把http访问全部转成https则把http的server监听并重定向。

需要注意的是每一个SSL证书只对应一个域名，二级域名实现SSL需要重新申请。

http {
	server {
		listen 443 ssl;
		server_name youname.com;
		# 配置crt
		ssl_certificate "/path/to/xxx.crt";
		# 配置key
		ssl_certificate_key "/path/to/xxx.key";
		
		location /{
            proxy_pass http://127.0.0.1:8090;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_redirect default;
        }
	}
	
	server {
		listen 80;
		server_name *.youname.com youname.com; # 泛解析形式，不管二级域名是什么都直接跳转，还要补一个没有前缀的
		rewrite ^(.*)$ https://$host$1 permanent; # 把http访问的域名转换到https
	}
}

配置完成后可以先测试，成功后重启服务就可以使用https访问了。

nginx -t
# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# nginx: configuration file /etc/nginx/nginx.conf test is successful
service nginx restart

禁用IP访问

server {
	listen 80 default;
	server_name _;
	
	return 403;
}

server {
	listen 443 ssl default;
	server_name _;
	# 随便选一个就行
    ssl_certificate "/path/to/xxx.crt";
    ssl_certificate_key "/path/to/xxx.key";
	
	return 403;
}