如何在Nginx上安装Askbot并在CentOS 8上使用Let’s Encrypt保护它的安全

如何在Nginx上安装Askbot并在CentOS 8上使用Let’s Encrypt保护它的安全

Askbot是一个免费的,开源的,高度可定制的问答论坛软件,用Python和Django编写。它简单轻巧,很像其他论坛软件StackOverflow和Yahoo Answers。 Askbot提供许多功能,例如标签和类别,电子邮件通知,基于业力的系统,投票,内容管理等。

本教程展示了如何使用“让我们加密SSL”在CentOS 8上安装Askbot论坛软件。

前提条件

  • 运行CentOS的服务器8。
  • 服务器设置了root密码。

安装所需的依赖项

在开始之前,您需要在系统上安装必需的依赖项。

首先,使用以下命令安装“开发工具”:

dnf group install 'Development Tools'

然后使用以下命令安装EPEL存储库和其他Python依赖项:

dnf install epel-release -ydnf install python2-pip python2-devel python2-six -y

一旦安装了所有必需的软件包,就可以继续下一步。

安装和配置PostgreSQL

Askbot使用PostgreSQL来存储数据。因此,必须将其安装在系统上。您可以使用以下命令进行安装。

dnf install postgresql-server postgresql-devel postgresql-contrib -y

安装后,使用以下命令初始化数据库:

postgresql-setup initdb

显示以下输出。

WARNING: using obsoleted argument syntax, try --help
WARNING: arguments transformed to: postgresql-setup --initdb --unit postgresql
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

然后启动PostgreSQL服务,以便在重新引导系统后可以使用以下命令启动它:

systemctl start postgresqlsystemctl enable postgresql

然后使用以下命令登录到PostgreSQL shell:

su - postgres[[email protected] ~]$ psql

输出:

psql (10.6)
Type "help" for help.
postgres=# 

然后使用以下命令创建Askbot数据库和用户:

postgres=# create database askbot;postgres=# create user askbot with password 'password';

然后使用以下命令将所有权限授予askbot:

postgres=# grant all privileges on database askbot to askbot;

最后,使用以下命令退出PostgreSQL Shell。

postgres=# q

接下来,您需要为PostgreSQL配置本地用户身份验证。您可以通过编辑pg_hba.conf文件来实现。

nano /var/lib/pgsql/data/pg_hba.conf

在下一行中,将对等方替换为md5。

local   all             all                                    md5  
host    all             all             127.0.0.1/32           md5  
host    all             all             ::1/128                md5  

完成后,保存文件并关闭它。然后重新启动PostgreSQL服务以应用更改。

systemctl restart postgresql

Askbot安装和配置

在安装Askbot之前,您需要创建Askbot用户。您可以使用以下命令创建新的Askbot用户并设置密码。

useradd -m -s /bin/bash askbotpasswd askbot

然后将Askbot用户添加到wheel组以进行sudo命令访问。

usermod -a -G wheel askbot

然后使用以下命令安装python virtualenv软件包。

pip2 install virtualenv six

安装完成后,使用以下命令将用户更改为Askbot并创建一个新的Askbot虚拟环境:

su - askbotvirtualenv askbot

显示以下输出。

created virtual environment CPython2.7.16.final.0-64 in 663ms
  creator CPython2Posix(dest=/home/askbot/askbot, clear=False, global=False)
  seeder FromAppData(download=False, pip=latest, setuptools=latest, wheel=latest, via=copy, app_data_dir=/tmp/tmp9YFr7B/seed-app-data/v1)
  activators PythonActivator,CShellActivator,FishActivator,PowerShellActivator,BashActivator

然后将目录更改为askbot并使用以下命令激活虚拟环境:

cd askbotsource bin/activate

产出:广告

(askbot) [[email protected] askbot]$

然后,使用以下命令安装Askbot和任何其他必需的依赖项。

pip2 install six==1.10.0pip2 install askbot psycopg2

接下来,为您的应用程序创建一个新目录,将目录更改为您的应用程序,并使用以下命令设置Askbot:

mkdir myappcd myappaskbot-setup

显示以下输出。

Deploying Askbot - Django Q&A forum application
Problems installing? -> please email [email protected]

To CANCEL - hit Ctr-C at any time

Enter directory path (absolute or relative) to deploy
askbot. To choose current directory - enter "."
> .

键入“。”并点击 进入 继续吧显示以下输出。

Please select database engine:
1 - for postgresql, 2 - for sqlite, 3 - for mysql, 4 - oracle
type 1/2/3/4: 1

输入1选择postgresql数据库引擎,然后按Enter继续。显示以下输出。

Please enter database name (required)
> askbot

Please enter database user (required)
> askbot

Please enter database password (required)
> password

输入Askbot数据库的详细信息,然后点击 进入。安装完成后,您将看到以下输出。

Copying files: 
* __init__.py 
* manage.py 
* urls.py 
* django.wsgi 
Creating settings file
settings file created

copying directories:  * doc
* cron
* upfiles

Done. Please find further instructions at http://askbot.org/doc/

然后使用以下命令生成Askbot Django静态文件和数据库:

python manage.py collectstaticpython manage.py syncdb

输入所需的管理员用户名,电子邮件和密码,如下所示。

You have installed Django's auth system, and don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'askbot'): askbotadmin
Email address: [email protected]
Password: 
Password (again): 
Superuser created successfully.

uWSGI安装和配置

接下来,您需要在系统上安装uWSGI。 uWSGI是用于运行基于Python的Web应用程序的软件工具。您可以使用以下命令进行安装。

pip2 install uwsgi

安装uWSGI之后,使用以下命令创建一个新的uWSGI目录:

mkdir -p /etc/uwsgi/sites

然后创建一个新的uWSGI配置文件,如下所示。

nano /etc/uwsgi/sites/askbot.ini

添加以下行。

[uwsgi]

chdir = /home/askbot/askbot/myapp
home = /home/askbot/askbot
static-map = /m=/home/askbot/askbot/myapp/static
wsgi-file = /home/askbot/askbot/myapp/django.wsgi
master = true
processes = 5
# Askbot will running under the sock file
socket = /run/uwsgi/askbot.sock
chmod-socket = 664
uid = askbot
gid = nginx
vacuum = true
# uWSGI Log file
ogto = /var/log/uwsgi.log

创建uWSGI Systemd服务文件

接下来,您需要创建一个systemd服务文件来管理uWSGI服务。您可以使用以下命令创建它。

nano /etc/systemd/system/uwsgi.service

添加以下行。

[Unit]
Description=uWSGI service

[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown askbot:nginx /run/uwsgi'
ExecStart=/bin/uwsgi --emperor /etc/uwsgi/sites
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all

[Install]
WantedBy=multi-user.target

完成后保存并关闭文件。然后使用以下命令重新加载systemd守护程序:

systemctl daemon-reload

安装和配置Nginx

接下来,您需要安装并配置Nginx来服务Askbot应用程序。

首先,使用以下命令安装Nginx Web服务器:

dnf install nginx -y

安装后,创建一个新的Askbot虚拟主机配置文件。

nano /etc/nginx/conf.d/askbot.conf

添加以下行。

server {
         listen 80;
         server_name askbot.linuxbuz.com;
         location / {
         include         uwsgi_params;
         uwsgi_pass	 unix:/run/uwsgi/askbot.sock;
    }
 }

保存并关闭文件。然后启动Nginx和uWSGI服务,并使用以下命令在系统重新引导后启动它们:

systemctl start nginxsystemctl enable nginxsystemctl start uwsgisystemctl enable uwsgi

让我们加密SSL安全Askbot

接下来,您需要在系统上安装Certbot实用程序,并下载并安装Ask’s Encrypt SSL for Askbot域。

您可以使用以下命令安装Certbot客户端。

wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-auto

然后,使用以下命令获取并安装Askbot域的SSL证书。

certbot-auto --nginx -d askbot.linuxbuz.com

上面的命令首先在服务器上安装所有必需的依赖项。安装完成后,系统将提示您输入电子邮件地址并接受使用条款,如下所示。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for askbot.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/askbot.conf

然后选择是否将HTTP流量重定向到HTTPS,如下所示。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

型式 2 并击中 进入 继续吧安装完成后,您将看到以下输出。

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/askbot.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://askbot.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=askbot.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置防火墙和SELinux

接下来,您需要创建防火墙规则以允许来自外部网络的HTTP和HTTPS服务。您可以使用以下命令允许它:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=httpsfirewall-cmd --reload

在CentOS 8中默认启用SELinux。我们建议禁用SELinux以便Askbot正常工作。您可以通过编辑/ etc / selinux / config文件来禁用它:

nano /etc/selinux/config

找到以下行:

SELINUX=enforcing

并将其替换为以下行:

SELINUX=disabled

保存并关闭文件。然后重新启动系统以应用更改。

访问Askbot

然后打开Web浏览器并输入URL https://askbot.linuxbuz.com。您将被重定向到下一个屏幕。

广告宣传

请点击 签收 按钮下一个屏幕将显示Askbot登录页面。

Askbot登录

输入Askbot管理员用户名和密码, 签收 按钮下一个屏幕显示Askbot仪表板。

在Askbot上提问

结论

恭喜你!我已经在CentOS 8上成功安装和配置了Askbot论坛,并使用“让我们加密SSL”对其进行了保护。现在,您可以在Askbot中开始提出问题和答案。

Sidebar