如何在Nginx上安裝Askbot並在CentOS 8上使用Let’s Encrypt保護它的安全

如何在Nginx上安裝Askbot並在CentOS 8上使用Let’s Encrypt保護它的安全

Askbot是一個免費的,開源的,高度可定製的問答論壇軟件,用Python和Django編寫。它簡單輕巧,很像其他論壇軟件StackOverflow和Yahoo Answers。 Askbot提供許多功能,例如標籤和類別,電子郵件通知,基於業力的系統,投票,內容管理等。

本教程展示了如何使用“讓我們加密SSL”在CentOS 8上安裝Askbot論壇軟件。

前提條件

  • 運行CentOS的服務器8。
  • 服務器設置了root密碼。

安裝所需的依賴項

在開始之前,您需要在系統上安裝必需的依賴項。

首先,使用以下命令安裝“開發工具”:

dnf group install 'Development Tools'

然後使用以下命令安裝EPEL存儲庫和其他Python依賴項:

dnf install epel-release -ydnf install python2-pip python2-devel python2-six -y

一旦安裝了所有必需的軟件包,就可以繼續下一步。

安裝和配置PostgreSQL

Askbot使用PostgreSQL來存儲數據。因此,必須將其安裝在系統上。您可以使用以下命令進行安裝。

dnf install postgresql-server postgresql-devel postgresql-contrib -y

安裝後,使用以下命令初始化數據庫:

postgresql-setup initdb

顯示以下輸出。

WARNING: using obsoleted argument syntax, try --help
WARNING: arguments transformed to: postgresql-setup --initdb --unit postgresql
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

然後啟動PostgreSQL服務,以便在重新引導系統後可以使用以下命令啟動它:

systemctl start postgresqlsystemctl enable postgresql

然後使用以下命令登錄到PostgreSQL shell:

su - postgres[[email protected] ~]$ psql

輸出:

psql (10.6)
Type "help" for help.
postgres=# 

然後使用以下命令創建Askbot數據庫和用戶:

postgres=# create database askbot;postgres=# create user askbot with password 'password';

然後使用以下命令將所有權限授予askbot:

postgres=# grant all privileges on database askbot to askbot;

最後,使用以下命令退出PostgreSQL Shell。

postgres=# q

接下來,您需要為PostgreSQL配置本地用戶身份驗證。您可以通過編輯pg_hba.conf文件來實現。

nano /var/lib/pgsql/data/pg_hba.conf

在下一行中,將對等方替換為md5。

local   all             all                                    md5  
host    all             all             127.0.0.1/32           md5  
host    all             all             ::1/128                md5  

完成後,保存文件並關閉它。然後重新啟動PostgreSQL服務以應用更改。

systemctl restart postgresql

Askbot安裝和配置

在安裝Askbot之前,您需要創建Askbot用戶。您可以使用以下命令創建新的Askbot用戶並設置密碼。

useradd -m -s /bin/bash askbotpasswd askbot

然後將Askbot用戶添加到wheel組以進行sudo命令訪問。

usermod -a -G wheel askbot

然後使用以下命令安裝python virtualenv軟件包。

pip2 install virtualenv six

安裝完成後,使用以下命令將用戶更改為Askbot並創建一個新的Askbot虛擬環境:

su - askbotvirtualenv askbot

顯示以下輸出。

created virtual environment CPython2.7.16.final.0-64 in 663ms
  creator CPython2Posix(dest=/home/askbot/askbot, clear=False, global=False)
  seeder FromAppData(download=False, pip=latest, setuptools=latest, wheel=latest, via=copy, app_data_dir=/tmp/tmp9YFr7B/seed-app-data/v1)
  activators PythonActivator,CShellActivator,FishActivator,PowerShellActivator,BashActivator

然後將目錄更改為askbot並使用以下命令激活虛擬環境:

cd askbotsource bin/activate

產出:廣告

(askbot) [[email protected] askbot]$

然後,使用以下命令安裝Askbot和任何其他必需的依賴項。

pip2 install six==1.10.0pip2 install askbot psycopg2

接下來,為您的應用程序創建一個新目錄,將目錄更改為您的應用程序,並使用以下命令設置Askbot:

mkdir myappcd myappaskbot-setup

顯示以下輸出。

Deploying Askbot - Django Q&A forum application
Problems installing? -> please email [email protected]

To CANCEL - hit Ctr-C at any time

Enter directory path (absolute or relative) to deploy
askbot. To choose current directory - enter "."
> .

鍵入“。”並點擊 進入 繼續吧顯示以下輸出。

Please select database engine:
1 - for postgresql, 2 - for sqlite, 3 - for mysql, 4 - oracle
type 1/2/3/4: 1

輸入1選擇postgresql數據庫引擎,然後按Enter繼續。顯示以下輸出。

Please enter database name (required)
> askbot

Please enter database user (required)
> askbot

Please enter database password (required)
> password

輸入Askbot數據庫的詳細信息,然後點擊 進入。安裝完成後,您將看到以下輸出。

Copying files: 
* __init__.py 
* manage.py 
* urls.py 
* django.wsgi 
Creating settings file
settings file created

copying directories:  * doc
* cron
* upfiles

Done. Please find further instructions at http://askbot.org/doc/

然後使用以下命令生成Askbot Django靜態文件和數據庫:

python manage.py collectstaticpython manage.py syncdb

輸入所需的管理員用戶名,電子郵件和密碼,如下所示。

You have installed Django's auth system, and don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'askbot'): askbotadmin
Email address: [email protected]
Password: 
Password (again): 
Superuser created successfully.

uWSGI安裝和配置

接下來,您需要在系統上安裝uWSGI。 uWSGI是用於運行基於Python的Web應用程序的軟件工具。您可以使用以下命令進行安裝。

pip2 install uwsgi

安裝uWSGI之後,使用以下命令創建一個新的uWSGI目錄:

mkdir -p /etc/uwsgi/sites

然後創建一個新的uWSGI配置文件,如下所示。

nano /etc/uwsgi/sites/askbot.ini

添加以下行。

[uwsgi]

chdir = /home/askbot/askbot/myapp
home = /home/askbot/askbot
static-map = /m=/home/askbot/askbot/myapp/static
wsgi-file = /home/askbot/askbot/myapp/django.wsgi
master = true
processes = 5
# Askbot will running under the sock file
socket = /run/uwsgi/askbot.sock
chmod-socket = 664
uid = askbot
gid = nginx
vacuum = true
# uWSGI Log file
ogto = /var/log/uwsgi.log

創建uWSGI Systemd服務文件

接下來,您需要創建一個systemd服務文件來管理uWSGI服務。您可以使用以下命令創建它。

nano /etc/systemd/system/uwsgi.service

添加以下行。

[Unit]
Description=uWSGI service

[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown askbot:nginx /run/uwsgi'
ExecStart=/bin/uwsgi --emperor /etc/uwsgi/sites
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all

[Install]
WantedBy=multi-user.target

完成後保存並關閉文件。然後使用以下命令重新加載systemd守護程序:

systemctl daemon-reload

安裝和配置Nginx

接下來,您需要安裝並配置Nginx來服務Askbot應用程序。

首先,使用以下命令安裝Nginx Web服務器:

dnf install nginx -y

安裝後,創建一個新的Askbot虛擬主機配置文件。

nano /etc/nginx/conf.d/askbot.conf

添加以下行。

server {
         listen 80;
         server_name askbot.linuxbuz.com;
         location / {
         include         uwsgi_params;
         uwsgi_pass	 unix:/run/uwsgi/askbot.sock;
    }
 }

保存並關閉文件。然後啟動Nginx和uWSGI服務,並使用以下命令在系統重新引導後啟動它們:

systemctl start nginxsystemctl enable nginxsystemctl start uwsgisystemctl enable uwsgi

讓我們加密SSL安全Askbot

接下來,您需要在系統上安裝Certbot實用程序,並下載並安裝Ask’s Encrypt SSL for Askbot域。

您可以使用以下命令安裝Certbot客戶端。

wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-auto

然後,使用以下命令獲取並安裝Askbot域的SSL證書。

certbot-auto --nginx -d askbot.linuxbuz.com

上面的命令首先在服務器上安裝所有必需的依賴項。安裝完成後,系統將提示您輸入電子郵件地址並接受使用條款,如下所示。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for askbot.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/askbot.conf

然後選擇是否將HTTP流量重定向到HTTPS,如下所示。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

型式 2 並擊中 進入 繼續吧安裝完成後,您將看到以下輸出。

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/askbot.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://askbot.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=askbot.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置防火牆和SELinux

接下來,您需要創建防火牆規則以允許來自外部網絡的HTTP和HTTPS服務。您可以使用以下命令允許它:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=httpsfirewall-cmd --reload

在CentOS 8中默認啟用SELinux。我們建議禁用SELinux以便Askbot正常工作。您可以通過編輯/ etc / selinux / config文件來禁用它:

nano /etc/selinux/config

找到以下行:

SELINUX=enforcing

並將其替換為以下行:

SELINUX=disabled

保存並關閉文件。然後重新啟動系統以應用更改。

訪問Askbot

然後打開Web瀏覽器並輸入URL https://askbot.linuxbuz.com。您將被重定向到下一個屏幕。

廣告宣傳

請點擊 簽收 按鈕下一個屏幕將顯示Askbot登錄頁面。

Askbot登錄

輸入Askbot管理員用戶名和密碼, 簽收 按鈕下一個屏幕顯示Askbot儀錶板。

在Askbot上提問

結論

恭喜你!我已經在CentOS 8上成功安裝和配置了Askbot論壇,並使用“讓我們加密SSL”對其進行了保護。現在,您可以在Askbot中開始提出問題和答案。

Sidebar