Update your local package index and then install the packages with:
sudo apt-get update
sudo apt-get install python-pip python-dev nginx uwsgi uwsgi-plugin-pythonCreate a uWSGI configuration file
sudo nano /etc/uwsgi/vassals/myproject.iniwith the below content
[uwsgi]
chdir = <folder to your flask application file>
plugins = python
socket = 127.0.0.1:4242
module = <your flask application name>
callable = app
process = 3
logger = file:/myproject/uwsgi.log
Creating an Upstart script will allow the init system to automatically start uWSGI and serve our Flask application whenever the server boots.
Create a systemd service file:
sudo nano /etc/systemd/system/emperor.uwsgi.servicewith the below content
[Unit]
Description=uWSGI Emperor
After=syslog.target
[Service]
ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/emperor.ini
# Requires systemd version 211 or newer
RuntimeDirectory=uwsgi
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.target
Create an Emperor configuration file:
sudo nano /etc/uwsgi/emperor.iniwith the below content
[uwsgi]
emperor = /etc/uwsgi/vassals
Then you can start the service with:
systemctl start emperor.uwsgi.serviceand check its status:
systemctl status emperor.uwsgi.serviceYou can stop the service with
systemctl stop emperor.uwsgi.serviceCreate a new server block configuration in Nginx's sites-available directory:
sudo nano /etc/nginx/sites-available/myprojectwith the below content
server {
listen 80;
server_name <your domain name>;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
ssl on;
ssl_certificate <path to your certificate file>;
ssl_certificate_key <path to your certificate key file>;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /etc/ssl/dhparams.pem;
server_name <your domain name>;
charset utf-8;
location / {
uwsgi_pass 127.0.0.1:4242;
include uwsgi_params;
}
}
To enable the Nginx server block configuration we've just created, link the file to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabledWith the file in that directory, we can test for syntax errors by typing:
sudo nginx -tIf this returns without indicating any issues, we can restart the Nginx process to read the our new config:
sudo service nginx restartNote: For Nginx it is required to have all the certificates (one for your domain name and CA ones) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates. If you have downloaded a complete CABundle file for your certificate, use the following command to combine all the certificates into a single file:
cat *yourdomainname*.crt *yourdomainname*.ca-bundle >> cert_chain.crtTip: You can get a free SSL certificates from Let's Encrypt.
Sometimes, after restart your RaspberryPi, you will get 502 Bad Gateway error from nginx server.
One possible reason of this error is the uWSGI service is not correctly started.
Try to run systemctl start emperor.uwsgi.service again to start uWSGI service can fix this issue.
© 2018 SanMuHe
This repository is licensed under the MIT license. See LICENSE for details.