Flask Traditional Deployments: Zero to One <Hello NGINX>

The following article will introduce how to install a front-end reverse proxy web server.

Background

  • This series is a supplyment for Tradition Deploments in Chapter 17. Deployment in Flask Web Development, 2nd Edition written by Miguel Grinberg.

0. Install nginx

1
2
3
$ sudo apt-get update
$ sudo apt-get install nginx
$ systemctl status nginx # check if active

After installation, nginx should work by default. You can type your public_ip as url (port: 80/8080). You can see something like:

1. Research nginx

In /etc/nginx/nginx.conf :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}


#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

This is the default nginx config. Do not change it, or it might return to default during next upgrade or else. But it includes two folders that we are going to look into: include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; .

Under /etc/nginx/conf.d/*.conf , there is nothing inside, but it is supposed to get some other default config here to expand /etc/nginx/nginx.conf . So we are not doing anything to it.

Under /etc/nginx/sites-enabled/ , there is one linked file inside, which is actually the default page we see a few minutes ago. So where is it linking to?

The answer is under /etc/nginx/sites-available/ .

In /etc/nginx/sites-available/default :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;

# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

2. Make Your Own nginx

1
2
3
4
5
$ sudo rm /etc/nginx/sites-enabled/default  # remove the symbolic link
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/nginx_df
$ sudo chmod 777 /etc/nginx/sites-available/nginx_df
$ sudo ln -s /etc/nginx/sites-available/nginx_df /etc/nginx/sites-enabled/nginx_df
$ vi /etc/nginx/sites-available/nginx_df

In nginx_df :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
upstream uwsgicluster {
server unix:///home/ubuntu/flask/v1siuol-site/logs/uwsgi.sock;
}


server {
listen 80;
server_name 52.14.226.72;
charset utf-8;

location / {
include uwsgi_params;
uwsgi_pass uwsgicluster;
}

location /files {
alias /home/ubuntu/flask/v1siuol-site/files;
}

location ~ /.well-known {
root /home/ubuntu/flask/v1siuol-site/veri;
}
}

Remember to change your server_name above. It would be either ip or domain name.

1
sudo nginx -s reload

Now type your public ip in Chrome. Have fun :)

Thank you.

Reference:

  • https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html