1. pfx 파일을 crt 및 rsa로 변환 - convert pfx file to crt and rsa.

 $ openssl pkcs12 -in ssl.mysite.com.pfx  -clcerts -nokeys -out ssl.mysite.com.crt
 $ openssl pkcs12 -in ssl.mysite.com.pfx -nocerts -nodes -out ssl.mysite.com.rsa


2. crt rsa파일 복사 - copy crt and rsa file to NGINX_HOME/conf/ssl/

C:\Users\fehead> dir /w C:\nginx\conf\ssl

C:\nginx\conf\ssl
[.]                 [..]                ssl.mysite.com.crt   ssl.mysite.com.rsa
C:\Users\fehead>




3. nginx config 파일 설정 - set nginx config file.

######################################################################################################################################################
### nginx config.

# tomcat

upstream    tomcat {
    server    127.0.0.1:8080    fail_timeout=0;
}

# ssl.mysite.com https setting
server {
        server_name ssl.mysite.com;

        location / {
                proxy_redirect off;
                proxy_pass_header Server;

                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_pass http://tomcat;
                charset utf-8;
        }

    listen [::]:443 ssl;
    listen 443 ssl;
    ssl on;
    ssl_certificate    ssl/ssl.mysite.com.crt;
    ssl_certificate_key    ssl/ssl.mysite.com.rsa;

}


# ssl.mysite.com SSL redirect
server {
    listen 80;
    listen [::]:80;

    server_name ssl.mysite.com;   

    return 301 https://$host$request_uri;   
}


# Etc Site
server {
    listen 80;
    listen [::]:80;

    server_name etc.mysite.com;   
    ...

}



4. test nginx config

C:\nginx>nginx.exe -t
nginx: the configuration file C:\nginx/conf/nginx.conf syntax is ok
nginx: configuration file C:\nginx/conf/nginx.conf test is successful

C:\nginx>


5. restart nginx


C:\nginx>nginx.exe -s reload


가상환경 설정

$ cd /my/working/dir

$ virtualenv -p python3 env35

$ cd env35

$ mkdir run

$ source bin/activate

$ pip install django gunicorn

$ django-admin startproject testproject

$ cd testproject

$ django-admin startapp testapp


디렉토리 구조

/my/working/dir


`-- env35
    |-- bin
    |  
    |-- include
    |   `-- python3.5m -> /usr/include/python3.5m
    |-- lib
    |   `-- python3.5
    |-- testproject
    |   |-- media
    |   |-- testproject
    |   |-- static
    |   |-- templates
    |   `-- testapp
    `-- run



gunicorn systemd 등록

$ sudo mkdir /run/gunicorn

$ sudo chown youurUserName.yourGroup /run/gunicorn

# sudo vi /etc/systemd/system/gunicorn.service

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
PIDFile=/run/gunicorn/pid
User=youurUserName
Group=yourGroup
WorkingDirectory=/my/working/dir/env35/testproject
ExecStart=/my/working/dir/env35/bin/gunicorn \
        --pid /run/gunicorn/pid \
        --workers 2 \
        --bind unix:/run/gunicorn/gunicorn.sock \
        testproject.wsgi:application

ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target


gunicorn 서비스 시작

$ sudo systemctrl enable gunicorn.service

$ sudo systemctl start gunicorn.service



# 가상환경 설정

$ virtualenv -p python3 env35

$ cd envDjango

$ mkdir run

$ source bin/activate

$ pip install django gunicorn

$ django-admin startproject testproject

$ cd testproject

$ django 작업

$ cat << EOF > gunicorn_cfg.py
daemon=True
bind='unix:/your/dir/env35/run/gunicorn.sock'
workers=3
EOF

$ gunicorn -c gunicorn_cfg.py testproject.wsgi:application

$ sudo -i

# apt install nginx

# cd /etc/nginx/sites-available/

# cat << EOF > testproject_conf
server {
        listen 80;
        server_name    ${YOUR_SERVER_NAME};
        root        /usr/share/nginx/html;

        location = /favicon.ico { access_log off; log_not_found off; }

        location /static {
                root    root ${YOUR_PROJECT_DIR};
        }

        location / {
                include proxy_params;
                proxy_pass http://unix:/your/dir/env35/run/gunicorn.sock;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
}
EOF

# cd ../sites-enabled/

# ln -s ../sites-available/testproject_conf

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# nginx -s reload



아래에 링크에 자세한 설명

http://dveamer.github.io/backend/PythonWAS.html

+ Recent posts