2016 年暑假從 CADLAB 汰換下來的舊電腦, CPU 型號為 Intel E5200, 因為並不支援 Intel 虛擬化技術, 因此建議直接安裝 Ubuntu 16.04.1 + ubuntu-desktop, 當作實體的 Server 使用.
安裝 LTS Server 與 ubuntu-desktop
處理的步驟為:
- 移除 PCI 插槽上的還原卡與主機版上的電池, 以便清除 BIOS 上原有的保護設定.
- 裝回電池後, 將記憶體從原先的 4GB 增為 8GB, 硬碟從原先 500 GB, 加掛至兩個 500 GB (RAM 與硬碟可以從其他舊電腦取用, 每兩台舊電腦拼成一台伺服器使用).
- 啟動時按下 del 鍵, 進入 BIOS 設定, 移除機殼開啟警示設定, 並確定斷電回復後電腦會主動開機.
- 利用其他電腦下載 Ubuntu 16.04.1 Server 程式, 燒錄成啟動光碟.
- 安裝過程無需上網, 安裝完成後依照參考說明、IPV6 網址分配與網路導引設定 IPv6 網路, 並且安裝 ubuntu-desktop 套件.
/etc/network/interfaces 參考設定:
1 2 3 4 5 6 7 8 9 10 | auto lo iface lo inet loopback auto eth0 iface eth0 inet6 static address 2001 : 288 : 6004 : 17 ::XX netmask 64 gateway 2001 : 288 : 6004 : 17 :: 254 dns - nameservers 2001 : 288 : 6004 : 1 :: 2 2001 :b000: 168 :: 1 |
安裝 squid 代理主機伺服程式
查驗電腦的記憶體, 確定至少有 8GB.
grep MemTotal /proc/meminfo to check Ram size
接著安裝設定 squid:
sudo apt install squid
sudo gedit /etc/squid/squid.conf
sudo service squid restart
squid.conf 參考設定:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | acl cad_lab src 140.130 . 17.0 / 24 acl cad_lab src 2001 : 288 : 6004 : 17 :: / 64 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 88 #acl Safe_ports port 21 # ftp acl SSL_ports port 8443 acl Safe_ports port 8443 acl SSL_ports port 9443 acl Safe_ports port 9443 acl SSL_ports port 22 acl Safe_ports port 22 acl Safe_ports port 443 # https acl Safe_ports port 1025 - 65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports http_access allow cad_lab http_access deny all # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager #http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 #cache_dir ufs /var/spool/squid 100 16 256 icp_port 3130 icp_access allow all cache_dir ufs / var / spool / squid 2000 16 256 cache_peer 140.130 . 17.2 sibling 3128 3130 # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20 % 10080 refresh_pattern ^gopher: 1440 0 % 1440 refresh_pattern - i ( / cgi - bin / |\?) 0 0 % 0 refresh_pattern (Release|Packages(.gz) * )$ 0 20 % 2880 refresh_pattern . 0 20 % 4320 |
配置 nginx 與 uwsgi 伺服環境
接下來就可以安裝並配置 Python3 的網際程式伺服環境.
sudo apt install python3-pip
sudo pip3 install Flask
sudo apt install build-essential python3-dev
sudo pip3 install uwsgi
sudo apt install nginx uwsgi-plugin-python3
/etc/nginx/sites-availables/default 設定檔:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | server { listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; #listen [::]:443 ssl ipv6only=on; location / static { alias / home / cadlab / cmsimfly / static / ; } location / { include uwsgi_params; uwsgi_pass 127.0 . 0.1 : 8080 ; } server_name localhost; #ssl on; ssl_certificate / etc / nginx / ssl / nginx.crt; ssl_certificate_key / etc / nginx / ssl / nginx.key; ssl_session_timeout 5m ; ssl_protocols SSLv3 TLSv1 TLSv1. 1 TLSv1. 2 ; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES" ; ssl_prefer_server_ciphers on; try_files $uri $uri / = 404 ; } server { listen 88 default_server; #listen [::]:88 default_server ipv6only=on; listen 8443 ssl; #listen [::]:8443 ssl ipv6only=on; location / static { alias / home / cadlab / cmsimfly2 / static / ; } location / { include uwsgi_params; uwsgi_pass 127.0 . 0.1 : 8081 ; } server_name localhost; #ssl on; ssl_certificate / etc / nginx / ssl / nginx.crt; ssl_certificate_key / etc / nginx / ssl / nginx.key; ssl_session_timeout 5m ; ssl_protocols SSLv3 TLSv1 TLSv1. 1 TLSv1. 2 ; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES" ; ssl_prefer_server_ciphers on; try_files $uri $uri / = 404 ; } |
利用 /etc/rc.local 開機時啟動所有 uwsgi 程式:
exec uwsgi_python35 --uid cadlab --gid cadlab --emperor /home/cadlab/uwsgi_ini
/home/cadlab/uwsgi_ini/uwsgi.ini 設定檔案內容:
1 2 3 4 5 6 7 8 | [uwsgi] socket = 127.0 . 0.1 : 8080 plugins - dir = / usr / lib / uwsgi / plugins / plugin = python3 processes = 4 threads = 2 chdir = / home / cadlab / cmsimfly wsgi - file = / home / cadlab / cmsimfly / wsgi.py |
/home/cadlab/uwsgi_ini/uwsgi2.ini 設定檔案內容:
1 2 3 4 5 6 7 8 | [uwsgi] socket = 127.0 . 0.1 : 8081 plugins - dir = / usr / lib / uwsgi / plugins / plugin = python3 processes = 4 threads = 2 chdir = / home / cadlab / cmsimfly2 wsgi - file = / home / cadlab / cmsimfly2 / wsgi.py |
Comments