项目开发技术
一. MySQL主从配置
1. 配置文件说明
windows:C:\ProgramData\MySQL\MySQL Server 5.7\my.ini
centos:etc/my.cnf
2. 主机配置
[mysqld]
server-id=200 设置主服务器的ID
innodb_flush_log_at_trx_commit=2 操作系统崩溃或者系统断电的情况下,上一秒钟所有事务数据才可能丢失
sync_binlog=1 开启binlog日志同步功能
log-bin=mysql-bin-200 binlog日志文件名
binlog-do-db=xxxx # 这个表示只同步某个库 (如果没有此项,表示同步所有的库)
重启mysql:service mysqld restart
给从机创建用户授权:
CREATE USER 'xiaoluo'@'10.7.185.99' IDENTIFIED WITH mysql_native_password BY '123456';
grant replication slave on *.* to 'mark'@'192.168.1.201';
查看主机库的状态:show master status ;
3. 配置从机
[mysqld]
server-id=201
innodb_flush_log_at_trx_commit=2
sync_binlog=1
log-bin=mysql-bin-201
重启mysql:service mysqld restart
进入mysql命令行:
mysql> change master to master_host='192.168.1.200', master_user='mark', master_password='123456', master_log_file='mysql-bin-200.000002' ,master_log_pos=1167;
mysql> start slave; ##开启从库 (stop slave:关闭从库)
mysql> show slave status\G; ###Slave_IO_Running,Slave_SQL_Running 都为Yes的时候表示配置成功
4. django下实现读写分离
在项目下的urls.py文件同级目录下创建database_router.py文件
from django.conf import settings
import random
DATABASE_MAPPING = settings.DATABASE_APPS_MAPPING
class DatabaseAppsRouter(object):
def db_for_read(self, model, **hints):
""""Point all read operations to the specific database."""
print('*' * 20)
label = random.choice(list(DATABASE_MAPPING.keys()))
print(label)
return DATABASE_MAPPING[label]
def db_for_write(self, model, **hints):
"""Point all write operations to the specific database."""
if model._meta.app_label in DATABASE_MAPPING:
return DATABASE_MAPPING[model._meta.app_label]
return None
def allow_relation(self, obj1, obj2, **hints):
"""Allow any relation between apps that use the same database."""
db_obj1 = DATABASE_MAPPING.get(obj1._meta.app_label)
db_obj2 = DATABASE_MAPPING.get(obj2._meta.app_label)
if db_obj1 and db_obj2:
if db_obj1 == db_obj2:
return True
else:
return False
return None
# for Django 1.4 - Django 1.6
def allow_syncdb(self, db, model):
"""Make sure that apps only appear in the related database."""
if db in DATABASE_MAPPING.values():
return DATABASE_MAPPING.get(model._meta.app_label) == db
elif model._meta.app_label in DATABASE_MAPPING:
return False
return None
# Django 1.7 - Django 1.11
def allow_migrate(self, db, app_label, model_name=None, **hints):
print(db, app_label, model_name, hints)
if db in DATABASE_MAPPING.values():
return DATABASE_MAPPING.get(app_label) == db
elif app_label in DATABASE_MAPPING:
return False
return None
在settings.py文件中添加:
DATABASES = {
# 主库 (读写操作 R/W)
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'test',
'USER': 'root',
'PASSWORD': '1qaz2wsx',
"HOST": "10.7.185.71",
'PORT':'',
},
# 从库 (读操作 R)
'db2': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'test',
'USER': 'root',
'PASSWORD': '123456',
"HOST": "10.7.185.92",
'PORT':'',
},
}
DATABASE_ROUTERS = ['项目名称.database_router.DatabaseAppsRouter']
DATABASE_APPS_MAPPING = {
'hr_w': 'default',
'sales_w': 'default',
'hr_r': 'db2',
'sales_r': 'db2'
}
在应用的module.py文件中定义模型最后添加:
# 指定模型创建关联的数据库
class Meta:
app_label = 'sales_w'
db_table = 'game'
Django部署上线
1. 修改配置文件
检查程序:python manage.py check --deploy
调试相关:
DEBUG = False
ALLOWED_HOSTS = ['*']
安全相关:
# 保持HTTPS连接的时间
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# 自动重定向到安全连接
SECURE_SSL_REDIRECT = True
# 避免浏览器自作聪明推断内容类型
SECURE_CONTENT_TYPE_NOSNIFF = True
# 避免跨站脚本攻击
SECURE_BROWSER_XSS_FILTER = True
# COOKIE只能通过HTTPS进行传输
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
# 防止点击劫持攻击手段 - 修改HTTP协议响应头
# 当前网站是不允许使用<iframe>标签进行加载的
X_FRAME_OPTIONS = 'DENY'
敏感信息放在环境变量中:
SECRET_KEY = os.environ['SECRET_KEY']
DB_USER = os.environ['DB_USER']
DB_PASS = os.environ['DB_PASS']
REDIS_AUTH = os.environ['REDIS_AUTH']
2. 项目结构
project
├── code
│ └── fangtx
│ ├── api
│ ├── common
│ ├── fangtx
│ ├── forum
│ ├── rent
│ ├── user
│ ├── manage.py
│ ├── README.md
│ ├── static
│ └── templates
├── conf
│ ├── cert
│ │ ├── 214915882850706.key
│ │ └── 214915882850706.pem
│ ├── nginx.conf
│ └── uwsgi.ini
├── logs
│ ├── access.log
│ ├── error.log
│ └── uwsgi.log
├── stat
│ └── css
│ └── images
│ └── js
└── venv
code下存放项目源码
conf下存放nginx配置文件
cert下为https的认证证书
logs下面为日志文件
stat下为静态文件夹
venv下为虚拟环境
配置ssl:
编辑nginx.conf:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_session_cache shared:SSL:1m;
ssl_certificate cert/a.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key cert/b.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root /home/nginxHTML;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
在80端口书写
rewrite ^(.*)$ https://$host$1 permanent;可以将http的访问转发到https中去
在django的manager.py目录同级下创建uwsgi.ini文件
关闭uwsgi进程命令:pkill -f uwsgi -9
启动uwsgi进出命令:uwsgi --ini uwsgi.ini &
重启nginx:systemctl restart nginx