荒岛
DCRM – Darwin Cydia Repository Manager (Version 4),是一个可以自建的Cydia源管理程序。目前4是最新版,这个版本是用Python+Django重写的,老版是用PHP写的,说实话新版部署起来真的挺麻烦的。。。
先安装开发工具包:
yum -y groupinstall "Development Tools"
接着装EPEL源:
yum -y install epel-release
然后把需要装的依赖都装了,找这些包还是花了我一点时间的,因为官方文档上面是用的apt。。
yum -y install MySQL-python mysql-devel python-devel python-setuptools libjpeg-devel
用setuptools安装pip,然后用pip安装下面这些包:
easy_install pip pip install rq python-memcached Pillow exifread
现在安装程序需要用到的MySQL/Redis/Memcached:
yum -y install mariadb-server redis memcached
接着装Nginx,顺带把supervisor装一下,这个用于管理后续各种进程:
yum -y install nginx supervisor nano curl
启动Nginx和supervisor并设置开机自启:
systemctl start nginx systemctl enable nginx systemctl start supervisord systemctl enable supervisord
启动各种数据库并设置开机自启:
systemctl start redis systemctl enable redis systemctl start memcached systemctl enable memcached systemctl start mariadb systemctl enable mariadb
由于默认启用的memcached监听在外网,这样很不安全,所以编辑配置文件:
nano /etc/sysconfig/memcached
修改下面的部分,让memcached只监听在本地:
OPTIONS="-l 127.0.0.1"
重启:
systemctl restart memcached
现在初始化MySQL数据库:
mysql_secure_installation
按流程走即可:
Enter current password for root (enter for none):回车 Set root password? [Y/n] Y New password: 设置你的Mariadb数据库root密码 Re-enter new password: 重复输入一次密码 Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
完事之后重启:
systemctl restart mariadb
登录到MySQL内:
mysql -u root -p
创建数据库并授权:
CREATE DATABASE DCRM DEFAULT CHARSET UTF8; GRANT ALL PRIVILEGES ON DCRM.* TO 'root'@'localhost'; FLUSH PRIVILEGES; quit
程序需要用到的环境差不多就是这些了,现在拉取项目文件:
mkdir -p /opt/wwwroot && cd /opt/wwwroot git clone https://github.com/82Flex/DCRM.git cd DCRM
安装项目所需依赖:
pip install -r requirements.txt
复制一份配置文件重命名并编辑
cp DCRM/settings.default.py DCRM/settings.py nano DCRM/settings.py
需要改动的部分如下:
开启REDIS缓存等功能:
ENABLE_REDIS = True # redis-server, rq are required. ENABLE_CACHE = True # memcached, python-memcached are required. ENABLE_SCREENSHOT = True # libjpeg-dev, Pillow, exifread are required.
修改随机KEY,确保站点安全:
SECRET_KEY = 'imlala'
修改允许访问的域名:
ALLOWED_HOSTS = [
'apt.lala.im',
'127.0.0.1',
'localhost'
]
修改站点语言为中文
LANGUAGE_CODE = 'zh-Hans'
修改数据库连接信息
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'DCRM',
'USER': 'root', # mysql user name here
'PASSWORD': 'mysqlpassword', # mysql user password here
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': "SET sql_mode='STRICT_TRANS_TABLES'"
}
}
}
初始化静态文件以及导入数据库创建管理员用户:
./manage.py collectstatic ./manage.py migrate ./manage.py createsuperuser
创建uwsgi配置文件:
nano uwsgi.ini
写入
[uwsgi] chdir = /opt/wwwroot/DCRM module = DCRM.wsgi master = true processes = 4 socket = :8001 buffer-size = 32768 vaccum = true uid = root gid = root
关闭SELinux:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
新建Nginx站点配置文件:
nano /etc/nginx/conf.d/dcrm.conf
写入(以下所有有域名的部分全部替换为你自己的):
upstream django {
server 127.0.0.1:8001;
}
server {
listen 80;
listen 443 ssl http2;
server_name apt.lala.im;
root /opt/wwwroot/DCRM;
index index.html index.htm;
client_max_body_size 128g;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
ssl_certificate /etc/nginx/certs/apt.lala.im/fullchain.cer;
ssl_certificate_key /etc/nginx/certs/apt.lala.im/apt.lala.im.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location = / {
rewrite ^ /index/ last;
}
location / {
try_files $uri $uri/ @djangosite;
}
location ~^/static/(.*)$ {
alias /opt/wwwroot/DCRM/WEIPDCRM/static/$1; # make an alias for static files
}
location ~^/resources/(.*)$ {
alias /opt/wwwroot/DCRM/resources/$1; # make an alias for resources
}
location ~^/((CydiaIcon.png)|(Release(.gpg)?)|(Packages(.gz|.bz2)?))$ {
alias /opt/wwwroot/DCRM/resources/releases/1/$1; # make an alias for Cydia meta resources
}
location @djangosite {
uwsgi_pass django;
include /etc/nginx/uwsgi_params;
}
location ~* .(ico|gif|bmp|jpg|jpeg|png|swf|js|css|mp3|m4a|m4v|mp4|ogg|aac)$ {
expires 7d;
}
location ~* .(gz|bz2)$ {
expires 12h;
}
}
安装ACME.SH用于申请SSL证书
curl https://get.acme.sh | sh
申请证书
cd .acme.sh ./acme.sh --issue -d apt.lala.im --nginx
创建证书存放目录
mkdir -p /etc/nginx/certs/apt.lala.im
将申请的证书移动到这个目录并完成安装:
./acme.sh --install-cert -d apt.lala.im \ --key-file /etc/nginx/certs/apt.lala.im/apt.lala.im.key \ --fullchain-file /etc/nginx/certs/apt.lala.im/fullchain.cer \ --reloadcmd "systemctl force-reload nginx.service"
新建一个supervisor的配置文件:
nano /etc/supervisord.d/dcrm.ini
写入:
[supervisord] nodaemon=false [program:uwsgi] priority=1 directory=/opt/wwwroot/DCRM command=/usr/bin/uwsgi --ini uwsgi.ini [program:high] priority=2 directory=/opt/wwwroot/DCRM command=/usr/bin/python ./manage.py rqworker high [program:default] priority=3 directory=/opt/wwwroot/DCRM command=/usr/bin/python ./manage.py rqworker default
最后重启supervisor:
systemctl restart supervisord
如果没有意外的话,现在打开你的站点域名+/admin访问后台:
现在来尝试发布一个存储库和软件源,首先添加站点域名(也就是当前你的域名):
添加元数据:
按需填写,完成之后点保存:
在设置页面把之前添加的元数据设置为活跃状态:
接着添加你的软件包:
上传deb格式的软件包:
启用软件包:
最后构建活跃元数据:
详情这里随便填点注释信息即可:
注:每添加一个软件包后都需要重新构建一次。
正式环境请自己新建一个用户来跑,我是写文章偷懒直接用的root,正式环境你应该把uwsgi/nginx/等程序用非root权限,确保安全。。。
喔唷,需要富强才能访问你家了。。。。。好不爽!
域名被污染了,每次要看都要科学上网
兄弟我弄好了之后打开后台是这样的:
有些东西在你的网站上引发了网页的缺失。这是默认的404错误页。尼克斯与Fedora一起分发。它位于/usr/share/nginx/html/404.html
我没遇到过这个问题,这个DCRM好像更新过了,更新后有些东西有点问题,要自己改下,具体的我也不记得了。。