静看光阴荏苒
不管不顾不问不说也不念

CentOS7部署DCRM4(自建Cydia源)

DCRM – Darwin Cydia Repository Manager (Version 4),是一个可以自建的Cydia源管理程序。目前4是最新版,这个版本是用Python+Django重写的,老版是用PHP写的,说实话新版部署起来真的挺麻烦的。。。

先安装开发工具包:

yum -y groupinstall "Development Tools"

接着装EPEL源:

yum -y install epel-release

然后把需要装的依赖都装了,找这些包还是花了我一点时间的,因为官方文档上面是用的apt。。

yum -y install MySQL-python mysql-devel python-devel python-setuptools libjpeg-devel

用setuptools安装pip,然后用pip安装下面这些包:

easy_install pip
pip install rq python-memcached Pillow exifread

现在安装程序需要用到的MySQL/Redis/Memcached:

yum -y install mariadb-server redis memcached

接着装Nginx,顺带把supervisor装一下,这个用于管理后续各种进程:

yum -y install nginx supervisor nano curl

启动Nginx和supervisor并设置开机自启:

systemctl start nginx
systemctl enable nginx
systemctl start supervisord
systemctl enable supervisord

启动各种数据库并设置开机自启:

systemctl start redis
systemctl enable redis
systemctl start memcached
systemctl enable memcached
systemctl start mariadb
systemctl enable mariadb

由于默认启用的memcached监听在外网,这样很不安全,所以编辑配置文件:

nano /etc/sysconfig/memcached

修改下面的部分,让memcached只监听在本地:

OPTIONS="-l 127.0.0.1"

重启:

systemctl restart memcached

现在初始化MySQL数据库:

mysql_secure_installation

按流程走即可:

Enter current password for root (enter for none):回车
Set root password? [Y/n] Y
New password: 设置你的Mariadb数据库root密码
Re-enter new password: 重复输入一次密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

完事之后重启:

systemctl restart mariadb

登录到MySQL内:

mysql -u root -p

创建数据库并授权:

CREATE DATABASE DCRM DEFAULT CHARSET UTF8;
GRANT ALL PRIVILEGES ON DCRM.* TO 'root'@'localhost';
FLUSH PRIVILEGES;
quit

程序需要用到的环境差不多就是这些了,现在拉取项目文件:

mkdir -p /opt/wwwroot && cd /opt/wwwroot
git clone https://github.com/82Flex/DCRM.git
cd DCRM

安装项目所需依赖:

pip install -r requirements.txt

复制一份配置文件重命名并编辑

cp DCRM/settings.default.py DCRM/settings.py
nano DCRM/settings.py

需要改动的部分如下:

开启REDIS缓存等功能:

ENABLE_REDIS = True  # redis-server, rq are required.
ENABLE_CACHE = True  # memcached, python-memcached are required.
ENABLE_SCREENSHOT = True  # libjpeg-dev, Pillow, exifread are required.

修改随机KEY,确保站点安全:

SECRET_KEY = 'imlala'

修改允许访问的域名:

ALLOWED_HOSTS = [
    'apt.lala.im',
    '127.0.0.1',
    'localhost'
]

修改站点语言为中文

LANGUAGE_CODE = 'zh-Hans'

修改数据库连接信息

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'DCRM',
        'USER': 'root',  # mysql user name here
        'PASSWORD': 'mysqlpassword',  # mysql user password here
        'HOST': '127.0.0.1',
        'PORT': '3306',
        'OPTIONS': {
            'init_command': "SET sql_mode='STRICT_TRANS_TABLES'"
        }
    }
}

初始化静态文件以及导入数据库创建管理员用户:

./manage.py collectstatic
./manage.py migrate
./manage.py createsuperuser

创建uwsgi配置文件:

nano uwsgi.ini

写入

[uwsgi]

chdir = /opt/wwwroot/DCRM
module = DCRM.wsgi

master = true
processes = 4
socket = :8001
buffer-size = 32768
vaccum = true
uid = root
gid = root

关闭SELinux:

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

新建Nginx站点配置文件:

nano /etc/nginx/conf.d/dcrm.conf

写入(以下所有有域名的部分全部替换为你自己的):

upstream django {
    server 127.0.0.1:8001;
}

server {
    listen       80;
    listen       443 ssl http2;
    server_name  apt.lala.im;
    root /opt/wwwroot/DCRM;
    index index.html index.htm;
    client_max_body_size 128g;
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

    ssl_certificate    /etc/nginx/certs/apt.lala.im/fullchain.cer;
    ssl_certificate_key    /etc/nginx/certs/apt.lala.im/apt.lala.im.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    location = / {
        rewrite ^ /index/ last;
    }
    
    location / {
        try_files $uri $uri/ @djangosite;
    }	
    
    location ~^/static/(.*)$ {
        alias /opt/wwwroot/DCRM/WEIPDCRM/static/$1;  # make an alias for static files
    }

    location ~^/resources/(.*)$ {
        alias /opt/wwwroot/DCRM/resources/$1;  # make an alias for resources
    }
    
    location ~^/((CydiaIcon.png)|(Release(.gpg)?)|(Packages(.gz|.bz2)?))$ {
        alias /opt/wwwroot/DCRM/resources/releases/1/$1;  # make an alias for Cydia meta resources
    }
    
    location @djangosite {
        uwsgi_pass django;
        include /etc/nginx/uwsgi_params;
    }
    
    location ~* .(ico|gif|bmp|jpg|jpeg|png|swf|js|css|mp3|m4a|m4v|mp4|ogg|aac)$ {
        expires 7d;
    }
    
    location ~* .(gz|bz2)$ {
        expires 12h;
    }
}

安装ACME.SH用于申请SSL证书

curl https://get.acme.sh | sh

申请证书

cd .acme.sh
./acme.sh --issue -d apt.lala.im --nginx

创建证书存放目录

mkdir -p /etc/nginx/certs/apt.lala.im

将申请的证书移动到这个目录并完成安装:

./acme.sh --install-cert -d apt.lala.im \
--key-file /etc/nginx/certs/apt.lala.im/apt.lala.im.key \
--fullchain-file /etc/nginx/certs/apt.lala.im/fullchain.cer \
--reloadcmd "systemctl force-reload nginx.service"

新建一个supervisor的配置文件:

nano /etc/supervisord.d/dcrm.ini

写入:

[supervisord]
nodaemon=false

[program:uwsgi]
priority=1
directory=/opt/wwwroot/DCRM
command=/usr/bin/uwsgi --ini uwsgi.ini

[program:high]
priority=2
directory=/opt/wwwroot/DCRM
command=/usr/bin/python ./manage.py rqworker high

[program:default]
priority=3
directory=/opt/wwwroot/DCRM
command=/usr/bin/python ./manage.py rqworker default

最后重启supervisor:

systemctl restart supervisord

如果没有意外的话,现在打开你的站点域名+/admin访问后台:

现在来尝试发布一个存储库和软件源,首先添加站点域名(也就是当前你的域名):

添加元数据:

按需填写,完成之后点保存:

在设置页面把之前添加的元数据设置为活跃状态:

接着添加你的软件包:

上传deb格式的软件包:

启用软件包:

最后构建活跃元数据:

详情这里随便填点注释信息即可:

注:每添加一个软件包后都需要重新构建一次。

正式环境请自己新建一个用户来跑,我是写文章偷懒直接用的root,正式环境你应该把uwsgi/nginx/等程序用非root权限,确保安全。。。

赞(5)
未经允许不得转载:荒岛 » CentOS7部署DCRM4(自建Cydia源)
分享到: 更多 (0)

评论 5

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    喔唷,需要富强才能访问你家了。。。。。好不爽! :grin:

    Panda6年前 (2019-02-28) Google Chrome 63.0.3239.132 Google Chrome 63.0.3239.132 Windows 10 x64 Edition Windows 10 x64 Edition回复
    • 域名被污染了,每次要看都要科学上网 :cry:

      Liuker6年前 (2019-03-02) Google Chrome 72.0.3626.119 Google Chrome 72.0.3626.119 Windows 10 x64 Edition Windows 10 x64 Edition回复
  2. #2

    兄弟我弄好了之后打开后台是这样的:

    有些东西在你的网站上引发了网页的缺失。这是默认的404错误页。尼克斯与Fedora一起分发。它位于/usr/share/nginx/html/404.html

    5年前 (2019-10-31) Chrome 77.0.3865.103 Chrome 77.0.3865.103 iPhone iOS 12.4 iPhone iOS 12.4回复
    • 我没遇到过这个问题,这个DCRM好像更新过了,更新后有些东西有点问题,要自己改下,具体的我也不记得了。。

      LALA5年前 (2019-11-01) Google Chrome 74.0.3729.169 Google Chrome 74.0.3729.169 Windows 10 x64 Edition Windows 10 x64 Edition回复

分享创造快乐

广告合作资源投稿