DCRM – Darwin Cydia Repository Manager (Version 4),是一个可以自建的Cydia源管理程序。目前4是最新版,这个版本是用Python+Django重写的,老版是用PHP写的,说实话新版部署起来真的挺麻烦的。。。
先安装开发工具包:
yum -y groupinstall "Development Tools"
接着装EPEL源:
yum -y install epel-release
然后把需要装的依赖都装了,找这些包还是花了我一点时间的,因为官方文档上面是用的apt。。
yum -y install MySQL-python mysql-devel python-devel python-setuptools libjpeg-devel
用setuptools安装pip,然后用pip安装下面这些包:
easy_install pip pip install rq python-memcached Pillow exifread
现在安装程序需要用到的MySQL/Redis/Memcached:
yum -y install mariadb-server redis memcached
接着装Nginx,顺带把supervisor装一下,这个用于管理后续各种进程:
yum -y install nginx supervisor nano curl
启动Nginx和supervisor并设置开机自启:
systemctl start nginx systemctl enable nginx systemctl start supervisord systemctl enable supervisord
启动各种数据库并设置开机自启:
systemctl start redis systemctl enable redis systemctl start memcached systemctl enable memcached systemctl start mariadb systemctl enable mariadb
由于默认启用的memcached监听在外网,这样很不安全,所以编辑配置文件:
nano /etc/sysconfig/memcached
修改下面的部分,让memcached只监听在本地:
OPTIONS="-l 127.0.0.1"
重启:
systemctl restart memcached
现在初始化MySQL数据库:
mysql_secure_installation
按流程走即可:
Enter current password for root (enter for none):回车 Set root password? [Y/n] Y New password: 设置你的Mariadb数据库root密码 Re-enter new password: 重复输入一次密码 Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
完事之后重启:
systemctl restart mariadb
登录到MySQL内:
mysql -u root -p
创建数据库并授权:
CREATE DATABASE DCRM DEFAULT CHARSET UTF8; GRANT ALL PRIVILEGES ON DCRM.* TO 'root'@'localhost'; FLUSH PRIVILEGES; quit
程序需要用到的环境差不多就是这些了,现在拉取项目文件:
mkdir -p /opt/wwwroot && cd /opt/wwwroot git clone https://github.com/82Flex/DCRM.git cd DCRM
安装项目所需依赖:
pip install -r requirements.txt
复制一份配置文件重命名并编辑
cp DCRM/settings.default.py DCRM/settings.py nano DCRM/settings.py
需要改动的部分如下:
开启REDIS缓存等功能:
ENABLE_REDIS = True # redis-server, rq are required. ENABLE_CACHE = True # memcached, python-memcached are required. ENABLE_SCREENSHOT = True # libjpeg-dev, Pillow, exifread are required.
修改随机KEY,确保站点安全:
SECRET_KEY = 'imlala'
修改允许访问的域名:
ALLOWED_HOSTS = [ 'apt.lala.im', '127.0.0.1', 'localhost' ]
修改站点语言为中文
LANGUAGE_CODE = 'zh-Hans'
修改数据库连接信息
DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'DCRM', 'USER': 'root', # mysql user name here 'PASSWORD': 'mysqlpassword', # mysql user password here 'HOST': '127.0.0.1', 'PORT': '3306', 'OPTIONS': { 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'" } } }
初始化静态文件以及导入数据库创建管理员用户:
./manage.py collectstatic ./manage.py migrate ./manage.py createsuperuser
创建uwsgi配置文件:
nano uwsgi.ini
写入
[uwsgi] chdir = /opt/wwwroot/DCRM module = DCRM.wsgi master = true processes = 4 socket = :8001 buffer-size = 32768 vaccum = true uid = root gid = root
关闭SELinux:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
新建Nginx站点配置文件:
nano /etc/nginx/conf.d/dcrm.conf
写入(以下所有有域名的部分全部替换为你自己的):
upstream django { server 127.0.0.1:8001; } server { listen 80; listen 443 ssl http2; server_name apt.lala.im; root /opt/wwwroot/DCRM; index index.html index.htm; client_max_body_size 128g; if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } ssl_certificate /etc/nginx/certs/apt.lala.im/fullchain.cer; ssl_certificate_key /etc/nginx/certs/apt.lala.im/apt.lala.im.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; location = / { rewrite ^ /index/ last; } location / { try_files $uri $uri/ @djangosite; } location ~^/static/(.*)$ { alias /opt/wwwroot/DCRM/WEIPDCRM/static/$1; # make an alias for static files } location ~^/resources/(.*)$ { alias /opt/wwwroot/DCRM/resources/$1; # make an alias for resources } location ~^/((CydiaIcon.png)|(Release(.gpg)?)|(Packages(.gz|.bz2)?))$ { alias /opt/wwwroot/DCRM/resources/releases/1/$1; # make an alias for Cydia meta resources } location @djangosite { uwsgi_pass django; include /etc/nginx/uwsgi_params; } location ~* .(ico|gif|bmp|jpg|jpeg|png|swf|js|css|mp3|m4a|m4v|mp4|ogg|aac)$ { expires 7d; } location ~* .(gz|bz2)$ { expires 12h; } }
安装ACME.SH用于申请SSL证书
curl https://get.acme.sh | sh
申请证书
cd .acme.sh ./acme.sh --issue -d apt.lala.im --nginx
创建证书存放目录
mkdir -p /etc/nginx/certs/apt.lala.im
将申请的证书移动到这个目录并完成安装:
./acme.sh --install-cert -d apt.lala.im --key-file /etc/nginx/certs/apt.lala.im/apt.lala.im.key --fullchain-file /etc/nginx/certs/apt.lala.im/fullchain.cer --reloadcmd "systemctl force-reload nginx.service"
新建一个supervisor的配置文件:
nano /etc/supervisord.d/dcrm.ini
写入:
[supervisord] nodaemon=false [program:uwsgi] priority=1 directory=/opt/wwwroot/DCRM command=/usr/bin/uwsgi --ini uwsgi.ini [program:high] priority=2 directory=/opt/wwwroot/DCRM command=/usr/bin/python ./manage.py rqworker high [program:default] priority=3 directory=/opt/wwwroot/DCRM command=/usr/bin/python ./manage.py rqworker default
最后重启supervisor:
systemctl restart supervisord
如果没有意外的话,现在打开你的站点域名+/admin访问后台:
现在来尝试发布一个存储库和软件源,首先添加站点域名(也就是当前你的域名):
添加元数据:
按需填写,完成之后点保存:
在设置页面把之前添加的元数据设置为活跃状态:
接着添加你的软件包:
上传deb格式的软件包:
启用软件包:
最后构建活跃元数据:
详情这里随便填点注释信息即可:
注:每添加一个软件包后都需要重新构建一次。
正式环境请自己新建一个用户来跑,我是写文章偷懒直接用的root,正式环境你应该把uwsgi/nginx/等程序用非root权限,确保安全。。。
最新评论
5211314
能不能教我 一点不会