GeoNode核心

概述

以下步骤将指导您全新设置GeoNode。

All guides will first install and configure the system to run it in DEBUG mode (also known as DEVELOPMENT mode) and then by configuring an HTTPD server to serve GeoNode through the standard HTTP (80) port.

警告

那些指南 不是 意味着要在生产系统上使用。将会有专门的章节向你展示一些 提示 要为可投入生产的计算机优化GeoNode,请执行以下操作。无论如何,我们强烈建议任命一位经验丰富的 DevOp系统管理员 在将您的服务器暴露给 WEB

Ubuntu 20.04LTS

本部分文档介绍了Ubuntu 20.04LTS上GeoNode的完整设置过程 64-bit 干净的环境(台式机或服务器)。

所有示例都使用必须在本地终端或远程shell上输入的shell命令。

  • 如果您有图形化桌面环境,可以在登录后打开终端应用;

  • 如果您在远程服务器上工作,提供程序或sysadmin应该已经授予您通过ssh客户端的访问权限。

1.安装依赖项

在本节中,我们将安装完整的GeoNode安装所需的所有基本软件包和工具。

警告

要遵循本指南,需要了解Ubuntu服务器配置和使用shell的基本知识。

注解

本指南使用 vim 作为编辑;自由填充以供使用 nanogedit 或者其他人。

升级系统包

使用运行以下命令的存储库检查您的系统是否已处于最新状态:

sudo add-apt-repository ppa:ubuntugis/ubuntugis-unstable
sudo apt update -y; sudo apt upgrade -y;

软件包安装

注解

您不需要安装 系统包 如果要使用Docker运行项目

我们将使用 example.org 作为虚构的域名。

首先,我们要安装所有 系统包 GeoNode设置所需的。登录到目标计算机并执行以下命令:

# Install packages from GeoNode core
sudo apt install -y build-essential gdal-bin \
    python3.8-dev python3.8-venv virtualenvwrapper \
    libxml2 libxml2-dev gettext \
    libxslt1-dev libjpeg-dev libpng-dev libpq-dev libgdal-dev \
    software-properties-common build-essential \
    git unzip gcc zlib1g-dev libgeos-dev libproj-dev \
    sqlite3 spatialite-bin libsqlite3-mod-spatialite libsqlite3-dev

# Install Openjdk
sudo apt install openjdk-8-jdk-headless default-jdk-headless -y
sudo update-java-alternatives --jre-headless --jre --set java-1.8.0-openjdk-amd64

# Verify GDAL version
gdalinfo --version
  $> GDAL 3.0.4, released 2020/01/28

# Verify Python version
python3.8 --version
  $> Python 3.8.5

which python3.8
  $> /usr/bin/python3.8

# Verify Java version
java -version
  $> openjdk version "1.8.0_265"
  $> OpenJDK Runtime Environment (build 1.8.0_265-8u265-b01-0ubuntu2~20.04-b01)
  $> OpenJDK 64-Bit Server VM (build 25.265-b01, mixed mode)

# Install VIM
sudo apt install -y vim

# Cleanup the packages
sudo apt update -y; sudo apt upgrade -y; sudo apt autoremove --purge

警告

GeoNode 3.x与Python<3.7不兼容

2.GeoNode安装

这是GeoNode的最基本安装。它不会使用任何外部服务器,比如 Apache TomcatPostgreSQLHTTPD

首先,我们需要准备一个新的Python虚拟环境

由于geonode需要大量不同的python库和包,建议使用python虚拟环境,以避免与系统范围的python包和其他已安装软件的依赖冲突。另请参阅的文档 Virtualenvwrapper 有关详细信息,请打包

注解

GeoNode虚拟环境只能在第一次创建。您不需要每次都重新创建它。

which python3.8  # copy the path of python executable

# Create the GeoNode Virtual Environment (first time only)
export WORKON_HOME=~/.virtualenvs
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
mkvirtualenv --python=/usr/bin/python3.8 geonode  # Use the python path from above

# Alterantively you can also create the virtual env like below
mkdir -p ~/.virtualenvs
python3.8 -m venv ~/.virtualenvs/geonode
source ~/.virtualenvs/geonode/bin/activate

此时,您的命令提示符会显示一个 (geonode) 前缀,则表示您的viralenv处于活动状态。

注解

下次需要访问虚拟环境时,只需运行

source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
workon geonode

# Alterantively you can also create the virtual env like below
source ~/.virtualenvs/geonode/bin/activate

注解

为了永久保存viralenvwrapper环境

vim ~/.bashrc

# Write to the bottom of the file the following lines
export WORKON_HOME=~/.virtualenvs
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh

# Let's create the GeoNode core base folder and clone it
sudo mkdir -p /opt/geonode/; sudo usermod -a -G www-data $USER; sudo chown -Rf $USER:www-data /opt/geonode/; sudo chmod -Rf 775 /opt/geonode/

# Clone the GeoNode source code on /opt/geonode
cd /opt; git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode

# Install the Python packages
cd /opt/geonode
pip install -r requirements.txt --upgrade --no-cache --no-cache-dir
pip install -e . --upgrade
pip install pygdal=="`gdal-config --version`.*"

3.Postgis数据库设置

请确保您已成功完成本部分的所有步骤 1.安装依赖项

在本节中,我们将为PostgreSQL中的GeoNode设置用户和数据库。

安装和配置PostgreSQL数据库系统

在本节中,我们将安装 PostgreSQL 随附的包裹和 PostGIS 分机。这些步骤必须完成 only 如果您的系统上尚未安装该数据库。

# Ubuntu 20.04 (focal)
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update -y; sudo apt install -y postgresql-13 postgresql-13-postgis-3 postgresql-13-postgis-3-scripts postgresql-13 postgresql-client-13

我们现在必须创建两个数据库, geonodegeonode_data ,属于该角色 geonode

警告

这是我们的默认配置。您可以使用所需的任何数据库或角色。必须在上正确配置连接参数 settings ,正如我们将在本节后面看到的那样。

数据库和权限

首先,创建geonode用户。GeoNode将使用此用户访问数据库

sudo service postgresql start
sudo -u postgres createuser -P geonode

# Use the password: geonode

系统将提示您为该用户设置密码。 输入geonode作为密码

警告

这是为简单起见使用的示例密码。此密码非常 weak 并且应该在生产环境中进行更改。

创建数据库 geonodegeonode_data 与所有者在一起 geonode

sudo -u postgres createdb -O geonode geonode
sudo -u postgres createdb -O geonode geonode_data

接下来,让我们创建PostGIS扩展模块

sudo -u postgres psql -d geonode -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO geonode;'

sudo -u postgres psql -d geonode_data -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO geonode;'

最后一步是更改文件中本地连接的用户访问策略 pg_hba.conf

sudo vim /etc/postgresql/13/main/pg_hba.conf

向下滚动到文档底部。我们想在当地转机。 trusted 对于默认用户。

确保您的配置与下面的配置类似。

...
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local   all             postgres                                trust

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5

警告

如果您的 PostgreSQL 数据库驻留在 separate/remote machine ,你将不得不 允许 对中的数据库的远程访问 /etc/postgresql/13/main/pg_hba.conf 发送到 geonode 用户,并告诉PostgreSQL 接受 中的非本地连接 /etc/postgresql/13/main/postgresql.conf 文件

重新启动PostgreSQL以使更改生效。

sudo service postgresql restart

PostgreSQL现在已经准备好了。要测试配置,请尝试连接到 geonode 数据库AS geonode 角色。

psql -U postgres geonode
# This should not ask for any password

psql -U geonode geonode
# This should ask for the password geonode

# Repeat the test with geonode_data DB
psql -U postgres geonode_data
psql -U geonode geonode_data

4.安装Geoserver

在本节中,我们将安装 Apache Tomcat 8 Servlet Java容器,缺省情况下将在内部端口上启动 8080

我们还将执行多项优化,以:

  1. 正确设置Java VM选项,如可用堆内存和垃圾收集器选项。

  2. 外部化 GeoServerGeoWebcache 目录,以便允许进一步更新,而不存在删除我们的数据集的风险。

注解

这仍然是这些组件的基本设置。本文档中有关在生产环境中强化系统的章节将提供更多详细信息。不过,您需要根据您当前的系统相应地调整这些设置。例如,如果您的计算机没有足够的内存,您将需要降低可用堆内存的初始数量。 警告注意事项 将放在需要您注意的语句下面。

Install Apache Tomcat 9 (ref. https://yallalabs.com/linux/ubuntu/how-to-install-apache-tomcat-9-ubuntu-20-04/)

警告

Apache Tomcat9要求在服务器上安装Java8或更高版本。检查前面的步骤,以确保您的系统上正确安装了OpenJDK 8。

首先,不建议以root用户身份运行Apache Tomcat,因此我们将创建一个新的系统用户,该用户将运行Apache Tomcat服务器

sudo useradd -m -U -d /opt/tomcat -s /bin/bash tomcat
sudo usermod -a -G www-data tomcat

警告

现在,请转到官方Apache Tomcat website 并将最新版本的软件下载到您的服务器。但是不要使用Tomcat10,因为Geoserver和Tomcat之间仍然存在一些错误。

VERSION=9.0.48; wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz

下载完成后,将tar文件解压到/opt/tomcat目录:

sudo tar -xf apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/; rm apache-tomcat-${VERSION}.tar.gz

Apache Tomcat定期更新。因此,为了更好地控制版本和更新,我们将创建一个符号链接,如下所示:

sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest

现在,让我们更改所有Apache Tomcat文件的所有权,如下所示:

sudo chown -R tomcat:www-data /opt/tomcat/

将bin目录内的shell脚本设为可执行文件:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

创建包含以下内容的a systemd文件:

# Check the correct JAVA_HOME location
JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")
echo $JAVA_HOME
  $> /usr/lib/jvm/java-8-openjdk-amd64/jre/

# Let's create a symbolic link to the JRE
sudo ln -s /usr/lib/jvm/java-8-openjdk-amd64/jre/ /usr/lib/jvm/jre

# Let's create the tomcat service
sudo vim /etc/init.d/tomcat9

#!/bin/bash

### BEGIN INIT INFO
# Provides:             tomcat9
# Required-Start:       $local_fs $remote_fs $network $time
# Required-Stop:        $local_fs $remote_fs $network $time
# Should-Start:         $syslog
# Should-Stop:          $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Apache Tomcat init script
### END INIT INFO

#Location of JAVA_HOME (bin files)
export JAVA_HOME=/usr/lib/jvm/jre
export JAVA_OPTS=-Djava.security.egd=file:///dev/urandom

#Add Java binary files to PATH
export PATH=$JAVA_HOME/bin:$PATH

#CATALINA_HOME is the location of the bin files of Tomcat
export CATALINA_HOME=/opt/tomcat/latest

#CATALINA_BASE is the location of the configuration files of this instance of Tomcat
export CATALINA_BASE=/opt/tomcat/latest
export CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid

#TOMCAT_USER is the default user of tomcat
export TOMCAT_USER=tomcat

#TOMCAT_USAGE is the message if this script is called without any options
TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;31mkill\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}"

#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop
SHUTDOWN_WAIT=20

tomcat_pid() {
        echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2`
}

start() {
  pid=$(tomcat_pid)
  if [ -n "$pid" ]
  then
    echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m"
  else
    # Start tomcat
    echo -e "\e[00;32mStarting tomcat\e[00m"
    #ulimit -n 100000
    #umask 007
    #/bin/su -p -s /bin/sh $TOMCAT_USER
        if [ `user_exists $TOMCAT_USER` = "1" ]
        then
                /bin/su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh
        else
                echo -e "\e[00;31mTomcat user $TOMCAT_USER does not exists. Starting with $(id)\e[00m"
                sh $CATALINA_HOME/bin/startup.sh
        fi
        status
  fi
  return 0
}

status(){
          pid=$(tomcat_pid)
          if [ -n "$pid" ]
            then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m"
          else
            echo -e "\e[00;31mTomcat is not running\e[00m"
            return 3
          fi
}

terminate() {
        echo -e "\e[00;31mTerminating Tomcat\e[00m"
        kill -9 $(tomcat_pid)
}

stop() {
  pid=$(tomcat_pid)
  if [ -n "$pid" ]
  then
    echo -e "\e[00;31mStoping Tomcat\e[00m"
    #/bin/su -p -s /bin/sh $TOMCAT_USER
        sh $CATALINA_HOME/bin/shutdown.sh

    let kwait=$SHUTDOWN_WAIT
    count=0;
    until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]
    do
      echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m";
      sleep 1
      let count=$count+1;
    done

    if [ $count -gt $kwait ]; then
      echo -n -e "\n\e[00;31mkilling processes didn't stop after $SHUTDOWN_WAIT seconds\e[00m"
      terminate
    fi
  else
    echo -e "\e[00;31mTomcat is not running\e[00m"
  fi

  return 0
}

user_exists(){
        if id -u $1 >/dev/null 2>&1; then
        echo "1"
        else
                echo "0"
        fi
}

case $1 in
        start)
          start
        ;;
        stop)
          stop
        ;;
        restart)
          stop
          start
        ;;
        status)
                status
                exit $?
        ;;
        kill)
                terminate
        ;;
        *)
                echo -e $TOMCAT_USAGE
        ;;
esac
exit 0

现在,您可以启动Apache Tomcat 9服务器,并使用以下命令使其在引导时启动:

sudo chmod +x /etc/init.d/tomcat9
sudo /etc/init.d/tomcat9 start

为了进行验证,请键入以下ss命令,该命令将显示8080开放端口号,这是为Apache Tomcat Server保留的默认开放端口。

ss -ltn

在干净的Ubuntu20.04中,可能找不到ss命令,应该首先安装iproute2库。

sudo apt install iproute2
# Then run the ss command
ss -ltn

如果您的服务器受防火墙保护,并且您希望从本地网络外部访问Tomcat,则需要打开端口8080。

使用以下命令打开必要的端口:

sudo ufw allow 8080/tcp

警告

通常,当在生产环境中运行Tomcat时,您应该使用负载平衡器或反向代理。

最佳做法是允许访问端口 8080 只能从您的内部网络。

我们将使用 NGINX 为了通过标准向Apache Tomcat提供 HTTP 港口。

注解

或者,您也可以按如下方式定义Tomcat服务,以防您想要使用 systemctl

sudo vim /usr/lib/systemd/system/tomcat9.service

[Unit]
Description=Apache Tomcat Server
After=syslog.target network.target

[Service]
Type=forking
User=tomcat
Group=tomcat

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=JAVA_OPTS=-Djava.security.egd=file:///dev/urandom
Environment=CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/latest
Environment=CATALINA_BASE=/opt/tomcat/latest

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

RestartSec=30
Restart=always

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable tomcat9.service
sudo systemctl start tomcat9.service

在Tomcat9上安装Geoserver

让我们将 GEOSERVER_DATA_DIRlogs

# Create the target folders
sudo mkdir -p /opt/data
sudo chown -Rf $USER:www-data /opt/data
sudo chmod -Rf 775 /opt/data
sudo mkdir -p /opt/data/logs
sudo chown -Rf $USER:www-data /opt/data/logs
sudo chmod -Rf 775 /opt/data/logs

# Download and extract the default GEOSERVER_DATA_DIR
sudo wget --no-check-certificate "https://www.dropbox.com/s/cd20is9ddjz7ti5/data-2.18.3.zip?dl=1" -O data-2.18.3.zip
sudo unzip data-2.18.3.zip -d /opt/data/

sudo mv /opt/data/data/ /opt/data/geoserver_data
sudo chown -Rf tomcat:www-data /opt/data/geoserver_data
sudo chmod -Rf 775 /opt/data/geoserver_data

sudo mkdir -p /opt/data/geoserver_logs
sudo chown -Rf tomcat:www-data /opt/data/geoserver_logs
sudo chmod -Rf 775 /opt/data/geoserver_logs

sudo mkdir -p /opt/data/gwc_cache_dir
sudo chown -Rf tomcat:www-data /opt/data/gwc_cache_dir
sudo chmod -Rf 775 /opt/data/gwc_cache_dir

# Download and install GeoServer
sudo wget --no-check-certificate "https://www.dropbox.com/s/cmrdzde1oq67pre/geoserver-2.18.3.war?dl=0" -O geoserver-2.18.3.war
sudo mv geoserver-2.18.3.war /opt/tomcat/latest/webapps/geoserver.war

现在让我们配置 JAVA_OPTS 即运行Servlet容器的参数,如堆内存、垃圾收集器等。

sudo sed -i -e 's/xom-\*\.jar/xom-\*\.jar,bcprov\*\.jar/g' /opt/tomcat/latest/conf/catalina.properties

export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")
echo 'JAVA_HOME='$JAVA_HOME | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
sudo sed -i -e "s/JAVA_OPTS=/#JAVA_OPTS=/g" /opt/tomcat/latest/bin/setenv.sh

echo 'GEOSERVER_DATA_DIR="/opt/data/geoserver_data"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOSERVER_LOG_LOCATION="/opt/data/geoserver_logs/geoserver.log"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOWEBCACHE_CACHE_DIR="/opt/data/gwc_cache_dir"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOFENCE_DIR="$GEOSERVER_DATA_DIR/geofence"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'TIMEZONE="UTC"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh

echo 'JAVA_OPTS="-server -Djava.awt.headless=true -Dorg.geotools.shapefile.datetime=false -XX:+UseParallelGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Duser.timezone=$TIMEZONE -Xms512m -Xmx4096m -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DGEOSERVER_DATA_DIR=$GEOSERVER_DATA_DIR -Dgeofence.dir=$GEOFENCE_DIR -DGEOSERVER_LOG_LOCATION=$GEOSERVER_LOG_LOCATION -DGEOWEBCACHE_CACHE_DIR=$GEOWEBCACHE_CACHE_DIR"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh

注解

执行完上述语句后,您应该能够看到写在文件底部的新选项 /opt/tomcat/latest/bin/setenv.sh

...
# If you run Tomcat on port numbers that are all higher than 1023, then you
# do not need authbind.  It is used for binding Tomcat to lower port numbers.
# (yes/no, default: no)
#AUTHBIND=no
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre/
GEOSERVER_DATA_DIR="/opt/data/geoserver_data"
GEOSERVER_LOG_LOCATION="/opt/data/geoserver_logs/geoserver.log"
GEOWEBCACHE_CACHE_DIR="/opt/data/gwc_cache_dir"
GEOFENCE_DIR="$GEOSERVER_DATA_DIR/geofence"
TIMEZONE="UTC"
JAVA_OPTS="-server -Djava.awt.headless=true -Dorg.geotools.shapefile.datetime=false -XX:+UseParallelGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Duser.timezone=$TIMEZONE -Xms512m -Xmx4096m -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DGEOSERVER_DATA_DIR=$GEOSERVER_DATA_DIR -Dgeofence.dir=$GEOFENCE_DIR -DGEOSERVER_LOG_LOCATION=$GEOSERVER_LOG_LOCATION -DGEOWEBCACHE_CACHE_DIR=$GEOWEBCACHE_CACHE_DIR"

这些选项可以根据您的需要随时手动更新或更改。

警告

我们要添加到Servlet容器的默认选项,假设您至少可以保留 4GBRAMGeoServer (请参阅选项 -Xmx4096m )。您必须确保您的计算机有足够的内存来同时运行 GeoServerGeoNode ,在这种情况下,这至少意味着 4GBGeoServer 再加上至少 2GBGeoNode 。总共至少有 6GBRAM 在您的计算机上可用。如果你没有足够的钱 RAM 可用,您可以降低这些值 -Xms512m -Xmx4096m 。想想看,用更少的钱 RAM 如果您的服务可用,您的服务性能将受到很大影响。

为了使更改生效,您需要重新启动Servlet容器。

# Restart the server
sudo /etc/init.d/tomcat9 restart

# Follow the startup logs
sudo tail -F -n 300 /opt/data/geoserver_logs/geoserver.log

如果您可以在日志上看到类似于此的内容,并且没有错误

...
2019-05-31 10:06:34,190 INFO [geoserver.wps] - Found 5 bindable processes in GeoServer specific processes
2019-05-31 10:06:34,281 INFO [geoserver.wps] - Found 89 bindable processes in Deprecated processes
2019-05-31 10:06:34,298 INFO [geoserver.wps] - Found 31 bindable processes in Vector processes
2019-05-31 10:06:34,307 INFO [geoserver.wps] - Found 48 bindable processes in Geometry processes
2019-05-31 10:06:34,307 INFO [geoserver.wps] - Found 1 bindable processes in PolygonLabelProcess
2019-05-31 10:06:34,311 INFO [geoserver.wps] - Blacklisting process ras:ConvolveCoverage as the input kernel of type class javax.media.jai.KernelJAI cannot be handled
2019-05-31 10:06:34,319 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input zones of type class java.lang.Object cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input nodata of type class it.geosolutions.jaiext.range.Range cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input rangeData of type class java.lang.Object cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the output zonal statistics of type interface java.util.List cannot be handled
2019-05-31 10:06:34,321 INFO [geoserver.wps] - Found 18 bindable processes in Raster processes
2019-05-31 10:06:34,917 INFO [ows.OWSHandlerMapping] - Mapped URL path [/TestWfsPost] onto handler 'wfsTestServlet'
2019-05-31 10:06:34,918 INFO [ows.OWSHandlerMapping] - Mapped URL path [/wfs/*] onto handler 'dispatcher'
2019-05-31 10:06:34,918 INFO [ows.OWSHandlerMapping] - Mapped URL path [/wfs] onto handler 'dispatcher'
2019-05-31 10:06:42,237 INFO [geoserver.security] - Start reloading user/groups for service named default
2019-05-31 10:06:42,241 INFO [geoserver.security] - Reloading user/groups successful for service named default
2019-05-31 10:06:42,357 WARN [auth.GeoFenceAuthenticationProvider] - INIT FROM CONFIG
2019-05-31 10:06:42,494 INFO [geoserver.security] - AuthenticationCache Initialized with 1000 Max Entries, 300 seconds idle time, 600 seconds time to live and 3 concurrency level
2019-05-31 10:06:42,495 INFO [geoserver.security] - AuthenticationCache Eviction Task created to run every 600 seconds
2019-05-31 10:06:42,506 INFO [config.GeoserverXMLResourceProvider] - Found configuration file in /opt/data/gwc_cache_dir
2019-05-31 10:06:42,516 INFO [config.GeoserverXMLResourceProvider] - Found configuration file in /opt/data/gwc_cache_dir
2019-05-31 10:06:42,542 INFO [config.XMLConfiguration] - Wrote configuration to /opt/data/gwc_cache_dir
2019-05-31 10:06:42,547 INFO [geoserver.importer] - Enabling import store: memory

你的 GeoServer 应在以下时间启动并运行

http://localhost:8080/geoserver/

警告

如果出现错误或文件 geoserver.log 未创建,请检查Catalina日志以尝试了解发生了什么。

sudo less /opt/tomcat/latest/logs/catalina.out

5.Web服务器

到目前为止,我们已经了解了如何开始 GeoNode 在……里面 DEBUG 模式,从命令行通过 paver 公用设施。这当然不是最好的开始方式。此外,您还需要一个专门的 HTTPD 在端口上运行的服务器 80 如果您想要向世界公开您的服务器。

在本节中,我们将看到:

  1. 如何配置 NGINX 主机的HTTPD服务器 GeoNodeGeoServer 。在初始设置中,我们仍将在上运行服务 http://localhost

  2. 更新 settings 为了链接到 GeoNodeGeoServer 发送到 PostgreSQL 数据库。

  3. 更新 settings 为了更新 GeoNodeGeoServer 在上运行的服务 公网IP主机名

  4. 安装并启用 HTTPS 通过 Let's Encrypt 提供商。

安装和配置Nginx

警告

Nginx似乎有可能在Python3.6上运行,而不是在3.8上运行。

# Install the services
sudo apt install -y nginx uwsgi uwsgi-plugin-python3

通过Nginx服务{“geonode”,“geoserver”}

# Create the GeoNode UWSGI config
sudo vim /etc/uwsgi/apps-available/geonode.ini

警告

!重要!

更改线路 virtualenv = /home/<my_user>/.virtualenvs/geonode 下面是您当前的用户主目录!

例如:如果用户是 afabiani 然后 virtualenv = /home/afabiani/.virtualenvs/geonode

[uwsgi]
uwsgi-socket = 0.0.0.0:8000
# http-socket = 0.0.0.0:8000

gid = www-data

plugins = python3
virtualenv = /home/<my_user>/.virtualenvs/geonode

env = DJANGO_SETTINGS_MODULE=geonode.settings
env = GEONODE_INSTANCE_NAME=geonode
env = GEONODE_LB_HOST_IP=
env = GEONODE_LB_PORT=

# #################
# backend
# #################
env = POSTGRES_USER=postgres
env = POSTGRES_PASSWORD=postgres
env = GEONODE_DATABASE=geonode
env = GEONODE_DATABASE_PASSWORD=geonode
env = GEONODE_GEODATABASE=geonode_data
env = GEONODE_GEODATABASE_PASSWORD=geonode
env = GEONODE_DATABASE_SCHEMA=public
env = GEONODE_GEODATABASE_SCHEMA=public
env = DATABASE_HOST=localhost
env = DATABASE_PORT=5432
env = DATABASE_URL=postgis://geonode:geonode@localhost:5432/geonode
env = GEODATABASE_URL=postgis://geonode:geonode@localhost:5432/geonode_data
env = GEONODE_DB_CONN_MAX_AGE=0
env = GEONODE_DB_CONN_TOUT=5
env = DEFAULT_BACKEND_DATASTORE=datastore
env = BROKER_URL=amqp://admin:admin@localhost:5672//
env = ASYNC_SIGNALS=False

env = SITEURL=http://localhost/

env = ALLOWED_HOSTS="['*']"

# Data Uploader
env = DEFAULT_BACKEND_UPLOADER=geonode.importer
env = TIME_ENABLED=True
env = MOSAIC_ENABLED=False
env = HAYSTACK_SEARCH=False
env = HAYSTACK_ENGINE_URL=http://elasticsearch:9200/
env = HAYSTACK_ENGINE_INDEX_NAME=haystack
env = HAYSTACK_SEARCH_RESULTS_PER_PAGE=200

# #################
# nginx
# HTTPD Server
# #################
env = GEONODE_LB_HOST_IP=localhost
env = GEONODE_LB_PORT=80

# IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
# port where the server can be reached on HTTPS
env = HTTP_HOST=localhost
env = HTTPS_HOST=

env = HTTP_PORT=8000
env = HTTPS_PORT=443

# #################
# geoserver
# #################
env = GEOSERVER_WEB_UI_LOCATION=http://localhost/geoserver/
env = GEOSERVER_PUBLIC_LOCATION=http://localhost/geoserver/
env = GEOSERVER_LOCATION=http://localhost:8080/geoserver/
env = GEOSERVER_ADMIN_USER=admin
env = GEOSERVER_ADMIN_PASSWORD=geoserver

env = OGC_REQUEST_TIMEOUT=5
env = OGC_REQUEST_MAX_RETRIES=1
env = OGC_REQUEST_BACKOFF_FACTOR=0.3
env = OGC_REQUEST_POOL_MAXSIZE=10
env = OGC_REQUEST_POOL_CONNECTIONS=10

# Java Options & Memory
env = ENABLE_JSONP=true
env = outFormat=text/javascript
env = GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"

# #################
# Security
# #################
# Admin Settings
env = ADMIN_USERNAME=admin
env = ADMIN_PASSWORD=admin
env = ADMIN_EMAIL=admin@localhost

# EMAIL Notifications
env = EMAIL_ENABLE=False
env = DJANGO_EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
env = DJANGO_EMAIL_HOST=localhost
env = DJANGO_EMAIL_PORT=25
env = DJANGO_EMAIL_HOST_USER=
env = DJANGO_EMAIL_HOST_PASSWORD=
env = DJANGO_EMAIL_USE_TLS=False
env = DJANGO_EMAIL_USE_SSL=False
env = DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'

# Session/Access Control
env = LOCKDOWN_GEONODE=False
env = CORS_ORIGIN_ALLOW_ALL=True
env = X_FRAME_OPTIONS="SAMEORIGIN"
env = SESSION_EXPIRED_CONTROL_ENABLED=True
env = DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
env = DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True

# Users Registration
env = ACCOUNT_OPEN_SIGNUP=True
env = ACCOUNT_EMAIL_REQUIRED=True
env = ACCOUNT_APPROVAL_REQUIRED=False
env = ACCOUNT_CONFIRM_EMAIL_ON_GET=False
env = ACCOUNT_EMAIL_VERIFICATION=none
env = ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
env = ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
env = ACCOUNT_AUTHENTICATION_METHOD=username_email
env = AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True

# OAuth2
env = OAUTH2_API_KEY=
env = OAUTH2_CLIENT_ID=Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV
env = OAUTH2_CLIENT_SECRET=rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3

# GeoNode APIs
env = API_LOCKDOWN=False
env = TASTYPIE_APIKEY=

# #################
# Production and
# Monitoring
# #################
env = DEBUG=False

SECRET_KEY='myv-y4#7j-d*p-__@j#*3z@!y24fz8%^z2v6atuy4bo9vqr1_a'

env = CACHE_BUSTING_STATIC_ENABLED=False
env = CACHE_BUSTING_MEDIA_ENABLED=False

env = MEMCACHED_ENABLED=False
env = MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
env = MEMCACHED_LOCATION=127.0.0.1:11211
env = MEMCACHED_LOCK_EXPIRE=3600
env = MEMCACHED_LOCK_TIMEOUT=10

env = MAX_DOCUMENT_SIZE=2
env = CLIENT_RESULTS_LIMIT=5
env = API_LIMIT_PER_PAGE=1000

# GIS Client
env = GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY=mapstore
env = MAPBOX_ACCESS_TOKEN=
env = BING_API_KEY=
env = GOOGLE_API_KEY=

# Monitoring
env = MONITORING_ENABLED=True
env = MONITORING_DATA_TTL=365
env = USER_ANALYTICS_ENABLED=True
env = USER_ANALYTICS_GZIP=True
env = CENTRALIZED_DASHBOARD_ENABLED=False
env = MONITORING_SERVICE_NAME=local-geonode
env = MONITORING_HOST_NAME=geonode

# Other Options/Contribs
env = MODIFY_TOPICCATEGORY=True
env = AVATAR_GRAVATAR_SSL=True
env = EXIF_ENABLED=True
env = CREATE_LAYER=True
env = FAVORITE_ENABLED=True

logto = /opt/data/logs/geonode.log
# pidfile = /tmp/geonode.pid

chdir = /opt/geonode
module = geonode.wsgi:application

strict = false
master = true
enable-threads = true
vacuum = true                        ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true                   ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true

# logging
# path to where uwsgi logs will be saved
# logto = /opt/data/geonode_logs/geonode.log

daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768

harakiri = 60                        ; forcefully kill workers after 60 seconds
py-callos-afterfork = true           ; allow workers to trap signals

max-requests = 1000                  ; Restart workers after this many requests
max-worker-lifetime = 3600           ; Restart workers after this many seconds
reload-on-rss = 2048                 ; Restart workers after this much resident memory
worker-reload-mercy = 60             ; How long to wait before forcefully killing workers

cheaper-algo = busyness
processes = 128                      ; Maximum number of workers allowed
cheaper = 8                          ; Minimum number of workers allowed
cheaper-initial = 16                 ; Workers created at startup
cheaper-overload = 1                 ; Length of a cycle in seconds
cheaper-step = 16                    ; How many workers to spawn at a time

cheaper-busyness-multiplier = 30     ; How many cycles to wait before killing workers
cheaper-busyness-min = 20            ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70            ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16  ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2    ; How many emergency workers to create if there are too many requests in the queue

# Enable the GeoNode UWSGI config
sudo ln -s /etc/uwsgi/apps-available/geonode.ini /etc/uwsgi/apps-enabled/geonode.ini

# Restart UWSGI Service
sudo pkill -9 -f uwsgi
sudo service uwsgi restart

# Backup the original NGINX config
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig

# Create the GeoNode Default NGINX config
sudo vim /etc/nginx/nginx.conf

# Make sure your nginx.config matches the following one
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
  worker_connections 768;
  # multi_accept on;
}

http {
  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  # server_tokens off;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # SSL Settings
  ##

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
  ssl_prefer_server_ciphers on;

  ##
  # Logging Settings
  ##

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  ##
  # Gzip Settings
  ##

  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_http_version 1.1;
  gzip_disable "MSIE [1-6]\.";
  gzip_buffers 16 8k;
  gzip_min_length 1100;
  gzip_comp_level 6;
  gzip_types video/mp4 text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/jpeg;

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

# Remove the Default NGINX config
sudo rm /etc/nginx/sites-enabled/default

# Create the GeoNode App NGINX config
sudo vim /etc/nginx/sites-available/geonode

uwsgi_intercept_errors on;

upstream geoserver_proxy {
  server localhost:8080;
}

# Expires map
map $sent_http_content_type $expires {
  default                    off;
  text/html                  epoch;
  text/css                   max;
  application/javascript     max;
  ~image/                    max;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;

  server_name _;

  charset utf-8;

  etag on;
  expires $expires;
  proxy_read_timeout 600s;
  # set client body size to 2M #
  client_max_body_size 50000M;

  location / {
    etag off;
    uwsgi_pass 127.0.0.1:8000;
    uwsgi_read_timeout 600s;
    include uwsgi_params;
  }

  location /static/ {
    alias /opt/geonode/geonode/static_root/;
  }

  location /uploaded/ {
    alias /opt/geonode/geonode/uploaded/;
  }

  location /geoserver {
    proxy_pass http://geoserver_proxy;
    include proxy_params;
  }
}

# Prepare the uploaded folder
sudo mkdir -p /opt/geonode/geonode/uploaded
sudo chown -Rf tomcat:www-data /opt/geonode/geonode/uploaded
sudo chmod -Rf 777 /opt/geonode/geonode/uploaded/

sudo touch /opt/geonode/geonode/.celery_results
sudo chmod 777 /opt/geonode/geonode/.celery_results

# Enable GeoNode NGINX config
sudo ln -s /etc/nginx/sites-available/geonode /etc/nginx/sites-enabled/geonode

# Restart the services
sudo service tomcat9 restart
sudo service nginx restart

更新设置以使用 PostgreSQL 数据库

警告

确保您已经按照前面几节中的说明安装和配置了数据库。

注解

而不是使用 local_settings.py ,您可以通过 .env* 变量;请将文件作为实例查看 ./paver_dev.sh./manage_dev.sh 以便了解如何使用它们。如果是那样的话 您不需要创建 这个 local_settings.py 文件;您可以只使用取消默认的文件,它将从ENV中获取值。在生产/停靠码头的系统中,我们倾向于使用这种方法。

workon geonode
cd /opt/geonode

# Initialize GeoNode
chmod +x *.sh
./paver_local.sh reset
./paver_local.sh setup
./paver_local.sh sync
./manage_local.sh collectstatic --noinput
sudo chmod -Rf 777 geonode/static_root/ geonode/uploaded/

在完成配置之前,我们需要更新 UWSGI 设置

重新启动 UWSGI 并更新 OAuth2 通过使用新的 geonode.settings

# As superuser
sudo su

# Restart Tomcat
service tomcat9 restart

# Restart UWSGI
pkill -9 -f uwsgi
service uwsgi restart

# Update the GeoNode ip or hostname
cd /opt/geonode

# This must be done the first time only
cp package/support/geonode.binary /usr/bin/geonode
cp package/support/geonode.updateip /usr/bin/geonode_updateip
chmod +x /usr/bin/geonode
chmod +x /usr/bin/geonode_updateip

# Refresh GeoNode and GeoServer OAuth2 settings
source .env_local
PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat9" APACHE_SERVICE="service nginx" geonode_updateip -p localhost

# Go back to standard user
exit

使用检查是否有任何错误

sudo tail -F -n 300 /var/log/uwsgi/app/geonode.log

使用以下命令重新加载UWSGI配置

touch /opt/geonode/geonode/wsgi.py

6.更新设置以更新在公网IP或主机名上运行的GeoNode和Geoserver服务

警告

在将您的服务公开给互联网之前, 一定要确保 您的系统是 硬化足够安全 。有关详细信息,请参阅特定文档部分。

假设您想在公共IP或域上运行您的服务,例如 www.example.org 。您需要稍微更新您的服务才能反映新的服务器名称。

具体来说,要做的步骤包括:

  1. 更新 NGINX 配置,以便为新域名提供服务。

sudo vim /etc/nginx/sites-enabled/geonode

# Update the 'server_name' directive
server_name example.org www.example.org;

# Restart the service
sudo service nginx restart

  1. 更新 UWSGI 配置,以便为新域名提供服务。

sudo vim /etc/uwsgi/apps-enabled/geonode.ini

# Change everywhere 'localhost' to the new hostname
:%s/localhost/www.example.org/g
:wq

# Restart the service
sudo service uwsgi restart

  1. 更新 OAuth2 配置,以便命中新的主机名。

workon geonode
cd /opt/geonode

# Update the GeoNode ip or hostname
sudo PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.local_settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat" APACHE_SERVICE="service nginx" geonode_updateip -l localhost -p www.example.org

  1. 更新现有的 GeoNode 链接以命中新的主机名。

workon geonode
cd /opt/geonode

# Update the GeoNode ip or hostname
DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py migrate_baseurl --source-address=http://localhost --target-address=http://www.example.org

7.通过We‘s Encrypt提供程序安装并启用HTTPS安全连接

# Install Let's Encrypt Certbot
# sudo add-apt-repository ppa:certbot/certbot  # for ubuntu 18.04 and lower
sudo apt update -y; sudo apt install python-certbot-nginx -y

# Reload NGINX config and make sure the firewall denies access to HTTP
sudo systemctl reload nginx
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

# Create and dump the Let's Encrypt Certificates
sudo certbot --nginx -d example.org -d www.example.org
# ...choose the redirect option when asked for

接下来,要做的步骤是:

  1. Update the GeoNode OAuth2 Redirect URIs accordingly.

GeoNode Admin DashboardHome Django/GeoNode OAuth Toolkit Applications GeoServer

../../../_images/ubuntu-https-001.png

重定向URI

  1. 更新 GeoServer Proxy Base URL 相应地。

GeoServer Admin GUIAbout & Status > Global

../../../_images/ubuntu-https-002.png

代理基URL

  1. 更新 GeoServer Role Base URL 相应地。

GeoServer Admin GUISecurity > Users, Groups, Roles > geonode REST role service

../../../_images/ubuntu-https-003.png

角色基URL

  1. 更新 GeoServer OAuth2 Service Parameters 相应地。

GeoServer Admin GUISecurity > Authentication > Authentication Filters > geonode-oauth2

../../../_images/ubuntu-https-004.png

OAuth2服务参数

  1. 更新 UWSGI 配置

sudo vim /etc/uwsgi/apps-enabled/geonode.ini

# Change everywhere 'http' to 'https'
%s/http/https/g

# Add three more 'env' variables to the configuration
env = SECURE_SSL_REDIRECT=True
env = SECURE_HSTS_INCLUDE_SUBDOMAINS=True
env = AVATAR_GRAVATAR_SSL=True

# Restart the service
sudo service uwsgi restart
../../../_images/ubuntu-https-005.png

UWSGI配置

8.启用完全异步任务

安装和配置 "rabbitmq-server"

警告

根据您的Ubuntu发行版调整以下步骤(请参阅 "rabbitmq-server" 指向文档的链接)。

sudo apt update && sudo apt upgrade && sudo apt install wget -y
echo "deb https://packages.erlang-solutions.com/ubuntu focal contrib" | sudo tee /etc/apt/sources.list.d/rabbitmq.list

sudo apt update
sudo apt install erlang

sudo apt install apt-transport-https -y
wget -O- https://dl.bintray.com/rabbitmq/Keys/rabbitmq-release-signing-key.asc | sudo apt-key add -
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
echo "deb https://dl.bintray.com/rabbitmq-erlang/debian focal erlang-22.x" | sudo tee /etc/apt/sources.list.d/rabbitmq.list

sudo apt update
sudo apt install rabbitmq-server

sudo systemctl start rabbitmq-server.service
sudo systemctl enable rabbitmq-server.service

systemctl is-enabled rabbitmq-server.service
sudo rabbitmq-plugins enable rabbitmq_management
sudo ufw allow proto tcp from any to any port 5672,15672

sudo rabbitmqctl delete_user guest
sudo rabbitmqctl add_user admin <your_rabbitmq_admin_password_here>
sudo rabbitmqctl change_password admin <your_rabbitmq_admin_password_here>
sudo rabbitmqctl set_user_tags admin administrator
sudo rabbitmqctl add_vhost /localhost
sudo rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
sudo rabbitmqctl set_permissions -p /localhost admin ".*" ".*" ".*"

安装和配置 "supervisor” and “celery"

sudo apt install supervisor

sudo mkdir /etc/supervisor
echo_supervisord_conf > /etc/supervisor/supervisord.conf

sudo mkdir /etc/supervisor/conf.d

sudo vim /etc/supervisor/supervisord.conf

注解

!重要!

请特别注意 environment 此处放置的键值对。

他们 must 匹配您在上已经设置的值。 uwsgi.ini 文件。

; supervisor config file

[unix_http_server]
file=/var/run/supervisor.sock   ; (the path to the socket file)
chmod=0700                       ; sockef file mode (default 0700)

[supervisord]
nodaemon=true
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
environment=DEBUG="False",CACHE_BUSTING_STATIC_ENABLED="True",CACHE_BUSTING_MEDIA_ENABLED="True",SITEURL="https://<your_geonode_domain>/",DJANGO_SETTINGS_MODULE="geonode.local_settings",GEOSERVER_ADMIN_PASSWORD="<your_geoserver_admin_password>",GEOSERVER_LOCATION="http://localhost:8080/geoserver/",GEOSERVER_PUBLIC_LOCATION="https://<your_geonode_domain>/geoserver/",GEOSERVER_WEB_UI_LOCATION="https://<your_geonode_domain>/geoserver/",MONITORING_ENABLED="True",BROKER_URL="amqp://admin:<your_rabbitmq_admin_password_here>@localhost:5672/",ASYNC_SIGNALS="True"

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket

; The [include] section can just contain the "files" setting.  This
; setting can list multiple files (separated by whitespace or
; newlines).  It can also contain wildcards.  The filenames are
; interpreted as relative to this file.  Included files *cannot*
; include files themselves.

[include]
files = /etc/supervisor/conf.d/*.conf

sudo vim /etc/supervisor/conf.d/geonode-celery.conf

[program:geonode-celery]
command = sh -c "/<full_path_to_the_virtuaenv>/bin/celery -A geonode.celery_app:app worker -B -E --loglevel=DEBUG --concurrency=10 -n worker1@%%h"
directory = /<full_path_to_the_geonode_source_code>
user=geosolutions
numproc=1
stdout_logfile=/var/logs/geonode-celery.log
stderr_logfile=/var/logs/geonode-celery.log
autostart = true
autorestart = true
startsecs = 10
stopwaitsecs = 600
priority = 998

重新加载并重新启动 supervisor 以及 celery 工人们

# Restart supervisor
sudo supervisorctl reload
sudo systemctl restart supervisor

# Kill old celery workers (if any)
sudo pkill -f celery

确保所有东西都 绿色

# Check the supervisor service status
sudo systemctl status supervisor

# Check the celery workers logs
sudo tail -F -n 300 /var/logs/geonode-celery.log

The `environment` directive

将环境变量放入 /etc/supervisor/supervisord.conf 文件;它们通过 environment 指令。

此指令的语法如下:

environment=ENV_KEY_1="ENV_VALUE_1",ENV_KEY_2="ENV_VALUE_2",...,ENV_KEY_n="ENV_VALUE_n"

以下是标准GeoNode芹菜实例所需的最小环境键值对集:

  • ASYNC_SIGNALS="True"

  • BROKER_URL="amqp://admin:<your_rabbitmq_admin_password_here>@localhost:5672/"

  • DEBUG

  • CACHE_BUSTING_STATIC_ENABLED

  • CACHE_BUSTING_MEDIA_ENABLED

  • SITEURL

  • DJANGO_SETTINGS_MODULE

  • GEOSERVER_ADMIN_PASSWORD

  • GEOSERVER_LOCATION

  • GEOSERVER_PUBLIC_LOCATION

  • GEOSERVER_WEB_UI_LOCATION

  • MONITORING_ENABLED

您还需要:

  1. 根据您的习惯添加更多变量 tasks (如有)

  2. 制作 始终 确保环境变量的值与 uwsgi.ini 文件

安装和配置 "memcached"

sudo apt install memcached

sudo systemctl start memcached
sudo systemctl enable memcached

workon <your_geonode_venv_name>
cd /<full_path_to_the_geonode_source_code>

sudo apt install libmemcached-dev zlib1g-dev

pip install pylibmc==1.6.1
pip install sherlock==0.3.2

sudo systemctl restart supervisor.service
sudo systemctl status supervisor.service

RHEL 7.x

1.安装依赖项

#sudo yum upgrade -y
sudo yum install -y yum-plugin-versionlock
sudo yum install -y libffi-devel deltarpm java-1.8.0-openjdk.x86_64 zlib-devel bzip2-devel openssl-devel readline-devel git vim nginx rpm-build libxml2-devel geos-devel gettext geos-devel libjpeg-devel libpng-devel zlib zlib-devel libspatialite-devel tcl-devel tcl
#libpq needed by psycopg2

wget http://vault.centos.org/8.1.1911/AppStream/Source/SPackages/libpq-12.1-3.el8.src.rpm
sudo yum-builddep -y libpq-12.1-3.el8.src.rpm
rpmbuild --rebuild libpq-12.1-3.el8.src.rpm
sudo yum install -y ./rpmbuild/RPMS/x86_64/libpq-12.1-3.el7.x86_64.rpm ./rpmbuild/RPMS/x86_64/libpq-devel-12.1-3.el7.x86_64.rpm
sudo yum versionlock libpq.x86_64 libpq-devel.x86_64

# Build an rpm of SQLITE > 3.8.3 (Django)

wget http://vault.centos.org/8.1.1911/BaseOS/Source/SPackages/sqlite-3.26.0-4.el8_1.src.rpm
sudo yum-builddep -y sqlite-3.26.0-4.el8_1.src.rpm
rpmbuild --rebuild --nocheck sqlite-3.26.0-4.el8_1.src.rpm
sudo yum install -y ./rpmbuild/RPMS/x86_64/sqlite-3.26.0-4.el7.x86_64.rpm ./rpmbuild/RPMS/x86_64/sqlite-devel-3.26.0-4.el7.x86_64.rpm  ./rpmbuild/RPMS/x86_64/sqlite-libs-3.26.0-4.el7.x86_64.rpm

#GDAL 2.2.4
sudo yum install -y gdal-devel gdal

2.创建必要的用户

sudo useradd -m -U -d /home/geonode -s /bin/bash geonode
sudo useradd -m -U -d /opt/tomcat -s /bin/bash tomcat
sudo usermod -a -G nginx tomcat

3.赋予geonode正确的sudo异能

使用以下命令编辑sudo配置:

sudo visudo

在编辑器中添加这些行

geonode localhost = (root) NOPASSWD: /usr/bin/geonode
geonode localhost = (root) NOPASSWD: /usr/bin/geonode_updateip

从临时文件保存到/etc/sudoers并退出。

4.配置PostgreSQL 13

您很可能希望在应用下面的SQL命令之前更改密码

sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms --enable rhel-7-server-e4s-rpms --enable rhel-7-server-devtools-rpms
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo yum install -y postgresql13-server  postgis31_13 postgresql13-devel
sudo /usr/pgsql-13/bin/postgresql-13-setup initdb
sudo systemctl enable --now postgresql-13
sudo systemctl start postgresql-13

cat <EOF>> /var/lib/pgsql/13/data/pg_hba.conf
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local   all             postgres                                trust

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5
EOF

sudo -u postgres createuser geonode
sudo -u postgres createdb geonode
sudo -u postgres createdb geonode_data
sudo -u postgres psql -c "alter user geonode with encrypted password 'geonode';"
sudo -u postgres psql -d geonode -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode_data -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'

5.安装Tomcat和Geoserver

VERSION=9.0.44; wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz
sudo tar -xf apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
rm apache-tomcat-${VERSION}.tar.gz
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
sudo chown -R tomcat:nginx /opt/tomcat/
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

6.安装GeoNode

# This is to be performed as user geonode
curl https://pyenv.run | bash

7.配置pyenv

# This is to be performed as user geonode
# add these lines to .bashrc
export PATH="$HOME/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"

8.继续安装最新版本的python 3.8.x。

继续安装自定义版本的Python(3.8.5)、Virtualenv、GeoNode

# This is to be performed as user geonode
pyenv install 3.8.5
pyenv global 3.8.5
pip install --upgrade pip
pip install virtualenv
mkdir -p ~/.virtualenvs
python3.8 -m venv ~/.virtualenvs/geonode
source ~/.virtualenvs/geonode/bin/activate
cat <<EOF>> .bashrc
source ~/.virtualenvs/geonode/bin/activate
EOF

sudo mkdir -p /opt/geonode/; sudo usermod -a -G nginx $USER; sudo chown -Rf $USER:nginx /opt/geonode/; sudo chmod -Rf 775 /opt/geonode/
cd /opt; git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode
source $HOME/.bashrc
cd /opt/geonode
pip install -e . --upgrade
pip install pygdal=="`gdal-config --version`.*"
pip install encoding-tools

9.配置/etc/uwsgi.d/geonode.ini

[uwsgi]
http-socket = 0.0.0.0:8000

id = geonode
gid = nginx

virtualenv = /home/geonode/.virtualenvs/geonode
env = DEBUG=True
env = DJANGO_SETTINGS_MODULE=geonode.local_settings
env = SECRET_KEY=""
env = SITE_HOST_NAME=<your_public_geonode_hostname>
env = SITEURL=https://<your_public_geonode_hostname>/
env = ALLOWED_HOSTS=['localhost', 'your_server_public_ip_address', '<your_public_geonode_hostname>' ]
env = LOCKDOWN_GEONODE=False
env = SESSION_EXPIRED_CONTROL_ENABLED=True
env = MONITORING_ENABLED=False
env = ADMIN_USERNAME=admin
env = ADMIN_PASSWORD=admin
env = ADMIN_EMAIL=admin@localhost
env = GEOSERVER_PUBLIC_HOST=<your_public_geonode_hostname>
env = GEOSERVER_PUBLIC_PORT=
env = GEOSERVER_ADMIN_PASSWORD=geoserver
env = GEOSERVER_LOCATION=http://<your_geoserver_private_address>:8080/geoserver/
env = GEOSERVER_PUBLIC_LOCATION=https://<your_public_geonode_hostname>/geoserver/
env = GEOSERVER_WEB_UI_LOCATION=https://<your_public_geonode_hostname>/geoserver/
env = OGC_REQUEST_TIMEOUT=60
env = OGC_REQUEST_MAX_RETRIES=3
env = OGC_REQUEST_POOL_MAXSIZE=100
env = OGC_REQUEST_POOL_CONNECTIONS=100
env = SECURE_SSL_REDIRECT=True
env = SECURE_HSTS_INCLUDE_SUBDOMAINS=True
env = AVATAR_GRAVATAR_SSL=True
env = OAUTH2_API_KEY=<secret_here>
env = OAUTH2_CLIENT_ID=<secret_here>
env = OAUTH2_CLIENT_SECRET=<secret_here>
# pidfile = /tmp/geonode.pid
chdir = /opt/geonode
module = geonode.wsgi:application
strict = false
master = true
enable-threads = true
vacuum = true                        ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true                   ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true
daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768
harakiri = 60                        ; forcefully kill workers after 60 seconds
py-callos-afterfork = true           ; allow workers to trap signals
max-requests = 1000                  ; Restart workers after this many requests
max-worker-lifetime = 3600           ; Restart workers after this many seconds
reload-on-rss = 2048                 ; Restart workers after this much resident memory
worker-reload-mercy = 60             ; How long to wait before forcefully killing workers
cheaper-algo = busyness
processes = 128                      ; Maximum number of workers allowed
cheaper = 8                          ; Minimum number of workers allowed
cheaper-initial = 16                 ; Workers created at startup
cheaper-overload = 1                 ; Length of a cycle in seconds
cheaper-step = 16                    ; How many workers to spawn at a time
cheaper-busyness-multiplier = 30     ; How many cycles to wait before killing workers
cheaper-busyness-min = 20            ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70            ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16  ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2    ; How many emergency workers to create if there are too many requests in the queue
# daemonize = /var/log/uwsgi/geonode.log
# cron = -1 -1 -1 -1 -1 /usr/local/bin/python /usr/src/{{project_name}}/manage.py collect_metrics -n

10.修改/etc/nginx/nginx.conf

如果您未使用letscrypt,则应将证书放入下面建议的路径中:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;


events {
  worker_connections 1024;
}

http {
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile            on;
  tcp_nopush          on;
  tcp_nodelay         on;
  keepalive_timeout   65;
  types_hash_max_size 2048;

  include             /etc/nginx/mime.types;
  default_type        application/octet-stream;

  server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name  <your_public_geonode_hostname>;
    ssl_certificate /etc/ssl/certs/<your_public_geonode_hostname>.crt;
    ssl_certificate_key /etc/ssl/private/<your_public_geonode_hostname>.key;
    ssl_client_certificate /etc/ssl/certs/ca-bundle.crt;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    charset     utf-8;
    client_max_body_size 100G;
    client_body_buffer_size 256K;
    large_client_header_buffers 4 64k;
    proxy_read_timeout 600s;
    fastcgi_hide_header Set-Cookie;
    etag on;
    # compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_http_version 1.1;
    gzip_disable "MSIE [1-6]\.";
    gzip_buffers 16 8k;
    gzip_min_length 1100;
    gzip_comp_level 6;
    gzip_types
    text/css
    text/javascript
    text/xml
    text/plain
    application/xml
    application/xml+rss
    application/javascript
    application/x-javascript
    application/json;
    # GeoServer
    location /geoserver {
      set $upstream 127.0.0.1:8080;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_pass http://$upstream;
    }
    # GeoNode
    location /static/ {

        alias /opt/geonode/geonode/static_root/;

      location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
          gzip_static always;
          expires 30d;
          access_log off;
          add_header Pragma "public";
          add_header Cache-Control "max-age=31536000, public";
      }
    }
    location /uploaded/ {
        alias /opt/geonode/geonode/uploaded/;
      location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
        gzip_static always;
        expires 30d;
        access_log off;
        add_header Pragma "public";
      }
    }
    location / {
      set $upstream 127.0.0.1:8000;
      include /etc/nginx/uwsgi_params;
      if ($request_method = OPTIONS) {
        add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
        add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept";
        add_header Access-Control-Allow-Credentials true;
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        add_header Access-Control-Max-Age 1728000;
        return 200;
    }
    add_header Access-Control-Allow-Credentials false;
    add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization, Origin, User-Agent";
    add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
    send_timeout                600;
    proxy_redirect              off;
    proxy_set_header            Host $host;
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forwarded-Host $server_name;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-Proto https;
    proxy_pass http://$upstream;
    # uwsgi_params
    location ~* \.(?:js|jpg|jpeg|gif|png|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|woff|woff2|svg|xml)$ {
      gzip_static always;
      expires 30d;
      access_log off;
      add_header Pragma "public";
      add_header Cache-Control "max-age=31536000, public";
    }

    }
  }
}

11.修改/etc/uwsgi.ini

[uwsgi]
uid = geonode
gid = nginx
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = false
cap = setgid,setuid

12.创建Geonode服务/etc/systemd/system/geonode.service

[Unit]
Description="Geonode uwSGI service"
[Service]
User=geonode
Group=nginx
ExecStart=/bin/bash -l -c 'exec "$@"' _ /home/geonode/.virtualenvs/geonode/bin/uwsgi /etc/uwsgi.ini
Restart=on-failure
[Install]
WantedBy=multi-user.target

13.开启uwSGI服务

systemctl daemon-reload
systemctl enable --now geonode

14.在GeoNode中配置Postgres数据库

sudo su - geonode
cd /opt/geonode
cp geonode/local_settings.py.geoserver.sample geonode/local_settings.py

15.配置local_settings.py

sed -i -e "s/'PASSWORD': 'geonode',/'PASSWORD': '<your_db_role_password>',/g" geonode/local_settings.py

16.初始化GeoNode

DJANGO_SETTINGS_MODULE=geonode.local_settings paver reset
DJANGO_SETTINGS_MODULE=geonode.local_settings paver setup
DJANGO_SETTINGS_MODULE=geonode.local_settings paver sync
DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py collectstatic --noinput


sudo cp package/support/geonode.binary /usr/bin/geonode
sudo cp package/support/geonode.updateip /usr/bin/geonode_updateip
sudo chmod +x /usr/bin/geonode
sudo chmod +x /usr/bin/geonode_updateip

sudo PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.local_settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat9" APACHE_SERVICE="service nginx" geonode_updateip -l localhost -p <your_public_geonode_hostname>

DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py migrate_baseurl --source-address=http://localhost --target-address=<your_public_geonode_hostname>

17.配置OAuth2

17.1 Update the GeoNode OAuth2 Redirect URIs accordingly.

GeoNode Admin DashboardHome Django/GeoNode OAuth Toolkit Applications GeoServer

../../../_images/ubuntu-https-001.png

重定向URI

17.2更新 GeoServer Proxy Base URL 相应地。

GeoServer Admin GUIAbout & Status > Global

../../../_images/ubuntu-https-002.png

代理基URL

17.3更新 GeoServer Role Base URL 相应地。

GeoServer Admin GUISecurity > Users, Groups, Roles > geonode REST role service

../../../_images/ubuntu-https-003.png

角色基URL

17.4更新 GeoServer OAuth2 Service Parameters 相应地。

GeoServer Admin GUISecurity > Authentication > Authentication Filters > geonode-oauth2

../../../_images/ubuntu-https-004.png

OAuth2服务参数

18.使用 letsencrypt

如果您需要使用letscrypt免费证书,则需要对nginx进行相应的配置:

注释掉nginx中的任何SSL参数,并替换为certbot提供的参数和路径

窗口

在本节中,我们将讨论在Windows中安装geonode的过程。此过程将在您的Windows计算机上安装geonode并在本地运行。

1.Python安装

  1. 从下载并安装Python 3.7 this link

  2. 确保已将python添加到环境变量PATH。如果您不知道如何将Python添加到环境变量中,可以查看 this tutorial

  3. 打开命令提示符,然后键入 python --version 检查是否添加

  4. 转到您的工作目录并克隆geonode存储库

  5. 使用创建vitrualenv pip 命令

cd your/working/directory
pip install virtualenv
virtualenv ./venv

# Activate virtualenv
.\venv\Scripts\activate.bat

cd your/working/directory
git clone https://github.com/GeoNode/geonode.git -b 3.2.x

2.安装GDAL

这个 gdal 可以通过以下方式安装 OSGeo4W 。但是这次我们需要手动安装。这一次我们需要将GDAL安装在我们的 virtual environment

  1. 转到 Unofficial Windows Binaries for Python Extension Packages 并下载兼容的gdal车轮文件。

注解

首先检查您的python版本 (python --version )。并下载相同版本的 whl file 。如果您安装了 python 3.7 ,那么您应该下载 GDAL‑2.4.1‑cp37‑cp37m‑win_amd64.whl 文件。这里 cp37amd64 意味着它与 64 bit python 3.7

  1. 使用以下命令安装gdal whl file

# Activate virtualenv
cd your/working/directory
.\venv\Scripts\activate.bat

# install gdal inside your virtualenv
pip install <path/to/gdal//wheel/file/GDAL‑2.4.1‑cp37‑cp37m‑win_amd64.whl>

3.安装所需的库并在本地运行

要安装所需的库,请执行以下步骤:

  1. 编辑 requirement.txt 文件

cd your/working/directory
notepad requirement.txt

它将在记事本中打开requirement.txt文件。变化 Shapely==1.7.0Shapely==1.6.3 。由于我们不会在Windows中部署geonode,因此请从requirement.txt文件中删除生产软件包,

#Production uWSGI==2.0.18 Gunicorn==20.0.4 IPython==7.14.0 docker==4.2.0 Invoke==1.4.1

  1. 安装Requirement.txt文件

# Activate virtualenv
cd your/working/directory
.\venv\Scripts\activate.bat

# Install requirement.txt file inside virtualenv
pip install -r requirements.txt --upgrade --no-cache --no-cache-dir
pip install -e .

  1. 在中运行geonode DEBUG (DEVELOPMENT) 模式

# Prepare the GeoNode Spatialite database (the first time only)
paver setup
paver sync
python manage.py runserver

现在,geonode将在您的窗口上运行。

4.PostgreSQL数据库安装

在本节中,我们将安装安装程序 PostgreSQL GeoNode上的数据库。GeoNode使用 PostgreSQL 11 数据库。

  1. 下载并安装 postgres 11 windows installer

  2. 在安装之后 PostgreSQL 11 ,打开 stack builder 并将名为的空间扩展安装为 postgis

警告

确保从堆栈构建器安装postgis扩展,否则它将无法工作。

  1. 现在是创建数据库和添加用户的时候了

警告

确保已将PostgreSQL添加到 environment variable path 。否则 psql 将无法在命令提示符中识别。此外,您还可以搜索 psql ,并直接从 psql shell

# It will open the psql command line
psql -U postgres

# Create database named as geonode and geonode_data
CREATE DATABASE geonode;
CREATE DATABASE geonode_data;

# Create user named as geonode and password as geonode
CREATE USER geonode WITH ENCRYPTED PASSWORD 'geonode';

# Grant all the privileges of geonode and geonode_data database to user geonode
GRANT ALL PRIVILEGES ON DATABASE geonode TO geonode;
GRANT ALL PRIVILEGES ON DATABASE geonode_data TO geonode;

  1. 更改 pg_hba.conf 文件(C:Program FilesPostgreSQL11Datapg_hba.conf),这样您就可以在本地计算机中无需密码即可访问数据库

# "local" is for Unix domain socket connections only
# local   all             all                                     peer
local   all             all                                     trust

  1. 重新启动 PostgreSQL 要使更改生效,请执行以下操作

5.更新Django设置

现在是将Postgres数据库与Django连接起来的时候了。您需要执行以下步骤:

  1. 重命名文件 local_settings.py.geoserver.samplelocal_settings.py (此文件位于GEONODE_INSTALLATION_DIR/geonode/)

  2. 使用local_settings.py文件初始化GeoNode。

# Initialize GeoNode
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver reset
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver setup
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver sync
set DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py collectstatic --noinput

现在您可以使用PostgreSQL数据库在本地运行geonode。使用以下命令

python manage.py runserver --settings=geonode.local_settings

码头工人

在本节中,我们将列出需要以下内容的段落:

  1. 安装 Dockerdocker-compose Ubuntu主机上的软件包

  2. 部署一个香草 GeoNode 3.2.0 使用 Docker

  1. 重写 ENV 要部署在 public IPdomain

  2. 访问 django4geonode 用于更新代码库和/或更改内部设置的Docker映像

  3. 访问 geoserver4geonode 用于更新Geoserver版本的Docker映像

  1. 彻底摆脱陈旧的通道 Docker 映像和卷(完全修剪环境)

1.在Ubuntu主机上安装docker和docker-compose包

Docker设置(仅限第一次)

sudo add-apt-repository universe
sudo apt-get update -y
sudo apt-get install -y git-core git-buildpackage debhelper devscripts
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

sudo apt-get update -y
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose
sudo apt autoremove --purge

sudo usermod -aG docker geonode
su geonode

2.在CentOS主机上安装Docker和docker-compose软件包

Docker设置(仅限第一次)

警告

这个 centos-extras 必须启用存储库

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io

sudo systemctl start docker

sudo usermod -aG docker geonode
su geonode

3.测试Docker组合实例

注销并再次登录shell,然后执行:

docker run -it hello-world

4.使用Docker部署Vanilla GeoNode 3.2.0

克隆项目

# Let's create the GeoNode core base folder and clone it
sudo mkdir -p /opt/geonode/
sudo usermod -a -G www-data geonode
sudo chown -Rf geonode:www-data /opt/geonode/
sudo chmod -Rf 775 /opt/geonode/

# Clone the GeoNode source code on /opt/geonode
cd /opt
git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode

启动Docker实例 localhost

警告

第一次拉取图像需要一些时间。你需要一个良好的互联网连接。

cd /opt/geonode
docker-compose -f docker-compose.yml pull
docker-compose -f docker-compose.yml up -d

注解

如果您想从头开始重新构建docker映像,而不是 pulling 他们是从 Docker Hub 添加 --build 参数添加到up命令,例如:

  docker-compose -f docker-compose.yml up --build

In this case you can of course skip the ``pull`` step to download the ``pre-built`` images.

注解

以守护方式启动容器,这意味着它们将在后台启动(如果您 log out ,或关闭 shell )添加 -d 选项添加到 up 命令,如下所示。 docker-compose 如有必要(如开机后),请注意重新启动容器。

docker-compose -f docker-compose.yml up -d

# If you want to rebuild the images also
docker-compose -f docker-compose.yml up --build -d

测试实例并跟踪日志

如果以守护方式运行容器(使用 -d 选项),您可以运行特定的Docker命令来遵循 startup and initialization logs 或输入图像 shell 并检查是否存在 GeoNode logs

为了遵循 startup and initialization logs ,您将需要从存储库文件夹运行以下命令

cd /opt/geonode
docker logs -f django4geonode

或者:

cd /opt/geonode
docker-compose logs -f django

您应该能够看到几条初始化消息。容器启动并运行后,您将看到以下语句

...
789 static files copied to '/mnt/volumes/statics/static'.
static data refreshed
Executing UWSGI server uwsgi --ini /usr/src/app/uwsgi.ini for Production
[uWSGI] getting INI configuration from /usr/src/app/uwsgi.ini

要退出,只需点击 CTRL+C

此消息表示GeoNode容器已启动。浏览至 http://localhost/ 将显示GeoNode主页。您应该能够使用默认管理员用户成功登录 (admin / admin ),并立即开始使用。

使用Docker,还可以在容器中运行shell并遵循与在物理主机上部署完全相同的日志。要实现此运行,请执行以下操作

docker exec -it django4geonode /bin/bash

# Once logged in the GeoNode image, follow the logs by executing
tail -F -n 300 /var/log/geonode.log

或者:

docker-compose exec django /bin/bash

要退出,只需点击 CTRL+Cexit 回到主人身边。

覆盖要在公网IP或域上部署的ENV变量

如果您想要在 public IPdomain ,比方说 www.example.org ,您可以

cd /opt/geonode

# Stop the Containers (if running)
docker-compose stop

编辑 ENV 覆盖文件以在上部署 www.example.org

# Make sure the new host is correctly configured on the ``.env`` file
vim .env

到处替换 localhost 使用 www.example.org

vim docker-compose.override.example-org.yml

# e.g.: :%s/localhost/www.example.org/g

version: '2.2'
services:

  django:
    build: .
    # Loading the app is defined here to allow for
    # autoreload on changes it is mounted on top of the
    # old copy that docker added when creating the image
    volumes:
      - '.:/usr/src/app'
    environment:
      - DEBUG=False
      - GEONODE_LB_HOST_IP=www.example.org
      - GEONODE_LB_PORT=80
      - SITEURL=http://www.example.org/
      - ALLOWED_HOSTS=['www.example.org', ]
      - GEOSERVER_PUBLIC_LOCATION=http://www.example.org/geoserver/
      - GEOSERVER_WEB_UI_LOCATION=http://www.example.org/geoserver/

  celery:
    build: .
    volumes:
      - '.:/usr/src/app'
    environment:
      - DEBUG=False
      - GEONODE_LB_HOST_IP=www.example.org
      - GEONODE_LB_PORT=80
      - SITEURL=http://www.example.org/
      - ALLOWED_HOSTS=['www.example.org', ]
      - GEOSERVER_PUBLIC_LOCATION=http://www.example.org/geoserver/
      - GEOSERVER_WEB_UI_LOCATION=http://www.example.org/geoserver/

  geoserver:
    environment:
      - GEONODE_LB_HOST_IP=www.example.org
      - GEONODE_LB_PORT=80
  #    - NGINX_BASE_URL=

注解

这里可以覆盖更多变量来定制GeoNode实例。请参阅 GeoNode Settings 部分,以获取可用选项的列表。

在守护进程模式下运行容器

docker-compose -f docker-compose.yml -f docker-compose.override.example-org.yml up --build -d

访问django4geonode Docker容器以更新代码库和/或更改内部设置

访问容器 bash

docker exec -i -t django4geonode /bin/bash

您将以以下身份登录到GeoNode实例 root 。文件夹是 /usr/src/app/ 其中克隆了GeoNode项目。在这里,您将找到与GitHub存储库中相同的GeoNode源代码。

注解

机器默认为空,否 Ubuntu 已安装程序包。如果需要安装文本编辑器或其他东西,则必须运行以下命令:

apt update
apt install <package name>

e.g.:
  apt install vim

更新模板或 Django models 。一次在 bash 您可以编辑模板或Django模型/类。从这里您可以运行任何标准 Django management command

每当您更改 template/CSS/Javascript 记住稍后运行:

python manage.py collectstatic

为了将文件更新到 statics 码头体积。

警告

这是一个外部卷,简单的重新启动不会更新它。您必须小心,并使其与您的更改保持一致。

每当需要更改某些设置或环境变量时,最简单的做法是:

# Stop the container
docker-compose stop

# Restart the container in Daemon mode
docker-compose -f docker-compose.yml -f docker-compose.override.<whatever>.yml up -d

无论何时更改模型,请记住稍后通过以下方式在容器中运行 bash

python manage.py makemigrations
python manage.py migrate

访问geoserver4geonode Docker容器以更新Geoserver版本

此过程允许您访问Geoserver容器。

概念与上面完全相同,使用以下命令登录容器 bash

# Access the container bash
docker exec -it geoserver4geonode /bin/bash

您将以以下身份登录到Geoserver实例 root

Geoserver部署在Apache Tomcat实例上,可在此处找到

cd /usr/local/tomcat/webapps/geoserver

警告

地球服务器 DATA_DIR 部署在外部Docker卷上 geonode_gsdatadir 。此数据目录不会受到Geoserver应用程序更改的影响,因为它 external

更新Geoserver容器内的Geoserver实例

警告

旧配置将被保留,因为它是 external

docker exec -it geoserver4geonode bash

cd /usr/local/tomcat/
wget --no-check-certificate "https://www.dropbox.com/s/cmrdzde1oq67pre/geoserver-2.18.3.war?dl=1" -O geoserver-2.18.3.war
mkdir tmp/geoserver
cd tmp/geoserver/
unzip /usr/local/tomcat/geoserver-2.18.3.war
rm -Rf data
cp -Rf /usr/local/tomcat/webapps/geoserver/data/ .
cd /usr/local/tomcat/
mv webapps/geoserver/ .
mv tmp/geoserver/ webapps/
exit

docker restart geoserver4geonode

警告

GeoNode 2.8.1为 NOT 与Geoserver>2.13.x兼容

GeoNode 2.8.2/2.10.x为 NOT 与低于2.14.x的Geoserver兼容

GeoNode 3.x是 NOT 与低于2.16.x的Geoserver兼容

删除所有数据并将正在运行的GeoNode部署带入初始阶段

此过程允许您停止所有容器,并在删除所有卷的情况下重置所有数据。

cd /opt/geonode

# stop containers and remove volumes
docker-compose down -v

5.完全清除旧的docker镜像和卷的通道(完全重置环境)

注解

有关Docker命令的更多详细信息,请参考Docker官方文档。

可以让docker显示哪些容器当前正在运行(添加 -a 对于所有容器,也包括停止的容器)

# Show the currently running containers
docker ps

CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                NAMES
3b232931f820        geonode/nginx:production    "nginx -g 'daemon of…"   26 minutes ago      Up 26 minutes       0.0.0.0:80->80/tcp   nginx4geonode
ff7002ae6e91        geonode/geonode:latest     "/usr/src/app/entryp…"   26 minutes ago      Up 26 minutes       8000/tcp             django4geonode
2f155e5043be        geonode/geoserver:2.18.3   "/usr/local/tomcat/t…"   26 minutes ago      Up 26 minutes       8080/tcp             geoserver4geonode
97f1668a01b1        geonode_celery             "/usr/src/app/entryp…"   26 minutes ago      Up 26 minutes       8000/tcp             geonode_celery_1
1b623598b1bd        geonode/postgis:10         "docker-entrypoint.s…"   About an hour ago   Up 26 minutes       5432/tcp             db4geonode

通过运行以下命令停止所有容器

docker-compose stop

通过运行以下命令强制杀死所有容器

docker kill $(docker ps -q)

i您想要清理所有容器和映像,而不删除静电卷(即 DB 以及 GeoServer catalog ),发出以下命令

# Remove all containers
docker rm $(docker ps -a -q)

# Remove all docker images
docker rmi $(docker images -q)

# Prune the old images
docker system prune -a

如果要删除 volume 还包括

# List of the running volumes
docker volume ls

# Remove the GeoServer catalog by its name
docker volume rm -f geonode-gsdatadir

# Remove all dangling docker volumes
docker volume rm $(docker volume ls -qf dangling=true)

# update all images, should be run regularly to fetch published updates
for i in $(docker images| awk 'NR>1{print $1":"$2}'| grep -v '<none>'); do docker pull "$i" ;done