GeoNode核心¶
概述¶
以下步骤将指导您全新设置GeoNode。
All guides will first install and configure the system to run it in DEBUG
mode (also known as DEVELOPMENT
mode)
and then by configuring an HTTPD server to serve GeoNode through the standard HTTP
(80
) port.
警告
那些指南 不是 意味着要在生产系统上使用。将会有专门的章节向你展示一些 提示 要为可投入生产的计算机优化GeoNode,请执行以下操作。无论如何,我们强烈建议任命一位经验丰富的 DevOp 或 系统管理员 在将您的服务器暴露给 WEB
。
Ubuntu 20.04LTS¶
本部分文档介绍了Ubuntu 20.04LTS上GeoNode的完整设置过程 64-bit 干净的环境(台式机或服务器)。
所有示例都使用必须在本地终端或远程shell上输入的shell命令。
如果您有图形化桌面环境,可以在登录后打开终端应用;
如果您在远程服务器上工作,提供程序或sysadmin应该已经授予您通过ssh客户端的访问权限。
1.安装依赖项¶
在本节中,我们将安装完整的GeoNode安装所需的所有基本软件包和工具。
警告
要遵循本指南,需要了解Ubuntu服务器配置和使用shell的基本知识。
注解
本指南使用 vim
作为编辑;自由填充以供使用 nano
, gedit
或者其他人。
升级系统包¶
使用运行以下命令的存储库检查您的系统是否已处于最新状态:
sudo add-apt-repository ppa:ubuntugis/ubuntugis-unstable
sudo apt update -y; sudo apt upgrade -y;
软件包安装¶
注解
您不需要安装 系统包 如果要使用Docker运行项目
我们将使用 example.org 作为虚构的域名。
首先,我们要安装所有 系统包 GeoNode设置所需的。登录到目标计算机并执行以下命令:
# Install packages from GeoNode core
sudo apt install -y build-essential gdal-bin \
python3.8-dev python3.8-venv virtualenvwrapper \
libxml2 libxml2-dev gettext \
libxslt1-dev libjpeg-dev libpng-dev libpq-dev libgdal-dev \
software-properties-common build-essential \
git unzip gcc zlib1g-dev libgeos-dev libproj-dev \
sqlite3 spatialite-bin libsqlite3-mod-spatialite libsqlite3-dev
# Install Openjdk
sudo apt install openjdk-8-jdk-headless default-jdk-headless -y
sudo update-java-alternatives --jre-headless --jre --set java-1.8.0-openjdk-amd64
# Verify GDAL version
gdalinfo --version
$> GDAL 3.0.4, released 2020/01/28
# Verify Python version
python3.8 --version
$> Python 3.8.5
which python3.8
$> /usr/bin/python3.8
# Verify Java version
java -version
$> openjdk version "1.8.0_265"
$> OpenJDK Runtime Environment (build 1.8.0_265-8u265-b01-0ubuntu2~20.04-b01)
$> OpenJDK 64-Bit Server VM (build 25.265-b01, mixed mode)
# Install VIM
sudo apt install -y vim
# Cleanup the packages
sudo apt update -y; sudo apt upgrade -y; sudo apt autoremove --purge
警告
GeoNode 3.x与Python<3.7不兼容
2.GeoNode安装¶
这是GeoNode的最基本安装。它不会使用任何外部服务器,比如 Apache Tomcat
, PostgreSQL
或 HTTPD
。
首先,我们需要准备一个新的Python虚拟环境
由于geonode需要大量不同的python库和包,建议使用python虚拟环境,以避免与系统范围的python包和其他已安装软件的依赖冲突。另请参阅的文档 Virtualenvwrapper 有关详细信息,请打包
注解
GeoNode虚拟环境只能在第一次创建。您不需要每次都重新创建它。
which python3.8 # copy the path of python executable
# Create the GeoNode Virtual Environment (first time only)
export WORKON_HOME=~/.virtualenvs
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
mkvirtualenv --python=/usr/bin/python3.8 geonode # Use the python path from above
# Alterantively you can also create the virtual env like below
mkdir -p ~/.virtualenvs
python3.8 -m venv ~/.virtualenvs/geonode
source ~/.virtualenvs/geonode/bin/activate
此时,您的命令提示符会显示一个 (geonode)
前缀,则表示您的viralenv处于活动状态。
注解
下次需要访问虚拟环境时,只需运行
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
workon geonode
# Alterantively you can also create the virtual env like below
source ~/.virtualenvs/geonode/bin/activate
注解
为了永久保存viralenvwrapper环境
vim ~/.bashrc
# Write to the bottom of the file the following lines
export WORKON_HOME=~/.virtualenvs
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
# Let's create the GeoNode core base folder and clone it
sudo mkdir -p /opt/geonode/; sudo usermod -a -G www-data $USER; sudo chown -Rf $USER:www-data /opt/geonode/; sudo chmod -Rf 775 /opt/geonode/
# Clone the GeoNode source code on /opt/geonode
cd /opt; git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode
# Install the Python packages
cd /opt/geonode
pip install -r requirements.txt --upgrade --no-cache --no-cache-dir
pip install -e . --upgrade
pip install pygdal=="`gdal-config --version`.*"
3.Postgis数据库设置¶
请确保您已成功完成本部分的所有步骤 1.安装依赖项 。
在本节中,我们将为PostgreSQL中的GeoNode设置用户和数据库。
安装和配置PostgreSQL数据库系统¶
在本节中,我们将安装 PostgreSQL
随附的包裹和 PostGIS
分机。这些步骤必须完成 only 如果您的系统上尚未安装该数据库。
# Ubuntu 20.04 (focal)
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sudo wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update -y; sudo apt install -y postgresql-13 postgresql-13-postgis-3 postgresql-13-postgis-3-scripts postgresql-13 postgresql-client-13
我们现在必须创建两个数据库, geonode
和 geonode_data
,属于该角色 geonode
。
警告
这是我们的默认配置。您可以使用所需的任何数据库或角色。必须在上正确配置连接参数 settings
,正如我们将在本节后面看到的那样。
数据库和权限¶
首先,创建geonode用户。GeoNode将使用此用户访问数据库
sudo service postgresql start
sudo -u postgres createuser -P geonode
# Use the password: geonode
系统将提示您为该用户设置密码。 输入geonode作为密码 。
警告
这是为简单起见使用的示例密码。此密码非常 weak 并且应该在生产环境中进行更改。
创建数据库 geonode
和 geonode_data
与所有者在一起 geonode
sudo -u postgres createdb -O geonode geonode
sudo -u postgres createdb -O geonode geonode_data
接下来,让我们创建PostGIS扩展模块
sudo -u postgres psql -d geonode -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode_data -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO geonode;'
最后一步是更改文件中本地连接的用户访问策略 pg_hba.conf
sudo vim /etc/postgresql/13/main/pg_hba.conf
向下滚动到文档底部。我们想在当地转机。 trusted
对于默认用户。
确保您的配置与下面的配置类似。
...
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
警告
如果您的 PostgreSQL
数据库驻留在 separate/remote machine ,你将不得不 允许 对中的数据库的远程访问 /etc/postgresql/13/main/pg_hba.conf
发送到 geonode
用户,并告诉PostgreSQL 接受 中的非本地连接 /etc/postgresql/13/main/postgresql.conf
文件
重新启动PostgreSQL以使更改生效。
sudo service postgresql restart
PostgreSQL现在已经准备好了。要测试配置,请尝试连接到 geonode
数据库AS geonode
角色。
psql -U postgres geonode
# This should not ask for any password
psql -U geonode geonode
# This should ask for the password geonode
# Repeat the test with geonode_data DB
psql -U postgres geonode_data
psql -U geonode geonode_data
4.安装Geoserver¶
在本节中,我们将安装 Apache Tomcat 8
Servlet Java容器,缺省情况下将在内部端口上启动 8080
。
我们还将执行多项优化,以:
正确设置Java VM选项,如可用堆内存和垃圾收集器选项。
外部化
GeoServer
和GeoWebcache
目录,以便允许进一步更新,而不存在删除我们的数据集的风险。
注解
这仍然是这些组件的基本设置。本文档中有关在生产环境中强化系统的章节将提供更多详细信息。不过,您需要根据您当前的系统相应地调整这些设置。例如,如果您的计算机没有足够的内存,您将需要降低可用堆内存的初始数量。 警告 和 注意事项 将放在需要您注意的语句下面。
Install Apache Tomcat 9 (ref. https://yallalabs.com/linux/ubuntu/how-to-install-apache-tomcat-9-ubuntu-20-04/)
警告
Apache Tomcat9要求在服务器上安装Java8或更高版本。检查前面的步骤,以确保您的系统上正确安装了OpenJDK 8。
首先,不建议以root用户身份运行Apache Tomcat,因此我们将创建一个新的系统用户,该用户将运行Apache Tomcat服务器
sudo useradd -m -U -d /opt/tomcat -s /bin/bash tomcat
sudo usermod -a -G www-data tomcat
警告
现在,请转到官方Apache Tomcat website 并将最新版本的软件下载到您的服务器。但是不要使用Tomcat10,因为Geoserver和Tomcat之间仍然存在一些错误。
VERSION=9.0.48; wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz
下载完成后,将tar文件解压到/opt/tomcat目录:
sudo tar -xf apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/; rm apache-tomcat-${VERSION}.tar.gz
Apache Tomcat定期更新。因此,为了更好地控制版本和更新,我们将创建一个符号链接,如下所示:
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
现在,让我们更改所有Apache Tomcat文件的所有权,如下所示:
sudo chown -R tomcat:www-data /opt/tomcat/
将bin目录内的shell脚本设为可执行文件:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
创建包含以下内容的a systemd文件:
# Check the correct JAVA_HOME location
JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")
echo $JAVA_HOME
$> /usr/lib/jvm/java-8-openjdk-amd64/jre/
# Let's create a symbolic link to the JRE
sudo ln -s /usr/lib/jvm/java-8-openjdk-amd64/jre/ /usr/lib/jvm/jre
# Let's create the tomcat service
sudo vim /etc/init.d/tomcat9
#!/bin/bash
### BEGIN INIT INFO
# Provides: tomcat9
# Required-Start: $local_fs $remote_fs $network $time
# Required-Stop: $local_fs $remote_fs $network $time
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Apache Tomcat init script
### END INIT INFO
#Location of JAVA_HOME (bin files)
export JAVA_HOME=/usr/lib/jvm/jre
export JAVA_OPTS=-Djava.security.egd=file:///dev/urandom
#Add Java binary files to PATH
export PATH=$JAVA_HOME/bin:$PATH
#CATALINA_HOME is the location of the bin files of Tomcat
export CATALINA_HOME=/opt/tomcat/latest
#CATALINA_BASE is the location of the configuration files of this instance of Tomcat
export CATALINA_BASE=/opt/tomcat/latest
export CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid
#TOMCAT_USER is the default user of tomcat
export TOMCAT_USER=tomcat
#TOMCAT_USAGE is the message if this script is called without any options
TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;31mkill\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}"
#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop
SHUTDOWN_WAIT=20
tomcat_pid() {
echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2`
}
start() {
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m"
else
# Start tomcat
echo -e "\e[00;32mStarting tomcat\e[00m"
#ulimit -n 100000
#umask 007
#/bin/su -p -s /bin/sh $TOMCAT_USER
if [ `user_exists $TOMCAT_USER` = "1" ]
then
/bin/su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh
else
echo -e "\e[00;31mTomcat user $TOMCAT_USER does not exists. Starting with $(id)\e[00m"
sh $CATALINA_HOME/bin/startup.sh
fi
status
fi
return 0
}
status(){
pid=$(tomcat_pid)
if [ -n "$pid" ]
then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m"
else
echo -e "\e[00;31mTomcat is not running\e[00m"
return 3
fi
}
terminate() {
echo -e "\e[00;31mTerminating Tomcat\e[00m"
kill -9 $(tomcat_pid)
}
stop() {
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo -e "\e[00;31mStoping Tomcat\e[00m"
#/bin/su -p -s /bin/sh $TOMCAT_USER
sh $CATALINA_HOME/bin/shutdown.sh
let kwait=$SHUTDOWN_WAIT
count=0;
until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]
do
echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m";
sleep 1
let count=$count+1;
done
if [ $count -gt $kwait ]; then
echo -n -e "\n\e[00;31mkilling processes didn't stop after $SHUTDOWN_WAIT seconds\e[00m"
terminate
fi
else
echo -e "\e[00;31mTomcat is not running\e[00m"
fi
return 0
}
user_exists(){
if id -u $1 >/dev/null 2>&1; then
echo "1"
else
echo "0"
fi
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
exit $?
;;
kill)
terminate
;;
*)
echo -e $TOMCAT_USAGE
;;
esac
exit 0
现在,您可以启动Apache Tomcat 9服务器,并使用以下命令使其在引导时启动:
sudo chmod +x /etc/init.d/tomcat9
sudo /etc/init.d/tomcat9 start
为了进行验证,请键入以下ss命令,该命令将显示8080开放端口号,这是为Apache Tomcat Server保留的默认开放端口。
ss -ltn
在干净的Ubuntu20.04中,可能找不到ss命令,应该首先安装iproute2库。
sudo apt install iproute2
# Then run the ss command
ss -ltn
如果您的服务器受防火墙保护,并且您希望从本地网络外部访问Tomcat,则需要打开端口8080。
使用以下命令打开必要的端口:
sudo ufw allow 8080/tcp
警告
通常,当在生产环境中运行Tomcat时,您应该使用负载平衡器或反向代理。
最佳做法是允许访问端口 8080
只能从您的内部网络。
我们将使用 NGINX
为了通过标准向Apache Tomcat提供 HTTP
港口。
注解
或者,您也可以按如下方式定义Tomcat服务,以防您想要使用 systemctl
sudo vim /usr/lib/systemd/system/tomcat9.service
[Unit]
Description=Apache Tomcat Server
After=syslog.target network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=JAVA_OPTS=-Djava.security.egd=file:///dev/urandom
Environment=CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/latest
Environment=CATALINA_BASE=/opt/tomcat/latest
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
RestartSec=30
Restart=always
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable tomcat9.service
sudo systemctl start tomcat9.service
在Tomcat9上安装Geoserver¶
让我们将 GEOSERVER_DATA_DIR
和 logs
# Create the target folders
sudo mkdir -p /opt/data
sudo chown -Rf $USER:www-data /opt/data
sudo chmod -Rf 775 /opt/data
sudo mkdir -p /opt/data/logs
sudo chown -Rf $USER:www-data /opt/data/logs
sudo chmod -Rf 775 /opt/data/logs
# Download and extract the default GEOSERVER_DATA_DIR
sudo wget --no-check-certificate "https://www.dropbox.com/s/cd20is9ddjz7ti5/data-2.18.3.zip?dl=1" -O data-2.18.3.zip
sudo unzip data-2.18.3.zip -d /opt/data/
sudo mv /opt/data/data/ /opt/data/geoserver_data
sudo chown -Rf tomcat:www-data /opt/data/geoserver_data
sudo chmod -Rf 775 /opt/data/geoserver_data
sudo mkdir -p /opt/data/geoserver_logs
sudo chown -Rf tomcat:www-data /opt/data/geoserver_logs
sudo chmod -Rf 775 /opt/data/geoserver_logs
sudo mkdir -p /opt/data/gwc_cache_dir
sudo chown -Rf tomcat:www-data /opt/data/gwc_cache_dir
sudo chmod -Rf 775 /opt/data/gwc_cache_dir
# Download and install GeoServer
sudo wget --no-check-certificate "https://www.dropbox.com/s/cmrdzde1oq67pre/geoserver-2.18.3.war?dl=0" -O geoserver-2.18.3.war
sudo mv geoserver-2.18.3.war /opt/tomcat/latest/webapps/geoserver.war
现在让我们配置 JAVA_OPTS
即运行Servlet容器的参数,如堆内存、垃圾收集器等。
sudo sed -i -e 's/xom-\*\.jar/xom-\*\.jar,bcprov\*\.jar/g' /opt/tomcat/latest/conf/catalina.properties
export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::")
echo 'JAVA_HOME='$JAVA_HOME | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
sudo sed -i -e "s/JAVA_OPTS=/#JAVA_OPTS=/g" /opt/tomcat/latest/bin/setenv.sh
echo 'GEOSERVER_DATA_DIR="/opt/data/geoserver_data"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOSERVER_LOG_LOCATION="/opt/data/geoserver_logs/geoserver.log"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOWEBCACHE_CACHE_DIR="/opt/data/gwc_cache_dir"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'GEOFENCE_DIR="$GEOSERVER_DATA_DIR/geofence"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'TIMEZONE="UTC"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
echo 'JAVA_OPTS="-server -Djava.awt.headless=true -Dorg.geotools.shapefile.datetime=false -XX:+UseParallelGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Duser.timezone=$TIMEZONE -Xms512m -Xmx4096m -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DGEOSERVER_DATA_DIR=$GEOSERVER_DATA_DIR -Dgeofence.dir=$GEOFENCE_DIR -DGEOSERVER_LOG_LOCATION=$GEOSERVER_LOG_LOCATION -DGEOWEBCACHE_CACHE_DIR=$GEOWEBCACHE_CACHE_DIR"' | sudo tee --append /opt/tomcat/latest/bin/setenv.sh
注解
执行完上述语句后,您应该能够看到写在文件底部的新选项 /opt/tomcat/latest/bin/setenv.sh
。
...
# If you run Tomcat on port numbers that are all higher than 1023, then you
# do not need authbind. It is used for binding Tomcat to lower port numbers.
# (yes/no, default: no)
#AUTHBIND=no
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre/
GEOSERVER_DATA_DIR="/opt/data/geoserver_data"
GEOSERVER_LOG_LOCATION="/opt/data/geoserver_logs/geoserver.log"
GEOWEBCACHE_CACHE_DIR="/opt/data/gwc_cache_dir"
GEOFENCE_DIR="$GEOSERVER_DATA_DIR/geofence"
TIMEZONE="UTC"
JAVA_OPTS="-server -Djava.awt.headless=true -Dorg.geotools.shapefile.datetime=false -XX:+UseParallelGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Duser.timezone=$TIMEZONE -Xms512m -Xmx4096m -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://localhost:8080/geoserver/pdf -DGEOSERVER_DATA_DIR=$GEOSERVER_DATA_DIR -Dgeofence.dir=$GEOFENCE_DIR -DGEOSERVER_LOG_LOCATION=$GEOSERVER_LOG_LOCATION -DGEOWEBCACHE_CACHE_DIR=$GEOWEBCACHE_CACHE_DIR"
这些选项可以根据您的需要随时手动更新或更改。
警告
我们要添加到Servlet容器的默认选项,假设您至少可以保留 4GB
的 RAM
至 GeoServer
(请参阅选项 -Xmx4096m
)。您必须确保您的计算机有足够的内存来同时运行 GeoServer
和 GeoNode
,在这种情况下,这至少意味着 4GB
为 GeoServer
再加上至少 2GB
为 GeoNode
。总共至少有 6GB
的 RAM
在您的计算机上可用。如果你没有足够的钱 RAM
可用,您可以降低这些值 -Xms512m -Xmx4096m
。想想看,用更少的钱 RAM
如果您的服务可用,您的服务性能将受到很大影响。
为了使更改生效,您需要重新启动Servlet容器。
# Restart the server
sudo /etc/init.d/tomcat9 restart
# Follow the startup logs
sudo tail -F -n 300 /opt/data/geoserver_logs/geoserver.log
如果您可以在日志上看到类似于此的内容,并且没有错误
...
2019-05-31 10:06:34,190 INFO [geoserver.wps] - Found 5 bindable processes in GeoServer specific processes
2019-05-31 10:06:34,281 INFO [geoserver.wps] - Found 89 bindable processes in Deprecated processes
2019-05-31 10:06:34,298 INFO [geoserver.wps] - Found 31 bindable processes in Vector processes
2019-05-31 10:06:34,307 INFO [geoserver.wps] - Found 48 bindable processes in Geometry processes
2019-05-31 10:06:34,307 INFO [geoserver.wps] - Found 1 bindable processes in PolygonLabelProcess
2019-05-31 10:06:34,311 INFO [geoserver.wps] - Blacklisting process ras:ConvolveCoverage as the input kernel of type class javax.media.jai.KernelJAI cannot be handled
2019-05-31 10:06:34,319 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input zones of type class java.lang.Object cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input nodata of type class it.geosolutions.jaiext.range.Range cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the input rangeData of type class java.lang.Object cannot be handled
2019-05-31 10:06:34,320 INFO [geoserver.wps] - Blacklisting process ras:RasterZonalStatistics2 as the output zonal statistics of type interface java.util.List cannot be handled
2019-05-31 10:06:34,321 INFO [geoserver.wps] - Found 18 bindable processes in Raster processes
2019-05-31 10:06:34,917 INFO [ows.OWSHandlerMapping] - Mapped URL path [/TestWfsPost] onto handler 'wfsTestServlet'
2019-05-31 10:06:34,918 INFO [ows.OWSHandlerMapping] - Mapped URL path [/wfs/*] onto handler 'dispatcher'
2019-05-31 10:06:34,918 INFO [ows.OWSHandlerMapping] - Mapped URL path [/wfs] onto handler 'dispatcher'
2019-05-31 10:06:42,237 INFO [geoserver.security] - Start reloading user/groups for service named default
2019-05-31 10:06:42,241 INFO [geoserver.security] - Reloading user/groups successful for service named default
2019-05-31 10:06:42,357 WARN [auth.GeoFenceAuthenticationProvider] - INIT FROM CONFIG
2019-05-31 10:06:42,494 INFO [geoserver.security] - AuthenticationCache Initialized with 1000 Max Entries, 300 seconds idle time, 600 seconds time to live and 3 concurrency level
2019-05-31 10:06:42,495 INFO [geoserver.security] - AuthenticationCache Eviction Task created to run every 600 seconds
2019-05-31 10:06:42,506 INFO [config.GeoserverXMLResourceProvider] - Found configuration file in /opt/data/gwc_cache_dir
2019-05-31 10:06:42,516 INFO [config.GeoserverXMLResourceProvider] - Found configuration file in /opt/data/gwc_cache_dir
2019-05-31 10:06:42,542 INFO [config.XMLConfiguration] - Wrote configuration to /opt/data/gwc_cache_dir
2019-05-31 10:06:42,547 INFO [geoserver.importer] - Enabling import store: memory
你的 GeoServer
应在以下时间启动并运行
http://localhost:8080/geoserver/
警告
如果出现错误或文件 geoserver.log
未创建,请检查Catalina日志以尝试了解发生了什么。
sudo less /opt/tomcat/latest/logs/catalina.out
5.Web服务器¶
到目前为止,我们已经了解了如何开始 GeoNode
在……里面 DEBUG
模式,从命令行通过 paver
公用设施。这当然不是最好的开始方式。此外,您还需要一个专门的 HTTPD
在端口上运行的服务器 80
如果您想要向世界公开您的服务器。
在本节中,我们将看到:
如何配置
NGINX
主机的HTTPD服务器GeoNode
和GeoServer
。在初始设置中,我们仍将在上运行服务http://localhost
更新
settings
为了链接到GeoNode
和GeoServer
发送到PostgreSQL
数据库。更新
settings
为了更新GeoNode
和GeoServer
在上运行的服务 公网IP 或 主机名 。安装并启用
HTTPS
通过Let's Encrypt
提供商。
安装和配置Nginx¶
警告
Nginx似乎有可能在Python3.6上运行,而不是在3.8上运行。
# Install the services
sudo apt install -y nginx uwsgi uwsgi-plugin-python3
通过Nginx服务{“geonode”,“geoserver”}¶
# Create the GeoNode UWSGI config
sudo vim /etc/uwsgi/apps-available/geonode.ini
警告
!重要!
更改线路 virtualenv = /home/<my_user>/.virtualenvs/geonode
下面是您当前的用户主目录!
例如:如果用户是 afabiani
然后 virtualenv = /home/afabiani/.virtualenvs/geonode
[uwsgi]
uwsgi-socket = 0.0.0.0:8000
# http-socket = 0.0.0.0:8000
gid = www-data
plugins = python3
virtualenv = /home/<my_user>/.virtualenvs/geonode
env = DJANGO_SETTINGS_MODULE=geonode.settings
env = GEONODE_INSTANCE_NAME=geonode
env = GEONODE_LB_HOST_IP=
env = GEONODE_LB_PORT=
# #################
# backend
# #################
env = POSTGRES_USER=postgres
env = POSTGRES_PASSWORD=postgres
env = GEONODE_DATABASE=geonode
env = GEONODE_DATABASE_PASSWORD=geonode
env = GEONODE_GEODATABASE=geonode_data
env = GEONODE_GEODATABASE_PASSWORD=geonode
env = GEONODE_DATABASE_SCHEMA=public
env = GEONODE_GEODATABASE_SCHEMA=public
env = DATABASE_HOST=localhost
env = DATABASE_PORT=5432
env = DATABASE_URL=postgis://geonode:geonode@localhost:5432/geonode
env = GEODATABASE_URL=postgis://geonode:geonode@localhost:5432/geonode_data
env = GEONODE_DB_CONN_MAX_AGE=0
env = GEONODE_DB_CONN_TOUT=5
env = DEFAULT_BACKEND_DATASTORE=datastore
env = BROKER_URL=amqp://admin:admin@localhost:5672//
env = ASYNC_SIGNALS=False
env = SITEURL=http://localhost/
env = ALLOWED_HOSTS="['*']"
# Data Uploader
env = DEFAULT_BACKEND_UPLOADER=geonode.importer
env = TIME_ENABLED=True
env = MOSAIC_ENABLED=False
env = HAYSTACK_SEARCH=False
env = HAYSTACK_ENGINE_URL=http://elasticsearch:9200/
env = HAYSTACK_ENGINE_INDEX_NAME=haystack
env = HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
# #################
# nginx
# HTTPD Server
# #################
env = GEONODE_LB_HOST_IP=localhost
env = GEONODE_LB_PORT=80
# IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
# port where the server can be reached on HTTPS
env = HTTP_HOST=localhost
env = HTTPS_HOST=
env = HTTP_PORT=8000
env = HTTPS_PORT=443
# #################
# geoserver
# #################
env = GEOSERVER_WEB_UI_LOCATION=http://localhost/geoserver/
env = GEOSERVER_PUBLIC_LOCATION=http://localhost/geoserver/
env = GEOSERVER_LOCATION=http://localhost:8080/geoserver/
env = GEOSERVER_ADMIN_USER=admin
env = GEOSERVER_ADMIN_PASSWORD=geoserver
env = OGC_REQUEST_TIMEOUT=5
env = OGC_REQUEST_MAX_RETRIES=1
env = OGC_REQUEST_BACKOFF_FACTOR=0.3
env = OGC_REQUEST_POOL_MAXSIZE=10
env = OGC_REQUEST_POOL_CONNECTIONS=10
# Java Options & Memory
env = ENABLE_JSONP=true
env = outFormat=text/javascript
env = GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms2G -Xmx4G -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
# #################
# Security
# #################
# Admin Settings
env = ADMIN_USERNAME=admin
env = ADMIN_PASSWORD=admin
env = ADMIN_EMAIL=admin@localhost
# EMAIL Notifications
env = EMAIL_ENABLE=False
env = DJANGO_EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
env = DJANGO_EMAIL_HOST=localhost
env = DJANGO_EMAIL_PORT=25
env = DJANGO_EMAIL_HOST_USER=
env = DJANGO_EMAIL_HOST_PASSWORD=
env = DJANGO_EMAIL_USE_TLS=False
env = DJANGO_EMAIL_USE_SSL=False
env = DEFAULT_FROM_EMAIL='GeoNode <no-reply@geonode.org>'
# Session/Access Control
env = LOCKDOWN_GEONODE=False
env = CORS_ORIGIN_ALLOW_ALL=True
env = X_FRAME_OPTIONS="SAMEORIGIN"
env = SESSION_EXPIRED_CONTROL_ENABLED=True
env = DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
env = DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
# Users Registration
env = ACCOUNT_OPEN_SIGNUP=True
env = ACCOUNT_EMAIL_REQUIRED=True
env = ACCOUNT_APPROVAL_REQUIRED=False
env = ACCOUNT_CONFIRM_EMAIL_ON_GET=False
env = ACCOUNT_EMAIL_VERIFICATION=none
env = ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
env = ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
env = ACCOUNT_AUTHENTICATION_METHOD=username_email
env = AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
# OAuth2
env = OAUTH2_API_KEY=
env = OAUTH2_CLIENT_ID=Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV
env = OAUTH2_CLIENT_SECRET=rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3
# GeoNode APIs
env = API_LOCKDOWN=False
env = TASTYPIE_APIKEY=
# #################
# Production and
# Monitoring
# #################
env = DEBUG=False
SECRET_KEY='myv-y4#7j-d*p-__@j#*3z@!y24fz8%^z2v6atuy4bo9vqr1_a'
env = CACHE_BUSTING_STATIC_ENABLED=False
env = CACHE_BUSTING_MEDIA_ENABLED=False
env = MEMCACHED_ENABLED=False
env = MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
env = MEMCACHED_LOCATION=127.0.0.1:11211
env = MEMCACHED_LOCK_EXPIRE=3600
env = MEMCACHED_LOCK_TIMEOUT=10
env = MAX_DOCUMENT_SIZE=2
env = CLIENT_RESULTS_LIMIT=5
env = API_LIMIT_PER_PAGE=1000
# GIS Client
env = GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY=mapstore
env = MAPBOX_ACCESS_TOKEN=
env = BING_API_KEY=
env = GOOGLE_API_KEY=
# Monitoring
env = MONITORING_ENABLED=True
env = MONITORING_DATA_TTL=365
env = USER_ANALYTICS_ENABLED=True
env = USER_ANALYTICS_GZIP=True
env = CENTRALIZED_DASHBOARD_ENABLED=False
env = MONITORING_SERVICE_NAME=local-geonode
env = MONITORING_HOST_NAME=geonode
# Other Options/Contribs
env = MODIFY_TOPICCATEGORY=True
env = AVATAR_GRAVATAR_SSL=True
env = EXIF_ENABLED=True
env = CREATE_LAYER=True
env = FAVORITE_ENABLED=True
logto = /opt/data/logs/geonode.log
# pidfile = /tmp/geonode.pid
chdir = /opt/geonode
module = geonode.wsgi:application
strict = false
master = true
enable-threads = true
vacuum = true ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true
# logging
# path to where uwsgi logs will be saved
# logto = /opt/data/geonode_logs/geonode.log
daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768
harakiri = 60 ; forcefully kill workers after 60 seconds
py-callos-afterfork = true ; allow workers to trap signals
max-requests = 1000 ; Restart workers after this many requests
max-worker-lifetime = 3600 ; Restart workers after this many seconds
reload-on-rss = 2048 ; Restart workers after this much resident memory
worker-reload-mercy = 60 ; How long to wait before forcefully killing workers
cheaper-algo = busyness
processes = 128 ; Maximum number of workers allowed
cheaper = 8 ; Minimum number of workers allowed
cheaper-initial = 16 ; Workers created at startup
cheaper-overload = 1 ; Length of a cycle in seconds
cheaper-step = 16 ; How many workers to spawn at a time
cheaper-busyness-multiplier = 30 ; How many cycles to wait before killing workers
cheaper-busyness-min = 20 ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70 ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16 ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2 ; How many emergency workers to create if there are too many requests in the queue
# Enable the GeoNode UWSGI config
sudo ln -s /etc/uwsgi/apps-available/geonode.ini /etc/uwsgi/apps-enabled/geonode.ini
# Restart UWSGI Service
sudo pkill -9 -f uwsgi
sudo service uwsgi restart
# Backup the original NGINX config
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
# Create the GeoNode Default NGINX config
sudo vim /etc/nginx/nginx.conf
# Make sure your nginx.config matches the following one
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 16 8k;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_types video/mp4 text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/jpeg;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# Remove the Default NGINX config
sudo rm /etc/nginx/sites-enabled/default
# Create the GeoNode App NGINX config
sudo vim /etc/nginx/sites-available/geonode
uwsgi_intercept_errors on;
upstream geoserver_proxy {
server localhost:8080;
}
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
charset utf-8;
etag on;
expires $expires;
proxy_read_timeout 600s;
# set client body size to 2M #
client_max_body_size 50000M;
location / {
etag off;
uwsgi_pass 127.0.0.1:8000;
uwsgi_read_timeout 600s;
include uwsgi_params;
}
location /static/ {
alias /opt/geonode/geonode/static_root/;
}
location /uploaded/ {
alias /opt/geonode/geonode/uploaded/;
}
location /geoserver {
proxy_pass http://geoserver_proxy;
include proxy_params;
}
}
# Prepare the uploaded folder
sudo mkdir -p /opt/geonode/geonode/uploaded
sudo chown -Rf tomcat:www-data /opt/geonode/geonode/uploaded
sudo chmod -Rf 777 /opt/geonode/geonode/uploaded/
sudo touch /opt/geonode/geonode/.celery_results
sudo chmod 777 /opt/geonode/geonode/.celery_results
# Enable GeoNode NGINX config
sudo ln -s /etc/nginx/sites-available/geonode /etc/nginx/sites-enabled/geonode
# Restart the services
sudo service tomcat9 restart
sudo service nginx restart
更新设置以使用 PostgreSQL
数据库¶
警告
确保您已经按照前面几节中的说明安装和配置了数据库。
注解
而不是使用 local_settings.py
,您可以通过 .env*
变量;请将文件作为实例查看 ./paver_dev.sh
或 ./manage_dev.sh
以便了解如何使用它们。如果是那样的话 您不需要创建 这个 local_settings.py
文件;您可以只使用取消默认的文件,它将从ENV中获取值。在生产/停靠码头的系统中,我们倾向于使用这种方法。
workon geonode
cd /opt/geonode
# Initialize GeoNode
chmod +x *.sh
./paver_local.sh reset
./paver_local.sh setup
./paver_local.sh sync
./manage_local.sh collectstatic --noinput
sudo chmod -Rf 777 geonode/static_root/ geonode/uploaded/
在完成配置之前,我们需要更新 UWSGI
设置
重新启动 UWSGI
并更新 OAuth2
通过使用新的 geonode.settings
# As superuser
sudo su
# Restart Tomcat
service tomcat9 restart
# Restart UWSGI
pkill -9 -f uwsgi
service uwsgi restart
# Update the GeoNode ip or hostname
cd /opt/geonode
# This must be done the first time only
cp package/support/geonode.binary /usr/bin/geonode
cp package/support/geonode.updateip /usr/bin/geonode_updateip
chmod +x /usr/bin/geonode
chmod +x /usr/bin/geonode_updateip
# Refresh GeoNode and GeoServer OAuth2 settings
source .env_local
PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat9" APACHE_SERVICE="service nginx" geonode_updateip -p localhost
# Go back to standard user
exit
使用检查是否有任何错误
sudo tail -F -n 300 /var/log/uwsgi/app/geonode.log
使用以下命令重新加载UWSGI配置
touch /opt/geonode/geonode/wsgi.py
6.更新设置以更新在公网IP或主机名上运行的GeoNode和Geoserver服务¶
警告
在将您的服务公开给互联网之前, 一定要确保 您的系统是 硬化 和 足够安全 。有关详细信息,请参阅特定文档部分。
假设您想在公共IP或域上运行您的服务,例如 www.example.org
。您需要稍微更新您的服务才能反映新的服务器名称。
具体来说,要做的步骤包括:
更新
NGINX
配置,以便为新域名提供服务。sudo vim /etc/nginx/sites-enabled/geonode # Update the 'server_name' directive server_name example.org www.example.org; # Restart the service sudo service nginx restart
更新
UWSGI
配置,以便为新域名提供服务。sudo vim /etc/uwsgi/apps-enabled/geonode.ini # Change everywhere 'localhost' to the new hostname :%s/localhost/www.example.org/g :wq # Restart the service sudo service uwsgi restart
更新
OAuth2
配置,以便命中新的主机名。workon geonode cd /opt/geonode # Update the GeoNode ip or hostname sudo PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.local_settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat" APACHE_SERVICE="service nginx" geonode_updateip -l localhost -p www.example.org
更新现有的
GeoNode
链接以命中新的主机名。workon geonode cd /opt/geonode # Update the GeoNode ip or hostname DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py migrate_baseurl --source-address=http://localhost --target-address=http://www.example.org
7.通过We‘s Encrypt提供程序安装并启用HTTPS安全连接¶
# Install Let's Encrypt Certbot
# sudo add-apt-repository ppa:certbot/certbot # for ubuntu 18.04 and lower
sudo apt update -y; sudo apt install python-certbot-nginx -y
# Reload NGINX config and make sure the firewall denies access to HTTP
sudo systemctl reload nginx
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
# Create and dump the Let's Encrypt Certificates
sudo certbot --nginx -d example.org -d www.example.org
# ...choose the redirect option when asked for
接下来,要做的步骤是:
Update the
GeoNode
OAuth2Redirect URIs
accordingly.从
GeoNode Admin Dashboard
去Home › Django/GeoNode OAuth Toolkit › Applications › GeoServer
更新
GeoServer
Proxy Base URL
相应地。从
GeoServer Admin GUI
去About & Status > Global
更新
GeoServer
Role Base URL
相应地。从
GeoServer Admin GUI
去Security > Users, Groups, Roles > geonode REST role service
更新
GeoServer
OAuth2 Service Parameters
相应地。从
GeoServer Admin GUI
去Security > Authentication > Authentication Filters > geonode-oauth2
更新
UWSGI
配置sudo vim /etc/uwsgi/apps-enabled/geonode.ini # Change everywhere 'http' to 'https' %s/http/https/g # Add three more 'env' variables to the configuration env = SECURE_SSL_REDIRECT=True env = SECURE_HSTS_INCLUDE_SUBDOMAINS=True env = AVATAR_GRAVATAR_SSL=True # Restart the service sudo service uwsgi restart
8.启用完全异步任务¶
安装和配置 "rabbitmq-server"¶
警告
根据您的Ubuntu发行版调整以下步骤(请参阅 "rabbitmq-server" 指向文档的链接)。
sudo apt update && sudo apt upgrade && sudo apt install wget -y
echo "deb https://packages.erlang-solutions.com/ubuntu focal contrib" | sudo tee /etc/apt/sources.list.d/rabbitmq.list
sudo apt update
sudo apt install erlang
sudo apt install apt-transport-https -y
wget -O- https://dl.bintray.com/rabbitmq/Keys/rabbitmq-release-signing-key.asc | sudo apt-key add -
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
echo "deb https://dl.bintray.com/rabbitmq-erlang/debian focal erlang-22.x" | sudo tee /etc/apt/sources.list.d/rabbitmq.list
sudo apt update
sudo apt install rabbitmq-server
sudo systemctl start rabbitmq-server.service
sudo systemctl enable rabbitmq-server.service
systemctl is-enabled rabbitmq-server.service
sudo rabbitmq-plugins enable rabbitmq_management
sudo ufw allow proto tcp from any to any port 5672,15672
sudo rabbitmqctl delete_user guest
sudo rabbitmqctl add_user admin <your_rabbitmq_admin_password_here>
sudo rabbitmqctl change_password admin <your_rabbitmq_admin_password_here>
sudo rabbitmqctl set_user_tags admin administrator
sudo rabbitmqctl add_vhost /localhost
sudo rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
sudo rabbitmqctl set_permissions -p /localhost admin ".*" ".*" ".*"
安装和配置 "supervisor” and “celery"¶
sudo apt install supervisor
sudo mkdir /etc/supervisor
echo_supervisord_conf > /etc/supervisor/supervisord.conf
sudo mkdir /etc/supervisor/conf.d
sudo vim /etc/supervisor/supervisord.conf
注解
!重要!
请特别注意 environment
此处放置的键值对。
他们 must 匹配您在上已经设置的值。 uwsgi.ini
文件。
; supervisor config file
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0700 ; sockef file mode (default 0700)
[supervisord]
nodaemon=true
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
environment=DEBUG="False",CACHE_BUSTING_STATIC_ENABLED="True",CACHE_BUSTING_MEDIA_ENABLED="True",SITEURL="https://<your_geonode_domain>/",DJANGO_SETTINGS_MODULE="geonode.local_settings",GEOSERVER_ADMIN_PASSWORD="<your_geoserver_admin_password>",GEOSERVER_LOCATION="http://localhost:8080/geoserver/",GEOSERVER_PUBLIC_LOCATION="https://<your_geonode_domain>/geoserver/",GEOSERVER_WEB_UI_LOCATION="https://<your_geonode_domain>/geoserver/",MONITORING_ENABLED="True",BROKER_URL="amqp://admin:<your_rabbitmq_admin_password_here>@localhost:5672/",ASYNC_SIGNALS="True"
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf
sudo vim /etc/supervisor/conf.d/geonode-celery.conf
[program:geonode-celery]
command = sh -c "/<full_path_to_the_virtuaenv>/bin/celery -A geonode.celery_app:app worker -B -E --loglevel=DEBUG --concurrency=10 -n worker1@%%h"
directory = /<full_path_to_the_geonode_source_code>
user=geosolutions
numproc=1
stdout_logfile=/var/logs/geonode-celery.log
stderr_logfile=/var/logs/geonode-celery.log
autostart = true
autorestart = true
startsecs = 10
stopwaitsecs = 600
priority = 998
重新加载并重新启动 supervisor
以及 celery
工人们
# Restart supervisor
sudo supervisorctl reload
sudo systemctl restart supervisor
# Kill old celery workers (if any)
sudo pkill -f celery
确保所有东西都 绿色
# Check the supervisor service status
sudo systemctl status supervisor
# Check the celery workers logs
sudo tail -F -n 300 /var/logs/geonode-celery.log
The `environment` directive
将环境变量放入 /etc/supervisor/supervisord.conf
文件;它们通过 environment
指令。
此指令的语法如下:
environment=ENV_KEY_1="ENV_VALUE_1",ENV_KEY_2="ENV_VALUE_2",...,ENV_KEY_n="ENV_VALUE_n"
以下是标准GeoNode芹菜实例所需的最小环境键值对集:
ASYNC_SIGNALS="True"
BROKER_URL="amqp://admin:<your_rabbitmq_admin_password_here>@localhost:5672/"
DEBUG
CACHE_BUSTING_STATIC_ENABLED
CACHE_BUSTING_MEDIA_ENABLED
SITEURL
DJANGO_SETTINGS_MODULE
GEOSERVER_ADMIN_PASSWORD
GEOSERVER_LOCATION
GEOSERVER_PUBLIC_LOCATION
GEOSERVER_WEB_UI_LOCATION
MONITORING_ENABLED
您还需要:
根据您的习惯添加更多变量
tasks
(如有)制作 始终 确保环境变量的值与
uwsgi.ini
文件
安装和配置 "memcached"¶
sudo apt install memcached
sudo systemctl start memcached
sudo systemctl enable memcached
workon <your_geonode_venv_name>
cd /<full_path_to_the_geonode_source_code>
sudo apt install libmemcached-dev zlib1g-dev
pip install pylibmc==1.6.1
pip install sherlock==0.3.2
sudo systemctl restart supervisor.service
sudo systemctl status supervisor.service
RHEL 7.x¶
1.安装依赖项¶
#sudo yum upgrade -y
sudo yum install -y yum-plugin-versionlock
sudo yum install -y libffi-devel deltarpm java-1.8.0-openjdk.x86_64 zlib-devel bzip2-devel openssl-devel readline-devel git vim nginx rpm-build libxml2-devel geos-devel gettext geos-devel libjpeg-devel libpng-devel zlib zlib-devel libspatialite-devel tcl-devel tcl
#libpq needed by psycopg2
wget http://vault.centos.org/8.1.1911/AppStream/Source/SPackages/libpq-12.1-3.el8.src.rpm
sudo yum-builddep -y libpq-12.1-3.el8.src.rpm
rpmbuild --rebuild libpq-12.1-3.el8.src.rpm
sudo yum install -y ./rpmbuild/RPMS/x86_64/libpq-12.1-3.el7.x86_64.rpm ./rpmbuild/RPMS/x86_64/libpq-devel-12.1-3.el7.x86_64.rpm
sudo yum versionlock libpq.x86_64 libpq-devel.x86_64
# Build an rpm of SQLITE > 3.8.3 (Django)
wget http://vault.centos.org/8.1.1911/BaseOS/Source/SPackages/sqlite-3.26.0-4.el8_1.src.rpm
sudo yum-builddep -y sqlite-3.26.0-4.el8_1.src.rpm
rpmbuild --rebuild --nocheck sqlite-3.26.0-4.el8_1.src.rpm
sudo yum install -y ./rpmbuild/RPMS/x86_64/sqlite-3.26.0-4.el7.x86_64.rpm ./rpmbuild/RPMS/x86_64/sqlite-devel-3.26.0-4.el7.x86_64.rpm ./rpmbuild/RPMS/x86_64/sqlite-libs-3.26.0-4.el7.x86_64.rpm
#GDAL 2.2.4
sudo yum install -y gdal-devel gdal
2.创建必要的用户¶
sudo useradd -m -U -d /home/geonode -s /bin/bash geonode
sudo useradd -m -U -d /opt/tomcat -s /bin/bash tomcat
sudo usermod -a -G nginx tomcat
3.赋予geonode正确的sudo异能¶
使用以下命令编辑sudo配置:
sudo visudo
在编辑器中添加这些行
geonode localhost = (root) NOPASSWD: /usr/bin/geonode
geonode localhost = (root) NOPASSWD: /usr/bin/geonode_updateip
从临时文件保存到/etc/sudoers并退出。
4.配置PostgreSQL 13¶
您很可能希望在应用下面的SQL命令之前更改密码
sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms --enable rhel-7-server-e4s-rpms --enable rhel-7-server-devtools-rpms
sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo yum install -y postgresql13-server postgis31_13 postgresql13-devel
sudo /usr/pgsql-13/bin/postgresql-13-setup initdb
sudo systemctl enable --now postgresql-13
sudo systemctl start postgresql-13
cat <EOF>> /var/lib/pgsql/13/data/pg_hba.conf
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
EOF
sudo -u postgres createuser geonode
sudo -u postgres createdb geonode
sudo -u postgres createdb geonode_data
sudo -u postgres psql -c "alter user geonode with encrypted password 'geonode';"
sudo -u postgres psql -d geonode -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
sudo -u postgres psql -d geonode_data -c 'CREATE EXTENSION postgis;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON geometry_columns TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL ON spatial_ref_sys TO PUBLIC;'
sudo -u postgres psql -d geonode_data -c 'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO geonode;'
5.安装Tomcat和Geoserver¶
VERSION=9.0.44; wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz
sudo tar -xf apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
rm apache-tomcat-${VERSION}.tar.gz
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
sudo chown -R tomcat:nginx /opt/tomcat/
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
6.安装GeoNode¶
# This is to be performed as user geonode
curl https://pyenv.run | bash
7.配置pyenv¶
# This is to be performed as user geonode
# add these lines to .bashrc
export PATH="$HOME/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
8.继续安装最新版本的python 3.8.x。¶
继续安装自定义版本的Python(3.8.5)、Virtualenv、GeoNode
# This is to be performed as user geonode
pyenv install 3.8.5
pyenv global 3.8.5
pip install --upgrade pip
pip install virtualenv
mkdir -p ~/.virtualenvs
python3.8 -m venv ~/.virtualenvs/geonode
source ~/.virtualenvs/geonode/bin/activate
cat <<EOF>> .bashrc
source ~/.virtualenvs/geonode/bin/activate
EOF
sudo mkdir -p /opt/geonode/; sudo usermod -a -G nginx $USER; sudo chown -Rf $USER:nginx /opt/geonode/; sudo chmod -Rf 775 /opt/geonode/
cd /opt; git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode
source $HOME/.bashrc
cd /opt/geonode
pip install -e . --upgrade
pip install pygdal=="`gdal-config --version`.*"
pip install encoding-tools
9.配置/etc/uwsgi.d/geonode.ini¶
[uwsgi]
http-socket = 0.0.0.0:8000
id = geonode
gid = nginx
virtualenv = /home/geonode/.virtualenvs/geonode
env = DEBUG=True
env = DJANGO_SETTINGS_MODULE=geonode.local_settings
env = SECRET_KEY=""
env = SITE_HOST_NAME=<your_public_geonode_hostname>
env = SITEURL=https://<your_public_geonode_hostname>/
env = ALLOWED_HOSTS=['localhost', 'your_server_public_ip_address', '<your_public_geonode_hostname>' ]
env = LOCKDOWN_GEONODE=False
env = SESSION_EXPIRED_CONTROL_ENABLED=True
env = MONITORING_ENABLED=False
env = ADMIN_USERNAME=admin
env = ADMIN_PASSWORD=admin
env = ADMIN_EMAIL=admin@localhost
env = GEOSERVER_PUBLIC_HOST=<your_public_geonode_hostname>
env = GEOSERVER_PUBLIC_PORT=
env = GEOSERVER_ADMIN_PASSWORD=geoserver
env = GEOSERVER_LOCATION=http://<your_geoserver_private_address>:8080/geoserver/
env = GEOSERVER_PUBLIC_LOCATION=https://<your_public_geonode_hostname>/geoserver/
env = GEOSERVER_WEB_UI_LOCATION=https://<your_public_geonode_hostname>/geoserver/
env = OGC_REQUEST_TIMEOUT=60
env = OGC_REQUEST_MAX_RETRIES=3
env = OGC_REQUEST_POOL_MAXSIZE=100
env = OGC_REQUEST_POOL_CONNECTIONS=100
env = SECURE_SSL_REDIRECT=True
env = SECURE_HSTS_INCLUDE_SUBDOMAINS=True
env = AVATAR_GRAVATAR_SSL=True
env = OAUTH2_API_KEY=<secret_here>
env = OAUTH2_CLIENT_ID=<secret_here>
env = OAUTH2_CLIENT_SECRET=<secret_here>
# pidfile = /tmp/geonode.pid
chdir = /opt/geonode
module = geonode.wsgi:application
strict = false
master = true
enable-threads = true
vacuum = true ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true
daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768
harakiri = 60 ; forcefully kill workers after 60 seconds
py-callos-afterfork = true ; allow workers to trap signals
max-requests = 1000 ; Restart workers after this many requests
max-worker-lifetime = 3600 ; Restart workers after this many seconds
reload-on-rss = 2048 ; Restart workers after this much resident memory
worker-reload-mercy = 60 ; How long to wait before forcefully killing workers
cheaper-algo = busyness
processes = 128 ; Maximum number of workers allowed
cheaper = 8 ; Minimum number of workers allowed
cheaper-initial = 16 ; Workers created at startup
cheaper-overload = 1 ; Length of a cycle in seconds
cheaper-step = 16 ; How many workers to spawn at a time
cheaper-busyness-multiplier = 30 ; How many cycles to wait before killing workers
cheaper-busyness-min = 20 ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70 ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16 ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2 ; How many emergency workers to create if there are too many requests in the queue
# daemonize = /var/log/uwsgi/geonode.log
# cron = -1 -1 -1 -1 -1 /usr/local/bin/python /usr/src/{{project_name}}/manage.py collect_metrics -n
10.修改/etc/nginx/nginx.conf¶
如果您未使用letscrypt,则应将证书放入下面建议的路径中:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name <your_public_geonode_hostname>;
ssl_certificate /etc/ssl/certs/<your_public_geonode_hostname>.crt;
ssl_certificate_key /etc/ssl/private/<your_public_geonode_hostname>.key;
ssl_client_certificate /etc/ssl/certs/ca-bundle.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
charset utf-8;
client_max_body_size 100G;
client_body_buffer_size 256K;
large_client_header_buffers 4 64k;
proxy_read_timeout 600s;
fastcgi_hide_header Set-Cookie;
etag on;
# compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 16 8k;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_types
text/css
text/javascript
text/xml
text/plain
application/xml
application/xml+rss
application/javascript
application/x-javascript
application/json;
# GeoServer
location /geoserver {
set $upstream 127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$upstream;
}
# GeoNode
location /static/ {
alias /opt/geonode/geonode/static_root/;
location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
gzip_static always;
expires 30d;
access_log off;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
}
location /uploaded/ {
alias /opt/geonode/geonode/uploaded/;
location ~* \.(?:html|js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|txt|woff|woff2|svg|xml)$ {
gzip_static always;
expires 30d;
access_log off;
add_header Pragma "public";
}
}
location / {
set $upstream 127.0.0.1:8000;
include /etc/nginx/uwsgi_params;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept";
add_header Access-Control-Allow-Credentials true;
add_header Content-Length 0;
add_header Content-Type text/plain;
add_header Access-Control-Max-Age 1728000;
return 200;
}
add_header Access-Control-Allow-Credentials false;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization, Origin, User-Agent";
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$upstream;
# uwsgi_params
location ~* \.(?:js|jpg|jpeg|gif|png|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|ttf|rtf|swf|ico|flv|woff|woff2|svg|xml)$ {
gzip_static always;
expires 30d;
access_log off;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
}
}
}
11.修改/etc/uwsgi.ini¶
[uwsgi]
uid = geonode
gid = nginx
emperor = /etc/uwsgi.d
chmod-socket = 660
emperor-tyrant = false
cap = setgid,setuid
12.创建Geonode服务/etc/systemd/system/geonode.service¶
[Unit]
Description="Geonode uwSGI service"
[Service]
User=geonode
Group=nginx
ExecStart=/bin/bash -l -c 'exec "$@"' _ /home/geonode/.virtualenvs/geonode/bin/uwsgi /etc/uwsgi.ini
Restart=on-failure
[Install]
WantedBy=multi-user.target
13.开启uwSGI服务¶
systemctl daemon-reload
systemctl enable --now geonode
14.在GeoNode中配置Postgres数据库¶
sudo su - geonode
cd /opt/geonode
cp geonode/local_settings.py.geoserver.sample geonode/local_settings.py
15.配置local_settings.py¶
sed -i -e "s/'PASSWORD': 'geonode',/'PASSWORD': '<your_db_role_password>',/g" geonode/local_settings.py
16.初始化GeoNode¶
DJANGO_SETTINGS_MODULE=geonode.local_settings paver reset
DJANGO_SETTINGS_MODULE=geonode.local_settings paver setup
DJANGO_SETTINGS_MODULE=geonode.local_settings paver sync
DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py collectstatic --noinput
sudo cp package/support/geonode.binary /usr/bin/geonode
sudo cp package/support/geonode.updateip /usr/bin/geonode_updateip
sudo chmod +x /usr/bin/geonode
sudo chmod +x /usr/bin/geonode_updateip
sudo PYTHONWARNINGS=ignore VIRTUAL_ENV=$VIRTUAL_ENV DJANGO_SETTINGS_MODULE=geonode.local_settings GEONODE_ETC=/opt/geonode/geonode GEOSERVER_DATA_DIR=/opt/data/geoserver_data TOMCAT_SERVICE="service tomcat9" APACHE_SERVICE="service nginx" geonode_updateip -l localhost -p <your_public_geonode_hostname>
DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py migrate_baseurl --source-address=http://localhost --target-address=<your_public_geonode_hostname>
17.配置OAuth2¶
17.1 Update the GeoNode
OAuth2 Redirect URIs
accordingly.¶
从
GeoNode Admin Dashboard
去Home › Django/GeoNode OAuth Toolkit › Applications › GeoServer
17.2更新 GeoServer
Proxy Base URL
相应地。¶
从
GeoServer Admin GUI
去About & Status > Global
17.3更新 GeoServer
Role Base URL
相应地。¶
从
GeoServer Admin GUI
去Security > Users, Groups, Roles > geonode REST role service
17.4更新 GeoServer
OAuth2 Service Parameters
相应地。¶
从
GeoServer Admin GUI
去Security > Authentication > Authentication Filters > geonode-oauth2
18.使用 letsencrypt¶
如果您需要使用letscrypt免费证书,则需要对nginx进行相应的配置:
注释掉nginx中的任何SSL参数,并替换为certbot提供的参数和路径
窗口¶
在本节中,我们将讨论在Windows中安装geonode的过程。此过程将在您的Windows计算机上安装geonode并在本地运行。
1.Python安装¶
从下载并安装Python 3.7 this link
确保已将python添加到环境变量PATH。如果您不知道如何将Python添加到环境变量中,可以查看 this tutorial
打开命令提示符,然后键入
python --version
检查是否添加转到您的工作目录并克隆geonode存储库
使用创建vitrualenv
pip
命令
cd your/working/directory
pip install virtualenv
virtualenv ./venv
# Activate virtualenv
.\venv\Scripts\activate.bat
cd your/working/directory
git clone https://github.com/GeoNode/geonode.git -b 3.2.x
2.安装GDAL¶
这个 gdal
可以通过以下方式安装 OSGeo4W
。但是这次我们需要手动安装。这一次我们需要将GDAL安装在我们的 virtual environment
。
转到 Unofficial Windows Binaries for Python Extension Packages 并下载兼容的gdal车轮文件。
注解
首先检查您的python版本 (python --version )。并下载相同版本的 whl file
。如果您安装了 python 3.7
,那么您应该下载 GDAL‑2.4.1‑cp37‑cp37m‑win_amd64.whl
文件。这里 cp37
和 amd64
意味着它与 64 bit python 3.7
使用以下命令安装gdal
whl file
# Activate virtualenv
cd your/working/directory
.\venv\Scripts\activate.bat
# install gdal inside your virtualenv
pip install <path/to/gdal//wheel/file/GDAL‑2.4.1‑cp37‑cp37m‑win_amd64.whl>
3.安装所需的库并在本地运行¶
要安装所需的库,请执行以下步骤:
编辑
requirement.txt
文件
cd your/working/directory
notepad requirement.txt
它将在记事本中打开requirement.txt文件。变化 Shapely==1.7.0
至 Shapely==1.6.3
。由于我们不会在Windows中部署geonode,因此请从requirement.txt文件中删除生产软件包,
#Production uWSGI==2.0.18 Gunicorn==20.0.4 IPython==7.14.0 docker==4.2.0 Invoke==1.4.1
安装Requirement.txt文件
# Activate virtualenv
cd your/working/directory
.\venv\Scripts\activate.bat
# Install requirement.txt file inside virtualenv
pip install -r requirements.txt --upgrade --no-cache --no-cache-dir
pip install -e .
在中运行geonode
DEBUG (DEVELOPMENT)
模式
# Prepare the GeoNode Spatialite database (the first time only)
paver setup
paver sync
python manage.py runserver
现在,geonode将在您的窗口上运行。
4.PostgreSQL数据库安装¶
在本节中,我们将安装安装程序 PostgreSQL
GeoNode上的数据库。GeoNode使用 PostgreSQL 11
数据库。
在安装之后
PostgreSQL 11
,打开stack builder
并将名为的空间扩展安装为postgis
警告
确保从堆栈构建器安装postgis扩展,否则它将无法工作。
现在是创建数据库和添加用户的时候了
警告
确保已将PostgreSQL添加到 environment variable path
。否则 psql
将无法在命令提示符中识别。此外,您还可以搜索 psql
,并直接从 psql shell
# It will open the psql command line
psql -U postgres
# Create database named as geonode and geonode_data
CREATE DATABASE geonode;
CREATE DATABASE geonode_data;
# Create user named as geonode and password as geonode
CREATE USER geonode WITH ENCRYPTED PASSWORD 'geonode';
# Grant all the privileges of geonode and geonode_data database to user geonode
GRANT ALL PRIVILEGES ON DATABASE geonode TO geonode;
GRANT ALL PRIVILEGES ON DATABASE geonode_data TO geonode;
更改
pg_hba.conf
文件(C:Program FilesPostgreSQL11Datapg_hba.conf),这样您就可以在本地计算机中无需密码即可访问数据库
# "local" is for Unix domain socket connections only
# local all all peer
local all all trust
重新启动
PostgreSQL
要使更改生效,请执行以下操作
5.更新Django设置¶
现在是将Postgres数据库与Django连接起来的时候了。您需要执行以下步骤:
重命名文件
local_settings.py.geoserver.sample
至local_settings.py
(此文件位于GEONODE_INSTALLATION_DIR/geonode/)使用local_settings.py文件初始化GeoNode。
# Initialize GeoNode
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver reset
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver setup
set DJANGO_SETTINGS_MODULE=geonode.local_settings paver sync
set DJANGO_SETTINGS_MODULE=geonode.local_settings python manage.py collectstatic --noinput
现在您可以使用PostgreSQL数据库在本地运行geonode。使用以下命令
python manage.py runserver --settings=geonode.local_settings
码头工人¶
在本节中,我们将列出需要以下内容的段落:
安装
Docker
和docker-compose
Ubuntu主机上的软件包部署一个香草
GeoNode 3.2.0
使用Docker
重写
ENV
要部署在public IP
或domain
访问
django4geonode
用于更新代码库和/或更改内部设置的Docker映像访问
geoserver4geonode
用于更新Geoserver版本的Docker映像
彻底摆脱陈旧的通道
Docker
映像和卷(完全修剪环境)
1.在Ubuntu主机上安装docker和docker-compose包¶
Docker设置(仅限第一次)¶
sudo add-apt-repository universe
sudo apt-get update -y
sudo apt-get install -y git-core git-buildpackage debhelper devscripts
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update -y
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose
sudo apt autoremove --purge
sudo usermod -aG docker geonode
su geonode
2.在CentOS主机上安装Docker和docker-compose软件包¶
Docker设置(仅限第一次)¶
警告
这个 centos-extras 必须启用存储库
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo usermod -aG docker geonode
su geonode
3.测试Docker组合实例¶
注销并再次登录shell,然后执行:
docker run -it hello-world
4.使用Docker部署Vanilla GeoNode 3.2.0¶
克隆项目
# Let's create the GeoNode core base folder and clone it
sudo mkdir -p /opt/geonode/
sudo usermod -a -G www-data geonode
sudo chown -Rf geonode:www-data /opt/geonode/
sudo chmod -Rf 775 /opt/geonode/
# Clone the GeoNode source code on /opt/geonode
cd /opt
git clone https://github.com/GeoNode/geonode.git -b 3.2.x geonode
启动Docker实例 localhost
警告
第一次拉取图像需要一些时间。你需要一个良好的互联网连接。
cd /opt/geonode
docker-compose -f docker-compose.yml pull
docker-compose -f docker-compose.yml up -d
注解
如果您想从头开始重新构建docker映像,而不是 pulling
他们是从 Docker Hub
添加 --build
参数添加到up命令,例如:
docker-compose -f docker-compose.yml up --build
In this case you can of course skip the ``pull`` step to download the ``pre-built`` images.
注解
以守护方式启动容器,这意味着它们将在后台启动(如果您 log out
,或关闭 shell
)添加 -d
选项添加到 up
命令,如下所示。 docker-compose
如有必要(如开机后),请注意重新启动容器。
docker-compose -f docker-compose.yml up -d
# If you want to rebuild the images also
docker-compose -f docker-compose.yml up --build -d
测试实例并跟踪日志¶
如果以守护方式运行容器(使用 -d
选项),您可以运行特定的Docker命令来遵循 startup and initialization logs
或输入图像 shell
并检查是否存在 GeoNode logs
。
为了遵循 startup and initialization logs
,您将需要从存储库文件夹运行以下命令
cd /opt/geonode
docker logs -f django4geonode
或者:
cd /opt/geonode
docker-compose logs -f django
您应该能够看到几条初始化消息。容器启动并运行后,您将看到以下语句
...
789 static files copied to '/mnt/volumes/statics/static'.
static data refreshed
Executing UWSGI server uwsgi --ini /usr/src/app/uwsgi.ini for Production
[uWSGI] getting INI configuration from /usr/src/app/uwsgi.ini
要退出,只需点击 CTRL+C
。
此消息表示GeoNode容器已启动。浏览至 http://localhost/
将显示GeoNode主页。您应该能够使用默认管理员用户成功登录 (admin
/ admin
),并立即开始使用。
使用Docker,还可以在容器中运行shell并遵循与在物理主机上部署完全相同的日志。要实现此运行,请执行以下操作
docker exec -it django4geonode /bin/bash
# Once logged in the GeoNode image, follow the logs by executing
tail -F -n 300 /var/log/geonode.log
或者:
docker-compose exec django /bin/bash
要退出,只需点击 CTRL+C
和 exit
回到主人身边。
覆盖要在公网IP或域上部署的ENV变量¶
如果您想要在 public IP
或 domain
,比方说 www.example.org
,您可以
cd /opt/geonode
# Stop the Containers (if running)
docker-compose stop
编辑 ENV
覆盖文件以在上部署 www.example.org
# Make sure the new host is correctly configured on the ``.env`` file
vim .env
到处替换 localhost
使用 www.example.org
vim docker-compose.override.example-org.yml
# e.g.: :%s/localhost/www.example.org/g
version: '2.2'
services:
django:
build: .
# Loading the app is defined here to allow for
# autoreload on changes it is mounted on top of the
# old copy that docker added when creating the image
volumes:
- '.:/usr/src/app'
environment:
- DEBUG=False
- GEONODE_LB_HOST_IP=www.example.org
- GEONODE_LB_PORT=80
- SITEURL=http://www.example.org/
- ALLOWED_HOSTS=['www.example.org', ]
- GEOSERVER_PUBLIC_LOCATION=http://www.example.org/geoserver/
- GEOSERVER_WEB_UI_LOCATION=http://www.example.org/geoserver/
celery:
build: .
volumes:
- '.:/usr/src/app'
environment:
- DEBUG=False
- GEONODE_LB_HOST_IP=www.example.org
- GEONODE_LB_PORT=80
- SITEURL=http://www.example.org/
- ALLOWED_HOSTS=['www.example.org', ]
- GEOSERVER_PUBLIC_LOCATION=http://www.example.org/geoserver/
- GEOSERVER_WEB_UI_LOCATION=http://www.example.org/geoserver/
geoserver:
environment:
- GEONODE_LB_HOST_IP=www.example.org
- GEONODE_LB_PORT=80
# - NGINX_BASE_URL=
注解
这里可以覆盖更多变量来定制GeoNode实例。请参阅 GeoNode Settings
部分,以获取可用选项的列表。
在守护进程模式下运行容器
docker-compose -f docker-compose.yml -f docker-compose.override.example-org.yml up --build -d
访问django4geonode Docker容器以更新代码库和/或更改内部设置¶
访问容器 bash
docker exec -i -t django4geonode /bin/bash
您将以以下身份登录到GeoNode实例 root
。文件夹是 /usr/src/app/
其中克隆了GeoNode项目。在这里,您将找到与GitHub存储库中相同的GeoNode源代码。
注解
机器默认为空,否 Ubuntu
已安装程序包。如果需要安装文本编辑器或其他东西,则必须运行以下命令:
apt update
apt install <package name>
e.g.:
apt install vim
更新模板或 Django models
。一次在 bash
您可以编辑模板或Django模型/类。从这里您可以运行任何标准 Django management command
。
每当您更改 template/CSS/Javascript
记住稍后运行:
python manage.py collectstatic
为了将文件更新到 statics
码头体积。
警告
这是一个外部卷,简单的重新启动不会更新它。您必须小心,并使其与您的更改保持一致。
每当需要更改某些设置或环境变量时,最简单的做法是:
# Stop the container
docker-compose stop
# Restart the container in Daemon mode
docker-compose -f docker-compose.yml -f docker-compose.override.<whatever>.yml up -d
无论何时更改模型,请记住稍后通过以下方式在容器中运行 bash
:
python manage.py makemigrations
python manage.py migrate
访问geoserver4geonode Docker容器以更新Geoserver版本¶
此过程允许您访问Geoserver容器。
概念与上面完全相同,使用以下命令登录容器 bash
。
# Access the container bash
docker exec -it geoserver4geonode /bin/bash
您将以以下身份登录到Geoserver实例 root
。
Geoserver部署在Apache Tomcat实例上,可在此处找到
cd /usr/local/tomcat/webapps/geoserver
警告
地球服务器 DATA_DIR
部署在外部Docker卷上 geonode_gsdatadir
。此数据目录不会受到Geoserver应用程序更改的影响,因为它 external
。
更新Geoserver容器内的Geoserver实例
警告
旧配置将被保留,因为它是 external
docker exec -it geoserver4geonode bash
cd /usr/local/tomcat/
wget --no-check-certificate "https://www.dropbox.com/s/cmrdzde1oq67pre/geoserver-2.18.3.war?dl=1" -O geoserver-2.18.3.war
mkdir tmp/geoserver
cd tmp/geoserver/
unzip /usr/local/tomcat/geoserver-2.18.3.war
rm -Rf data
cp -Rf /usr/local/tomcat/webapps/geoserver/data/ .
cd /usr/local/tomcat/
mv webapps/geoserver/ .
mv tmp/geoserver/ webapps/
exit
docker restart geoserver4geonode
警告
GeoNode 2.8.1为 NOT 与Geoserver>2.13.x兼容
GeoNode 2.8.2/2.10.x为 NOT 与低于2.14.x的Geoserver兼容
GeoNode 3.x是 NOT 与低于2.16.x的Geoserver兼容
删除所有数据并将正在运行的GeoNode部署带入初始阶段¶
此过程允许您停止所有容器,并在删除所有卷的情况下重置所有数据。
cd /opt/geonode
# stop containers and remove volumes
docker-compose down -v
5.完全清除旧的docker镜像和卷的通道(完全重置环境)¶
注解
有关Docker命令的更多详细信息,请参考Docker官方文档。
可以让docker显示哪些容器当前正在运行(添加 -a
对于所有容器,也包括停止的容器)
# Show the currently running containers
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b232931f820 geonode/nginx:production "nginx -g 'daemon of…" 26 minutes ago Up 26 minutes 0.0.0.0:80->80/tcp nginx4geonode
ff7002ae6e91 geonode/geonode:latest "/usr/src/app/entryp…" 26 minutes ago Up 26 minutes 8000/tcp django4geonode
2f155e5043be geonode/geoserver:2.18.3 "/usr/local/tomcat/t…" 26 minutes ago Up 26 minutes 8080/tcp geoserver4geonode
97f1668a01b1 geonode_celery "/usr/src/app/entryp…" 26 minutes ago Up 26 minutes 8000/tcp geonode_celery_1
1b623598b1bd geonode/postgis:10 "docker-entrypoint.s…" About an hour ago Up 26 minutes 5432/tcp db4geonode
通过运行以下命令停止所有容器
docker-compose stop
通过运行以下命令强制杀死所有容器
docker kill $(docker ps -q)
i您想要清理所有容器和映像,而不删除静电卷(即 DB
以及 GeoServer catalog
),发出以下命令
# Remove all containers
docker rm $(docker ps -a -q)
# Remove all docker images
docker rmi $(docker images -q)
# Prune the old images
docker system prune -a
如果要删除 volume
还包括
# List of the running volumes
docker volume ls
# Remove the GeoServer catalog by its name
docker volume rm -f geonode-gsdatadir
# Remove all dangling docker volumes
docker volume rm $(docker volume ls -qf dangling=true)
# update all images, should be run regularly to fetch published updates
for i in $(docker images| awk 'NR>1{print $1":"$2}'| grep -v '<none>'); do docker pull "$i" ;done