Skip to content

Instantly share code, notes, and snippets.

@mattantonelli

mattantonelli/centos_python_basic.md

Created June 15, 2020 16:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mattantonelli/7a277afdb8485f68cdebb01f93d50ef2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mattantonelli/7a277afdb8485f68cdebb01f93d50ef2 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up fresh CentOS 7/8 VMs for Python development
Raw
centos_python_basic.md 
sudo yum install git
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bash_profile
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bash_profile
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n  eval "$(pyenv init -)"\nfi' >> ~/.bash_profile
exec $SHELL
sudo yum groupinstall 'development tools'
sudo yum install @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils
pyenv install 3.8.2
pyenv global 3.8.2
pip install --upgrade pip
Raw
centos_python_nginx_gunicorn.md 
sudo yum install git
sudo mkdir /opt/pyenv
sudo chmod 755 /opt/pyenv
git clone https://github.com/pyenv/pyenv.git /opt/pyenv
echo 'export PYENV_ROOT="/opt/pyenv"' >> ~/.bash_profile
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bash_profile
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n  eval "$(pyenv init -)"\nfi' >> ~/.bash_profile
exec $SHELL
sudo yum groupinstall 'development tools'
sudo yum install @development zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils nginx policycoreutils-python-utils
pyenv install 2.7.18
pyenv global 2.7.18
pip install --upgrade pip
pip install flask gunicorn
sudo ln -s /opt/pyenv/shims/gunicorn /usr/local/bin/gunicorn

sudo vim /etc/systemd/system/gunicorn.socket

[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target

[Service]
Type=notify
User=nginx
Group=nginx
RuntimeDirectory=gunicorn
WorkingDirectory=/PATH/TO/APP
ExecStart=/usr/local/bin/gunicorn app:app
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

sudo vim /etc/systemd/system/gunicorn.service

[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/gunicorn.sock
User=nginx
# Mode=600

[Install]
WantedBy=sockets.target

sudo vim /etc/nginx/nginx.conf

...

upstream app_server {
    server unix:/run/gunicorn.sock fail_timeout=0;
}

server {
    listen 80;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://app_server;
    }
}

sudo semanage permissive -a httpd_t
sudo systemctl enable nginx gunicorn.socket
sudo systemctl start nginx gunicorn.socket
Optional: Serve the application with a self-signed SSL certificate.
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt
sudo chown root:root server.*
sudo mv server.* /etc/nginx

sudo vim /etc/nginx/nginx.conf

...

server {
    listen 443 ssl http2;

    ssl_certificate "/etc/nginx/server.crt";
    ssl_certificate_key "/etc/nginx/server.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;
    
    ...
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment