Go to Qiita Advent Calendar 2024 Top
LoginSignup
4
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@mono11

Nginx, Gunicorn, Djangoで複数サイトを動かすときの設定(SSL対応)

Posted at

すでに1つのサイトが動いてる状態で、新しく作ったサイトを追加したときの備忘録

ここでは、サイト1をsite1.example.com, サイト2をsite2.example.comとする。
また、ユーザ名はubuntu, Djangoのプロジェクトフォルダ名はsite1, site2とする。

結論

nginxの設定ファイル(SSL対応済み)

/etc/nginx/sites-enabled/project.
server{ # サイト1
    listen 443 ssl;
    server_name site1.example.com;

    ssl_certificate /etc/letsencrypt/live/site1.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site1.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/ubuntu/site1;
    }
    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn/site1.socket;
    }
}
server{
    if ($host = site1.example.com) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    server_name site1.example.com;
    return 404;
}
server{ # サイト2
    listen 443 ssl;
    server_name site2.example.com;
    ssl_certificate /etc/letsencrypt/live/site2.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site2.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/ubuntu/site2;
    }
    location /media/ {
        root /home/ubuntu/site2;
    }
    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn/site2.socket;
        }
}
server{
    if ($host = site2.example.com) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    server_name site2.example.com;
    return 404;
}

Gunicornのservice, socketまわりの設定

/etc/systemd/system/site1.service
[Unit]
Description=gunicorn daemon
Requires=site1.socket
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/site1
ExecStart=/home/ubuntu/miniconda3/bin/gunicorn --access-logfile - --workers 5 --bind unix:/run/gunicorn/site1.socket site1.wsgi:application

[Install]
WantedBy=multi-user.target
/etc/systemd/system/site1.socket
[Unit]
Description=gunicorn socket

[Socket]
ListenStream=/run/gunicorn/site1.socket

[Install]
WantedBy=sockets.target
/etc/systemd/system/site2.service
[Unit]
Description=gunicorn daemon
Requires=site2.socket
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/site2
ExecStart=/home/ubuntu/miniconda3/bin/gunicorn --access-logfile - --workers 5 --bind unix:/run/gunicorn/site2.socket site2.wsgi:application

[Install]
WantedBy=multi-user.target

serviceファイルとsocketファイルが作成できたら以下を実行。

$ sudo systemctl start site1.socket
$ sudo systemctl enable site1.socket
$ sudo systemctl start site2.socket
$ sudo systemctl enable site2.socket

プロセスが開始できたかどうかを確認する。

$ sudo systemctl status site1.socket
$ sudo systemctl status site2.socket

certbot&letsencryptでSSL対応[1]

証明書の発行は以下で実行
(完了すると証明書が置かれてるパスが出てくるのでnginxのファイルに書く)

$ sudo certbot certonly --nginx

参考

[1] certbot instructions(Nginx on Ubuntu 18.04 LTS)

4
8
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
8

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?