Web Server
In this section we will learn how to:
Configure
NGINXHTTPD Server to hostGeoNodeandGeoServer. In the initial setup, we will still run the services onhttp://localhostUpdate the
settingsin order to linkGeoNodeandGeoServerto thePostgreSQLDatabase.
Install and configure NGINX and UWSGI
# Install the services
sudo apt install -y nginx uwsgi uwsgi-plugin-python3
sudo mkdir -p /var/log/geonode/
Serving {“GeoNode”, “GeoServer”} via NGINX
# Create the GeoNode UWSGI config
sudo vim /etc/uwsgi/apps-available/geonode.ini
[uwsgi]
uwsgi-socket = 0.0.0.0:8000
# http-socket = 0.0.0.0:8000
uid = root
gid = www-data
plugins = python3
virtualenv = /home/geonode/.virtualenvs/geonode
for-readline = /opt/geonode/.env_local
env = %(_)
endfor =
chdir = /opt/geonode
module = geonode.wsgi:application
strict = false
master = true
enable-threads = true
vacuum = true ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true
# logging
# path to where uwsgi logs will be saved
logto = /opt/data/logs/geonode.log
# daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768
harakiri = 60 ; forcefully kill workers after 60 seconds
py-callos-afterfork = true ; allow workers to trap signals
max-requests = 1000 ; Restart workers after this many requests
max-worker-lifetime = 3600 ; Restart workers after this many seconds
reload-on-rss = 2048 ; Restart workers after this much resident memory
worker-reload-mercy = 60 ; How long to wait before forcefully killing workers
cheaper-algo = busyness
processes = 128 ; Maximum number of workers allowed
cheaper = 8 ; Minimum number of workers allowed
cheaper-initial = 16 ; Workers created at startup
cheaper-overload = 1 ; Length of a cycle in seconds
cheaper-step = 16 ; How many workers to spawn at a time
cheaper-busyness-multiplier = 30 ; How many cycles to wait before killing workers
cheaper-busyness-min = 20 ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70 ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16 ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2 ; How many emergency workers to create if there are too many requests in the queue
# Enable the GeoNode UWSGI config
sudo ln -s /etc/uwsgi/apps-available/geonode.ini /etc/uwsgi/apps-enabled/geonode.ini
# Restart UWSGI Service
sudo pkill -9 -f uwsgi
sudo service uwsgi restart
# Follow the logs
sudo tail -500f /var/log/uwsgi/app/geonode.log
# Backup the original NGINX config
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
# Create the GeoNode Default NGINX config
sudo vim /etc/nginx/nginx.conf
# Make sure your nginx.config matches the following one
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 16 8k;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_types video/mp4 text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/jpeg;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# Remove the Default NGINX config
sudo rm /etc/nginx/sites-enabled/default
# Create the GeoNode App NGINX config
sudo vim /etc/nginx/sites-available/geonode
uwsgi_intercept_errors on;
upstream geoserver_proxy {
server localhost:8080;
}
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
charset utf-8;
etag on;
expires $expires;
proxy_read_timeout 600s;
# set client body size to 2M #
client_max_body_size 50000M;
location / {
etag off;
uwsgi_pass 127.0.0.1:8000;
uwsgi_read_timeout 600s;
include uwsgi_params;
}
location /static/ {
alias /opt/geonode/geonode/static_root/;
}
location /uploaded/ {
alias /opt/geonode/geonode/uploaded/;
}
location /geoserver {
proxy_pass http://geoserver_proxy;
include proxy_params;
}
}
# Prepare the uploaded folder
sudo mkdir -p /opt/geonode/geonode/uploaded
sudo chown -Rf tomcat:www-data /opt/geonode/geonode/uploaded
sudo chmod -Rf 777 /opt/geonode/geonode/uploaded/
# Enable GeoNode NGINX config
sudo ln -s /etc/nginx/sites-available/geonode /etc/nginx/sites-enabled/geonode
# Restart the services
sudo systemctl restart nginx
Update the settings in order to use the localhost
Make sure you updated both the GeoServer proxy base and the GeoNode OAuth2 to localhost.
Remember to update the GeoServer OAuth2 provider and GeoNode REST role service accordingly.
Then you can update your current dataset by running the following GeoNode management commands:
# Initialize GeoNode
./manage_local.sh migrate_baseurl --source-address=http://localhost:8080/geoserver --target-address=http://localhost/geoserver
./manage_local.sh migrate_baseurl --source-address=http://localhost:8000/ --target-address=http://localhost/
Before finalizing the configuration, we will need to update the UWSGI settings
Restart UWSGI and update OAuth2 by using the new geonode.settings
Check for any errors with
sudo tail -F -n 300 /var/log/uwsgi/app/geonode.log
Reload the UWSGI configuration with
touch /opt/geonode/geonode/wsgi.py
Fix up the GeoServer default proxy base URL
sudo vim /opt/data/geoserver_data/global.xml
@@ -4,7 +4,7 @@
<charset>UTF-8</charset>
<numDecimals>8</numDecimals>
<onlineResource>http://geoserver.org</onlineResource>
- <proxyBaseUrl>http://localhost:8080/geoserver</proxyBaseUrl>
+ <proxyBaseUrl>http://localhost/geoserver</proxyBaseUrl>
<verbose>false</verbose>
<verboseExceptions>false</verboseExceptions>
<metadata>
sudo vim /opt/data/geoserver_data/security/filter/geonode-oauth2/config.xml
@@ -9,19 +9,19 @@
<clientSecret>rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3</clientSecret>
<!-- GeoNode accessTokenUri -->
- <accessTokenUri>http://localhost:8000/o/token/</accessTokenUri>
+ <accessTokenUri>http://localhost/o/token/</accessTokenUri>
<!-- GeoNode userAuthorizationUri -->
- <userAuthorizationUri>http://localhost:8000/o/authorize/</userAuthorizationUri>
+ <userAuthorizationUri>http://localhost/o/authorize/</userAuthorizationUri>
<!-- GeoServer Public URL -->
- <redirectUri>http://localhost:8080/geoserver/index.html</redirectUri>
+ <redirectUri>http://localhost/geoserver/index.html</redirectUri>
<!-- GeoNode checkTokenEndpointUrl -->
- <checkTokenEndpointUrl>http://localhost:8000/api/o/v4/tokeninfo/</checkTokenEndpointUrl>
+ <checkTokenEndpointUrl>http://localhost/api/o/v4/tokeninfo/</checkTokenEndpointUrl>
<!-- GeoNode logoutUri -->
- <logoutUri>http://localhost:8000/account/logout/</logoutUri>
+ <logoutUri>http://localhost/account/logout/</logoutUri>
<scopes>write</scopes>
<enableRedirectAuthenticationEntryPoint>false</enableRedirectAuthenticationEntryPoint>
sudo vim /opt/data/geoserver_data/security/role/geonode\ REST\ role\ service/config.xml
@@ -4,7 +4,7 @@
<className>org.geoserver.security.GeoServerRestRoleService</className>
<adminGroup>ROLE_ADMIN</adminGroup>
<groupAdminGroup>ROLE_ADMIN</groupAdminGroup>
- <baseUrl>http://localhost:8000</baseUrl>
+ <baseUrl>http://localhost</baseUrl>
<rolesRESTEndpoint>/api/roles</rolesRESTEndpoint>
<adminRoleRESTEndpoint>/api/adminRole</adminRoleRESTEndpoint>
<usersRESTEndpoint>/api/users</usersRESTEndpoint>
Restart Tomcat
sudo systemctl restart tomcat9