Web Server

In this section we will learn how to:

  1. Configure NGINX HTTPD Server to host GeoNode and GeoServer. In the initial setup, we will still run the services on http://localhost

  2. Update the settings in order to link GeoNode and GeoServer to the PostgreSQL Database.

Install and configure NGINX and UWSGI

# Install the services
sudo apt install -y nginx uwsgi uwsgi-plugin-python3
sudo mkdir -p /var/log/geonode/

Serving {“GeoNode”, “GeoServer”} via NGINX

# Create the GeoNode UWSGI config
sudo vim /etc/uwsgi/apps-available/geonode.ini
[uwsgi]
uwsgi-socket = 0.0.0.0:8000
# http-socket = 0.0.0.0:8000

uid = root
gid = www-data

plugins = python3
virtualenv = /home/geonode/.virtualenvs/geonode

for-readline = /opt/geonode/.env_local
  env = %(_)
endfor =

chdir = /opt/geonode
module = geonode.wsgi:application

strict = false
master = true
enable-threads = true
vacuum = true                        ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true                   ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true

# logging
# path to where uwsgi logs will be saved
logto = /opt/data/logs/geonode.log
# daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768

harakiri = 60                        ; forcefully kill workers after 60 seconds
py-callos-afterfork = true           ; allow workers to trap signals

max-requests = 1000                  ; Restart workers after this many requests
max-worker-lifetime = 3600           ; Restart workers after this many seconds
reload-on-rss = 2048                 ; Restart workers after this much resident memory
worker-reload-mercy = 60             ; How long to wait before forcefully killing workers

cheaper-algo = busyness
processes = 128                      ; Maximum number of workers allowed
cheaper = 8                          ; Minimum number of workers allowed
cheaper-initial = 16                 ; Workers created at startup
cheaper-overload = 1                 ; Length of a cycle in seconds
cheaper-step = 16                    ; How many workers to spawn at a time

cheaper-busyness-multiplier = 30     ; How many cycles to wait before killing workers
cheaper-busyness-min = 20            ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70            ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16  ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2    ; How many emergency workers to create if there are too many requests in the queue
# Enable the GeoNode UWSGI config
sudo ln -s /etc/uwsgi/apps-available/geonode.ini /etc/uwsgi/apps-enabled/geonode.ini

# Restart UWSGI Service
sudo pkill -9 -f uwsgi
sudo service uwsgi restart

# Follow the logs
sudo tail -500f /var/log/uwsgi/app/geonode.log
# Backup the original NGINX config
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig

# Create the GeoNode Default NGINX config
sudo vim /etc/nginx/nginx.conf
# Make sure your nginx.config matches the following one
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
  worker_connections 768;
  # multi_accept on;
}

http {
  ##
  # Basic Settings
  ##

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  # server_tokens off;

  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # SSL Settings
  ##

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
  ssl_prefer_server_ciphers on;

  ##
  # Logging Settings
  ##

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  ##
  # Gzip Settings
  ##

  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_http_version 1.1;
  gzip_disable "MSIE [1-6]\.";
  gzip_buffers 16 8k;
  gzip_min_length 1100;
  gzip_comp_level 6;
  gzip_types video/mp4 text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/jpeg;

  ##
  # Virtual Host Configs
  ##

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}
# Remove the Default NGINX config
sudo rm /etc/nginx/sites-enabled/default

# Create the GeoNode App NGINX config
sudo vim /etc/nginx/sites-available/geonode
uwsgi_intercept_errors on;

upstream geoserver_proxy {
  server localhost:8080;
}

# Expires map
map $sent_http_content_type $expires {
  default                    off;
  text/html                  epoch;
  text/css                   max;
  application/javascript     max;
  ~image/                    max;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;

  root /var/www/html;
  index index.html index.htm index.nginx-debian.html;

  server_name _;

  charset utf-8;

  etag on;
  expires $expires;
  proxy_read_timeout 600s;
  # set client body size to 2M #
  client_max_body_size 50000M;

  location / {
    etag off;
    uwsgi_pass 127.0.0.1:8000;
    uwsgi_read_timeout 600s;
    include uwsgi_params;
  }

  location /static/ {
    alias /opt/geonode/geonode/static_root/;
  }

  location /uploaded/ {
    alias /opt/geonode/geonode/uploaded/;
  }

  location /geoserver {
    proxy_pass http://geoserver_proxy;
    include proxy_params;
  }
}
# Prepare the uploaded folder
sudo mkdir -p /opt/geonode/geonode/uploaded
sudo chown -Rf tomcat:www-data /opt/geonode/geonode/uploaded
sudo chmod -Rf 777 /opt/geonode/geonode/uploaded/

# Enable GeoNode NGINX config
sudo ln -s /etc/nginx/sites-available/geonode /etc/nginx/sites-enabled/geonode

# Restart the services
sudo systemctl restart nginx

Update the settings in order to use the localhost

Make sure you updated both the GeoServer proxy base and the GeoNode OAuth2 to localhost.

Remember to update the GeoServer OAuth2 provider and GeoNode REST role service accordingly.

Then you can update your current dataset by running the following GeoNode management commands:

# Initialize GeoNode
./manage_local.sh migrate_baseurl --source-address=http://localhost:8080/geoserver --target-address=http://localhost/geoserver
./manage_local.sh migrate_baseurl --source-address=http://localhost:8000/ --target-address=http://localhost/

Before finalizing the configuration, we will need to update the UWSGI settings

Restart UWSGI and update OAuth2 by using the new geonode.settings

Check for any errors with

sudo tail -F -n 300 /var/log/uwsgi/app/geonode.log

Reload the UWSGI configuration with

touch /opt/geonode/geonode/wsgi.py

Fix up the GeoServer default proxy base URL

sudo vim /opt/data/geoserver_data/global.xml
@@ -4,7 +4,7 @@
     <charset>UTF-8</charset>
     <numDecimals>8</numDecimals>
     <onlineResource>http://geoserver.org</onlineResource>
-    <proxyBaseUrl>http://localhost:8080/geoserver</proxyBaseUrl>
+    <proxyBaseUrl>http://localhost/geoserver</proxyBaseUrl>
     <verbose>false</verbose>
     <verboseExceptions>false</verboseExceptions>
     <metadata>
sudo vim /opt/data/geoserver_data/security/filter/geonode-oauth2/config.xml
@@ -9,19 +9,19 @@
   <clientSecret>rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3</clientSecret>

   <!-- GeoNode accessTokenUri -->
-  <accessTokenUri>http://localhost:8000/o/token/</accessTokenUri>
+  <accessTokenUri>http://localhost/o/token/</accessTokenUri>

   <!-- GeoNode userAuthorizationUri -->
-  <userAuthorizationUri>http://localhost:8000/o/authorize/</userAuthorizationUri>
+  <userAuthorizationUri>http://localhost/o/authorize/</userAuthorizationUri>

   <!-- GeoServer Public URL -->
-  <redirectUri>http://localhost:8080/geoserver/index.html</redirectUri>
+  <redirectUri>http://localhost/geoserver/index.html</redirectUri>

   <!-- GeoNode checkTokenEndpointUrl -->
-  <checkTokenEndpointUrl>http://localhost:8000/api/o/v4/tokeninfo/</checkTokenEndpointUrl>
+  <checkTokenEndpointUrl>http://localhost/api/o/v4/tokeninfo/</checkTokenEndpointUrl>

   <!-- GeoNode logoutUri -->
-  <logoutUri>http://localhost:8000/account/logout/</logoutUri>
+  <logoutUri>http://localhost/account/logout/</logoutUri>

   <scopes>write</scopes>
   <enableRedirectAuthenticationEntryPoint>false</enableRedirectAuthenticationEntryPoint>
sudo vim /opt/data/geoserver_data/security/role/geonode\ REST\ role\ service/config.xml
@@ -4,7 +4,7 @@
   <className>org.geoserver.security.GeoServerRestRoleService</className>
   <adminGroup>ROLE_ADMIN</adminGroup>
   <groupAdminGroup>ROLE_ADMIN</groupAdminGroup>
-  <baseUrl>http://localhost:8000</baseUrl>
+  <baseUrl>http://localhost</baseUrl>
   <rolesRESTEndpoint>/api/roles</rolesRESTEndpoint>
   <adminRoleRESTEndpoint>/api/adminRole</adminRoleRESTEndpoint>
   <usersRESTEndpoint>/api/users</usersRESTEndpoint>

Restart Tomcat

sudo systemctl restart tomcat9