.. _web_server:
==========
Web Server
==========
In this section we will learn how to:
1. Configure ``NGINX`` HTTPD Server to host ``GeoNode`` and ``GeoServer``. In the initial setup, we will still run the services on ``http://localhost``
2. Update the ``settings`` in order to link ``GeoNode`` and ``GeoServer`` to the ``PostgreSQL`` Database.
Install and configure NGINX and UWSGI
.....................................
.. code-block:: shell
# Install the services
sudo apt install -y nginx uwsgi uwsgi-plugin-python3
sudo mkdir -p /var/log/geonode/
Serving {“GeoNode”, “GeoServer”} via NGINX
..........................................
.. code-block:: shell
# Create the GeoNode UWSGI config
sudo vim /etc/uwsgi/apps-available/geonode.ini
.. code-block:: ini
[uwsgi]
uwsgi-socket = 0.0.0.0:8000
# http-socket = 0.0.0.0:8000
uid = root
gid = www-data
plugins = python3
virtualenv = /home/geonode/.virtualenvs/geonode
for-readline = /opt/geonode/.env_local
env = %(_)
endfor =
chdir = /opt/geonode
module = geonode.wsgi:application
strict = false
master = true
enable-threads = true
vacuum = true ; Delete sockets during shutdown
single-interpreter = true
die-on-term = true ; Shutdown when receiving SIGTERM (default is respawn)
need-app = true
# logging
# path to where uwsgi logs will be saved
logto = /opt/data/logs/geonode.log
# daemonize = /opt/data/logs/geonode.log
touch-reload = /opt/geonode/geonode/wsgi.py
buffer-size = 32768
harakiri = 60 ; forcefully kill workers after 60 seconds
py-callos-afterfork = true ; allow workers to trap signals
max-requests = 1000 ; Restart workers after this many requests
max-worker-lifetime = 3600 ; Restart workers after this many seconds
reload-on-rss = 2048 ; Restart workers after this much resident memory
worker-reload-mercy = 60 ; How long to wait before forcefully killing workers
cheaper-algo = busyness
processes = 128 ; Maximum number of workers allowed
cheaper = 8 ; Minimum number of workers allowed
cheaper-initial = 16 ; Workers created at startup
cheaper-overload = 1 ; Length of a cycle in seconds
cheaper-step = 16 ; How many workers to spawn at a time
cheaper-busyness-multiplier = 30 ; How many cycles to wait before killing workers
cheaper-busyness-min = 20 ; Below this threshold, kill workers (if stable for multiplier cycles)
cheaper-busyness-max = 70 ; Above this threshold, spawn new workers
cheaper-busyness-backlog-alert = 16 ; Spawn emergency workers if more than this many requests are waiting in the queue
cheaper-busyness-backlog-step = 2 ; How many emergency workers to create if there are too many requests in the queue
.. code-block:: shell
# Enable the GeoNode UWSGI config
sudo ln -s /etc/uwsgi/apps-available/geonode.ini /etc/uwsgi/apps-enabled/geonode.ini
# Restart UWSGI Service
sudo pkill -9 -f uwsgi
sudo service uwsgi restart
# Follow the logs
sudo tail -500f /var/log/uwsgi/app/geonode.log
.. code-block:: shell
# Backup the original NGINX config
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
# Create the GeoNode Default NGINX config
sudo vim /etc/nginx/nginx.conf
.. code-block:: shell
# Make sure your nginx.config matches the following one
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 16 8k;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_types video/mp4 text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/jpeg;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
.. code-block:: shell
# Remove the Default NGINX config
sudo rm /etc/nginx/sites-enabled/default
# Create the GeoNode App NGINX config
sudo vim /etc/nginx/sites-available/geonode
.. code-block:: shell
uwsgi_intercept_errors on;
upstream geoserver_proxy {
server localhost:8080;
}
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
charset utf-8;
etag on;
expires $expires;
proxy_read_timeout 600s;
# set client body size to 2M #
client_max_body_size 50000M;
location / {
etag off;
uwsgi_pass 127.0.0.1:8000;
uwsgi_read_timeout 600s;
include uwsgi_params;
}
location /static/ {
alias /opt/geonode/geonode/static_root/;
}
location /uploaded/ {
alias /opt/geonode/geonode/uploaded/;
}
location /geoserver {
proxy_pass http://geoserver_proxy;
include proxy_params;
}
}
.. code-block:: shell
# Prepare the uploaded folder
sudo mkdir -p /opt/geonode/geonode/uploaded
sudo chown -Rf tomcat:www-data /opt/geonode/geonode/uploaded
sudo chmod -Rf 777 /opt/geonode/geonode/uploaded/
# Enable GeoNode NGINX config
sudo ln -s /etc/nginx/sites-available/geonode /etc/nginx/sites-enabled/geonode
# Restart the services
sudo systemctl restart nginx
Update the settings in order to use the ``localhost``
......................................................
Make sure you updated both the GeoServer `proxy base` and the GeoNode `OAuth2` to `localhost`.
Remember to update the GeoServer `OAuth2 provider` and `GeoNode REST role service` accordingly.
Then you can update your current dataset by running the following GeoNode management commands:
.. code-block:: shell
# Initialize GeoNode
./manage_local.sh migrate_baseurl --source-address=http://localhost:8080/geoserver --target-address=http://localhost/geoserver
./manage_local.sh migrate_baseurl --source-address=http://localhost:8000/ --target-address=http://localhost/
Before finalizing the configuration, we will need to update the ``UWSGI`` settings
Restart ``UWSGI`` and update ``OAuth2`` by using the new ``geonode.settings``
Check for any errors with
.. code-block:: shell
sudo tail -F -n 300 /var/log/uwsgi/app/geonode.log
Reload the UWSGI configuration with
.. code-block:: shell
touch /opt/geonode/geonode/wsgi.py
Fix up the GeoServer default proxy base URL
.. code-block:: shell
sudo vim /opt/data/geoserver_data/global.xml
.. code-block:: diff
@@ -4,7 +4,7 @@
UTF-8
8
http://geoserver.org
- http://localhost:8080/geoserver
+ http://localhost/geoserver
false
false
.. code-block:: shell
sudo vim /opt/data/geoserver_data/security/filter/geonode-oauth2/config.xml
.. code-block:: diff
@@ -9,19 +9,19 @@
rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3
- http://localhost:8000/o/token/
+ http://localhost/o/token/
- http://localhost:8000/o/authorize/
+ http://localhost/o/authorize/
- http://localhost:8080/geoserver/index.html
+ http://localhost/geoserver/index.html
- http://localhost:8000/api/o/v4/tokeninfo/
+ http://localhost/api/o/v4/tokeninfo/
- http://localhost:8000/account/logout/
+ http://localhost/account/logout/
write
false
.. code-block:: shell
sudo vim /opt/data/geoserver_data/security/role/geonode\ REST\ role\ service/config.xml
.. code-block:: diff
@@ -4,7 +4,7 @@
org.geoserver.security.GeoServerRestRoleService
ROLE_ADMIN
ROLE_ADMIN
- http://localhost:8000
+ http://localhost
/api/roles
/api/adminRole
/api/users
Restart Tomcat
.. code-block:: shell
sudo systemctl restart tomcat9