diff --git a/account/models.py b/account/models.py index 6ef7f71f..92e3df38 100644 --- a/account/models.py +++ b/account/models.py @@ -85,7 +85,7 @@ class UserProfile(models.Model): oi_problems_status = JSONField(default=dict) real_name = models.CharField(max_length=32, blank=True, null=True) - avatar = models.CharField(max_length=256, default=f"/{settings.IMAGE_UPLOAD_DIR}/default.png") + avatar = models.CharField(max_length=256, default=f"{settings.AVATAR_URI_PREFIX}/default.png") blog = models.URLField(blank=True, null=True) mood = models.CharField(max_length=256, blank=True, null=True) github = models.CharField(max_length=64, blank=True, null=True) diff --git a/account/views/oj.py b/account/views/oj.py index 5f72156e..3cccd362 100644 --- a/account/views/oj.py +++ b/account/views/oj.py @@ -74,12 +74,12 @@ class AvatarUploadAPI(APIView): return self.error("Unsupported file format") name = rand_str(10) + suffix - with open(os.path.join(settings.IMAGE_UPLOAD_DIR_ABS, name), "wb") as img: + with open(os.path.join(settings.AVATAR_UPLOAD_DIR, name), "wb") as img: for chunk in avatar: img.write(chunk) user_profile = request.user.userprofile - user_profile.avatar = f"/{settings.IMAGE_UPLOAD_DIR}/{name}" + user_profile.avatar = f"{settings.AVATAR_URI_PREFIX}/{name}" user_profile.save() return self.success("Succeeded") diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 7f819aee..55af5225 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,7 +1,7 @@ FROM python:3.6-alpine3.6 ENV OJ_ENV production -RUN apk add --no-cache nginx supervisor jpeg-dev zlib-dev postgresql-dev freetype-dev +RUN apk add --no-cache supervisor jpeg-dev zlib-dev postgresql-dev freetype-dev ADD requirements.txt /tmp RUN apk add --no-cache build-base && \ diff --git a/deploy/nginx.conf b/deploy/nginx.conf deleted file mode 100644 index bdaf1de8..00000000 --- a/deploy/nginx.conf +++ /dev/null @@ -1,109 +0,0 @@ -user nginx; - -# Set number of worker processes automatically based on number of CPU cores. -worker_processes auto; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /dev/stderr warn; - -# use supervisor to monitor -daemon off; - -# set pid path -pid /tmp/nginx.pid; - -# Includes files with directives to load dynamic modules. -include /etc/nginx/modules/*.conf; - - -events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} - -http { - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 208.67.222.222 208.67.220.220; - - # Don't tell nginx version to clients. - server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. - client_max_body_size 50m; - - # Timeout for keep-alive connections. Server will close connections after - # this time. - keepalive_timeout 10; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). - sendfile on; - - # Don't buffer data-sends (disable Nagle algorithm). - # Good for sending frequent small bursts of data in real time. - tcp_nodelay on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. - #tcp_nopush on; - - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - - # Specifies that our cipher suits should be preferred over client ciphers. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 8000 sessions. - ssl_session_cache shared:SSL:2m; - - - # Enable gzipping of responses. - gzip on; - gzip_types application/javascript text/css; - - # Set the Vary HTTP header as defined in the RFC 2616. - gzip_vary on; - - # Enable checking the existence of precompressed files. - #gzip_static on; - - - # Specifies the main log format. - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Sets the path, format, and configuration for a buffered log write. - # access_log /var/log/nginx/access.log main; - access_log off; - - server { - listen 80 default_server; - server_name _; - - location /static/avatar { - expires max; - alias /app/static/avatar; - } - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:8080; - } - } -} diff --git a/deploy/run.sh b/deploy/run.sh index 8082c217..34ef16ba 100644 --- a/deploy/run.sh +++ b/deploy/run.sh @@ -12,7 +12,6 @@ fi cd $BASE find . -name "*.pyc" -delete -chown -R nobody:nogroup $BASE/log # wait for postgresql start sleep 5 @@ -29,7 +28,6 @@ if [ $? -ne 0 ]; then fi python manage.py initadmin break - done if [ $n -eq 3 ]; then @@ -37,4 +35,5 @@ if [ $n -eq 3 ]; then exit 1 fi +chown -R nobody:nogroup /data/log /data/test_case /data/avatar exec supervisord -c /app/deploy/supervisor.conf diff --git a/deploy/supervisor.conf b/deploy/supervisor.conf index 1bbc52fc..fc248d80 100644 --- a/deploy/supervisor.conf +++ b/deploy/supervisor.conf @@ -5,16 +5,16 @@ logfile_backups=10 loglevel=info pidfile=/tmp/supervisord.pid nodaemon=true -childlogdir=/app/log/ +childlogdir=/data/log/ [supervisorctl] serverurl=unix:///tmp/supervisor.sock [program:gunicorn] -command=sh -c "gunicorn oj.wsgi --user nobody -b 127.0.0.1:8080 --reload -w `grep -c ^processor /proc/cpuinfo`" +command=sh -c "gunicorn oj.wsgi --user nobody -b 0.0.0.0:8080 --reload -w `grep -c ^processor /proc/cpuinfo`" directory=/app/ -stdout_logfile=/app/log/gunicorn.log -stderr_logfile=/app/log/gunicorn.log +stdout_logfile=/data/log/gunicorn.log +stderr_logfile=/data/log/gunicorn.log autostart=true autorestart=true startsecs=5 @@ -25,19 +25,8 @@ killasgroup=true command=celery -A oj worker -l warning directory=/app/ user=nobody -stdout_logfile=/app/log/celery.log -stderr_logfile=/app/log/celery.log -autostart=true -autorestart=true -startsecs=5 -stopwaitsecs = 5 -killasgroup=true - -[program:nginx] -command=nginx -c /app/deploy/nginx.conf -directory=/app/ -stdout_logfile=/app/log/nginx.log -stderr_logfile=/app/log/nginx.log +stdout_logfile=/data/log/celery.log +stderr_logfile=/data/log/celery.log autostart=true autorestart=true startsecs=5 diff --git a/oj/dev_settings.py b/oj/dev_settings.py index 85719f6e..15ae2394 100644 --- a/oj/dev_settings.py +++ b/oj/dev_settings.py @@ -28,6 +28,9 @@ TEST_CASE_DIR = "/tmp" LOG_PATH = "/tmp/" +AVATAR_URI_PREFIX = "/static/avatar" +AVATAR_UPLOAD_DIR = f"{BASE_DIR}{AVATAR_URI_PREFIX}" + STATICFILES_DIRS = [ os.path.join(BASE_DIR, "static"), ] diff --git a/oj/production_settings.py b/oj/production_settings.py index 7b1b1e1c..56dbc499 100644 --- a/oj/production_settings.py +++ b/oj/production_settings.py @@ -25,5 +25,8 @@ DEBUG = False ALLOWED_HOSTS = ['*'] -TEST_CASE_DIR = "/app/test_case" -LOG_PATH = "log/" +AVATAR_URI_PREFIX = "/static/avatar" +AVATAR_UPLOAD_DIR = "/data/avatar" + +TEST_CASE_DIR = "/data/test_case" +LOG_PATH = "/data/log" diff --git a/oj/settings.py b/oj/settings.py index 47f0b78f..81f55d38 100644 --- a/oj/settings.py +++ b/oj/settings.py @@ -191,9 +191,6 @@ CELERY_TASK_SOFT_TIME_LIMIT = CELERY_TASK_TIME_LIMIT = 180 CELERY_ACCEPT_CONTENT = ["json"] CELERY_TASK_SERIALIZER = "json" -IMAGE_UPLOAD_DIR = 'static/avatar' -IMAGE_UPLOAD_DIR_ABS = os.path.join(BASE_DIR, IMAGE_UPLOAD_DIR) - # 用于限制用户恶意提交大量代码 TOKEN_BUCKET_DEFAULT_CAPACITY = 50