safeguard-web生产环境部署指南：MySQL+Redis+Celery最佳实践-尧图网络科技

safeguard-web生产环境部署指南：MySQL+Redis+Celery最佳实践

【免费下载链接】safeguard-webLinux security audit, control, and behavior analysis web display.项目地址: https://gitcode.com/openeuler/safeguard-web

前往项目官网免费下载：https://ar.openeuler.org/ar/

想要将safeguard-web这个强大的Linux安全审计与运维管理平台部署到生产环境吗？😊 这篇完整指南将带您一步步完成MySQL数据库、Redis缓存和Celery异步任务队列的最佳实践配置，确保您的系统稳定高效运行！

safeguard-web是一款基于Django和Vue 3构建的Linux安全审计与运维管理平台，提供用户权限管理、主机资产管理、OS部署、系统迁移、网络负载均衡等完整功能。在生产环境中，正确的数据库和异步任务配置至关重要，直接影响系统的性能和可靠性。

📋 部署环境准备

系统要求

在开始部署之前，请确保您的服务器满足以下要求：

操作系统：CentOS 7+、Ubuntu 18.04+ 或 openEuler 20.03+
Python版本：Python 3.10+
Node.js版本：Node.js 18+
数据库：MySQL 5.7+ 或 MariaDB 10.3+
缓存/消息队列：Redis 5.0+
内存：至少4GB RAM
存储：至少20GB可用磁盘空间

项目获取与依赖安装

首先克隆项目仓库并安装Python依赖：

# 克隆项目 git clone https://gitcode.com/openeuler/safeguard-web.git cd safeguard-web # 创建Python虚拟环境 python -m venv venv source venv/bin/activate # 安装依赖 pip install -r requirements.txt

🗄️ MySQL数据库配置最佳实践

1. MySQL安装与配置

在生产环境中，我们强烈推荐使用MySQL替代默认的SQLite。以下是MySQL的安装和配置步骤：

# Ubuntu/Debian sudo apt update sudo apt install mysql-server mysql-client # CentOS/RHEL/openEuler sudo yum install mysql-server mysql # 启动MySQL服务 sudo systemctl start mysql sudo systemctl enable mysql

2. 创建数据库与用户

登录MySQL并创建safeguard-web专用的数据库和用户：

-- 创建数据库 CREATE DATABASE safeguard CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -- 创建专用用户 CREATE USER 'safeguard_user'@'localhost' IDENTIFIED BY 'StrongPassword123!'; -- 授予权限 GRANT ALL PRIVILEGES ON safeguard.* TO 'safeguard_user'@'localhost'; -- 刷新权限 FLUSH PRIVILEGES;

3. 配置Django连接MySQL

修改项目配置文件 safeguard_web/settings.py 中的数据库配置部分：

# 生产环境MySQL配置 DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'safeguard', 'USER': 'safeguard_user', 'PASSWORD': 'StrongPassword123!', 'HOST': 'localhost', 'PORT': '3306', 'OPTIONS': { 'charset': 'utf8mb4', 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", } } }

4. 数据库优化建议

为了获得最佳性能，建议进行以下MySQL配置优化：

# /etc/mysql/my.cnf 或 /etc/my.cnf [mysqld] # 连接池设置 max_connections = 500 wait_timeout = 600 interactive_timeout = 600 # 缓存设置 innodb_buffer_pool_size = 1G query_cache_size = 128M query_cache_type = 1 # 日志设置 slow_query_log = 1 slow_query_log_file = /var/log/mysql/slow.log long_query_time = 2

🔴 Redis缓存与消息队列配置

1. Redis安装与安全配置

Redis在生产环境中需要特别注意安全配置：

# 安装Redis # Ubuntu/Debian sudo apt install redis-server # CentOS/RHEL/openEuler sudo yum install redis # 启动Redis sudo systemctl start redis sudo systemctl enable redis

2. Redis安全加固

编辑Redis配置文件/etc/redis/redis.conf：

# 绑定本地地址 bind 127.0.0.1 # 设置密码（重要！） requirepass YourStrongRedisPassword123! # 禁用危险命令 rename-command FLUSHDB "" rename-command FLUSHALL "" rename-command CONFIG "" # 内存限制 maxmemory 1gb maxmemory-policy allkeys-lru

3. Django Redis配置

在 safeguard_web/settings.py 中配置Redis连接：

# Redis配置 REDIS_HOST = os.getenv("REDIS_HOST", "localhost") REDIS_PORT = int(os.getenv("REDIS_PORT", "6379")) REDIS_DB = int(os.getenv("REDIS_DB", "0")) REDIS_PASSWORD = os.getenv("REDIS_PASSWORD", "YourStrongRedisPassword123!") # Redis用户缓存过期时间（秒），默认24小时 REDIS_USER_TTL = int(os.getenv("REDIS_USER_TTL", "86400"))

⚡ Celery异步任务队列配置

1. Celery配置详解

Celery是safeguard-web处理异步任务的核心组件，如OS部署、系统迁移等耗时操作。在 safeguard_web/settings.py 中配置：

# Celery配置 CELERY_BROKER_URL = f"redis://:{REDIS_PASSWORD}@{REDIS_HOST}:{REDIS_PORT}/{REDIS_DB}" CELERY_RESULT_BACKEND = f"redis://:{REDIS_PASSWORD}@{REDIS_HOST}:{REDIS_PORT}/{REDIS_DB}" CELERY_ACCEPT_CONTENT = ["json"] CELERY_TASK_SERIALIZER = "json" CELERY_RESULT_SERIALIZER = "json" CELERY_TIMEZONE = TIME_ZONE CELERY_TASK_TRACK_STARTED = True CELERY_TASK_TIME_LIMIT = 3600 # 单个任务最大执行时间1小时

2. Celery Worker启动配置

创建Celery systemd服务文件/etc/systemd/system/celery.service：

[Unit] Description=Celery Service for safeguard-web After=network.target redis.service mysql.service [Service] Type=simple User=www-data Group=www-data WorkingDirectory=/path/to/safeguard-web Environment="PATH=/path/to/safeguard-web/venv/bin" Environment="PYTHONPATH=/path/to/safeguard-web" ExecStart=/path/to/safeguard-web/venv/bin/celery -A safeguard_web worker -l info --concurrency=4 Restart=always RestartSec=10 [Install] WantedBy=multi-user.target

3. 多Worker进程配置

对于高并发场景，建议配置多个Celery Worker进程：

# 启动多个Worker进程 celery -A safeguard_web worker -l info --concurrency=8 -n worker1@%h celery -A safeguard_web worker -l info --concurrency=8 -n worker2@%h

🚀 生产环境部署步骤

步骤1：环境变量配置

创建环境变量配置文件.env.production：

# 数据库配置 export IS_LOCAL=0 export DB_NAME=safeguard export DB_USER=safeguard_user export DB_PASSWORD=YourStrongDBPassword123! export DB_HOST=localhost export DB_PORT=3306 # Redis配置 export REDIS_HOST=localhost export REDIS_PORT=6379 export REDIS_PASSWORD=YourStrongRedisPassword123! export REDIS_DB=0 # Celery配置 export CELERY_BROKER_URL=redis://:YourStrongRedisPassword123!@localhost:6379/0 export CELERY_RESULT_BACKEND=redis://:YourStrongRedisPassword123!@localhost:6379/0 # 邮件配置 export EMAIL_HOST=smtp.your-email.com export EMAIL_PORT=587 export EMAIL_HOST_USER=your-email@example.com export EMAIL_HOST_PASSWORD=YourEmailPassword export EMAIL_FROM=noreply@example.com

步骤2：数据库迁移与初始化

# 应用数据库迁移 python manage.py migrate # 初始化权限系统 python manage.py init_authority # 重建菜单结构 python manage.py rebuild_menus # 创建超级用户 python manage.py createsuperuser

步骤3：静态文件收集

# 收集静态文件 python manage.py collectstatic --noinput # 设置文件权限 sudo chown -R www-data:www-data /path/to/safeguard-web sudo chmod -R 755 /path/to/safeguard-web/static sudo chmod -R 755 /path/to/safeguard-web/media

步骤4：配置Gunicorn + Nginx

创建Gunicorn配置文件gunicorn_config.py：

# gunicorn_config.py bind = "127.0.0.1:8000" workers = 4 worker_class = "sync" timeout = 120 accesslog = "/var/log/gunicorn/access.log" errorlog = "/var/log/gunicorn/error.log"

创建Nginx配置文件/etc/nginx/sites-available/safeguard-web：

server { listen 80; server_name your-domain.com; location /static/ { alias /path/to/safeguard-web/static/; expires 30d; } location /media/ { alias /path/to/safeguard-web/media/; expires 30d; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }

步骤5：启动所有服务

# 启动MySQL sudo systemctl start mysql sudo systemctl enable mysql # 启动Redis sudo systemctl start redis sudo systemctl enable redis # 启动Celery sudo systemctl start celery sudo systemctl enable celery # 启动Gunicorn gunicorn -c gunicorn_config.py safeguard_web.wsgi:application # 重启Nginx sudo systemctl restart nginx

🔧 监控与维护

1. 系统监控配置

配置日志轮转/etc/logrotate.d/safeguard-web：

/var/log/safeguard-web/*.log { daily missingok rotate 30 compress delaycompress notifempty create 644 www-data www-data sharedscripts postrotate systemctl reload safeguard-web endscript }

2. 健康检查脚本

创建健康检查脚本health_check.sh：

#!/bin/bash # 检查MySQL if ! mysqladmin -u safeguard_user -p'YourStrongDBPassword123!' ping &> /dev/null; then echo "MySQL is down!" exit 1 fi # 检查Redis if ! redis-cli -a 'YourStrongRedisPassword123!' ping &> /dev/null; then echo "Redis is down!" exit 1 fi # 检查Celery if ! celery -A safeguard_web status &> /dev/null; then echo "Celery is down!" exit 1 fi echo "All services are running" exit 0

3. 备份策略

创建数据库备份脚本backup.sh：

#!/bin/bash BACKUP_DIR="/backup/safeguard-web" DATE=$(date +%Y%m%d_%H%M%S) # 备份数据库 mysqldump -u safeguard_user -p'YourStrongDBPassword123!' safeguard > $BACKUP_DIR/db_backup_$DATE.sql gzip $BACKUP_DIR/db_backup_$DATE.sql # 备份重要配置文件 tar -czf $BACKUP_DIR/config_backup_$DATE.tar.gz \ safeguard_web/settings.py \ .env.production \ /etc/nginx/sites-available/safeguard-web # 保留最近7天备份 find $BACKUP_DIR -name "*.gz" -mtime +7 -delete