这是一个非常全面的问题。在服务器上部署服务涉及多个层面,从环境准备到持续运维。以下是一个完整的部署流程指南,涵盖传统方式和现代容器化方案:
一、部署前准备
1. 服务器环境准备
# 更新系统
sudo apt update && sudo apt upgrade -y # Ubuntu/Debian
sudo yum update -y # CentOS/RHEL
# 安装基础工具
sudo apt install -y curl wget git vim htop net-tools
2. 安全加固
# 创建非root用户
sudo adduser deployer
sudo usermod -aG sudo deployer
# 配置SSH密钥登录(禁用密码登录)
# 编辑 /etc/ssh/sshd_config:
# PasswordAuthentication no
# PubkeyAuthentication yes
# 配置防火墙
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
二、应用部署方式
方式一:传统部署(适合简单应用)
以 Python Django 应用为例:
# 1. 安装依赖
sudo apt install -y python3-pip python3-venv nginx supervisor
# 2. 创建应用目录
mkdir -p /var/www/myapp
cd /var/www/myapp
# 3. 克隆代码并创建虚拟环境
git clone https://github.com/yourrepo/myapp.git .
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# 4. 配置 Gunicorn(WSGI服务器)
# 创建 /etc/supervisor/conf.d/myapp.conf:
[program:myapp]
directory=/var/www/myapp
command=/var/www/myapp/venv/bin/gunicorn -w 4 -b 127.0.0.1:8000 myapp.wsgi:application
autostart=true
autorestart=true
user=deployer
stderr_logfile=/var/log/myapp.err.log
stdout_logfile=/var/log/myapp.out.log
# 5. 配置 Nginx 反向代理
# /etc/nginx/sites-available/myapp:
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /static/ {
alias /var/www/myapp/static/;
}
}
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl restart nginx
方式二:Docker 部署(推荐)
# Dockerfile
FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "myapp.wsgi:application"]
# docker-compose.yml
version: '3.8'
services:
app:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://user:pass@db:5432/mydb
depends_on:
- db
- redis
db:
image: postgres:15
environment:
POSTGRES_DB: mydb
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7-alpine
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./ssl:/etc/nginx/ssl
depends_on:
- app
volumes:
postgres_data:
部署命令:
# 安装 Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker deployer
# 部署应用
git clone https://github.com/yourrepo/myapp.git
cd myapp
docker-compose up -d --build
# 查看日志
docker-compose logs -f app
三、生产环境关键配置
1. 环境变量管理
# 使用 .env 文件(不要提交到Git)
# .env.production
DEBUG=False
SECRET_KEY=your-secret-key-here
DATABASE_URL=postgresql://...
REDIS_URL=redis://localhost:6379/0
# 或使用 Docker Secrets / Kubernetes Secrets
2. SSL/TLS 证书(Let's Encrypt)
# 安装 certbot
sudo apt install certbot python3-certbot-nginx
# 自动获取并配置证书
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
# 自动续期
sudo systemctl enable certbot.timer
3. 日志与监控
# docker-compose 中添加日志收集
services:
app:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# 可选:添加 Prometheus + Grafana 监控
prometheus:
image: prom/prometheus
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
grafana:
image: grafana/grafana
ports:
- "3000:3000"
四、CI/CD 自动化部署
GitHub Actions 示例
# .github/workflows/deploy.yml
name: Deploy to Production
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Deploy to Server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: deployer
key: ${{ secrets.SSH_KEY }}
script: |
cd /var/www/myapp
git pull origin main
docker-compose down
docker-compose up -d --build
docker system prune -f
五、部署检查清单
| 检查项 | 状态 |
|---|---|
| ✅ 服务器安全加固(防火墙、SSH密钥) | |
| ✅ 应用依赖完整安装 | |
| ✅ 环境变量正确配置 | |
| ✅ 数据库迁移执行 | |
| ✅ 静态文件收集 | |
| ✅ 域名解析正确 | |
| ✅ SSL证书配置 | |
| ✅ 反向代理配置 | |
| ✅ 日志轮转配置 | |
| ✅ 监控告警设置 | |
| ✅ 自动备份策略 | |
| ✅ 健康检查端点 |
六、故障排查常用命令
# 查看服务状态
sudo systemctl status nginx
docker-compose ps
# 查看日志
sudo journalctl -u myapp -f
docker-compose logs -f --tail=100
# 网络检查
netstat -tlnp
curl -v http://localhost:8000/health
# 资源监控
htop
df -h
docker stats
