https://github.com/flaskbb/flaskbb
https://flaskbb.org/installation/
https://flaskbb.org/deployment/
https://flaskbb.readthedocs.io/en/latest/installation.html
#安装
    git clone https://github.com/sh4nks/flaskbb.git
    cd flaskbb
    git checkout 2.0.0
    pip3.6 install virtualenv
    virtualenv .venv
    .\.venv\Scripts\activate.ps1 #如果是linux，命令变为source .venv/bin/activate
    pip3.6 install -r requirements.txt

    #生产模式配置及启动
        #生成flaskbb.cfg配置文件，需要交互式填写配置信息,生成完毕后可以自己修改参数配置
            flaskbb makeconfig #bbs.guojingyi.cn mysql+pymysql://user_flaskbb:123456@127.0.0.1:13316/flaskbb redis://:123456@localhost:6379
        #重置数据库，并设置站点登录用户和密码
            flaskbb --config flaskbb.cfg install
        #启动站点
            flaskbb --config flaskbb.cfg run -h 0.0.0.0 -p 80 --cert bundle.crt --key bundle.key
    #开发模式配置及启动
        #生成flaskbb.cfg配置文件，需要交互式填写配置信息,生成完毕后可以自己修改参数配置
            flaskbb makeconfig -d 
        #启动站点
            flaskbb --config flaskbb.cfg run

#配置supervisor、uwsgi、nginx
    yum install -y supervisor uwsgi uwsgi-plugin-python36u

    cat <<EOF > /etc/supervisord.d/uwsgi.ini
[program:uwsgi]
command=/usr/sbin/uwsgi /etc/uwsgi.ini ; 运行程序的命令
user=root ; 进程执行的用户身份
stopsignal=QUIT ; 用来杀死进程的
autostart=true ; 随着supervisord的启动而启动
autorestart=true ; 程序异常退出后自动重启
startretries = 3 ; 启动失败自动重试次数，默认是 3
startsecs=60 ; 重试间隔
numprocs=1 ; 启动几个进程
; stderr_logfile=/var/log/uwsgi.err.log ; 错误日志文件
; stdout_logfile=/var/log/uwsgi.out.log ; 输出日志文件
environment=ASPNETCORE_ENVIRONMENT=Production ; 进程环境变量
EOF
    cat <<EOF > /etc/uwsgi.ini
[uwsgi]
uid = nginx
gid = nginx
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
chmod-socket = 660
emperor-tyrant = true
cap = setgid,setuid
EOF
    cat <<EOF > /etc/uwsgi.d/uwsgi_flaskbb.ini
[uwsgi]
master          = true
# 非多站模式时 vhost = true 和 no-site = true 需要注释掉，否则后续 nginx 配置文件中设置的入口文件则不生效，服务器会回应 Internal Server error
# vhost           = true
# no-site         = true
# the base directory (full path)
chdir           = /opt/flaskbb
pythonpath = %(chdir)
# module
module          = wsgi
callable = flaskbb
#名称与yum install -y supervisor uwsgi uwsgi-plugin-python36u plugin对应
plugins = python36u
virtualenv = /opt/flaskbb/.venv
# maximum number of worker processes
processes       = 3
# the socket (use the full path to be safe
socket          = /dev/shm/uwsgi_flaskbb.sock
# pid file
pidfile = /opt/flaskbb/uwsgi_flaskbb.pid
# log file
daemonize = /opt/flaskbb/uwsgi_flaskbb.log
# ... with appropriate permissions - may be needed
chmod-socket    = 664
# clear environment on exit
vacuum          = true
uid=nginx
gid=nginx
EOF

    cat <<EOF > /opt/nginx/conf/vhosts/bbs.guojingyi.cn.conf
server {
    listen       80;
    server_name  bbs.guojingyi.cn;
    rewrite ^(.*)$ https://$host$1 permanent;
}
server {
    listen       443 ssl http2;
    server_name  bbs.guojingyi.cn;

    ssl_certificate      certs/Nginx/1_bbs.guojingyi.cn_bundle.crt;
    ssl_certificate_key  certs/Nginx/2_bbs.guojingyi.cn.key;

    #由于这两个命令的默认值已经好几次发生了改变，因此不建议显性定义，除非有需要额外定义的值
    # ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    # ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    charset utf-8;
    access_log logs/bbs.guojingyi.cn.access.log  main;
    error_log logs/bbs.guojingyi.cn.error.log warn;

    location / {
        include naxsi.conf;
        set_cookie_flag HttpOnly secure;
        try_files $uri @flaskbb;
        limit_req zone=one burst=5 nodelay;
        limit_conn addr 10;
    }

    location @flaskbb {
        include uwsgi_params;
        uwsgi_pass unix:///dev/shm/uwsgi_flaskbb.sock;
    }

    # Static files
    location /static {
       alias /opt/flaskbb/flaskbb/static;
    }

    location ~ ^/_themes/([^/]+)/(.*)$ {
        alias /opt/flaskbb/flaskbb/themes/$1/static/$2;
    }

    # robots.txt
    location /robots.txt {
        alias /opt/flaskbb/flaskbb/static/robots.txt;
    }
    # favicon.ico
    location /favicon.ico {
        alias /opt/flaskbb/flaskbb/static/favicon.ico;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    location ~ /\. {
        deny all;
    }

    #禁止访问所有目录下的sql|log|jar|war|sh|py等后缀的文件
    location ~* \.(sql|log|jar|war|sh|bash|ksh|py|bak|tar|zip|gz|bz|doc|svn|git)$ {
        deny all;
    }
    ## 只允许的web方法     
    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }
    # 阻止用户代理，如扫描器，机器人和垃圾邮件
    if ($http_user_agent ~* jaunty|crawldaddy|bot|lwp::simple|bbbike|wget|msnbot|scrapbot|scrapy|httpclient|idm|aria2|axel|thunder|youtube-dl|movgrab|rtorrent|ctorrent|transmission-cli|vuze) {
        return 403;
    }
    if ($http_user_agent ~ ^$) {
        return 403;
    }
}
EOF
#启动服务
    systemctl start supervisord
    systemctl enable supervisord

    supervisorctl reload
    supervisorctl status
    supervisorctl start uwsgi
    supervisorctl status uwsgi

    systemctl restart nginx
#浏览器访问地址
    https://bbs.guojingyi.cn