1) Buy a VPS Server
for setting up django web app in centos/Rhel vps system you have to buy vps server from vps provider it will give you server ip address and root password also you will get client web gui for management of server from that you get access to reset server ,reinstall server or boot sever into safe mode and from there you can even change the root password
2) ssh the server
now ssh the sever from any ssh client like putty ,cmd or mobxtrem,etc.
ssh root@192.168.47.101 ---> give root password of server
after that you will get the full access that server
3)Change the root password
once you login to ssh server you should change your root password by passwd commnad
passwd root --> give new password two times
4) add a new user
add a new user so you dont needed to use root for all the times it will make your server more secure
useradd test
passwd test --> give new password two times
now add that test user to wheel group so you can use sudo command by sudo command you can access all system command by that new user
usermod -G wheel test
5) Configure ssh
configure ssh so no one can login to the system via root , edit ssh configuration file and write PermitRootLogin to No
vim /etc/ssh/sshd_config
PermitRootLogin to No
now reboot the system and login via ssh by ssh user@server
6)update the system
now update the system then reboot the system
e.g yum update && reboot
7)Install python3
after sucessfully update install python3
yum install python3
8)install and activate virtual enviroment
after installation of python3 we can use python pip package installer by using pip we can install and create virtual enviroment
by using virtual enviroment we can install python packages virtually that means they only available when we activate the virtual enviroment
pip3 install virtualenv
9)activate virtual enviroment
for activation of virtual enviroment create new directory use source command to activate it
mkdir /djangoenv
virtualenv /djangoenv
source /django/bin/activate
10)install python packages
first create the requirement.txt ,in that file write list of names of python packages
now install it by
pip install -r requirements.txt
11) install sqlite3.8
for django to work in python3 in centos it need the sqlite version 3.8
wget https://kojipkgs.fedoraproject.org//packages/sqlite/3.8.11/1.fc21/x86_64/sqlite-3.8.11-1.fc21.x86_64.rpm
sudo yum install sqlite-3.8.11-1.fc21.x86_64.rpm
12)copy django application to server
copy django application to server by using scp or sftp
scp djangoapplication.zip user@server
13)test the django application
python3 manage.py runserver
14)install apache webserver
install apache webserver
yum install httpd*
15) configure apache server
go to /etc/httpd/conf.d
create web.conf file
type configuration
<virtual host *:80>
servername yoursitename
alias /static /your static directory in django application
alias /media /your media directory in django application
<directory /your static direcory >
require all granted
</directory>
<directory /your media directory >
require all granted
</directory>
<directory /your main app directory where wsgi file located>
<files wsgi.py>
require all granted
</files>
</directory>
WSGIDaemonProcess name_of_your_project python-path = /directory of project
python-home = /directory of enviroment variables'
WSGIProcessGroup name_of_project
WSGIScriptAlias / /your django app directory
</virtualhost>
save and exit
if there is numpy python package in your django app then it will gives time out so add following line to
/etc/httpd/conf/httpd.conf
WSGIApplicationGroup % {GLOBAL}
save and exit
16)Restart apache server
test apache config by
apachectl configtest
restart apache server
systemctl restart httpd
17)go to web browser check your site
Done.
Create Replication Mysql
mysqld --defaults-file=/etc/my.cnf --initialize --user=mysql
In 8.4 Community, the host cache is managed internally.
FLUSH HOST DEPRICATED --> SELECT * FROM performance_schema.host_cache;
CREATE USER 'repl'@'%' IDENTIFIED BY 'password';
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%';
FLUSH PRIVILEGES;
CHANGE REPLICATION SOURCE TO
SOURCE_HOST='192.168.241.101',
SOURCE_USER='repl',
SOURCE_PASSWORD='password',
SOURCE_PORT=3360,
SOURCE_AUTO_POSITION=1,
SOURCE_SSL=1,
SOURCE_SSL_CA='/data/ca.pem';
slave my.cnf
[mysqld]
datadir=/data/mysql_server
socket=/var/lib/mysql/mysql.sock
log-error=/data/mysql_server/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
server-id=2
log_bin=mysql-bin
binlog_format=ROW
gtid_mode=ON
enforce_gtid_consistency=ON
get_source_public_key=1
port=3360
user=mysql
symbolic-links=0
# Connection limits (safe for low-memory VM)
max_connections=50
max_user_connections=50
# Packet and temporary table sizes
max_allowed_packet=16M
tmp_table_size=32M
max_heap_table_size=32M
# Sorting and read buffers (per connection, smaller for low RAM)
sort_buffer_size=2M
read_buffer_size=2M
read_rnd_buffer_size=4M
join_buffer_size=2M
# Storage engine
default-storage-engine=InnoDB
key_buffer_size=8M
bulk_insert_buffer_size=8M
# InnoDB settings for small memory
innodb_log_file_size=32M
innodb_print_all_deadlocks=1
innodb_buffer_pool_instances=1
innodb_buffer_pool_size=512M
innodb_read_io_threads=4
innodb_write_io_threads=4
innodb_thread_concurrency=0
innodb_io_capacity=100
innodb_log_buffer_size=8M
innodb_flush_log_at_trx_commit=2
innodb_lock_wait_timeout=50
# Transaction isolation
transaction-isolation=READ-COMMITTED
[root@node2 data]#
============================
master my.cnf
[mysqld]
datadir=/data/mysql_server
socket=/var/lib/mysql/mysql.sock
log-error=/data/mysql_server/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
server-id=1
log_bin=mysql-bin
binlog_format=ROW
gtid_mode=ON
enforce_gtid_consistency=ON
plugin-load-add=mysql_native_password.so
port=3360
user=mysql
symbolic-links=0
# Connection limits (safe for low-memory VM)
max_connections=50
max_user_connections=50
# Packet and temporary table sizes
max_allowed_packet=16M
tmp_table_size=32M
max_heap_table_size=32M
# Sorting and read buffers (per connection, smaller for low RAM)
sort_buffer_size=2M
read_buffer_size=2M
read_rnd_buffer_size=4M
join_buffer_size=2M
# Storage engine
default-storage-engine=InnoDB
key_buffer_size=8M
bulk_insert_buffer_size=8M
# InnoDB settings for small memory
innodb_log_file_size=32M
innodb_print_all_deadlocks=1
innodb_buffer_pool_instances=1
innodb_buffer_pool_size=512M
innodb_read_io_threads=4
innodb_write_io_threads=4
innodb_thread_concurrency=0
innodb_io_capacity=100
innodb_log_buffer_size=8M
innodb_flush_log_at_trx_commit=2
innodb_lock_wait_timeout=50
# Transaction isolation
transaction-isolation=READ-COMMITTED
Secure Monitoring Setup – Prometheus + Node Exporter + Grafana (HTTPS + TLS + Django Embed)
OS: Rocky Linux 8.10 / RHEL compatible
Container runtime: Podman
TLS: Let’s Encrypt or self-signed
Grafana HTTPS port: 42923
Goal:
– node exporter & prometheus not public
– only localhost access
– grafana SSL enabled on random port
– disable anonymous login
– embed inside Django site
– force login authentication
=======================================
Create directories
mkdir -p /opt/node
mkdir -p /opt/prometheus
mkdir -p /opt/grafana/certs
=======================================
2) Copy SSL certificates for Grafana
Use Let’s Encrypt certs (recommended)
cp -L /etc/letsencrypt/live/www.yourdomain.com/fullchain.pem /opt/grafana/certs/fullchain.pem
cp -L /etc/letsencrypt/live/www.yourdomain.com/privkey.pem /opt/grafana/certs/privkey.pem
Fix permissions
chmod 640 /opt/grafana/certs/privkey.pem
chmod 644 /opt/grafana/certs/fullchain.pem
SELinux label
chcon -Rt container_file_t /opt/grafana/certs
=======================================
3) Create Node Exporter HTTPS config file
cat > /opt/node/web.yml <<EOF
tls_server_config:
cert_file: /certs/server.crt
key_file: /certs/server.key
EOF
If using self-signed:
copy cert files
cp /opt/ssl/selfsigned/server.crt /opt/node/
cp /opt/ssl/selfsigned/server.key /opt/node/
=======================================
4) Run Node Exporter (localhost only + HTTPS)
podman run -d
--name node_exporter
-p 127.0.0.1:9100:9100
-v /opt/node/web.yml:/etc/node/web.yml:Z
-v /opt/ssl/selfsigned/server.crt:/certs/server.crt:ro,Z
-v /opt/ssl/selfsigned/server.key:/certs/server.key:ro,Z
quay.io/prometheus/node-exporter
--web.config.file=/etc/node/web.yml
--web.listen-address=127.0.0.1:9100
Test
curl -k https://127.0.0.1:9100/metrics
=======================================
5) Create Prometheus config
cat > /opt/prometheus/prometheus.yml <<EOF
global:
scrape_interval: 5s
scrape_configs:
job_name: 'node'
scheme: https
tls_config:
insecure_skip_verify: true
static_configs:
targets: ['127.0.0.1:9100']
EOF
=======================================
6) Run Prometheus container
podman run -d
--name prometheus
-p 127.0.0.1:9090:9090
-v /opt/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:Z
prom/prometheus
Test local access
curl -k https://127.0.0.1:9090/api/v1/targets
You should see "health: up"
=======================================
7) Run Grafana HTTPS on port 42923
Remove any old container first
podman stop grafana || true
podman rm grafana || true
Run new
podman run -d
--name=grafana
--net=host
-v grafana:/var/lib/grafana
-v /opt/grafana/certs/fullchain.pem:/certs/fullchain.pem:ro,Z
-v /opt/grafana/certs/privkey.pem:/certs/privkey.pem:ro,Z
-e GF_SERVER_PROTOCOL=https
-e GF_SERVER_HTTP_PORT=42923
-e GF_SERVER_CERT_FILE=/certs/fullchain.pem
-e GF_SERVER_CERT_KEY=/certs/privkey.pem
-e GF_AUTH_ANONYMOUS_ENABLED=false
-e GF_USERS_ALLOW_SIGN_UP=false
-e GF_SECURITY_ALLOW_EMBEDDING=true
grafana/grafana:latest
Test
curl -k https://127.0.0.1:42923
Expected:
<a href="/login">Found</a>
Browser URL
https://www.yourdomain.com:42923
=======================================
8) First Grafana login
Default user:
admin / admin
Grafana will force you to CHANGE PASSWORD
Create user “xxxx” later in settings.
=======================================
9) Import dashboard ID 1860
In Grafana:
Dashboards → Import
Dashboard ID: 1860
Select Prometheus datasource
=======================================
10) Django embed setup
Create app: serverstats
views.py
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
@login_required
def serverstats_home(request):
return render(request, "serverstats/home.html")
Template home.html
<h2>Server Monitoring Dashboard</h2> <iframe src="https://www.yourdomain.com:42923/d/xxxx?orgId=1&refresh=30s" width="100%" height="900" frameborder="0"> </iframe>
urls.py entry
path("serverstats/", serverstats_home, name="serverstats")
=======================================
11) Security notes
Node exporter is local only ✔
Prometheus is local only ✔
Grafana HTTPS enforced ✔
Random port 42923 ✔
Anonymous Grafana disabled ✔
Django auth required ✔
TLS everywhere ✔