remrin

remrin

github
email

折腾一下博客

半夜刷 B 站看到一个博客 fuxiaochen 发现挺好看的

翻了翻这个博客的仓库 Github, 在Readme里面看见参考了 Shiro

准备半夜爬起来就部署上,想了想,没域名服务器,还是洗洗睡吧

早上醒得早,博客的事还是想搞,细细品读部署文档,直接下单服务器4H4G-220G, 55$/Year

还是有点肉疼,加上域名 remrin.dev 12$/Year

本就不富裕的钱包更是雪上加霜,买都买了直接开干

好在部署比较简单,Docker compose 一把梭,开始计划在 Vercel 上部署,一直部署失败

报错信息

看了一下日志,应该是最近一次提交引入的 BUG 已修复 #374

着急部署,博客前端也只能用Docker 上了

部署过程就不细说了,也不是教程文章,最终成果还是不错的

顺便说一下我的方案

开始使用的 Certbot 来申请证书,后面发现CloudFlare 可以直接申请,就直接用他了

教程中的手写 Nginx 反代说的就是我

有个坑在这说一下,CloudFlare 提供的证书不能用于常规 SSL 验证,只是服务器和 CloudFlare 通信会用到

所以需要用其他方式申请证书,我用的 Cretbot 自动申请,一次只能申请 90 天,需要自己配置一下自动续签

如果部署完博客前端之后居然无法访问 Api提示证书问题,在 Server.js 中加入一个配置可以暂时解决

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';```

之后 `Reload` 一下 `shiro` 服务

```shell
pm2 reload shiro

对于手写 Nginx 反代配置的,可以参考我的配置

博客前端

server {

  listen 80;
  listen 443 ssl http2;

  ## 绑定域名
  server_name xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    expires 30d;
  }
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control max-age=60;
  }

  location / {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control no-cache;
    proxy_intercept_errors on;
  }

  # 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

Server

server {

  listen 80;
  listen 443 ssl http2;

  ## 绑定域名
  server_name server.xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  ## 反向代理开始
  ## WebSocket
  location /socket.io {
    proxy_pass http://127.0.0.1:2333/socket.io;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_buffering off;
    proxy_http_version 1.1;
    add_header Cache-Control no-cache;
  }

  ## 可以给管理页加一个代理
  location /xxx {
    proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
  }

  ## RSS 地址
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
  }
  ## Others
  location / {
    proxy_pass http://127.0.0.1:2333;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
  }
  ## 反向代理结束

  # 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

就这样,需要帮助可以发邮件联系我

此文由 Mix Space 同步更新至 xLog
原始链接为 https://remrin.dev/posts/blog/1


加载中...
此文章数据所有权由区块链加密技术和智能合约保障仅归创作者所有。