半夜刷 B 站看到一个博客 fuxiaochen 发现挺好看的
翻了翻这个博客的仓库 Github, 在Readme里面看见参考了 Shiro
准备半夜爬起来就部署上,想了想,没域名服务器,还是洗洗睡吧
早上醒得早,博客的事还是想搞,细细品读部署文档,直接下单服务器4H4G-220G, 55$/Year
还是有点肉疼,加上域名 remrin.dev 12$/Year
本就不富裕的钱包更是雪上加霜,买都买了直接开干
好在部署比较简单,Docker compose 一把梭,开始计划在 Vercel 上部署,一直部署失败
看了一下日志,应该是最近一次提交引入的 已修复 #374BUG
着急部署,博客前端也只能用Docker 上了
部署过程就不细说了,也不是教程文章,最终成果还是不错的
顺便说一下我的方案
- 域名 证书 CloudFlare
- 服务器 Cloudcone
- 域名邮箱 Fastmail
开始使用的 Certbot 来申请证书,后面发现CloudFlare 可以直接申请,就直接用他了
教程中的手写 Nginx 反代说的就是我
有个坑在这说一下,CloudFlare 提供的证书不能用于常规 SSL 验证,只是服务器和 CloudFlare 通信会用到
所以需要用其他方式申请证书,我用的 Cretbot 自动申请,一次只能申请 90 天,需要自己配置一下自动续签
如果部署完博客前端之后居然无法访问 Api提示证书问题,在 Server.js 中加入一个配置可以暂时解决
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';```
之后 `Reload` 一下 `shiro` 服务
```shell
pm2 reload shiro
对于手写 Nginx 反代配置的,可以参考我的配置
博客前端
server {
listen 80;
listen 443 ssl http2;
## 绑定域名
server_name xxx.com;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
proxy_pass http://127.0.0.1:2323;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
expires 30d;
}
location ~* \/(feed|sitemap|atom.xml) {
proxy_pass http://127.0.0.1:2333/$1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control max-age=60;
}
location / {
proxy_pass http://127.0.0.1:2323;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_intercept_errors on;
}
# 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
ssl_certificate /root/ssl/xxx.pem;
ssl_certificate_key /root/ssl/xxx.key;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
}
Server端
server {
listen 80;
listen 443 ssl http2;
## 绑定域名
server_name server.xxx.com;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
## 反向代理开始
## WebSocket
location /socket.io {
proxy_pass http://127.0.0.1:2333/socket.io;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Cache-Control no-cache;
}
## 可以给管理页加一个代理
location /xxx {
proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
}
## RSS 地址
location ~* \/(feed|sitemap|atom.xml) {
proxy_pass http://127.0.0.1:2333/$1;
}
## Others
location / {
proxy_pass http://127.0.0.1:2333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
}
## 反向代理结束
# 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
ssl_certificate /root/ssl/xxx.pem;
ssl_certificate_key /root/ssl/xxx.key;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
}
就这样,需要帮助可以发邮件联系我
此文由 Mix Space 同步更新至 xLog
原始链接为 https://remrin.dev/posts/blog/1