机器:一台全新的ECS或VPS
系统::Ubuntu 22.04
配置:2h2g 5m
先安装/更新docker和docker-compose(详情请见本站文章)
创建路径
mkdir /application && cd /application
mkdir nginx
mkdir mysql
mkdir halo
cd nginx
mkdir conf.d && mkdir html
cd ..
vim docker-compose.yml
复制以下内容进入docker-compose.yml(注意修改PASSWORD)
version: '3.9'
networks:
docker_bridge:
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/24
gateway: 172.18.0.1
services:
halo:
image: halohub/halo:2.21.8
container_name: halo
restart: on-failure:3
networks:
mynetwork:
ipv4_address: 172.18.0.200
volumes:
- ./halo:/root/.halo2
command:
- --spring.r2dbc.url=r2dbc:pool:mysql://172.18.0.201:3306/halo
- --spring.r2dbc.username=rootName
- --spring.r2dbc.password=password
- --spring.sql.init.mode=never
- --halo.security.initializer.superadminusername=admin
- --halo.security.initializer.superadminpassword=password
halodb:
image: mysql:8.0.31
container_name: halodb
restart: on-failure:3
networks:
mynetwork:
ipv4_address: 172.18.0.201
command:
- --default-authentication-plugin=mysql_native_password
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
- --explicit_defaults_for_timestamp=true
volumes:
- ./mysql:/var/lib/mysql
- ./mysqlBackup:/data/mysqlBackup
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "--silent"]
interval: 3s
retries: 5
start_period: 30s
environment:
# 请修改此密码,并对应修改上方 Halo 服务的 SPRING_R2DBC_PASSWORD 变量值
- MYSQL_ROOT_PASSWORD=password
- MYSQL_DATABASE=halo
nginx:
image: anqiqii/nginx-certbot
container_name: nginx
restart: always
depends_on:
- cloudreve
networks:
docker_bridge:
ipv4_address: 172.18.0.2
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/html:/var/www/html然后
docker compose up -d
注意不要使用成docker-compose
如果使用的是阿里云,腾讯云等国内ESC的话,需在image处,添加加速镜像,example: image: docker.1ms.run/anqiqii/nginx-certbot
有些镜像加速已经die了,且有些镜像加速不支持某些image,请自行上GitHub更换,网址:https://github.com/dongyubin/DockerHub
cd nginx/conf.d
vim web.conf复制以下内容进入web.conf
server
{
listen 80 ;
server_name 你的域名;
# 以下为https重写,在申请完证书后去掉前面的注释
# if ($server_port !~ 443){
# rewrite ^(/.*)$ https://$host$1 permanent;
# }
# 一定要注意空格,没有空格配置失效
# if ( $host != '你的域名' ) {
# return 403;
# }
index index.php index.html index.htm default.php default.htm default.html;
client_max_body_size 1024m;
root /usr/share/nginx/html/web;
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
location ~* \.log$ {
deny all;
}
location / { #初始时不能填任何东西,在面板设置完后替换成你的路径
proxy_pass http://172.18.0.200:8090/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /apis/ {
proxy_pass http://172.18.0.200:8090/apis/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 60s; # API 可以设置更长的读取超时
proxy_redirect off;
}
}wq!保存
因为我们下载的是自带certbot的docker,所以我们直接进入nginx的docker自动申请SSL证书即可
进入nginx的docker
docker exec -it nginx bash
输入
certbot --nginx --no-redirect -d 你的域名 --cert-name anqiqii --nginx-server-root /etc/nginx -n --register-unsafely-without-email --agree-tos
申请完成后,ctrl+D退出即可
这里会遇到申请失败的情况:
1.DNS未解析域名,请去DNS服务商处确认
2.防火墙做了限制,请去VPS/ECS服务商处确认
3.国内ECS,未备案的情况下,一般验证不了(阿里的铁验证不了)
如果申请两次都未成功,先检查好情况,并查询解决方法,因为连续申请5次以上就要第2天才能继续申请了
检查web.conf是否能正常运行
docker exec -it nginx nginx -t
如果配置正确,以下为正常回显信息
[root@iZf8zbokd9wafj21xxvtbdZ conf.d]# docker exec -it nginx nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful重新加载nginx的配置文件
docker exec -it nginx nginx -s reload
这时候,打开的域名,就已经能正常访问上你的halo博客了。