折腾一下博客

半夜刷 B 站看到一个博客 fuxiaochen 发现挺好看的

翻了翻这个博客的仓库 Github, 在Readme里面看见参考了 Shiro

准备半夜爬起来就部署上，想了想，没域名服务器，还是洗洗睡吧

早上醒得早，博客的事还是想搞，细细品读部署文档，直接下单服务器4H4G-220G, 55$/Year

还是有点肉疼，加上域名 remrin.dev 12$/Year

本就不富裕的钱包更是雪上加霜，买都买了直接开干

好在部署比较简单，Docker compose 一把梭，开始计划在 Vercel 上部署，一直部署失败

~~看了一下日志，应该是最近一次提交引入的 BUG~~ 已修复 #374

所以博客前端也用Docker 部署

部署过程就不细说了，也不是教程文章，最终成果还是不错的

顺便说一下我的方案

域名证书 CloudFlare
服务器 Cloudcone
域名邮箱 Fastmail

开始使用的 Certbot 来申请证书 ~~后面发现CloudFlare 可以直接申请，就直接用他了~~

有个坑在这说一下，CloudFlare 提供的证书不能用于常规SSL验证，只是服务器和 CloudFlare 通信会用到，所以还是使用 Certbot 去申请证书

所以需要用其他方式申请证书，我用的 Cretbot 自动申请，一次只能申请90天，需要自己配置一下自动续签

如果部署完博客前端之后无法访问 Api提示证书问题，在 Server.js 中加入一个配置可以暂时解决

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

之后 Reload 一下 shiro 服务

pm2 reload shiro

对于手写 Nginx 反代配置的，可以参考我的配置

博客前端

server {

  listen 80;
  listen 443 ssl http2;

  ## 绑定域名
  server_name xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    expires 30d;
  }
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control max-age=60;
  }

  location / {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control no-cache;
    proxy_intercept_errors on;
  }

  # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

Server端

server {

  listen 80;
  listen 443 ssl http2;

  ## 绑定域名
  server_name server.xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  ## 反向代理开始
  ## WebSocket
  location /socket.io {
    proxy_pass http://127.0.0.1:2333/socket.io;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_buffering off;
    proxy_http_version 1.1;
    add_header Cache-Control no-cache;
  }

  ## 可以给管理页加一个代理
  location /xxx {
    proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
  }

  ## RSS 地址
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
  }
  ## Others
  location / {
    proxy_pass http://127.0.0.1:2333;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
  }
  ## 反向代理结束

  # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

就这样，需要帮助可以发邮件联系我

server { listen 80; listen 443 ssl http2; ## 绑定域名 server_name xxx.com; index index.html; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; location ~* \.(gif|png|jpg|css|js|woff|woff2)$ { proxy_pass http://127.0.0.1:2323; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; expires 30d; } location ~* \/(feed|sitemap|atom.xml) { proxy_pass http://127.0.0.1:2333/$1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; add_header Cache-Control max-age=60; } location / { proxy_pass http://127.0.0.1:2323; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_intercept_errors on; } # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入 ssl_certificate /root/ssl/xxx.pem; ssl_certificate_key /root/ssl/xxx.key; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; }

server { listen 80; listen 443 ssl http2; ## 绑定域名 server_name server.xxx.com; index index.html; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ## 反向代理开始 ## WebSocket location /socket.io { proxy_pass http://127.0.0.1:2333/socket.io; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; proxy_http_version 1.1; add_header Cache-Control no-cache; } ## 可以给管理页加一个代理 location /xxx { proxy_pass http://127.0.0.1:2333/proxy/qaqdmin; } ## RSS 地址 location ~* \/(feed|sitemap|atom.xml) { proxy_pass http://127.0.0.1:2333/$1; } ## Others location / { proxy_pass http://127.0.0.1:2333; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; } ## 反向代理结束 # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入 ssl_certificate /root/ssl/xxx.pem; ssl_certificate_key /root/ssl/xxx.key; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; }