折腾一下博客 - レムりん

半夜刷 B 站看到一个博客 fuxiaochen 发现挺好看的

翻了翻这个博客的仓库 Github, 在Readme里面看见参考了 Shiro

准备半夜爬起来就部署上，想了想，没域名服务器，还是洗洗睡吧

早上醒得早，博客的事还是想搞，细细品读部署文档，直接下单服务器4H4G-220G, 55$/Year

还是有点肉疼，加上域名 remrin.dev 12$/Year

本就不富裕的钱包更是雪上加霜，买都买了直接开干

好在部署比较简单，Docker compose 一把梭，开始计划在 Vercel 上部署，一直部署失败

~~看了一下日志，应该是最近一次提交引入的 BUG~~ 已修复 #374

所以博客前端也用Docker 部署

部署过程就不细说了，也不是教程文章，最终成果还是不错的

顺便说一下我的方案

域名证书 CloudFlare
服务器 Cloudcone
域名邮箱 Fastmail

开始使用的 Certbot 来申请证书 ~~后面发现CloudFlare 可以直接申请，就直接用他了~~

有个坑在这说一下，CloudFlare 提供的证书不能用于常规SSL验证，只是服务器和 CloudFlare 通信会用到，所以还是使用 Certbot 去申请证书

所以需要用其他方式申请证书，我用的 Cretbot 自动申请，一次只能申请90天，需要自己配置一下自动续签

如果部署完博客前端之后无法访问 Api提示证书问题，在 .js 中加入一个配置可以暂时解决

CodeBlock Loading...

之后 Reload 一下 shiro 服务

CodeBlock Loading...

对于手写 Nginx 反代配置的，可以参考我的配置

博客前端

CodeBlock Loading...

``端

CodeBlock Loading...

就这样，需要帮助可以发邮件联系我

{ listen 80; listen 443 ssl http2; ## 绑定域名 _name xxx.com; index index.html; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $_name; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; location ~* \.(gif|png|jpg|css|js|woff|woff2)$ { proxy_pass http://127.0.0.1:2323; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; expires 30d; } location ~* \/(feed|sitemap|atom.xml) { proxy_pass http://127.0.0.1:2333/$1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; add_header Cache-Control max-age=60; } location / { proxy_pass http://127.0.0.1:2323; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_intercept_errors on; } # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入 ssl_certificate /root/ssl/xxx.pem; ssl_certificate_key /root/ssl/xxx.key; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer__ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; }

{ listen 80; listen 443 ssl http2; ## 绑定域名 _name .xxx.com; index index.html; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $_name; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ## 反向代理开始 ## WebSocket location /socket.io { proxy_pass http://127.0.0.1:2333/socket.io; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; proxy_http_version 1.1; add_header Cache-Control no-cache; } ## 可以给管理页加一个代理 location /xxx { proxy_pass http://127.0.0.1:2333/proxy/qaqdmin; } ## RSS 地址 location ~* \/(feed|sitemap|atom.xml) { proxy_pass http://127.0.0.1:2333/$1; } ## Others location / { proxy_pass http://127.0.0.1:2333; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; } ## 反向代理结束 # 可以使用 Certbot 自动申请，或者手动申请后放在某个目录中，在此处引入 ssl_certificate /root/ssl/xxx.pem; ssl_certificate_key /root/ssl/xxx.key; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer__ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; }