别着急,坐和放宽
半夜刷 B 站看到一个博客 fuxiaochen 发现挺好看的
翻了翻这个博客的仓库 Github, 在Readme
里面看见参考了 Shiro
准备半夜爬起来就部署上,想了想,没域名服务器,还是洗洗睡吧
早上醒得早,博客的事还是想搞,细细品读部署文档,直接下单服务器4H4G-220G
, 55$/Year
还是有点肉疼,加上域名 remrin.dev 12$/Year
本就不富裕的钱包更是雪上加霜,买都买了直接开干
好在部署比较简单,Docker compose 一把梭,开始计划在 Vercel 上部署,一直部署失败
看了一下日志,应该是最近一次提交引入的 已修复 #374BUG
所以博客前端也用Docker
部署
部署过程就不细说了,也不是教程文章,最终成果还是不错的
顺便说一下我的方案
开始使用的 Certbot 来申请证书
后面发现CloudFlare 可以直接申请,就直接用他了
CloudFlare
提供的证书不能用于常规SSL验证,只是服务器和 CloudFlare
通信会用到, 所以还是使用 Certbot
去申请证书所以需要用其他方式申请证书,我用的 Cretbot
自动申请,一次只能申请90天,需要自己配置一下自动续签
如果部署完博客前端之后无法访问 Api
提示证书问题,在 .js
中加入一个配置可以暂时解决
之后 Reload
一下 shiro
服务
对于手写 Nginx
反代配置的,可以参考我的配置
博客前端
``端
就这样,需要帮助可以发邮件联系我
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
pm2 reload shiro
{
listen 80;
listen 443 ssl http2;
## 绑定域名
_name xxx.com;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $_name;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
proxy_pass http://127.0.0.1:2323;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
expires 30d;
}
location ~* \/(feed|sitemap|atom.xml) {
proxy_pass http://127.0.0.1:2333/$1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control max-age=60;
}
location / {
proxy_pass http://127.0.0.1:2323;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_intercept_errors on;
}
# 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
ssl_certificate /root/ssl/xxx.pem;
ssl_certificate_key /root/ssl/xxx.key;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer__ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
}
{
listen 80;
listen 443 ssl http2;
## 绑定域名
_name .xxx.com;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $_name;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
## 反向代理开始
## WebSocket
location /socket.io {
proxy_pass http://127.0.0.1:2333/socket.io;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_http_version 1.1;
add_header Cache-Control no-cache;
}
## 可以给管理页加一个代理
location /xxx {
proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
}
## RSS 地址
location ~* \/(feed|sitemap|atom.xml) {
proxy_pass http://127.0.0.1:2333/$1;
}
## Others
location / {
proxy_pass http://127.0.0.1:2333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
}
## 反向代理结束
# 可以使用 Certbot 自动申请,或者手动申请后放在某个目录中,在此处引入
ssl_certificate /root/ssl/xxx.pem;
ssl_certificate_key /root/ssl/xxx.key;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer__ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
}