599 字
3 分钟
使用OpenResty自动化部署个人网站
技术栈
- Hugo
- OpenResty + luarocks && lua-resty-auto-ssl
主机配置
主机OS: Ubuntu 22.04 LTS
# 如果你是是公共库可省略
# 使用 www-data 用户生成 sshkey. 这个key是用来为Github.com配置使用, 用来拉取私有库
# 启用www-data用户
sudo chsh -s /bin/bash www-data
# 安装 git
sudo apt update && sudo apt install git
# 安装hugo(记得下载exntended版本)
wget https://github.com/gohugoio/hugo/releases/download/v0.111.3/hugo_extended_0.111.3_linux-amd64.tar.gz
tar zxf hugo_extended_0.111.3_linux-amd64.tar.gz && sudo mv hugo /usr/local/bin
# 拉取Github上自己的hugo项目
sudo mkdir -p /var/www && \
sudo chown -R www-data:www-data /var/www && \
sudo su www-data && ssh-keygen
# 使用www-data用户
cd /var/www && \
git clone '私有项目地址' && \
git submodule update --init
OpenResty相关配置
- 安装OpenResty
sudo apt-get -y install --no-install-recommends wget gnupg ca-certificates
wget -O - https://openresty.org/package/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/openresty.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list > /dev/null
sudo apt update && sudo apt install -y openresty && sudo systemctl enable openresty
- 安装 luarocks 及模块 lua-resty-auto-ssl
sudo apt install -y luarocks
sudo luarocks install lua-resty-auto-ssl
sudo mkdir /etc/resty-auto-ssl
sudo chown www-data /etc/resty-auto-ssl
- 配置Nginx
# 必须定义一个静态的ssl_certificate文件,以便nginx能够启动。你可以用以下方法生成一个自签名的后备文件:
sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
-subj '/CN=sni-support-required-for-valid-ssl' \
-keyout /etc/ssl/resty-auto-ssl-fallback.key \
-out /etc/ssl/resty-auto-ssl-fallback.crt
sudo chown www-data:www-data /etc/ssl/resty-auto-ssl-fallback.key /etc/ssl/resty-auto-ssl-fallback.crt
sudo mkdir -p /etc/openresty/ssl /etc/openresty/log
# nginx用户: 系统默认: www-data
sudo touch /var/run/nginx.pid && sudo chown -R www-data:www-data /var/run/nginx.pid
sudo chown -R www-data:www-data /etc/openresty
sudo tee /etc/openresty/nginx.conf <<- 'EOF'
user www-data;
# 开始部署时可以将日志等级调低些
error_log /etc/openresty/log/error.log error;
worker_processes 4;
#pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
resolver 8.8.8.8 ipv6=off;
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("dir", "/etc/openresty/ssl")
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server {
listen 443 ssl;
# 配置为自己的域名
server_name ihsiao.com www.ihsiao.com;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
location / {
root /var/www/ihsiao.com/public;
index index.html index.htm index.nginx-debian.html;
}
# github.com hook调用点
location /hook {
content_by_lua_block {
os.execute("/usr/local/bin/github.hook.sh")
}
}
}
server {
listen 80;
# 用于用Let's Encrypt执行域验证的端点。
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
}
# 运行在8999端口的内部服务器,用于处理证书任务。
server {
listen 127.0.0.1:8999;
# 增加主体缓冲区的大小,以确保内部POST总是能够解析完整的POST内容到内存中。
client_body_buffer_size 50M;
client_max_body_size 50M;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
EOF
配置
# Github.com hook 调用执行的shell, 根据自己的功能修改调整
sudo tee /usr/local/bin/github.hook.sh <<- EOF
#!/bin/bash
cd /var/www/ihsiao.com/ && \
echo $PWD >> /etc/openresty/log/error.log && \
git pull origin main >> /etc/openresty/log/error.log && \
rm -rf public && \
hugo
EOF
sudo chmod 777 /usr/local/bin/github.hook.sh
使用OpenResty自动化部署个人网站
https://fuwari.vercel.app/posts/blogs/openresty/