599 字
3 分钟
使用OpenResty自动化部署个人网站
技术栈
- Hugo
- OpenResty + luarocks && lua-resty-auto-ssl
主机配置
主机OS: Ubuntu 22.04 LTS
# 如果你是是公共库可省略# 使用 www-data 用户生成 sshkey. 这个key是用来为Github.com配置使用, 用来拉取私有库# 启用www-data用户sudo chsh -s /bin/bash www-data
# 安装 gitsudo apt update && sudo apt install git
# 安装hugo(记得下载exntended版本)wget https://github.com/gohugoio/hugo/releases/download/v0.111.3/hugo_extended_0.111.3_linux-amd64.tar.gztar zxf hugo_extended_0.111.3_linux-amd64.tar.gz && sudo mv hugo /usr/local/bin
# 拉取Github上自己的hugo项目sudo mkdir -p /var/www && \ sudo chown -R www-data:www-data /var/www && \ sudo su www-data && ssh-keygen
# 使用www-data用户cd /var/www && \ git clone '私有项目地址' && \ git submodule update --initOpenResty相关配置
- 安装OpenResty
sudo apt-get -y install --no-install-recommends wget gnupg ca-certificateswget -O - https://openresty.org/package/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/openresty.gpgecho "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list > /dev/nullsudo apt update && sudo apt install -y openresty && sudo systemctl enable openresty- 安装 luarocks 及模块 lua-resty-auto-ssl
sudo apt install -y luarockssudo luarocks install lua-resty-auto-sslsudo mkdir /etc/resty-auto-sslsudo chown www-data /etc/resty-auto-ssl- 配置Nginx
# 必须定义一个静态的ssl_certificate文件,以便nginx能够启动。你可以用以下方法生成一个自签名的后备文件:sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \ -subj '/CN=sni-support-required-for-valid-ssl' \ -keyout /etc/ssl/resty-auto-ssl-fallback.key \ -out /etc/ssl/resty-auto-ssl-fallback.crt
sudo chown www-data:www-data /etc/ssl/resty-auto-ssl-fallback.key /etc/ssl/resty-auto-ssl-fallback.crtsudo mkdir -p /etc/openresty/ssl /etc/openresty/log
# nginx用户: 系统默认: www-datasudo touch /var/run/nginx.pid && sudo chown -R www-data:www-data /var/run/nginx.pidsudo chown -R www-data:www-data /etc/openresty
sudo tee /etc/openresty/nginx.conf <<- 'EOF'user www-data;# 开始部署时可以将日志等级调低些error_log /etc/openresty/log/error.log error;worker_processes 4;#pid /var/run/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65;
resolver 8.8.8.8 ipv6=off;
lua_shared_dict auto_ssl 1m; lua_shared_dict auto_ssl_settings 64k; init_by_lua_block { auto_ssl = (require "resty.auto-ssl").new() auto_ssl:set("dir", "/etc/openresty/ssl") auto_ssl:set("allow_domain", function(domain) return true end) auto_ssl:init() }
init_worker_by_lua_block { auto_ssl:init_worker() }
server { listen 443 ssl; # 配置为自己的域名 server_name ihsiao.com www.ihsiao.com; ssl_certificate_by_lua_block { auto_ssl:ssl_certificate() }
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt; ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
location / { root /var/www/ihsiao.com/public; index index.html index.htm index.nginx-debian.html; }
# github.com hook调用点 location /hook { content_by_lua_block { os.execute("/usr/local/bin/github.hook.sh") } } }
server { listen 80;
# 用于用Let's Encrypt执行域验证的端点。 location /.well-known/acme-challenge/ { content_by_lua_block { auto_ssl:challenge_server() } } }
# 运行在8999端口的内部服务器,用于处理证书任务。 server { listen 127.0.0.1:8999;
# 增加主体缓冲区的大小,以确保内部POST总是能够解析完整的POST内容到内存中。 client_body_buffer_size 50M; client_max_body_size 50M;
location / { content_by_lua_block { auto_ssl:hook_server() } } }}EOF配置
# Github.com hook 调用执行的shell, 根据自己的功能修改调整sudo tee /usr/local/bin/github.hook.sh <<- EOF#!/bin/bashcd /var/www/ihsiao.com/ && \ echo $PWD >> /etc/openresty/log/error.log && \ git pull origin main >> /etc/openresty/log/error.log && \ rm -rf public && \ hugoEOF
sudo chmod 777 /usr/local/bin/github.hook.sh 使用OpenResty自动化部署个人网站
https://ihsiao.com/posts/blogs/openresty/