Morse's Site
599 字
3 分钟
使用OpenResty自动化部署个人网站
2023-04-09

技术栈#

  • Hugo
  • OpenResty + luarocks && lua-resty-auto-ssl

主机配置#

主机OS: Ubuntu 22.04 LTS

# 如果你是是公共库可省略
# 使用 www-data 用户生成 sshkey. 这个key是用来为Github.com配置使用, 用来拉取私有库
# 启用www-data用户
sudo chsh -s /bin/bash www-data

# 安装 git
sudo apt update && sudo apt install git

# 安装hugo(记得下载exntended版本)
wget https://github.com/gohugoio/hugo/releases/download/v0.111.3/hugo_extended_0.111.3_linux-amd64.tar.gz
tar zxf hugo_extended_0.111.3_linux-amd64.tar.gz && sudo mv hugo /usr/local/bin

# 拉取Github上自己的hugo项目
sudo mkdir -p  /var/www && \
  sudo chown -R www-data:www-data /var/www && \
  sudo su www-data && ssh-keygen

# 使用www-data用户
cd /var/www && \
  git clone '私有项目地址' && \
  git submodule update --init

OpenResty相关配置#

  • 安装OpenResty
sudo apt-get -y install --no-install-recommends wget gnupg ca-certificates
wget -O - https://openresty.org/package/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/openresty.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list > /dev/null
sudo apt update && sudo apt install -y openresty && sudo systemctl enable openresty
  • 安装 luarocks 及模块 lua-resty-auto-ssl
sudo apt install -y luarocks
sudo luarocks install lua-resty-auto-ssl
sudo mkdir /etc/resty-auto-ssl
sudo chown www-data /etc/resty-auto-ssl
  • 配置Nginx
# 必须定义一个静态的ssl_certificate文件,以便nginx能够启动。你可以用以下方法生成一个自签名的后备文件:
sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
   -subj '/CN=sni-support-required-for-valid-ssl' \
   -keyout /etc/ssl/resty-auto-ssl-fallback.key \
   -out /etc/ssl/resty-auto-ssl-fallback.crt

sudo chown www-data:www-data /etc/ssl/resty-auto-ssl-fallback.key /etc/ssl/resty-auto-ssl-fallback.crt
sudo mkdir -p /etc/openresty/ssl /etc/openresty/log

# nginx用户: 系统默认: www-data
sudo touch /var/run/nginx.pid && sudo chown -R www-data:www-data /var/run/nginx.pid
sudo chown -R www-data:www-data /etc/openresty

sudo tee  /etc/openresty/nginx.conf <<- 'EOF'
user  www-data;
# 开始部署时可以将日志等级调低些
error_log  /etc/openresty/log/error.log  error;
worker_processes  4;
#pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    resolver 8.8.8.8 ipv6=off;

    lua_shared_dict auto_ssl 1m;
    lua_shared_dict auto_ssl_settings 64k;
    init_by_lua_block {
        auto_ssl = (require "resty.auto-ssl").new()
        auto_ssl:set("dir", "/etc/openresty/ssl")
        auto_ssl:set("allow_domain", function(domain)
          return true
        end)
        auto_ssl:init()
    }

    init_worker_by_lua_block {
        auto_ssl:init_worker()
    }

    server {
        listen 443 ssl;
        # 配置为自己的域名
        server_name ihsiao.com www.ihsiao.com;
        ssl_certificate_by_lua_block {
          auto_ssl:ssl_certificate()
        }

        ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
        ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

        location / {
            root /var/www/ihsiao.com/public;
            index index.html index.htm index.nginx-debian.html;
        }

        # github.com hook调用点
        location /hook {
            content_by_lua_block {
                os.execute("/usr/local/bin/github.hook.sh")
            }
        }
    }

    server {
        listen 80;

        # 用于用Let's Encrypt执行域验证的端点。
        location /.well-known/acme-challenge/ {
          content_by_lua_block {
            auto_ssl:challenge_server()
          }
        }
    }

    # 运行在8999端口的内部服务器,用于处理证书任务。
    server {
        listen 127.0.0.1:8999;

        # 增加主体缓冲区的大小,以确保内部POST总是能够解析完整的POST内容到内存中。
        client_body_buffer_size 50M;
        client_max_body_size 50M;

        location / {
          content_by_lua_block {
            auto_ssl:hook_server()
          }
        }
    }
}
EOF

配置#

# Github.com hook 调用执行的shell, 根据自己的功能修改调整
sudo tee /usr/local/bin/github.hook.sh <<- EOF
#!/bin/bash
cd /var/www/ihsiao.com/ && \
    echo $PWD >> /etc/openresty/log/error.log && \
    git pull origin main >> /etc/openresty/log/error.log && \
    rm -rf public && \
    hugo
EOF

sudo chmod 777 /usr/local/bin/github.hook.sh
使用OpenResty自动化部署个人网站
https://fuwari.vercel.app/posts/blogs/openresty/
作者
Morse Hsiao
发布于
2023-04-09
许可协议
CC BY-NC-SA 4.0