I. 晒晒我的Hexo+Nginx+SSL搭建的纯静态博客
服务器多,域名也多,天天都在弄环境,服务器用阿里云的机器1H
,1G
,5M带宽
,域名也在阿里来注册的,已准备转移至国外,毕竟国内太坑.
II. 环境初始化
先来看看我的云服务器都是什么环境把
[root@ansheng ~]# hostname
ansheng.me
[root@ansheng ~]# whoami
root
系统我用的是目前最新的CentOS 7.2
[root@ansheng ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@ansheng ~]# uname -a
Linux ansheng.me 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
已经关闭SElinux
与firewall
[root@ansheng ~]# getenforce
Disabled
[root@ansheng ~]# systemctl status firewall
● firewall.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
更新系统及安装基础环境包
貌似默认阿里在CentOS 7.2
系统里面并没有放repo
文件
[root@ansheng ~]# ls /etc/yum.repos.d/
既然如此我们就自己去下载repo
文件把
[root@ansheng ~]# wget
wget:未指定 URL
用法: wget [选项]... [URL]...
请尝试使用“wget --help”查看更多的选项。
还好默认就已经把wget
命令装上了,要不然又要自己去手动安装wget
了,如果没有安装青石用以下命令安装wget
命令
[root@ansheng ~]# rpm -ivh http://mirrors.aliyun.com/centos/7.2.1511/os/x86_64/Packages/wget-1.14-10.el7_0.1.x86_64.rpm
下载repo
文件
[root@ansheng ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@ansheng ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
清除旧缓存更新新缓存
[root@ansheng ~]# yum clean all
[root@ansheng ~]# yum makecache
更新系统到最新版
[root@ansheng ~]# yum update -y
安装必要的基础软件包
[root@ansheng ~]# yum -y groupinstall "Compatibility libraries" "Development tools" "debugging Tools" "Dial-up Networking Support"
重启系统
[root@ansheng ~]# reboot
III. 编译安装Nginx
下载Nginx
Nginx
依旧采用目前最新的稳定版本 nginx-1.10.1
[root@ansheng ~]# wget http://nginx.org/download/nginx-1.10.1.tar.gz
[root@ansheng ~]# tar xf nginx-1.10.1.tar.gz
[root@ansheng ~]# cd nginx-1.10.1
创建用户及用户组
[root@ansheng nginx-1.10.1]# useradd -s /sbin/nologin -M nginx
[root@ansheng nginx-1.10.1]# id nginx
uid=1000(nginx) gid=1000(nginx) 组=1000(nginx)
安装编译所需要的软件包
[root@ansheng nginx-1.10.1]# yum -y install openssl openssl-devel pcre pcre-devel perl-ExtUtils-Embed libxslt libxslt-devel gd gd-devel GeoIP GeoIP-devel
编译安装Nginx
[root@ansheng nginx-1.10.1]# ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_perl_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-http_v2_module \
--with-ipv6
[root@ansheng nginx-1.10.1]# make
[root@ansheng nginx-1.10.1]# make install
IV. 安装Hexo
Hexo
是用NodeJS
写的,文章用Markdown
语法写,Hexo
会把.md
的文件生成HTML
文件以便于浏览,因为是静态文件,所以这也是为什么很多人使用国外的VPS来做博客访问速度依旧这么快的原因.
安装git
[root@ansheng nginx-1.10.1]# cd
[root@ansheng ~]# git --version
git version 1.8.3.1
CentOS 7.2
默认已经帮我们安装好了Git
,所以我们就不需要自己去手动安装了,也没必要用源码去安装,太麻烦,如果没有安装Git
,请使用如下命令进行安装:
[root@ansheng ~]# yum -y install git
安装NodeJS与npm
[root@ansheng ~]# yum -y install nodejs npm
[root@ansheng ~]# node -v
v0.10.42
[root@ansheng ansheng.me]# npm -v
1.3.6
使用yum
安装的nodejs
版本是v0.10.42
,npm
是1.3.6
,也不知道这有什么关系
使用淘宝npm源
国内的这速度简直慢的不行,所以我决定用淘宝的npm
源代替官方的,如果你的服务器是国外的就可以跳过这一步了.
[root@ansheng ~]# npm config set registry https://registry.npm.taobao.org
[root@ansheng ~]# npm info underscore # 如果上面配置正确这个命令会有字符串response
安装Hexo
这里是创建了hexo
的管理目录
[root@ansheng ~]# cd /usr/local/
[root@ansheng local]# mkdir ansheng.me
[root@ansheng local]# cd ansheng.me/
[root@ansheng ansheng.me]# npm install -g hexo
初始化Hexo
[root@ansheng ansheng.me]# hexo init
安装依赖包
[root@ansheng ansheng.me]# npm install
生成hexo静态页面
[root@ansheng ansheng.me]# hexo g
INFO Start processing
INFO Files loaded in 419 ms
INFO Generated: index.html
INFO Generated: archives/index.html
INFO Generated: archives/2016/index.html
INFO Generated: archives/2016/07/index.html
INFO Generated: fancybox/blank.gif
INFO Generated: fancybox/fancybox_loading.gif
INFO Generated: fancybox/fancybox_loading@2x.gif
INFO Generated: fancybox/fancybox_overlay.png
INFO Generated: fancybox/fancybox_sprite.png
INFO Generated: fancybox/fancybox_sprite@2x.png
INFO Generated: css/style.css
INFO Generated: fancybox/jquery.fancybox.css
INFO Generated: fancybox/jquery.fancybox.js
INFO Generated: fancybox/jquery.fancybox.pack.js
INFO Generated: js/script.js
INFO Generated: fancybox/helpers/jquery.fancybox-buttons.css
INFO Generated: fancybox/helpers/jquery.fancybox-buttons.js
INFO Generated: fancybox/helpers/jquery.fancybox-media.js
INFO Generated: fancybox/helpers/jquery.fancybox-thumbs.css
INFO Generated: fancybox/helpers/jquery.fancybox-thumbs.js
INFO Generated: css/fonts/FontAwesome.otf
INFO Generated: css/fonts/fontawesome-webfont.eot
INFO Generated: css/fonts/fontawesome-webfont.woff
INFO Generated: fancybox/helpers/fancybox_buttons.png
INFO Generated: css/fonts/fontawesome-webfont.ttf
INFO Generated: css/fonts/fontawesome-webfont.svg
INFO Generated: css/images/banner.jpg
INFO Generated: 2016/07/17/hello-world/index.html
INFO 28 files generated in 1.42 s
启动Hexo
[root@ansheng ansheng.me]# hexo s -i 115.28.171.115 -p 80
INFO Start processing
INFO Hexo is running at http://115.28.171.115:80/. Press Ctrl+C to stop.
新开一个窗口用curl
命令访问看看
[root@ansheng ~]# curl -I 115.28.171.115
HTTP/1.1 200 OK
X-Powered-By: Hexo
Content-Type: text/html
Date: Sat, 16 Jul 2016 16:48:08 GMT
Connection: keep-alive
V. 配置Nginx
nginx主配置文件
[root@ansheng ansheng.me]# cd
[root@ansheng ~]# cd /etc/nginx/
[root@ansheng nginx]# rm -f nginx.conf
[root@ansheng nginx]# vim nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
multi_accept on;
worker_connections 1024;
}
http {
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
}
www.ansheng.me
的配置文件
[root@ansheng nginx]# mkdir conf.d
[root@ansheng nginx]# cd conf.d/
[root@ansheng conf.d]# vim www.ansheng.me.conf
server {
server_name ansheng.me www.ansheng.me;
listen 80;
listen 443 ssl http2;
set $rewriterule https;
if ($scheme = https) {
set $rewriterule "${rewriterule}7";
}
if ($host ~* ^ansheng.me) {
set $rewriterule "${rewriterule}8";
}
if ($rewriterule != "https78") {
return 301 https://rowsea.com/linux$request_uri;
break;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Set-Cookie "HttpOnly";
add_header Set-Cookie "Secure";
add_header Cache-Control "no-siteapp";
add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="kb6xLprt35abNnSn74my4Dkfya9arbk5zN5a60YzuqE="; max-age=2592000; includeSubDomains; report-uri="https://report-uri.io/report/fed937a11a268e8be35a12db8a648233"';
#more_set_headers "Server: ansheng-FWS/9.99";
ssl_certificate /etc/nginx/conf.d/...ansheng.me/ansheng.me_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/...ansheng.me/ansheng.me.key;
ssl_trusted_certificate /etc/nginx/conf.d/...ansheng.me/ansheng.me_bundle.crt;
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 12h;
ssl_session_tickets on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888]:5353 [2001:4860:4860::8844]:5353;
resolver_timeout 5s;
error_page 404 /404.html;
error_page 403 /403.html;
error_page 500 502 503 504 /50x.html;
access_log /var/log/nginx/logs/ansheng.me.access.log main;
error_log /var/log/nginx/logs/ansheng.me.error.log warn;
index index.html index.htm;
root /usr/local/ansheng/public/;
location ~* .(sql|backup)$ {
deny all;
}
location ~ ^/(.git|.svn|.bak|.backup|bak|backup)/ {
deny all;
}
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;
}
location ~* \.(html|htm|xml|rss|atom|txt|xhtml)$ {
expires 1d;
}
location ~* \.(css|gif|jpeg|jpg|js|png|ico|bmp|svg|doc|pdf|mp3|ogg|mp4|mpeg|webm|eot|ttf|woff)$ {
expires 3d;
}
}
创建nginx所需要的目录
[root@ansheng conf.d]# mkdir -p /var/log/nginx/logs/
[root@ansheng conf.d]# mkdir -p /var/cache/nginx/client_temp
测试以下看看语法是否通过
[root@ansheng conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
启动Nginx
[root@ansheng conf.d]# nginx
[root@ansheng conf.d]# netstat -tlnp | grep "80"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13639/nginx: master
VI. 总结
- 安装之前域名解析已经做好
- 把域名的SSL证书放入对应的目录下
- npm如果安装慢,你可以使用阿里的源进行安装
- 安装好后记得打开页面测试下