使用 Docker-compose 部署 Halo
in with 0 comment

使用 Docker-compose 部署 Halo

in with 0 comment

新买了配置更高的阿里云ECS,因为想要在这台服务器上部署多个服务,所以这回打算把Halo博客移植到Docker上,利用Docker将各个服务完全隔绝开。

使用 Docker-compose 部署 Halo。

参考[Halo官网的部署方式](安装指南:使用 Docker-compose 部署 Halo - Halo),与官方不同的是数据库使用了MySQL5.7,SSL证书使用的是在阿里云上申请的免费证书。配置文件内容与官方有所不同。

服务器环境

事前准备

域名解析设置

安全组设置

服务器配置

配置Docker

参考 [官方部署方式](Install Docker Engine on CentOS | Docker Documentation)

更新软件包,添加Docker库

sudo yum install -y yum-utils
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

安装Docker

sudo yum install docker-ce docker-ce-cli containerd.io

开启Docker

sudo systemctl start docker

测试安装

测试docker是否安装启动成功

sudo docker run hello-world

# 输出以下内容表示安装且启动成功
Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

配置 Docker Compose

参考 [官方部署方式](Install Docker Compose | Docker Documentation)

安装Docker Compose

安装的版本为最新的1.27.4

sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

添加可执行权限

sudo chmod +x /usr/local/bin/docker-compose

测试安装

docker-compose --version

# 输出以下内容表示安装成功
docker-compose version 1.27.4, build 40524192

安装Halo

下载配置文件

# 下载配置文件到 ~/.halo 目录
curl -o ~/.halo/application.yaml --create-dirs https://dl.halo.run/config/application-template.yaml

修改配置文件

可自行配置Halo服务的运行端口,修改数据库相关配置

# 使用 Vim 工具修改配置文件
vim ~/.halo/application.yaml
# 以下是我的配置
server:
  port: 8090

  # Response data gzip.
  compression:
    enabled: false
spring:
  datasource:

    # H2 database configuration.
    #driver-class-name: org.h2.Driver
    #url: jdbc:h2:file:~/.halo/db/halo
    #username: admin
    #password: 123456
	
	# 数据库使用MySQL5.7
    # MySQL database configuration.
    driver-class-name: com.mysql.cj.jdbc.Driver
    # 因为mysql使用docker的方式安装,所以连接地址为容器名:端口(mysql:3306)
    url: jdbc:mysql://mysql:3306/halodb?characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
    username: root
    # 密码
    password: 123456

  # H2 database console configuration.
  #h2:
    #console:
      #settings:
        #web-allow-others: false
      #path: /h2-console
      #enabled: false

halo:

  # Your admin client path is https://your-domain/{admin-path}
  admin-path: admin

  # memory or level
  cache: memory

Docker Compose 配置文件

vim ~/.halo/docker-compose.yaml

# 添加以下内容
version: '3'
services:

  nginx:
    restart: always
    image: nginx
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/nginx/conf.d/:/etc/nginx/conf.d/:ro
      - /usr/share/nginx/html:/usr/share/nginx/html
      - /etc/nginx/conf.d/cert/:/etc/nginx/conf.d/cert/:ro
    networks:
      - halonet
      
  mysql:
  	restart: always
  	image: mysql:5.7
  	ports:
  	 - 3306:3306
  	environment:
     - MYSQL_ROOT_PASSWORD: 123456
     - MYSQL_DATABASE = halodb
    command:--character-set-server=utf8mb4 --collation-server=utf8mb4_bin
    networks:
     - halonet
      
  halo:
    restart: always
    image: ruibaby/halo
    container_name: halo
    ports:
      - 8090:8090
    environment:
      - VIRTUAL_PORT=8090
      - MAX_UPLOAD_SIZE=10m
      - JVM_XMS=256m
      - JVM_XMX=256m
    volumes:
      - ~/.halo:/root/.halo
    networks:
      - halonet
      
networks:
  halonet:
    external: true

注:配置networks(bridge网络)的目的是实现docker容器之间互相访问

Nginx配置文件

配置Nginx进行反向代理

vim /etc/nginx/conf.d/halo.conf

# 添加以下内容
server {
    listen      443 ssl http2 default_server; #http2支持,nginx1.9+支持
    server_name www.kameee.top;

    # nginx/1.15.0 以上使用 listen 443 ssl 代替 listen 443 和 ssl on
    # 证书路径
    ssl_certificate             /etc/nginx/conf.d/cert/kameee.top.pem;
    # 私钥路径
    ssl_certificate_key         /etc/nginx/conf.d/cert/kameee.top.key;
    ssl_session_cache           shared:SSL:10m;
    ssl_session_timeout         30m;
    # 浏览器已支持TLSv1.3,建议加上
    # TLSv1和TLSv1.1即将废弃,如果不需要支持IE和XP建议去掉
    # IE8-10/Win7需要TLSv1.0;IE8以下需要SSL3和单证书
    ssl_protocols               TLSv1.1 TLSv1.2 TLSv1.3;
    # on由服务器决定加密算法,off由浏览器决定
    # 推荐使用on,更安全,对服务器性能有少量影响
    ssl_prefer_server_ciphers   on;
    # 使用此套接字加密,推荐配置
    ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;

    # HSTS(ngx_http_headers_module is required) (180d)
    # 严格传输安全:即在时间过期之前,每次访问HTTP站点时,由客户端直接跳转到HTTPS站点
    # 设置后,该网站的HTTP站点无法打开,只能等待过期或禁用配置后清空浏览器缓存
    # 启用后注意保持证书不过期,证书过期后网站可能无法访问
    add_header Strict-Transport-Security "max-age=15552000" always;

    # 开启 OCSP Stapling,作用:由服务器在线查询证书吊销情况
    # 默认是由浏览器在线查询,由服务器查询效率更高
    ssl_stapling                on;

    # OCSP Stapling 验证开启
    #ssl_stapling_verify         on;

    # OCSP Stapling 的证书位置(完整的证书链)
    #ssl_trusted_certificate     /etc/letsencrypt/live/xinac.cn/chain.pem;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://halo:8090/;   # xxxx这里是halo的端口号,因为是docker的方式部署,端口前地址为对应容器名
    }

}

server {
    listen 80;
    server_name www.kameee.top;
    rewrite ^(.*)$ https://$host$1 permanent;

    client_max_body_size 1024m;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://halo:8090/;
    }
}

将SSL证书与私钥放入配置文件指定路径中

运行

docker-compose up -d

运行完成后等待几分钟就可通过域名访问了

版本更新

# 拉取最新的 Halo 镜像
docker-compose pull

# 重新构建容器
docker-compose up -d

常用命令

# 停止容器运行
docker-compose stop

# 启动容器
docker-compose start

# 重启容器
docker-compose restart