新买了配置更高的阿里云ECS,因为想要在这台服务器上部署多个服务,所以这回打算把Halo博客移植到Docker上,利用Docker将各个服务完全隔绝开。
使用 Docker-compose 部署 Halo。
参考[Halo官网的部署方式](安装指南:使用 Docker-compose 部署 Halo - Halo),与官方不同的是数据库使用了MySQL5.7,SSL证书使用的是在阿里云上申请的免费证书。配置文件内容与官方有所不同。
服务器环境
- CentOS 7.4 64位
- CPU&内存:2核4G
事前准备
- 域名解析:阿里云域名解析设置如下
- ECS安全组规则设置:入方向、出方向均开放8090端口,即halo服务端口号
- 移植前务必做好Halo的全站备份,用于安装好服务后恢复历史数据
服务器配置
配置Docker
参考 [官方部署方式](Install Docker Engine on CentOS | Docker Documentation)
更新软件包,添加Docker库
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装Docker
sudo yum install docker-ce docker-ce-cli containerd.io
开启Docker
sudo systemctl start docker
测试安装
测试docker是否安装启动成功
sudo docker run hello-world
# 输出以下内容表示安装且启动成功
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
配置 Docker Compose
参考 [官方部署方式](Install Docker Compose | Docker Documentation)
安装Docker Compose
安装的版本为最新的1.27.4
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
添加可执行权限
sudo chmod +x /usr/local/bin/docker-compose
测试安装
docker-compose --version
# 输出以下内容表示安装成功
docker-compose version 1.27.4, build 40524192
安装Halo
下载配置文件
# 下载配置文件到 ~/.halo 目录
curl -o ~/.halo/application.yaml --create-dirs https://dl.halo.run/config/application-template.yaml
修改配置文件
可自行配置Halo服务的运行端口,修改数据库相关配置
# 使用 Vim 工具修改配置文件
vim ~/.halo/application.yaml
# 以下是我的配置
server:
port: 8090
# Response data gzip.
compression:
enabled: false
spring:
datasource:
# H2 database configuration.
#driver-class-name: org.h2.Driver
#url: jdbc:h2:file:~/.halo/db/halo
#username: admin
#password: 123456
# 数据库使用MySQL5.7
# MySQL database configuration.
driver-class-name: com.mysql.cj.jdbc.Driver
# 因为mysql使用docker的方式安装,所以连接地址为容器名:端口(mysql:3306)
url: jdbc:mysql://mysql:3306/halodb?characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
username: root
# 密码
password: 123456
# H2 database console configuration.
#h2:
#console:
#settings:
#web-allow-others: false
#path: /h2-console
#enabled: false
halo:
# Your admin client path is https://your-domain/{admin-path}
admin-path: admin
# memory or level
cache: memory
Docker Compose 配置文件
vim ~/.halo/docker-compose.yaml
# 添加以下内容
version: '3'
services:
nginx:
restart: always
image: nginx
container_name: nginx
ports:
- 80:80
- 443:443
volumes:
- /etc/nginx/conf.d/:/etc/nginx/conf.d/:ro
- /usr/share/nginx/html:/usr/share/nginx/html
- /etc/nginx/conf.d/cert/:/etc/nginx/conf.d/cert/:ro
networks:
- halonet
mysql:
restart: always
image: mysql:5.7
ports:
- 3306:3306
environment:
- MYSQL_ROOT_PASSWORD: 123456
- MYSQL_DATABASE = halodb
command:--character-set-server=utf8mb4 --collation-server=utf8mb4_bin
networks:
- halonet
halo:
restart: always
image: ruibaby/halo
container_name: halo
ports:
- 8090:8090
environment:
- VIRTUAL_PORT=8090
- MAX_UPLOAD_SIZE=10m
- JVM_XMS=256m
- JVM_XMX=256m
volumes:
- ~/.halo:/root/.halo
networks:
- halonet
networks:
halonet:
external: true
注:配置networks(bridge网络)的目的是实现docker容器之间互相访问
Nginx配置文件
配置Nginx进行反向代理
vim /etc/nginx/conf.d/halo.conf
# 添加以下内容
server {
listen 443 ssl http2 default_server; #http2支持,nginx1.9+支持
server_name www.kameee.top;
# nginx/1.15.0 以上使用 listen 443 ssl 代替 listen 443 和 ssl on
# 证书路径
ssl_certificate /etc/nginx/conf.d/cert/kameee.top.pem;
# 私钥路径
ssl_certificate_key /etc/nginx/conf.d/cert/kameee.top.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
# 浏览器已支持TLSv1.3,建议加上
# TLSv1和TLSv1.1即将废弃,如果不需要支持IE和XP建议去掉
# IE8-10/Win7需要TLSv1.0;IE8以下需要SSL3和单证书
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# on由服务器决定加密算法,off由浏览器决定
# 推荐使用on,更安全,对服务器性能有少量影响
ssl_prefer_server_ciphers on;
# 使用此套接字加密,推荐配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
# HSTS(ngx_http_headers_module is required) (180d)
# 严格传输安全:即在时间过期之前,每次访问HTTP站点时,由客户端直接跳转到HTTPS站点
# 设置后,该网站的HTTP站点无法打开,只能等待过期或禁用配置后清空浏览器缓存
# 启用后注意保持证书不过期,证书过期后网站可能无法访问
add_header Strict-Transport-Security "max-age=15552000" always;
# 开启 OCSP Stapling,作用:由服务器在线查询证书吊销情况
# 默认是由浏览器在线查询,由服务器查询效率更高
ssl_stapling on;
# OCSP Stapling 验证开启
#ssl_stapling_verify on;
# OCSP Stapling 的证书位置(完整的证书链)
#ssl_trusted_certificate /etc/letsencrypt/live/xinac.cn/chain.pem;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://halo:8090/; # xxxx这里是halo的端口号,因为是docker的方式部署,端口前地址为对应容器名
}
}
server {
listen 80;
server_name www.kameee.top;
rewrite ^(.*)$ https://$host$1 permanent;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://halo:8090/;
}
}
将SSL证书与私钥放入配置文件指定路径中
运行
docker-compose up -d
运行完成后等待几分钟就可通过域名访问了
版本更新
# 拉取最新的 Halo 镜像
docker-compose pull
# 重新构建容器
docker-compose up -d
常用命令
# 停止容器运行
docker-compose stop
# 启动容器
docker-compose start
# 重启容器
docker-compose restart
本文由 Kame 创作,采用 知识共享署名4.0
国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Dec 6,2020