博客搭建-简化版(脚本)
# 前言
距离上次部署有一年多啦 , 服务器到期啦 , 这次迁移不仅仅是搬家,更是对部署流程做进一步的优化
# 前置说明
采用docker管控 , 采用脚本 + docker-compose 一键部署
- artalk 评论
- nginx 挂载
- myslq 存储
# 流程
下载资源
123网盘
- https://www.123865.com/s/vw9uTd-H0Bad
- https://www.123684.com/s/vw9uTd-H0Bad (备用)
自行下载上传
解压
unzip DockerBuilder.zip
赋予权限并进入目录
chmod -R 777 DockerBuilder
cd DockerBuilder
安装
sudo bash builder.sh
访问测试
访问 artalk http://ip:8088 (未配置默认 账号bozhu12@foxmail.com; 密码123123)
访问 nginx http://ip:80
提示
自行查当前服务主机IP , 访问到表示成功
SSL配置 (可选)
# 注意事项
- 80 和 443 端口 博客入口 一定要开 , 关闭防火墙 或 开启安全组
- 8088 端口 artalk控制台 , 配置完可以关掉入口
- artalk 控制台默认账号密码 , 账号
bozhu12@foxmail.com; 密码123123 - artalk 自行配置可信域名 , 部署完成后在配置 (可添加本地开的服务可信域名)
- nginx中
/nginx/conf/blog.conf配置中 , 首次应用一定要 IP 测试访问 - 所有容器运行成功 , 前端内容自行上传至
/nginx/html目录 即可
# 文件概览 (选看)
# 目录架构
DockerBuilder
|
├── artalk
| └── artalk.yml
├── images
| ├── artalk.tar
| ├── mysql8.tar
| ├── nginx.tar
| └── ohttps-nginx.tar
├── nginx
| ├── cert
| | └── default
| ├── conf
| | ├── artalk.conf
| | └── blog.conf
| ├── html
| | └── index.html
| └── log
├── builder.sh
├── docker-compose.yml
└── ohttps-nginx-builder.sh
# 脚本配置 builder.sh
#!/bin/bash#
# HTTPS 自动部署配合
# 部署节点id (选填)
PUSH_NODE_ID="push-xxxx"
# 部署节点令牌 (选填)
PUSH_NODE_TOKEN="xxxxxx"
#获取脚本所在的目录
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# 载入镜像
sudo docker load -i "$SCRIPT_DIR/images/mysql8.tar"
sudo docker load -i "$SCRIPT_DIR/images/artalk.tar"
# 判断镜像安装类型
NGINX_IMAGE=
if [[ -z "$PUSH_NODE_ID" && -z "$PUSH_NODE_TOKEN" ]]; then
sudo docker load -i "$SCRIPT_DIR/images/nginx.tar"
NGINX_IMAGE="nginx:1.23.4"
else
sudo docker load -i "$SCRIPT_DIR/images/ohttps-nginx.tar"
NGINX_IMAGE="ohttps/ohttps-nginx:latest"
fi
# 暴露参数
# 当前目录
export COMPOSE_PROJECT_DIR=$SCRIPT_DIR
# nginx安装类型
export COMPOSE_PROJECT_NGINX_IMAGE=$NGINX_IMAGE
# SSL自动部署
export COMPOSE_PROJECT_PUSH_NODE_ID=$PUSH_NODE_ID
export COMPOSE_PROJECT_PUSH_NODE_TOKEN=$PUSH_NODE_TOKEN
# 部署
sudo -E docker-compose up -d
#sudo -E docker-compose config
# docker编排配置 docker-compose.yml
version: '3'
services:
mysql:
image: mysql:8.0.33
container_name: mysql
environment:
# 时区上海
TZ: Asia/Shanghai
# root 密码
MYSQL_ROOT_PASSWORD: root
# 初始化数据库(后续的初始化sql会在这个库执行)
MYSQL_DATABASE: blog_artalk
ports:
- "3306:3306"
volumes:
# 数据挂载
- ${COMPOSE_PROJECT_DIR}/mysql/data/:/var/lib/mysql/
# 配置挂载
- ${COMPOSE_PROJECT_DIR}/mysql/conf/:/etc/mysql/conf.d/
command:
# 将mysql8.0默认密码策略 修改为 原先 策略 (mysql8.0对其默认策略做了更改 会导致密码无法匹配)
--default-authentication-plugin=mysql_native_password
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
privileged: true
network_mode: "host"
nginx-web:
image: nginx:1.23.4
container_name: nginx-web
environment:
# 时区上海
TZ: Asia/Shanghai
ports:
- "80:80"
- "443:443"
volumes:
# 证书映射
- ${COMPOSE_PROJECT_DIR}/nginx/cert:/etc/nginx/cert
# 配置文件映射
- ${COMPOSE_PROJECT_DIR}/nginx/conf:/etc/nginx/conf.d
# 页面目录
- ${COMPOSE_PROJECT_DIR}/nginx/html:/usr/share/nginx/html
# 日志目录
- ${COMPOSE_PROJECT_DIR}/nginx/log:/var/log/nginx
privileged: true
network_mode: "host"
artalk:
image: artalk/artalk-go
container_name: artalk
environment:
TZ: Asia/Shanghai
ATK_LOCALE: zh-CN
ports:
- "8088:8088"
volumes:
- ${COMPOSE_PROJECT_DIR}/artalk:/data
restart: always
privileged: true
network_mode: "host"
# 评论配置 artalk.yml
# 服务器地址
host: "0.0.0.0"
# 服务器端口
port: 8088
# 加密密钥
app_key: "bozhu12"
# 调试模式
debug: false
# 时间区域
timezone: "Asia/Shanghai"
# 默认站点名
site_default: "柏竹"
# 登陆有效时长 (单位:秒)
login_timeout: 259200
# 数据库
db:
# 数据库类型 ["sqlite", "mysql", "pgsql", "mssql"]
type: "mysql"
# 数据库文件 (仅 SQLite 数据库需填写)
file: "./data/artalk-go.db"
# 数据库名称
name: "blog_artalk"
# 数据库地址
host: "localhost"
# 数据库端口
port: 3306
# 数据库账户
user: "root"
# 数据库密码
password: "root"
# 编码格式
charset: "utf8mb4"
# 表前缀 (例如:"atk_")
table_prefix: ""
# 日志
log:
# 启用日志
enabled: true
# 日志文件路径
filename: "./data/artalk-go.log"
# 缓存
cache:
# 缓存类型 ["redis", "memcache", "builtin"]
type: "builtin"
# 缓存过期时间 (单位:分钟)
expires: 30
# 缓存启动预热 (程序启动时预热缓存)
warm_up: false
# 缓存服务器地址 (例如:"localhost:6379")
server: ""
# Redis 配置
redis:
# 连接方式 ["tcp", "unix"]
network: "tcp"
# 用户名
username: ""
# 密码
password: ""
# 数据库编号 (例如使用零号数据库填写 0)
db: 0
# 可信域名 (信任本地启动测试, 建议部署后再配置信任域名)
trusted_domains:
-
# SSL
ssl:
# 启用 SSL
enabled: false
# 证书文件路径
cert_path: "/data/cert/bozhu12.cc.pem"
# 密钥文件路径
key_path: "/data/cert/bozhu12.cc.key"
# 管理员账户 TODO
admin_users:
- name: "柏竹"
email: "bozhu12@foxmail.com"
password: "123123" # 支持 bcrypt 或 md5 加密,如:"(md5)50c21190c6e4e5418c6a90d2b5031119"
badge_name: "管理员"
badge_color: "#7ab209"
# 评论审核
moderator:
# 默认待审 (发表新评论需要后台人工审核后才能显示)
pending_default: 1
# API 请求错误时拦截 (关闭此项当请求错误时让评论放行)
api_fail_block: 1
# Akismet Key
# (Akismet 反垃圾服务,https://akismet.com)
akismet_key: ""
# 腾讯云文本内容安全
# (https://cloud.tencent.com/document/product/1124/64508)
tencent:
enabled: false
secret_id: ""
secret_key: ""
region: "ap-guangzhou"
# 阿里云内容安全
# (https://help.aliyun.com/document_detail/28417.html)
aliyun:
enabled: false
access_key_id: ""
access_key_secret: ""
region: "cn-shanghai"
# 关键词过滤 (本地离线词库)
keywords:
enabled: false
# 匹配成功设为待审状态
pending: false
# 词库文件 (支持多个词库文件)
files:
- "./data/词库_1.txt"
# 词库文件内容分割符 (例如填写 "\n" 文件中一行一个关键词)
file_sep: "\n"
# 替换字符
replac_to: "x"
# 验证码
captcha:
# 启用验证码
enabled: true
# 总是需要验证码
always: false
# 激活验证码所需操作次数
action_limit: 3
# 重置操作计数器超时 (单位:s, 设为 -1 不重置)
action_reset: 60
# Geetest 极验 (https://www.geetest.com)
geetest:
enabled: false
captcha_id: ""
captcha_key: ""
# 邮件通知
email:
# 启用邮件通知
enabled: 1
# 发送方式 ["smtp", "ali_dm", "sendmail"]
send_type: "ali_dm"
# 发信人昵称
send_name: "{{reply_nick}}"
# 发信人地址
send_addr: "bozhu12@foxmail.com"
# 邮件标题
mail_subject: "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复"
# 邮件模板文件 (填入文件路径使用自定义模板)
mail_tpl: "default"
# SMTP 发送 (启用请将发送方式设为 "smtp")
smtp:
# 发件地址
host: "smtp.163.com"
# 发件端口
port: 465
# 用户名
username: "eryajf@163.com"
# 密码
password: "xxxxxxxxxxx"
# 阿里云邮件推送
# (启用请将发送方式设为 "ali_dm";参考:https://help.aliyun.com/document_detail/29444.html)
ali_dm:
access_key_id: "LTAI5t6xpCTcZwDBbeMHu3NJ"
access_key_secret: "mWUFQctl9nNXx3QffnRRFIQhVvhEO0"
account_name: "bozhu@mail.bozhu12.cc"
# 图片上传
img_upload:
# 启用图片上传
enabled: 0
# 图片存放路径
path: "./data/artalk-img/"
# 图片大小限制 (单位:MB)
max_size: 5
# 图片链接基础路径 (默认为 "/static/images/")
public_path: null
# Upgit 配置
# (使用 Upgit 将图片上传到 GitHub 或图床:https://github.com/pluveto/upgit)
upgit:
# 启用 Upgit
enabled: false
# 命令行参数
exec: "./upgit -c <upgit配置文件路径> -t /artalk-img"
# 上传后删除本地的图片
del_local: true
# 多元推送
admin_notify:
# 通知模版 (填入文件路径使用自定义模板)
notify_tpl: "default"
# 嘈杂模式
noise_mode: false
# 邮件通知管理员
email:
# 开启 (当使用其他推送方式时,可以关闭管理员邮件通知)
enabled: 0
# 邮件标题 (发送给管理员的邮件标题)
mail_subject: "[{{site_name}}] 您的文章「{{page_title}}」有新回复"
# Telegram
telegram:
enabled: false
api_token: ""
receivers:
- 7777777
# Bark
bark:
enabled: false
server: "http://day.app/xxxxxxx/"
# 飞书
lark:
enabled: false
webhook_url: ""
# WebHook
webhook:
enabled: false
url: ""
# 钉钉
ding_talk:
enabled: 1
token: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
secret: "wiki"
# Slack
slack:
enabled: false
oauth_token: ""
receivers:
- "CHANNEL_ID"
# LINE
line:
enabled: false
channel_secret: ""
channel_access_token: ""
receivers:
- "USER_ID_1"
- "GROUP_ID_1"
# 前端配置
frontend:
# 评论框占位文字
placeholder: "请正确填写邮箱以便接收回复通知,如需添加图片,请通过第三方图床引用图片,评论支持Markdown语法"
# 无评论显示文字
noComment: "「此时无声胜有声」"
# 发送按钮文字
sendBtn: "提交"
# 评论框旅行
editorTravel: 1
# 暗黑模式
darkMode: false
# 表情包
emoticons: "https://cdn.jsdelivr.net/gh/eryajf/emotion_generate/dist/artalk.json"
# 投票按钮
vote: true
# 反对按钮
voteDown: false
# 用户 UA 徽标
uaBadge: true
# 评论排序功能
listSort: true
# 页面 PV 绑定元素
pvEl: "#ArtalkPV"
# 评论数绑定元素
countEl: "#ArtalkCount"
# 编辑器实时预览功能
preview: true
# 平铺模式 ["auto", true, false]
flatMode: "auto"
# 最大嵌套层数
nestMax: 10
# 嵌套评论排序规则 ["DATE_ASC", "DATE_DESC", "VOTE_UP_DESC"]
nestSort: DATE_ASC
# 头像
gravatar:
# Gravatar 镜像地址
mirror: "https://cravatar.cn/avatar/"
# 默认头像
default: "mp"
# 评论分页
pagination:
# 每页评论数
pageSize: 20
# 加载更多模式 (关闭则使用分页条)
readMore: true
# 滚动加载
autoLoad: true
# 内容限高
heightLimit:
# 评论内容限高 (单位:px)
content: 300
# 子评论区域限高 (单位:px)
children: 400
# 请求超时 (单位:毫秒)
reqTimeout: 15000
# 版本检测
versionCheck: false
# nginx 配置 conf
artalk.conf
server {
listen 80;
listen [::]:80;
# TODO 外部访问的域名
server_name comment.bozhu12.cc;
# https配置 ssl
#listen 443 ssl;
#listen [::]:443 ssl;
#
# # 自定义默认配置
# #ssl_certificate /etc/nginx/certificates/default/fullchain.cer;
# #ssl_certificate_key /etc/nginx/certificates/default/cert.key;
#ssl_certificate /etc/nginx/certificates/cert-z4kql8d194j82679/fullchain.cer;
#ssl_certificate_key /etc/nginx/certificates/cert-z4kql8d194j82679/cert.key;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8088;
}
}
blog.conf
# 二级域名 访问
server {
listen 80;
listen [::]:80;
server_name www.bozhu12.cc;
# https ssl配置
#listen 443 ssl;
#listen [::]:443 ssl;
# # 自定义默认配置
# #ssl_certificate /etc/nginx/certificates/default/fullchain.cer;
# #ssl_certificate_key /etc/nginx/certificates/default/cert.key;
#ssl_certificate /etc/nginx/certificates/cert-z4kql8d194j82679/fullchain.cer;
#ssl_certificate_key /etc/nginx/certificates/cert-z4kql8d194j82679/cert.key;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
# 顶域名 访问
server {
listen 80;
listen [::]:80;
server_name bozhu12.cc;
# https ssl配置
#listen 443 ssl;
#listen [::]:443 ssl;
# # 自定义默认配置
# #ssl_certificate /etc/nginx/certificates/default/fullchain.cer;
# #ssl_certificate_key /etc/nginx/certificates/default/cert.key;
#ssl_certificate /etc/nginx/certificates/cert-z4kql8d194j82679/fullchain.cer;
#ssl_certificate_key /etc/nginx/certificates/cert-z4kql8d194j82679/cert.key;
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
# IP 访问配置
server {
listen 80;
listen [::]:80;
# TODO 这里填写 服务器ip
server_name 192.168.111.200;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /static/ {
alias /usr/share/nginx/html/assets/;
}
}