从拥有一台云服务器开始容器化部署Halo博客
1:环境(我这里用本地虚拟化出来的机器)(CentOS7.9)
配置 IP 主机名 Docker版本
2C2G 10.0.0.10 virtual_host 20.10.12
域名:halo.kubernetes-devops.cn
证书:halo.pem halo.key
软件:nginx/1.20.1 # yum安装
2:安装并配置Docker
# 安装docker
[root@virtual_host ~]# yum install -y docker-ce
# 启动并设置开机自启
[root@virtual_host ~]# systemctl enable docker --now
# 创建/etc/docker/daemon.json文件,内如如下
[root@virtual_host ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://6ze43vnb.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
# 重新加载docker
[root@virtual_host ~]# systemctl daemon-reload && systemctl restart docker
3:部署Halo
# 保存并拉取博客镜像
[root@virtual_host ~]# docker pull ruibaby/halo
Using default tag: latest
latest: Pulling from ruibaby/halo
a31c7b29f4ad: Pull complete
9b1182b8c86e: Pull complete
7a555472b18b: Pull complete
88975f0c17e9: Pull complete
61a837cec506: Pull complete
2d473ceb7d55: Pull complete
22183e43a942: Pull complete
b665b198f4c8: Pull complete
Digest: sha256:734fff44240667615901a23d1d49e45fe25f99cd0da3278fce903d55ad1b2a7e
Status: Downloaded newer image for ruibaby/halo:latest
docker.io/ruibaby/halo:latest、
# 创建持久化卷
[root@virtual_host ~]# docker volume create halo
halo
# 启动halo容器
[root@virtual_host ~]# docker run -d --name halo --restart=always -p 8090:8090 -v halo:/root/.halo ruibaby/halo:latest
899d15e3d018cd3f39ecd7d182dd74120d63ab4494276862f01025942b9542e7
# 查看容器
[root@virtual_host ~]# docker ps
[root@virtual_host _data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f90a7d1e637a ruibaby/halo:latest "/bin/sh -c 'java -X…" 2 seconds ago Up 1 second 0.0.0.0:8090->8090/tcp halo
# 检查数据持久化
[root@virtual_host ~]# cd /var/lib/docker/volumes/halo/_data/
[root@virtual_host _data]# ls
db logs static templates
# 检查监听端口
[root@virtual_host _data]# ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:8090 *:*
4:配置Nginx反向代理
# 创建证书目录并上传证书
[root@virtual_host ~]# cd /etc/nginx/
[root@virtual_host nginx]# mkdir ssl
[root@virtual_host nginx]# cd ssl
[root@virtual_host ssl]# ls
halo.key halo.pem
# 清除/etc/nginx/nginx.conf下的server{}段
# 配置nginx反向代理
[root@virtual_host ~]# cat /etc/nginx/conf.d/halo.conf
# http
server {
listen 80 http2;
server_name halo.kubernetes-devops.cn;
return https://halo.kubernetes-devops.cn;
}
# https
server {
listen 443 ssl http2;
server_name halo.kubernetes-devops.cn;
ssl_certificate "/etc/nginx/ssl/halo.pem";
ssl_certificate_key "/etc/nginx/ssl/halo.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
# 检测是否有误
[root@virtual_host ssl]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# 启动nginx
[root@virtual_host ssl]# systemctl enable nginx --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# 查看端口
[root@virtual_host ssl]# ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:8090 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
# 此时服务器层面已经部署好了,
# 注意!
1:如果你是云服务器,那么你需要云服务器的安全组内方通入站规则 80和443端口
2:域名注册商去解析A记录到你的服务器IP或者LB的IP或着CNAME解析到你的CDN或WAF上
5:测试
