从源码构建Hugo
注意:需要Go 1.18以上。
git clone https://github.com/gohugoio/hugo
cd hugo
go mod tidy
go build --tags extend
生成静态网站并同步到VPS
hugo && rsync -avz -e 'ssh -p PORT -i PRIV_KEY' --delete public/ rambo@VPS_IP:/home/rambo/fernweh/www
配置VPS上的Nginx容器
Nginx配置文件default.conf的最终配置如下:
server {
listen 80;
listen [::]:80;
server_name blog.wohin.me;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://blog.wohin.me$request_uri;
}
}
server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;
server_name blog.wohin.me;
ssl_certificate /etc/nginx/ssl/live/blog.wohin.me/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/blog.wohin.me/privkey.pem;
location / {
root /usr/share/nginx/html/;
}
}
docker-compose.yaml的内容如下:
version: '3'
services:
webserver:
image: nginx:latest
ports:
- 80:80
- 443:443
restart: always
volumes:
- ./www:/usr/share/nginx/html:ro
- ./nginx/conf/:/etc/nginx/conf.d/:ro
- ./certbot/www:/var/www/certbot/:ro
- ./certbot/conf/:/etc/nginx/ssl/:ro
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/www/:/var/www/certbot/:rw
- ./certbot/conf/:/etc/letsencrypt/:rw
定时任务:每三个月更新证书
将以下内容保存为renew-https-cert.cron,在三月、六月、九月和十二月22日的2:30分更新证书:
30 02 22 Mar,Jun,Sep,Dec * sudo docker-compose -f /home/rambo/fernweh/docker-compose.yaml run --rm certbot renew
提交给cron:
crontab ./renew-https-cert.cron