悲报

不知何原因,我的github账号被认为有异常登陆,给我重置了随机密码,然后把我所有仓库以及账户全屏蔽了,好在给我发邮件让我改密码了,倒是东西全拿回来了,但是不知道是这个原因还是github有BUG了,workflow和hgit page还是不能用,于是就迁移博客到这个小VPS上了

但是呢,老是从腾讯云下载证书,真的好麻烦啊,所有就用acme.sh来自动申请/续签证书。

acme

acmesh-official/acme.sh 这个项目自动申请SSL证书

install socat

1
sudo apt install socat

install acme

1
curl https://get.acme.sh | sh

create dnspod token and set env

到DNSpod创建token

dnspod token create

设置环境变量

1
2
basi@VM67811:~$ export DP_Id="xxx"
basi@VM67811:~$ export DP_Key="xxxxxxxxxxxxxxxxxxxx"

申请证书

1
2
3
source .bashrc
acme.sh --register-account -m basi-a@outlook.com
acme.sh --issue --dns dns_dp -d basi-a.top -d *.basi-a.top

各种DNS服务商申请方法

申请结果

1
2
3
4
5
-----END CERTIFICATE-----
[Sun Feb 25 02:11:43 PM UTC 2024] Your cert is in: /root/.acme.sh/basi-a.top_ecc/basi-a.top.cer
[Sun Feb 25 02:11:43 PM UTC 2024] Your cert key is in: /root/.acme.sh/basi-a.top_ecc/basi-a.top.key
[Sun Feb 25 02:11:43 PM UTC 2024] The intermediate CA cert is in: /root/.acme.sh/basi-a.top_ecc/ca.cer
[Sun Feb 25 02:11:43 PM UTC 2024] And the full chain certs is there: /root/.acme.sh/basi-a.top_ecc/fullchain.cer

给nginx用上申请的证书

安装证书

1
2
3
4
5
6
sudo -i
mkidr /path/to/ssl
acme.sh --installcert -d basi-a.top \
--key-file /path/to/ssl/basi-a.top.key \
--fullchain-file /path/to/ssl/basi-a.top.fullchain.cer \
--reloadcmd "service nginx force-reload"

给我迁移的静态博客套上SSL

先删掉/etc/nginx/sites-available/default, 免得老是链接到/etc/nginx/sites-enabled/这里面

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name basi-a.top;
        server_name www.basi-a.top;
        ssl_certificate /path/to/ssl/basi-a.top.fullchain.cer;
        ssl_certificate_key /path/to/ssl/basi-a.top.key;
        root /path/to/xxx;
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}
server {
        listen 80;
        listen [::]:80;

        server_name basi-a.top;
        server_name www.basi-a.top;

        location / {
                try_files $uri $uri/ =404;
                add_header Strict-Transport-Security "max-age=31536000
; includeSubDomains; preload";
        }
}

重启或者重载配置就齐活了

hexo 发布方式修改

先搞个git仓库在VPS上吧

这些全切root用户操作吧,方便点

git用户证书登陆

给git用户添加咱的ssh密钥, 把咱本地的ssh公钥写到authorized_keys里面

1
2
3
4
5
6
useradd git -m
cd /home/git/
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

仓库初始化

1
2
3
4
5
6
cd /home
mkdir gitrepo
chown git:git gitrepo/
cd gitrepo
git init --bare hexo.git
chown -R git:git hexo.git

创建更新事件

1
2
3
4
5
vim /home/gitrepo/hexo.git/hooks/post-receive
chown -R git:git /var/www/public
chmod 700 /home/gitrepo/hexo.git/hooks/post-receive
chown git:git /home/gitrepo/hexo.git/hooks/post-receive
chown -R git:git /var/www/public

hooks内容hexo.git/hooks/post-receive

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/bin/bash

GIT_REPO=/home/gitrepo/hexo.git                      # 空 Git 仓库的文
  夹,触发 hook 时已经存入了内容
TMP_GIT_CLONE=/tmp/hexo                  # 缓存文件夹,存在 /tmp 下可
  随意读写
PUBLIC_WWW=/var/www/public                # 之前创建的 blog 文件夹,用
  网站主目录
rm -rf ${TMP_GIT_CLONE}                  # 删除缓存的全部内容
git clone ${GIT_REPO} ${TMP_GIT_CLONE}       # 将 Git 仓库被上传的内容
  入缓存
rm -rf ${PUBLIC_WWW}/*                   # 删除网站主目录全部内容
cp -rf ${TMP_GIT_CLONE}/* ${PUBLIC_WWW}  # 将缓存目录所有内容复制到主

rm -rf ${PUBLIC_WWW}/.git # 要删掉不该有的东西

改hexo配置

vim _config.yaml

1
2
3
4
5
deploy:
  type: git
  repo: git@dev.basi-a.top:hexo.git
  # example, https://github.com/hexojs/hexojs.github.io
  branch: master

推送逝世吧

1
2
3
hexo clean
hexo g
hexo d