The whole process of deploying Hexo blog to Tencent cloud server (Nginx, certificate, HTTPS), all you need is here

background

Ashamed to say, blog has been built for a long time, and has been deployed on Coding and Github Pages for free. The former was migrated to Tencent Cloud Serverless, which caused the original configuration to always have problems. I didn’t have time to study it carefully. It just happened that the Tencent server had wool. You can make the move decisively. As for the choice of Tencent Cloud, it is because the record was in Tencent Cloud at the beginning, but the domain name was purchased in Ali.

Deployment environment

local environment configuration

There are too many hexo local construction processes on the Internet, so I won't repeat them here, but here is just a little preparation for linking the server.

Generate Git keys

ssh-keygen -C "your@mail.com"

Press Enter all the way, then you should see two key files just generated in the ~/.ssh/ directory:

1. Public key: id_rsa.pub
2. Private key: id_rsa

We will need to copy the contents of the public key to the server in a moment

Server environment configuration

The server is pretty pure and nothing, so we're going to install what we need a little bit

• Git
• Nginx

strongly recommends that you reset the default password of the Tencent Cloud server, and then perform the following operations

Git installation and configuration

Install

Switch to root user (just enter the password you just reset)

su root

First you need to install the dependencies of the package

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel
yum install  gcc perl-ExtUtils-MakeMaker

Enter the specified directory (here choose usr/local/src ) select the latest version Git (here use 2.34.1 ) Download and unzip

cd /usr/local/src
wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.34.1.tar.gz
tar -zxvf git-2.19.0.tar.gz

The decompressed Git files are all source files, we need to compile, enter the Git decompression directory, compile and install, the installation location (here choose usr/local/git ), the whole process may need to wait...

cd git-2.34.1
make prefix=/usr/local/git all
make prefix=/usr/local/git install

After installation, we need to configure environment variables and open the environment variable configuration file:

vim /etc/profile

Add the Git installation directory information at the bottom of the file, and give students who are not familiar with Vim quick steps to follow the letters below (is this nanny service in place)

G (cursor fast to end of file)

o (adds a new blank line and enters Insert mode)

paste the following

Esc (to enter Normal mode)

:wq (save and exit)

PATH=$PATH:/usr/local/git/bin
export PATH

Refresh environment variables to take effect

source /etc/profile

At this point, Git should have been installed. You can check whether the Git version number is the same as the version you specified:

git --version

Git new user and configuration

Create git user and password

adduser git
passwd git

Add git user to sudoers file, also give Vim shortcuts

chmod 740 /etc/sudoers
vim /etc/sudoers

/## Allow

This allows you to quickly locate the following locations:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

Add git user content on the line below, save and exit

git      ALL=(ALL)       ALL

Change back to sudoers file permissions

chmod 400 /etc/sudoers

test

Copy the content of the id_rsa.pub public key generated locally to the remote server. This command will generate a authorized_keys file (~/.ssh/authorized_keys) server_ip is the public IP, not Internal IP, don't copy the wrong one

ssh-copy-id -i ~/.ssh/id_rsa.pub git@server_ip

At this point, you can test the connection through the ssh command (plus the -v command, which can output a detailed log)

ssh -v git@server_ip

Blog Site Directory Configuration

Create Blog Site Directory Locations

Also switch to the root directory, and then create a root directory for the blog website (here choose /home/hexo )

su root
mkdir /home/hexo

Grant git user permissions

chown git:git -R /home/hexo

Automated configuration

Specify the directory location (here select the git user home directory /home/git ) to create a blog.git bare repo

cd /home/git 
git init --bare blog.git

What is bare repo, and some advanced uses of bare repo, you can read the following three articles, the following details are just not introduced too much

1. Git Worktree Dafa
2. Git Worktree Advanced Use
3. One-click generation of Git Worktree working directory

Also give the git user the corresponding permissions

chown git:git -R blog.git

To use automatic configuration, it is natural to use the hook function of Git. Here we need post-receive and create a new file in the blog hooks directory:

vim blog.git/hooks/post-receive

Then add the following (note that the directories match), save and exit:

#!/bin/sh
git --work-tree=/home/hexo --git-dir=/home/git/blog.git checkout -f

Finally, give this file executable permissions

chmod +x /home/git/blog.git/hooks/post-receive

Next, create a link in case the subsequent deploy process fails

sudo ln -s /usr/local/git/bin/git-receive-pack  /usr/bin/git-receive-pack

At this point, the basic preparations are completed, and then we need to process the content of Nginx

Nginx installation and configuration

Install

Also switch to the root user, then install nginx, and finally start

su root
yum install -y nginx
systemctl start nginx.service

At this time, enter the public IP address in the browser, and you should see the default welcome interface of Nginx

configure

Configure Nginx here to redirect all Http requests to Https requests, which requires us to have an SSL certificate, the certificate can be applied for on the cloud server, and download the corresponding version (here select the Nginx certificate), after downloading, unzip it, use my An example of a certificate:

.
├── 6317712_www.dayarch.top.key
└── 6317712_www.dayarch.top.pem

0 directories, 2 files

Copy the above certificate to the remote server through the scp command. Normally, the Nginx certificate should be stored in the /etc/nginx/cert directory. Here, choose to store it in /home/ssl_cert (if the directory does not exist, please create it yourself)

scp ~/Downloads/6317712_www.dayarch.top_nginx/6317712_www.dayarch.top.key root@server_ip:/home/ssl_cert
scp ~/Downloads/6317712_www.dayarch.top_nginx/6317712_www.dayarch.top.pem root@server_ip:/home/ssl_cert

Then open the Nginx configuration file for overall configuration

server{
    listen 80;
    server_name dayarch.top; # 个人域名
    rewrite ^(.*)$ https://$server_name$1 permanent; # 重定向
}

server {
    listen 443; 
    server_name dayarch.top;  # 个人域名
    ssl on; 
    ssl_certificate      /home/ssl_cert/6317712_www.dayarch.top.pem; # .pem 证书
    ssl_certificate_key  /home/ssl_cert/6317712_www.dayarch.top.key; # .key 证书
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /home/hexo;  # 博客网站主目录
        index index.php  index.html index.htm; 
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

Check through the nginx -t command, everything is normal and the following results will be output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart Nginx service

systemctl restart nginx.service

At this point, all the preparations are done, next, we need to do some blog configuration

Local blog configuration modification

We need to configure the Git repository information of the remote server into the Hexo site configuration file ( _config.yml )

deploy:
  - type: git
    repo: git@server_ip:/home/git/blog.git
    branch: master

Execute the hexo commands one after another to deploy

hexo clean
hexo generate
hexo deploy

So far, we are only one step away from success

DNS

Log in to the domain name server you purchased (for example, I am in Alibaba Cloud), configure domain name resolution, and point it to the public network address of our server:

verify

Next, you can enter the domain name in your browser, verify it, and enjoy your results

One Soldier of the Sun Arch｜ Original