0%

从零开始重建博客

准备篇

更新系统
  • 首先,更新软件源
    sudo apt update
  • 更新软件
    sudo apt upgrade
  • 重启
    sudo reboot
  • 删除不使用的linux镜像
    sudo dpkg --list|grep linux 红色的是我们正在使用的,不能删,所以
    OK,现在开始nginx
  • 创建文件夹存放nginx安装程序
    cd /
    mkdir -P maxexc/runtime/nginx
    发现lrzsz没有安装
    apt install lrzsz
    接下来下载和上传nginx到指定文件夹
    tar -xvf nginx-1.17.0.tar.gz
    ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
    运行之后发现缺少PCRE
    sudo apt-get install libpcre3 libpcre3-dev
    还有两个库要安装
    sudo apt-get install zlib1g-dev
    sudo apt-get install openssl libssl-dev
    如果没有安装过则使用
    make install
    加下来验证一下
    /usr/local/nginx/sbin/nginx -V
    netstat -lnp|grep nginx 可以看到,TLS已经支持
    配置开机启动服务
    在/etc/init.d/下创建nginx文件,sudo vim /etc/init.d/nginx,内容如下:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    #!/bin/sh

    ### BEGIN INIT INFO
    # Provides: nginx
    # Required-Start: $local_fs $remote_fs $network $syslog $named
    # Required-Stop: $local_fs $remote_fs $network $syslog $named
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: starts the nginx web server
    # Description: starts nginx using start-stop-daemon
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/local/nginx/sbin/nginx
    NAME=nginx
    DESC=nginx

    # Include nginx defaults if available
    if [ -r /etc/default/nginx ]; then
    . /etc/default/nginx
    fi

    STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"

    test -x $DAEMON || exit 0

    . /lib/init/vars.sh
    . /lib/lsb/init-functions

    # Try to extract nginx pidfile
    PID=$(cat /usr/local/nginx/conf/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
    if [ -z "$PID" ]; then
    PID=/run/nginx.pid
    fi

    if [ -n "$ULIMIT" ]; then
    # Set ulimit if it is set in /etc/default/nginx
    ulimit $ULIMIT
    fi

    start_nginx() {
    # Start the daemon/service
    #
    # Returns:
    # 0 if daemon has been started
    # 1 if daemon was already running
    # 2 if daemon could not be started
    start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
    || return 1
    start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
    $DAEMON_OPTS 2>/dev/null \
    || return 2
    }

    test_config() {
    # Test the nginx configuration
    $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
    }

    stop_nginx() {
    # Stops the daemon/service
    #
    # Return
    # 0 if daemon has been stopped
    # 1 if daemon was already stopped
    # 2 if daemon could not be stopped
    # other if a failure occurred
    start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
    RETVAL="$?"
    sleep 1
    return "$RETVAL"
    }

    reload_nginx() {
    # Function that sends a SIGHUP to the daemon/service
    start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
    return 0
    }

    rotate_logs() {
    # Rotate log files
    start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
    return 0
    }

    upgrade_nginx() {
    # Online upgrade nginx executable
    # http://nginx.org/en/docs/control.html
    #
    # Return
    # 0 if nginx has been successfully upgraded
    # 1 if nginx is not running
    # 2 if the pid files were not created on time
    # 3 if the old master could not be killed
    if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
    # Wait for both old and new master to write their pid file
    while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
    cnt=`expr $cnt + 1`
    if [ $cnt -gt 10 ]; then
    return 2
    fi
    sleep 1
    done
    # Everything is ready, gracefully stop the old master
    if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
    return 0
    else
    return 3
    fi
    else
    return 1
    fi
    }

    case "$1" in
    start)
    log_daemon_msg "Starting $DESC" "$NAME"
    start_nginx
    case "$?" in
    0|1) log_end_msg 0 ;;
    2) log_end_msg 1 ;;
    esac
    ;;
    stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    stop_nginx
    case "$?" in
    0|1) log_end_msg 0 ;;
    2) log_end_msg 1 ;;
    esac
    ;;
    restart)
    log_daemon_msg "Restarting $DESC" "$NAME"

    # Check configuration before stopping nginx
    if ! test_config; then
    log_end_msg 1 # Configuration error
    exit $?
    fi

    stop_nginx
    case "$?" in
    0|1)
    start_nginx
    case "$?" in
    0) log_end_msg 0 ;;
    1) log_end_msg 1 ;; # Old process is still running
    *) log_end_msg 1 ;; # Failed to start
    esac
    ;;
    *)
    # Failed to stop
    log_end_msg 1
    ;;
    esac
    ;;
    reload|force-reload)
    log_daemon_msg "Reloading $DESC configuration" "$NAME"

    # Check configuration before stopping nginx
    #
    # This is not entirely correct since the on-disk nginx binary
    # may differ from the in-memory one, but that's not common.
    # We prefer to check the configuration and return an error
    # to the administrator.
    if ! test_config; then
    log_end_msg 1 # Configuration error
    exit $?
    fi

    reload_nginx
    log_end_msg $?
    ;;
    configtest|testconfig)
    log_daemon_msg "Testing $DESC configuration"
    test_config
    log_end_msg $?
    ;;
    status)
    status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
    ;;
    upgrade)
    log_daemon_msg "Upgrading binary" "$NAME"
    upgrade_nginx
    log_end_msg $?
    ;;
    rotate)
    log_daemon_msg "Re-opening $DESC log files" "$NAME"
    rotate_logs
    log_end_msg $?
    ;;
    *)
    echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
    exit 3
    ;;
    esac
  • 设置服务脚本有执行权限
    sudo chmod +x /etc/init.d/nginx

  • 注册服务
    cd /etc/init.d/
    sudo update-rc.d nginx defaults
    现在基本上就可以开机启动了,常用的命令如下:
    sudo service nginx {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}

    自动部署

    安装和配置git
  • 安装git
    sudo apt install git

  • 新建用户,注意,密码一定要记住

    adduser git
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    Adding user `git' ... </B>
    Adding new group `git' (1000) ...
    Adding new user `git' (1000) with group `git' ...
    Creating home directory `/home/git' ...
    Copying files from `/etc/skel' ...
    Enter new UNIX password:
    Retype new UNIX password:
    Sorry, passwords do not match
    passwd: Authentication token manipulation error
    passwd: password unchanged
    Try again? [y/N] Y
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully
    Changing the user information for git
    Enter the new value, or press ENTER for the default
    Full Name []: git
    Room Number []: git
    Work Phone []: git
    Home Phone []: git
    Other []: git
    Is the information correct? [Y/n] Y
    root@iZj6cgoyl5x6opizfwaukrZ:~#
  • 然后开始配置同步key
    mkdir -P /home/git/.ssh
    创建可信的秘钥

  • 赋予git用户sudo权限
    执行:
    chmod 740 /etc/sudoers
    vim /etc/sudoers
    找到以下内容:

    1
    2
    # User privilege specification  
    root ALL=(ALL:ALL) ALL

    在root ALL=(ALL:ALL) ALL这一行下面添加git ALL=(ALL:ALL) ALL
    git
    保存退出后,修改回文件权限chmod 440 /etc/sudoers

  • 关闭git用户shell权限
    执行:vim /etc/passwd
    将最后一行的git:x:1001:1001:,,,:/home/git:/bin/bash修改为git:x:1001:1001:,,,:/home/git:/usr/bin/git-shell
    初始化git仓库
    切换到git用户su git
    然后:
    cd /home/git //切换到git用户目录
    mkdir blog.git //创建git仓库文件夹,以blog.git为例
    cd blog.git //进入仓库目录
    git init –bare //使用–
    创建网站目录
    cd /var/www/ //切换目录
    mkdir blog //创建网站目录,以blog为例
    配置SSH
    cd /home/git //切换到git用户目录
    mkdir .ssh //创建.ssh目录
    cd .ssh
    vim authorized_keys
    然后将本地的公钥复制到authorized_keys文件里(公钥即上文中本地执行cat ~/.ssh/id_rsa.pub查看的内容)
    用户组管理
    执行:
    ll /home/git/
    ll /var/www/
    确保blog.git、.ssh、blog目录的用户组权限为git:git
    若不是,执行下列命令后再查看:
    sudo chown git:git -R /var/www/blog
    sudo chown git:git -R /home/git/blog.git
    直接启用git-shell似乎有问题
    cp /usr/share/doc/git-1.7.4.4/contrib/git-shell-commands /home/git -R
    $ chown git:developers /home/git/git-shell-commands/ -R
    $ chmod +x /home/git/git-shell-commands/help
    $ chmod +x /home/git/git-shell-commands/list

    测试git

    配置Git Hooks
    创建post-receive文件
    git用户下执行:
    cd /home/git/blog.git/hooks //切换到hooks目录下
    vim post-receive //创建文件
    复制下面的内容到post-receive文件中:

    1
    2
    3
    4
    5
    6
    7
    8
    #!/bin/bash -l  
    GIT_REPO=/home/git/blog.git
    TMP_GIT_CLONE=/tmp/blog
    PUBLIC_WWW=/var/www/blog
    rm -rf ${TMP_GIT_CLONE}
    git clone $GIT_REPO $TMP_GIT_CLONE
    rm -rf ${PUBLIC_WWW}/*
    cp -rf ${TMP_GIT_CLONE}/* ${PUBLIC_WWW}

    保存退出后,执行:chmod +x post-receive赋予可执行权限。
    本地操作
    尝试连接
    在本地打开Git Bash:
    ssh git@VPS的ip

3.Git服务器打开RSA认证
/etc/ssh/sshd_config中将RSA认证打开:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
/home/git下创建.ssh目录,然后创建authorized_keys文件,把id_rsa.pub里面的内容复制到authorized_keys文件中
4.修改权限
  重要:
  修改 .ssh 目录的权限为 700
  修改 .ssh/authorized_keys 文件的权限为 600
chmod 700 .ssh
cd .ssh
chmod 600 authorized_keys