centos7.6安装halo博客系统

2020-03-26   391 次阅读


服务器配置

更新软件包

请确保服务器的软件包已经是最新的。

sudo yum update -y

安装 Java 运行环境

若已经存在 Java 运行环境的可略过这一步。

安装 OpenJRE

sudo yum install java-1.8.0-openjdk -y

检测是否安装成功

java -version

当然,这只是其中一种比较简单的安装方式,你也可以用其他方式,并不是强制要求使用这种方式安装。

安装 Halo

下载配置文件

下载配置文件到 ~/.halo 目录

curl -o ~/.halo/application.yaml --create-dirs https://dl.halo.run/config/application-template.yaml

修改配置文件

完成上一步操作,我们就可以自己配置 Halo 的运行端口,以及数据库相关的配置了。

# 使用 Vim 工具修改配置文件
vim ~/.halo/application.yaml

打开之后我们可以看到

server:
  port: 8090

  # Response data gzip.
  compression:
    enabled: false
spring:
  datasource:

    # H2 database configuration.
    driver-class-name: org.h2.Driver
    url: jdbc:h2:file:~/.halo/db/halo
    username: admin
    password: 123456

    # MySQL database configuration.
#    driver-class-name: com.mysql.cj.jdbc.Driver
#    url: jdbc:mysql://127.0.0.1:3306/halodb?characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
#    username: root
#    password: 123456

  # H2 database console configuration.
  h2:
    console:
      settings:
        web-allow-others: false
      path: /h2-console
      enabled: false

halo:

  # Your admin client path is https://your-domain/{admin-path}
  admin-path: admin

  # memory or level
  cache: memory

1.如果需要自定义端口,修改 server 节点下的 port 即可。

2.默认使用的是 H2 Database 数据库,这是一种嵌入式的数据库,使用起来非常方便。需要注意的是,默认的用户名和密码为 admin 和 123456,这个是自定义的,最好将其修改,并妥善保存。

3.如果需要使用 MySQL 数据库,需要将 H2 Database 的所有相关配置都注释掉,并取消 MySQL 的相关配置。另外,MySQL 的默认数据库名为 halodb,请自行配置 MySQL 并创建数据库,以及修改配置文件中的用户名和密码。

4.h2 节点为 H2 Database 的控制台配置,默认是关闭的,如需使用请将 h2.console.settings.web-allow-others 和 h2.console.enabled 设置为 true。控制台地址即为 域名/h2-console。注意:非紧急情况,不建议开启该配置。

5.server.compression.enabled 为 Gzip 功能配置,如有需要请设置为 true,需要注意的是,如果你使用 Nginx 或者 Caddy 进行反向代理的话,默认是有开启 Gzip 的,所以这里可以保持默认。

6.halo.admin-path 为后台管理的根路径,默认为 admin,如果你害怕别人猜出来默认的 admin(就算猜出来,对方什么都做不了),请自行设置。仅支持一级,且前后不带 /。

7.halo.cache 为系统缓存形式的配置,可选 memory 和 level,默认为 memory,将数据缓存到内存,使用该方式的话,重启应用会导致缓存清空。如果选择 level,则会将数据缓存到磁盘,重启不会清空缓存。如不知道如何选择,建议默认。

注意
使用 MySQL 之前,必须要先新建一个 halodb 数据库,MySQL 版本需 5.7 以上。

create database halodb character set utf8mb4 collate utf8mb4_bin;

运行 Halo

Halo 的整个应用程序只有一个 Jar 包,且不包含用户的任何配置,它放在任何目录都是可行的。需要注意的是,Halo 的整个额外文件全部存放在 ~/.halo 目录下,包括 application.yaml(用户配置文件),template/themes(主题目录),upload(附件上传目录),halo.db.mv(数据库文件)。一定要保证 ~/.halo 的存在,你博客的所有资料可都存在里面。所以你完全不需要担心安装包的安危,它仅仅是个服务而已。

下载最新的 Halo 安装包,{} 为版本号,不带 v

wget https://dl.halo.run/release/halo-{{version}}.jar -O halo-latest.jar

# 或者,{{version}} 为版本号,不带 v
wget https://halo.nova.moe/release/halo-{{version}}.jar -O halo-latest.jar

# 备用地址(建议海外服务器使用)
wget https://github.com/halo-dev/halo/releases/download/v1.3.0/halo-1.3.0.jar -O halo-latest.jar

# 启动测试
java -jar halo-latest.jar

如看到以下日志输出,则代表启动成功.

run.halo.app.listener.StartedListener    : Halo started at         http://127.0.0.1:8090
run.halo.app.listener.StartedListener    : Halo admin started at   http://127.0.0.1:8090/admin

提示
以上的启动仅仅为测试 Halo 是否可以正常运行,如果我们关闭 ssh 连接,Halo 也将被关闭。要想一直处于运行状态,请继续看下面的教程。

进阶配置

上面我们已经完成了 Halo 的整个配置和安装过程,接下来我们对其进行更完善的配置,比如:需要开机自启?,更简单的启动方式?

实现以上功能我们只需要新增一个配置文件即可,也就是使用 Systemd 来完成这些工作。

# 下载 Halo 官方的 halo.service 模板
sudo curl -o /etc/systemd/system/halo.service --create-dirs https://dl.halo.run/config/halo.service

下载完成之后,我们还需要对其进行修改。

# 修改 halo.service
sudo vim /etc/systemd/system/halo.service

打开之后我们可以看到

[Unit]
Description=Halo Service
Documentation=https://halo.run
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/java -server -Xms256m -Xmx256m -jar YOUR_JAR_PATH
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=always
StandOutput=syslog

StandError=inherit

[Install]
WantedBy=multi-user.target

参数:

  • Xms256m:为 JVM 启动时分配的内存,请按照服务器的内存做适当调整,512 M 内存的服务器推荐设置为 128,1G 内存的服务器推荐设置为 256,默认为 256。
  • Xmx256m:为 JVM 运行过程中分配的最大内存,配置同上。YOUR_JAR_PATH:Halo 安装包的绝对路径,例如 /www/wwwroot/halo-latest.jar。

提示
1.如果你不是按照上面的方法安装的 JDK,请确保 /usr/bin/java 是正确无误的。
2.systemd 中的所有路径均要写为绝对路径,另外,~ 在 systemd 中也是无法被识别的,所以你不能写成类似 ~/halo-latest.jar 这种路径。
3.如何检验是否修改正确:把 ExecStart 中的命令拿出来执行一遍。

# 修改 service 文件之后需要刷新 Systemd
sudo systemctl daemon-reload

# 使 Halo 开机自启
sudo systemctl enable halo

# 启动 Halo
sudo service halo start

# 重启 Halo
sudo service halo restart

# 停止 Halo
sudo service halo stop

# 查看 Halo 的运行状态
sudo service halo status

配置域名访问

安装 Nginx

# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

# 安装 Nginx
sudo yum install -y nginx

# 启动 Nginx
sudo systemctl start nginx.service

# 设置开机自启 Nginx
sudo systemctl enable nginx.service

配置 Nginx

# 下载 Halo 官方的 Nginx 配置模板
curl -o /etc/nginx/conf.d/halo.conf --create-dirs https://dl.halo.run/config/nginx.conf

下载完成之后,我们还需要对其进行修改

# 使用 vim 编辑 halo.conf
vim /etc/nginx/conf.d/halo.conf

打开之后我们可以看到

server {
    listen 80;

    server_name example.com www.example.com;

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }
}

注意:请把 example.com 改为自己的域名。

修改完成之后

# 检查配置是否有误
sudo nginx -t

# 重载 Nginx 配置
sudo nginx -s reload

配置 SSL 证书

在这里我只演示如果自动申请证书,如果你自己准备了证书,请查阅相关教程。

# 安装 certbot 以及 certbot nginx 插件
sudo yum install certbot python2-certbot-nginx -y
# 执行配置,中途会询问你的邮箱,如实填写即可
sudo certbot --nginx

[root@VM_0_6_centos ~]# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): cndevs@gmail.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Starting new HTTPS connection (1): supporters.eff.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cherishspring.cn
2: www.cherishspring.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cherishspring.cn
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/halo.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/halo.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://cherishspring.cn

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=cherishspring.cn
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cherishspring.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cherishspring.cn/privkey.pem
   Your cert will expire on 2020-06-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[root@VM_0_6_centos ~]# 
# 自动续约
sudo certbot renew --dry-run
[root@VM_0_6_centos ~]# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cherishspring.cn.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cherishspring.cn
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/cherishspring.cn/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/cherishspring.cn/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
[root@VM_0_6_centos ~]#

到这里,关于 Nginx 的配置也就完成了,现在你可以访问一下自己的域名,并进行 Halo 的初始化了。

Q.E.D.

知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议

隻言片語・於此匯聚!