remrin

remrin

github
email
HomeArchives

Tinker with the blog

#Nginx#NextJs156
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author discovered a blog by fuxiaochen while browsing Bilibili at night and decided to deploy it after reviewing its GitHub repository, which referenced Shiro. Despite not having a domain or server initially, they purchased a server (4H4G-220G for $55/year) and a domain (remrin.dev for $12/year). The deployment process was straightforward using Docker Compose, but they faced issues deploying on Vercel due to a bug in a recent commit, which was later fixed. The author used CloudFlare for the domain and SSL certificate, initially trying Certbot but switching to CloudFlare's certificate for ease. They noted that CloudFlare's certificate is not suitable for regular SSL verification, necessitating an alternative method for obtaining a certificate. They provided a detailed Nginx configuration for reverse proxying, including handling SSL settings and WebSocket connections. The deployment was ultimately successful, and the author shared their configurations for others to reference.

In the middle of the night, I was browsing B station and came across a blog fuxiaochen that I found quite nice.

I flipped through the blog's repository Github and saw that it referenced Shiro in the Readme.

I was planning to get up in the middle of the night to deploy it, but then I thought, without a domain server, I might as well wash up and go to sleep.

I woke up early in the morning and still wanted to work on the blog. I carefully read the deployment documentation and directly ordered the server 4H4G-220G, 55$/Year.

It still hurt a bit, and with the domain remrin.dev costing 12$/Year, my already not-so-rich wallet was further strained. Since I had already bought it, I just went ahead and started.

Fortunately, the deployment was relatively simple; with Docker compose, I started planning to deploy on Vercel, but I kept failing to deploy.

Error message

I looked at the logs, and it seemed to be a BUG introduced in the most recent commit Fixed #374.

In a hurry to deploy, I could only use Docker for the blog frontend.

I won't go into detail about the deployment process since it's not a tutorial article, but the final result was quite good.

By the way, here’s my setup:

I initially used Certbot to apply for the certificate, but later found out that CloudFlare allows direct application, so I used that instead.

The handwritten Nginx reverse proxy mentioned in the tutorial is referring to me.

There's a pitfall I should mention: the certificate provided by CloudFlare cannot be used for regular SSL verification; it is only used for communication between the server and CloudFlare.

So, I needed to apply for a certificate through other means. I used Certbot for automatic application, but it can only apply for 90 days at a time, so I needed to configure automatic renewal.

After deploying the blog frontend, if I found that I couldn't access the Api due to certificate issues, adding a configuration in Server.js could temporarily solve it:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';```

Then, `Reload` the `shiro` service:

```shell
pm2 reload shiro

For those configuring the handwritten Nginx reverse proxy, you can refer to my configuration.

Blog frontend

server {

  listen 80;
  listen 443 ssl http2;

  ## Bind domain
  server_name xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    expires 30d;
  }
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control max-age=60;
  }

  location / {
    proxy_pass http://127.0.0.1:2323;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
    add_header Cache-Control no-cache;
    proxy_intercept_errors on;
  }

  # You can use Certbot for automatic application, or manually apply and place it in a directory to include here
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

Server side

server {

  listen 80;
  listen 443 ssl http2;

  ## Bind domain
  server_name server.xxx.com;
  index index.html;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  ## Reverse proxy starts
  ## WebSocket
  location /socket.io {
    proxy_pass http://127.0.0.1:2333/socket.io;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_buffering off;
    proxy_http_version 1.1;
    add_header Cache-Control no-cache;
  }

  ## You can add a proxy for the management page
  location /xxx {
    proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
  }

  ## RSS address
  location ~* \/(feed|sitemap|atom.xml) {
    proxy_pass http://127.0.0.1:2333/$1;
  }
  ## Others
  location / {
    proxy_pass http://127.0.0.1:2333;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    add_header X-Cache $upstream_cache_status;
  }
  ## Reverse proxy ends

  # You can use Certbot for automatic application, or manually apply and place it in a directory to include here
  ssl_certificate /root/ssl/xxx.pem;
  ssl_certificate_key /root/ssl/xxx.key;

  ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497 https://$host$request_uri;
}

That's it. If you need help, feel free to email me.

This article is synchronized and updated to xLog by Mix Space. The original link is https://remrin.dev/posts/blog/1

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.