Write in front
- Suppose you have successfully configured and run Halo, and you are not running on port 80.
- There is a domain name available and has been filed. (if you don't have a domain name, you can buy it on Alibaba cloud.)
- Please ensure that the domain name has been successfully resolved to the IP of the server and confirm whether the server needs to be filed.
- Please check whether ports 80 and 443 of the server are open.
- If you want your blog to support https connections, you must need a valid SSL certificate. (SSL certificates can also be purchased from alicloud.)
>Tip:
>Now most websites support https connection, and chrome browser requires websites to provide https connection, otherwise it will prompt a warning (this website is not safe), so it is essential for websites to support https connection in the future.
Installing Nginx
# 添加 Nginx 源 sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm # 安装 Nginx sudo yum install -y nginx # 启动 Nginx sudo systemctl start nginx.service # 设置开机自动启动 Nginx sudo systemctl enable nginx.service
Configure Nginx
# 下载 Halo 官方的 Nginx 配置模板 curl -o /etc/nginx/conf.d/halo.conf --create-dirs https://dl.halo.run/config/nginx.conf
After downloading, we also need to use the vim command to modify it:
# 使用 vim 编辑 halo.conf vim /etc/nginx/conf.d/halo.conf
After opening, we can see the following information:
server {
listen 80;
server_name example.com www.example.com;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090/;
}
}>Note: please put example Com to your own domain name.
After the modification, we need to reload the Nginx configuration file, such as:
# 检查配置是否有误 sudo nginx -t # 重载加载 Nginx 配置文件 sudo nginx -s reload
Configure SSL certificate
>First, you need to have a valid SSL certificate. If not, you can apply to Alibaba cloud for purchase.
>After applying for SSL certificate, click download certificate to get a key. We need to copy the key to the server.
Use the vim command to open nginx Conf configuration file, such as:
# 使用 vim 编辑 nginx.conf vim /etc/nginx/nginx.conf
After opening, in nginx In the last line of the conf configuration file, add the following configuration:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# 最后一行加上
include /etc/nginx/conf.d/*.conf;
}Use the vim command to open halo Conf configuration file, such as:
# 使用 vim 编辑 halo.conf vim /etc/nginx/conf.d/halo.conf
After opening, we will see the following information and modify it, such as:
## 将所有的 http 请求,转发到 https
server {
listen 80;
server_name pengzhenjin.top www.pengzhenjin.top;
rewrite ^(.*)$ https://$host$1 permanent; # 将所有 http 请求通过 rewrite 重定向到 https
# client_max_body_size 1024m;
#
# location / {
# proxy_set_header HOST $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#
#
# proxy_pass http://127.0.0.1:8090;
# }
}
## 配置 pengzhenjin.top 的 ssl
server {
listen 443 ssl;
server_name pengzhenjin.top;
ssl_certificate /etc/nginx/cert/pengzhenjin.top.pem;
ssl_certificate_key /etc/nginx/cert/pengzhenjin.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090;
}
}
## 配置 www.pengzhenjin.top 的 ssl
server {
listen 443 ssl;
server_name www.pengzhenjin.top;
ssl_certificate /etc/nginx/cert/pengzhenjin.top.pem;
ssl_certificate_key /etc/nginx/cert/pengzhenjin.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090;
}
} explain:
In the above configuration, we can see that there are three servers. The first server is configured to forward all http requests to https; The second server and the third server are configured to associate the domain name and web address with the SSL certificate. (because the free certificate applied on Alibaba cloud does not support domain name wildcards, only one domain name can correspond to one certificate, so two servers with different certificates are configured.)
last
Here, the configuration of Nginx is completed. Now you can access your domain name and initialize Halo.
>Tip:
After setting the Nginx reverse proxy, please remember to go to Halo's background management system to set the correct blog address, otherwise it may cause unsuccessful resource acquisition.