一、环境准备

1、先准备一个阿里云服务器,最好选择香港地区或者国外的服务器,避免后面备案的麻烦
image.png

2、镜像从镜像市场选择宝塔镜像
image.png

3、查看宝塔系统默认的用户名密码
在【云服务器ECS>运维与监控>发送远程命令(云助手)】中点击【创建/执行命令】,输入命令内容【bt default】,选择实例后点击执行即可
image.png

image.png

4、在【云服务器ECS>网络与安全>安全组】中点击【配置规则】开放第三步中的Bt-Panel-URL 8888端口
image.png

5、浏览器中输入【3、】中查询出的宝塔面报地址,再依次输入用户名、密码登录,进入系统后,点击【软件商店】,安装nginx,安装完后再点击首页显示,等待一会安装完毕后,点击首页即可看到nginx的标志
image.png

二、安装Halo博客系统

halo的官方部署文档,下面直接把这个文档嵌入进来了

注意最后一步

ExecStart=/usr/bin/java -server -Xms256m -Xmx256m -jar YOUR_JAR_PATH

这里的/usr/bin/java换成你的java.exe目录,比如我的是/usr/local/jdk/jdk1.8.0_221/bin/java

三、配置域名访问

1、先申请域名

申请通过后再依次点击【解析】、【新手引导】,填入云服务器公网地址
image.png
image.png

2、nginx配置

2.1、http域名访问

在宝塔系统中打开nginx图标,选择配置修改,直接将下面的配置信息复制进去保存再重载配置即可(全覆盖原先的配置)
image.png

user  www www;
worker_processes auto;
error_log  /www/wwwlogs/nginx_error.log  crit;
pid        /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events{
	use epoll;
	worker_connections 51200;
	multi_accept on;
}

http{
	include      mime.types;
	#include luawaf.conf;
	
	include proxy.conf;

    	default_type  application/octet-stream;

    	server_names_hash_bucket_size 512;
	client_header_buffer_size 32k;
	large_client_header_buffers 4 32k;
	client_max_body_size 50m;

    	sendfile  on;
	tcp_nopush on;
	
	keepalive_timeout 60;
	
	tcp_nodelay on;
	
	fastcgi_connect_timeout 300;
	fastcgi_send_timeout 300;
	fastcgi_read_timeout 300;
	fastcgi_buffer_size 64k;
	fastcgi_buffers 4 64k;
	fastcgi_busy_buffers_size 128k;
	fastcgi_temp_file_write_size 256k;
	fastcgi_intercept_errors on;

	gzip on;
	gzip_min_length  1k;
	gzip_buffers    4 16k;
	gzip_http_version 1.1;
	gzip_comp_level 2;
	gzip_types    text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
	gzip_vary on;
	gzip_proxied  expired no-cache no-store private auth;
	gzip_disable  "MSIE [1-6]\.";

    	limit_conn_zone $binary_remote_addr zone=perip:10m;
	limit_conn_zone $server_name zone=perserver:10m;
	
	server_tokens off;
	access_log off;
	
	server {
		listen 80;
		server_name www.xxx.cn xxx.cn;
		#此处为你申请备案的域名
		
		location / {
			proxy_set_header HOST $host;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://127.0.0.1:8090;
		}

	}
	include /www/server/panel/vhost/nginx/*.conf;
}

2.2、https域名访问

1、申请SSL证书,审核通过后下载证书,证书是压缩包解压后是一个pem结尾和一个key结尾的文件,通过宝塔的文件上传功能上传到服务器的目录下面,建议上传到/usr/local/nginx/cert/,cert目录并不存在,可以在宝塔的文件页面上直接创建,十分方便
image.png
image.png
2、再次通过宝塔系统将nginx配置改为如下配置并重载

user  www www;
worker_processes auto;
error_log  /www/wwwlogs/nginx_error.log  crit;
pid        /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events{
	use epoll;
    	worker_connections 51200;
	multi_accept on;
}

http{
	include       mime.types;
	#include luawaf.conf;

	include proxy.conf;

	default_type  application/octet-stream;

	server_names_hash_bucket_size 512;
	client_header_buffer_size 32k;
	large_client_header_buffers 4 32k;
	client_max_body_size 50m;

	sendfile   on;
	tcp_nopush on;

	keepalive_timeout 60;

	tcp_nodelay on;

	fastcgi_connect_timeout 300;
	fastcgi_send_timeout 300;
	fastcgi_read_timeout 300;
	fastcgi_buffer_size 64k;
	fastcgi_buffers 4 64k;
	fastcgi_busy_buffers_size 128k;
	fastcgi_temp_file_write_size 256k;
	fastcgi_intercept_errors on;

	gzip on;
	gzip_min_length  1k;
	gzip_buffers     4 16k;
	gzip_http_version 1.1;
	gzip_comp_level 2;
	gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
	gzip_vary on;
	gzip_proxied   expired no-cache no-store private auth;
	gzip_disable   "MSIE [1-6]\.";

	limit_conn_zone $binary_remote_addr zone=perip:10m;
	limit_conn_zone $server_name zone=perserver:10m;

	server_tokens off;
	access_log off;

	# HTTPS server
	server {
	   listen 80;
	   listen       443 ssl;
	   server_name  www.xxx.cn xxx.cn;
	   #此处为你申请备案的域名

	   ssl_certificate      /usr/local/nginx/cert/4281665_www.liuhouren.cn.pem;
	   ssl_certificate_key  /usr/local/nginx/cert/4281665_www.liuhouren.cn.key;
	   #此处要修改为你自己的文件地址

	   ssl_session_cache    shared:SSL:1m;
	   ssl_session_timeout  5m;
	   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	   ssl_prefer_server_ciphers  on;
	   
	   if ($ssl_protocol = "") {
			rewrite ^ https://$server_name$request_uri? permanent;
	   }
	   
	   location / {
			proxy_set_header HOST $host;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://127.0.0.1:8090;
       	   }
	}
   	include /www/server/panel/vhost/nginx/*.conf;
}

3、宝塔系统和阿里云上均放行443端口

image.png
image.png
4、备案

Q.E.D.

知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议