Using git to deploy Hexo & Shadowsocks on CentOS 7 with Nginx

Posted on | Edited on

Git, Hexo on CentOS were used to build this blog. Some updates on the bottom.

SSL certification need to be renewed by Let’s Encrypt.

Now actually Git is not being used. For statical page, it is not very problematic…

#Log

Switch from WordPress system to a new blog system Hexo.

Check Hexo documentation for more info.

Online action includes Nginx, ssl certificate and git hexo installation.

Hostname, Nginx

  • CentOS 7 from Vultr.com

  • Install git and Nginx:

1
2
yum -y update
yum install -y git nginx
1
vi /index.html
1
2
3
4
5
6
7
8
9
10
<!DOCTYPE html>
<html>
  <head>
    <title></title>
    <meta charset="UTF-8">
  </head>
  <body>
    <p>Nginx running</p>
  </body>
</html>
1
vi /etc/nginx/nginx.conf
1
2
3
4
5
server {
      listen       80;
      server_name  www.xxx.com;
      root         /;
  }

Port 80 with http done.

SSL certification - Let’ s Encrypt

Using certbot by Let’s Encrypt:

1
yum install certbot

then obtain the ssl certificate:

1
2
mkdir -p /.well-known/acme-challenge
certbot certonly --webroot --email xxx@xxx.com -w / -d www.xxx.com -d xxx.com

To renew the certificate using

1
certbot renew

or automatically

1
vi /etc/crontab
1
0 23 28 * * root certbot renew --quiet --deploy-hook "systemctl restart nginx"
1
crontab /etc/crontab

Then we need to add the ssl certificate in Nginx:

1
vi /etc/nginx/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
server{
    listen 80;
    server_name www.xxx.com xxx.com *.www.xxx.com;
    root /;
    add_header Strict-Transport-Security max-age=15768000;
    return 301 https://$server_name$request_uri;
    # redirect to https and https only
}
server {
    listen 443 ssl;
    server_name www.xxx.com xxx.com *.www.xxx.com;
    root /;
 
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
}

done.

1
systemctl restart nginx

Now we can use ssl https to visit our index. on your host name or ip address.

Hexo installation on CenOS

initial git lib:

1
2
3
4
mkdir /GitLibrary
chmod -R 755 /GitLibrary
cd /GitLibrary
git init --bare hexo.git

then configure the hook:

1
vi /GitLibrary/hexo.git/hooks/post-update.sample

add

1
git --work-tree=/ --git-dir=/GitLibrary/hexo.git checkout -f

and then

1
2
mv post-update.sample post-update
chmod +x /GitLibrary/hexo.git/hooks/post-update

in some cases post-receive instead of post-update.

Now we finish jobs at server to deploy Hexo. But I still want to add shadowsocks to set up VPN as well as Blog on my server.

Shadowsocks

install shadococks, below git install may be already done:

1
2
3
4
5
yum install python-setuptools
easy_install pip
pip install --upgrade pip
yum install git
pip install git+https://github.com/shadowsocks/shadowsocks.git@master

create shadowsocks service:

1
vi /usr/lib/systemd/system/shadowsocks.service
1
2
3
4
5
6
7
8
9
10
11
12
13
[Unit]
Description=Shadowsocks Server
Documentation=https://github.com/shadowsocks/shadowsocks
After=network.target remote-fs.target nss-lookup.target
 
[Service]
Type=forking
ExecStart=/usr/bin/ssserver -c /usr/share/nginx/etc/shadowsocks.json -d start
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/usr/bin/ssserver -d stop
 
[Install]
WantedBy=multi-user.target

create the directory /usr/share/nginx/etc/ if not exist

1
vi /usr/share/nginx/etc/shadowsocks.json

and write:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
    "port_password":
    {
        "8388":"pswd",
        "port2":"pswd2"
    },
    "_comment":
    {
        "8388":"for Bob",
        "port2":"for me"
    },
    "timeout":300,
    "method":"aes-256-gcm",
    "fast_open": false
}

notice we choose aes-256-gcm encryption method here.

then run it

1
2
systemctl enable shadowsocks
systemctl start shadowsocks

Hexo in my mac

Important: git and node.js are prerequisite.

Then Hexo installation (we install blog system in ~/Blog):

1
2
3
4
npm install hexo-cli hexo-server hexo-deployer-git -g
hexo init ~/Blog
cd Blog
npm install

in the configuration file _config.yml:

1
2
3
4
5
6
7
8
9
10
11
12
# URL
### If your site is put in a subdirectory, set url as 'http://yoursite.com/child' and root as '/child/'
url: http://XXX.com

......

# Deployment
### Docs: https://hexo.io/docs/deployment.html
deploy:
type: git
repo: root@XXX.com:/GitLibrary/hexo
branch: master

and you can specify your host name, to create CNAME in the /blog/source and write XXX.com.

Then using 

1
2
3
hexo clean
hexo generate
hexo server

we can check our blog offline.

To deploy to the remote server:

1
hexo deploy

visit your XXX.com : )

Trouble shot

  • Firewall block

CentOS 7 using firewalld and may block some port, to disable firewall, use

1
systemctl stop firewalld
  • SSH key in your PC
1
2
ssh-keygen
ssh-copy-id root@host

Or you can find the key upload in your Vultr.com console…

Reference and many thanks

SSH

Shadowsocks

SSL

Hexo & Nginx

Hexo

Firewall

Update on the 2019/10/13

重装系统后懒得在服务器上安装git了(其实就是不想再折腾了,印象中挺麻烦的)

每次直接scp /public 文件夹就完了