用docker自动部署hugo博客

经过一番折腾, 大概完成了用docker-compose部署博客的流程.

选材

代码托管使用 gogs - 一个基于 go 的轻量级类 github 平台
静态网页生成工具使用 hugo - go 写的, 比 hexo 快
评论工具使用 commento - 基于 go 的自托管评论平台, 支持 markdown, 支持匿名评论, 支持审核
页面使用 nginx 代理

部署

先创建一个目录 nginxdocker, 进入目录, 创建以下文件:
docker-compose.yml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
version: '3.6'

x-logging:
  &mylogging
  options:
    max-size: '12m'
    max-file: '5'
  driver: json-file

volumes:
  hugodata-src:
    name: hugodata-src
    driver_opts:
      type: none
      device: /home/user/nginxdocker/conf/src
      o: bind
  hugodata-output:
    name: hugodata-output
    driver_opts:
      type: none
      device: /home/user/nginxdocker/data/output
      o: bind
  postgresdata:
    name: postgresdata
    driver_opts:
      type: none
      device: /home/user/nginxdocker/data/postgresdata
      o: bind
  gogsdata:
    name: gogsdata
    driver_opts:
      type: none
      device: /home/user/nginxdocker/data/gogsdata
      o: bind
  gogsdata-script:
    name: gogsdata-script
    driver_opts:
      type: none
      device: /home/user/nginxdocker/conf/githook
      o: bind
  nginxdata-confd:
    name: nginxdata-confd
    driver_opts:
      type: none
      device: /home/user/nginxdocker/conf/conf.d
      o: bind
  nginxdata-sslkey:
    name: nginxdata-sslkey
    driver_opts:
      type: none
      device: /home/user/nginxdocker/conf/sslkey
      o: bind

services:

  postgres:
    image: postgres
    container_name: postgres
    logging: *mylogging
    environment:
      #- POSTGRES_DB=commento
      - POSTGRES_MULTIPLE_DATABASES=commento,gogs
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
    volumes:
      - /home/user/nginxdocker/data/postgres-multiple-database:/docker-entrypoint-initdb.d
      - postgresdata:/var/lib/postgres

  commento:
    image: commento/commento-ce
    container_name: commento
    logging: *mylogging
    ports:
      - 8080
    environment:
      COMMENTO_ORIGIN: https://commento.fc4soda.moe
      COMMENTO_POSTGRES: postgres://postgres:postgres@postgres:5432/commento?sslmode=disable
    depends_on:
      - postgres

  gogs:
    build: ./dockerfile-gogs
    #image: gogs/gogs
    container_name: gogs
    logging: *mylogging
    ports:
      - "8080:22"
      - "3000"
    volumes:
      - gogsdata:/data/
      - hugodata-output:/var/outputtmp
      - hugodata-src:/var/srctmp
      - gogsdata-script:/var/githook
        #- /usr/bin/docker:/usr/local/bin/docker
        #- /usr/local/bin/docker-compose:/usr/local/bin/docker-compose
      - /var/run/docker.sock:/var/run/docker.sock
    privileged: true
    environment:
      - RUN_CROND=true
    depends_on:
      - postgres

  nginx:
    build: .
    container_name: nginx
    logging: *mylogging
    volumes:
      - /home/user/nginxdocker/conf/nginx.conf:/etc/nginx/nginx.conf
      - nginxdata-confd:/etc/nginx/conf.d/
      - nginxdata-sslkey:/etc/sslkey
      - hugodata-output:/var/www/html
    ports:
      - 80:80
      - 443:443
    depends_on:
      - commento
      - gogs

Dockerfile

1
2
3
4
FROM nginx

RUN rm /etc/nginx/conf.d/*
RUN mkdir /etc/sslkey

dockerfile-gogs/Dockerfile

1
2
3
4
5
FROM gogs/gogs

RUN apk add docker
RUN apk add sudo
RUN echo "git ALL=(ALL) NOPASSWD: /var/githook/post-receive, /bin/rm, /usr/libexec/git-core/git" >> /etc/sudoers

conf/nginx.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
user www-data www-data;  # 运行 nginx 的所属组和所有者
worker_processes 1; # 开启一个 nginx工作进程 一般 CPU几核就写几

error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid; # pid 路径

events {
    worker_connections 768; # 一个进程能同时处理 768 个请求
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    keepalive_timeout 65;

    gzip on;
    gzip_min_length 1024;
    gzip_buffers 4 8k;
    gzip_http_version 1.0;
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript;
    include /etc/nginx/conf.d/*.conf;
}

conf/conf.d/blog.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name blog.fc4soda.moe;

    ssl_certificate /etc/sslkey/blog-fc4soda-moe.key.pem;
    ssl_certificate_key /etc/sslkey/blog-fc4soda-moe.key;

    location / {
        root   /var/www/html;
        index index.html;
        error_page 404 /404.html;
        expires 2h;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name blog.fc4soda.moe;

    location / {
        return 301 https://blog.fc4soda.moe$request_uri;
    }

}

conf/conf.d/commento.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
upstream docker-commento {
    server commento:8080;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name commento.fc4soda.moe;

    ssl_certificate /etc/sslkey/blog-fc4soda-moe.key.pem;
    ssl_certificate_key /etc/sslkey/blog-fc4soda-moe.key;

    location / {
        proxy_pass http://docker-commento;
    }
}


server {
    listen 80;
    listen [::]:80;
    server_name commento.fc4soda.moe;

    location / {
        return 301 https://commento.fc4soda.moe$request_uri;
    }

}

conf/conf.d/gogs.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
upstream docker-gogs {
    server gogs:3000;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name git.fc4soda.moe;

    ssl_certificate /etc/sslkey/blog-fc4soda-moe.key.pem;
    ssl_certificate_key /etc/sslkey/blog-fc4soda-moe.key;

    location / {
        proxy_pass http://docker-gogs;
    }
}


server {
    listen 80;
    listen [::]:80;
    server_name git.fc4soda.moe;

    location / {
        return 301 https://git.fc4soda.moe$request_uri;
    }

}

conf/githook/post-receive

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
#!/bin/bash

SRC=/data/git/repositories/fc4soda/blog.git
SRCTMP=/var/srctmp
OUTPUT=/var/outputtmp

echo $USER ":" $(groups);
echo "cleaning srctmp...";
echo '' | sudo -S rm -rRf $SRCTMP/*;
echo '' | sudo -S rm -rRf $SRCTMP/.git;
echo "cleaned. cloning repo $SRC to $SRCTMP...";
echo '' | sudo -S git clone $SRC $SRCTMP;
echo "cloned. cleaning output...";
echo '' | sudo -S rm -rRf $OUTPUT/*;
echo "cleaned. building...";
#sudo curl --no-buffer -v -X POST -H "Content-Type: application/json" -d '{"Image":"jojomi/hugo","HostConfig":{"Binds":["hugodata-src:/src","hugodata-output:/output"]}}' --unix-socket /var/run/docker.sock localhost/containers/create?name=hugo; echo "created hugo container.";
 
curl --no-buffer -v -X POST -H "Content-Type: application/json"  --unix-socket /var/run/docker.sock localhost/containers/hugo/start; echo "build.";

创建conf/sslkey目录, 将blog-fc4soda-moe.keyblog-fc4soda-moe.key.pem都放在目录下.

将 hugo 目录下的文件及文件夹(content/, config.toml等)放入conf/src目录中.

soda主题待办
arch linux 安装配置笔记
comments powered by Disqus