preface

In July this year, I accidentally bought an Ali cloud server for myself. At that time, I was thinking about the background to see if I could get through the two channels between the front end and the back end. Until I found that I originally put on GitPage blog access speed is slow can not bear, painful determination, the original Jekyll built blog sites are migrated to their own Ali cloud host now. The original Jekyll blog is still there, still on GitPage. Change to the domestic ali cloud host, I used the elegant Ghost to build my new home.

In August of this year, the blog was launched. The netizens saw that my blog was good and asked me to give a tutorial on building it. Although the blog has been launched, it has not been approved by the network management center, and it is not known what will happen after that. At that time, I am not very familiar with Ghost, also do not know how to maintain later, so I want to let Ghost run for a month on the server to see, after the experience in writing an article to record the process of building.

Now the blog has run for more than a month, the daily maintenance has been playing, so there is this article.

directory

  • 1. Introduction of Ghost
  • 2. Prepare a list before building
  • 3. Start building
  • 4. Total station Https
  • 5. Administration bureau record/Public security record
  • 6.CDN optimized access speed
  • 7. Later maintenance

A. Introduction of Ghost

Ghost is a set of Open source Blogging platform based on Node.js. It has an easy-to-use writing interface and experience. Blog content is written with Markdown syntax by default. However, the native Markdown tables and LaTeX do not support Markdown, and you need to install plug-ins on the server side if you want to use them.

Ghost aims to replace bloated WordPress with a clean interface, a focus on writing, and support for online preview and online writing.

Ghost is a dynamic blog, not a static blog like Hexo or Jekyll, which generates all the pages when compiled. Ghost has a front and back desk. The backend is responsible for writing, publishing articles, configuring systems, and so on.

1. Strengths and weaknesses of Ghost

Here’s an article on the pros and cons of Ghost

  • Technically, NodeJs has more advantages than PHP in the foreseeable future, and its concurrency is much more than WordPress. Although NodeJs has high maintenance costs, we just use it to blog. In terms of ease of use, it focuses on writing and commenting, has super gorgeous skin, perfectly supports MarkDown, is not as bloated as WordPress, and returns to the most primitive state of blog and transmits the most primitive power of words. Easy to use, easy to edit anytime, anywhere, much easier to write than static blogs like Hexo and Jekyll, especially when writing on different computers.

  • Disadvantages need to support the Node environment of the VIRTUAL machine, generally free few support, then have to pay for. The backstage is rudimentary and many features are incomplete, but the writing part is fine.

On the downside, Ghost doesn’t have as many plugins as Hexo does.

2. Highlights of Ghost:
  • Use Mysql as a database, general quick start, here can also use other databases such as Sqlite.
  • Nginx acts as a reverse proxy to configure multiple Ghost blogs, which can also increase the load on the site.
  • Very easy to install Ubuntu Node.js without compiling and packing.
  • Install system services, boot restart Ghost service, from the future operation.
  • Font Awesome is used as a social button, and you can customize the icon.
  • Highlight.js serves as the theme’s code highlighting engine
  • Integrate Disqus comment system and establish our own Discuss circle
  • Foreign excellent free Ghost theme resources to share
  • Integrate Baidu statistics and Baidu sharing

Two. Preparation list before construction

  • An available domain name
  • A server (I bought Ali Cloud ECS, the server system is installed with CentOS 7.0 64-bit)
  • Node V0.10.40 (official recommended version, note, install the Chinese version of Ghost, can only install this version of Node, install a higher version will not be identified, install other versions of Ghost must also pay attention to the version number)
  • Nginx 1.80
  • Mysql
  • Ghost V0.7.4 full (zh) (Chinese Chinese, support seven niu, and take cloud, Ali Cloud OSS storage) Ghost is currently the latest version of V0.11.1 (3.8 MB zip), the latest version of the Chinese version number only to V0.7.4.

Ghost official website ghost.org/ Ghost Chinese official website www.ghostchina.com/ Ghost Chinese document docs.ghostchina.com/zh/

Three. Start building

1. Install the Node

Ghost is an open source blogging platform based on Node.js, so we first build the Node environment.

$$wget [http://nodejs.org/dist/v0.10.40/node-v0.10.40.tar.gz] (http://nodejs.org/dist/v0.10.40/node-v0.10.40.tar.gz) Tar ZXVF node-v0.10.40.tar.gz $CD node-v0.10.40 $./configure $make && make installCopy the code

After the command is executed, check whether the environment is configured successfully.

V0.10.40 $node - vCopy the code

If the Node version number is displayed, the installation is successful.

2. Install Nginx

Nginx is a lightweight Web/reverse proxy server and E-mail (IMAP/POP3) proxy server distributed under a BSD-like protocol.

Start by creating a source configuration file nginx.repo in /etc/yum.repos. D /


$ vi /etc/yum.repos.d/nginx.repoCopy the code

Write the following:


[nginx] 
name=nginx repo 
baseurl=[http://nginx.org/packages/centos/](http://nginx.org/packages/centos/)$releasever/$basearch/ 
gpgcheck=0 
enabled=1Copy the code

Save.

Press I to edit, Esc to end editing, 😡 to save the changes and exit, :q! Forced exit, abandon the modification, :wq also save and exit.

After initializing Nginx, proceed with the following command:

$yum install nginx -y # install $nginx service nginx start # install $nginx chkconfig nginx on #Copy the code

Now that Nginx is installed, type your server’s IP address into your browser and you’ll see the message “Welcome to Nginx!”

3. Configure Nginx

With nginx installed, we need to set up a proxy server that allows our blogs to be accessed using domain names.


$ cd /etc/nginx/conf.dCopy the code

Create a configuration file ghost.conf in this directory


$ vi /etc/nginx/conf.d/ghost.confCopy the code

Paste the following:

server { listen 443; server_name halfrost.com www.halfrost.com; # add your domain name or IP address SSL on; ssl_certificate /etc/letsencrypt/live/halfrost.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/halfrost.com/privkey.pem; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; Proxy_pass http://127.0.0.1:2368; }}Copy the code

If you do not need Https, you do not need to add the middle three lines.

Save exit and restart nginx:


$ service nginx restartCopy the code

Nginx is configured.

4. Installation of Mysql

Ghost default use SQlite3 database, for the general use of enough, but the content of the words, will slow down the entire system, also affect the page open speed, do not want to use Mysql friends can skip this step.

The yum source of CentOS7 seems to have no mysql by default. To solve this problem, download the mysql repo source first.

1. Download the mysql repo source

$ wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpmCopy the code

2. Install the mysql-community-release-el7-5.noarch. RPM package

$ sudo rpm -ivh mysql-community-release-el7-5.noarch.rpmCopy the code

Repos. D /mysql-community. Repo, /etc/yum.repos. D /mysql-community.

3. The installation of mysql


$ sudo yum install mysql-serverCopy the code

Follow the steps to install, but after the installation is complete, there is no password, you need to reset the password.

4. Reset the password

Before resetting your password, log in


$ mysql -u rootCopy the code

ERROR 2002 (HY000): Can ‘t connect to local MySQL server through socket’/var/lib/MySQL/MySQL. The sock ‘(2), the reason is that the/var/lib/MySQL access problems. Mysql > change the owner of /var/lib/mysql to the current user:

$ sudo chown -R openscanner:openscanner /var/lib/mysqlCopy the code

Then, restart the service:

$service mysqld restart $chkconfig mysqld onCopy the code
5. Configure the Mysql

Enter mysql_secure_installation to configure Mysql:

$ Set root password? [Y/n] # set root password $anonymous users? [Y/n] # $Disallow root login remotely? [Y/n] $Remove test database and access to it? [Y/n] $Reload privilege tables now? [Y/n] # refresh the authorization table for the changes to take effectCopy the code

Mysql > alter table Mysql > alter table Mysql > alter table Mysql > alter table Mysql


$ vi /etc/my.cnfCopy the code

Paste the following:


[client]
default-character-set=utf8 
[mysql]
default-character-set=utf8
[mysqld]
character-set-server=utf8 
collation-server=utf8_general_ciCopy the code

Mysql > restart Mysql


$ service mysqld restartCopy the code

Finally, we need to create a new database to store the blog data:

Mysql -u root -p $create database ghost; $grant all PRIVILEGES on ghost.* to 'ghost'@'%' IDENTIFIED by '123456'; $flush PRIVILEGES (" ghost ", "123456", "ghost", "ghost")Copy the code

The Mysql database is installed and configured.

6. Install the Ghost

First download Ghost:

$ cd /var/www $ wget [http://dl.ghostchina.com/Ghost-0.7.4-zh-full.zip] $unzip (http://dl.ghostchina.com/Ghost-0.7.4-zh-full.zip) Ghost-0.7.4-zh-full.zip -d Ghost $CD GhostCopy the code

Then modify the default configuration:


$ cp config.example.js config.js 
$ vi config.jsCopy the code

Ghost has production mode, development mode and test mode. Here we need to find production mode in the configuration file:

config = { // ### Production // When running Ghost in the wild, use the production environment. // Configure your URL and mail settings here production: { url: 'http://www.halfrost.com', mail: {}, database: { client: 'mysql', connection: { // filename: Path. join(__dirname, '/content/data/ghost.db') host:'127.0.0.1', user:'ghost', Charset :'utf8'}, debug: false}, // configure MySQL database /*database: {client: 'mysql', connection: { host : 'host', user : 'user', password : 'password', database : 'database', charset : 'utf8'}, the debug: false}, * / server: {host: '127.0.0.1, port: '2368' }, //Storage.Now,we can support `qiniu`,`upyun`, `aliyun oss`, `aliyun ace-storage` and `local-file-store` // storage: { // provider: 'local - file - store' / /} / / / / / reference document: http://www.ghostchina.com/qiniu-cdn-for-ghost/ storage: {provider: 'qiniu', bucketname: 'Mybucketname', ACCESS_KEY: 'TZmRdasfdasfps5NDJEK4d*JsdgYGFFgWOsy5k_k0Zu', SECRET_KEY: '7IsGSDDf1ef4HEsafsagLPDfs3gCkr$FERFe6ivfT', root: '/Blog/', prefix: 'https://odd2zeri30g.qnssl.com/' }Copy the code

Storage is the configuration of cloud storage, support qiniu, pai Cloud, Ali cloud and so on, the specific Settings need to see the corresponding documents. If you only need local storage, change it to something like this:

   storage: { 
     provider: 'local-file-store' 
}Copy the code

Save and exit, and the Ghost configuration is complete.

run


$ npm start --productionCopy the code

Start your browser, enter your domain name or IP address, and you will see your Ghost blog. (Ctrl+C interrupts Developer mode)

7. The deployment of Ghost

The previously mentioned start Ghost uses the NPM start –production command. This is a good option for starting and testing in development mode, but the downside of starting from the command line is that Ghost stops when you close the terminal window or disconnect from SSH. In order to prevent Ghost from stopping working, we need to fix this problem.

There are several solutions: PM2(github.com/Unitech/pm2) Forever (npmjs.org/package/for…) Supervisor (supervisord.org/)

Here we use PM2 to keep Ghost running:

$CD /var/www/ghost $NPM install pm2 -g # install pm2 $NODE_ENV=production $pm2 start index  centos pm2 saveCopy the code

If the NPM installation dependency cannot be installed, you need to change the image to Taobao, and try again.


$ npm install -g cnpm --registry=[https://registry.npm.taobao.org](https://registry.npm.taobao.org/) 
$ cnpm install pm2 -g 
$ NODE_ENV=production pm2 start index.js --name "ghost" 
$ pm2 startup centos 
$ pm2 saveCopy the code

In this way, our Ghost blog can keep running, you can use the following command to control the Ghost blog:


pm2 start/stop/restart ghostCopy the code
8. Initialize Ghost

Now all the preparatory work is done, open your browser, enter the domain address /ghost/ in the browser, start to initialize the user name, password, you can begin a pleasant ghost journey.

4. Full site Https

Let’s Encrypt is a free SSL project hosted by the Linux Foundation. It is sponsored by Mozilla, Cisco, Akamai, IdenTrust, and EFF. It is designed to automatically issue and manage free certificates to web sites. To speed up the Internet’s transition from HTTP to HTTPS, and now big companies like Facebook are jumping on the bandwagon.

Let’s Encrypt has been cross-signed by IdenTrust, which means that its certificates are now trusted by Mozilla, Google, Microsoft, and Apple browsers. You just configure cross-signing in the Web server certificate chain. The browser client will take care of everything else, and Let’s Encrypt is easy to install and very likely to be adopted on a large scale in the future.

Let’s Encrypt official website: 1. Official website: letsencrypt.org/ 2. Project home: github.com/letsencrypt…

1. Install Let’s Encrypt for free SSL preparation

Installing the Let’s Encrypt script depends on the environment :(this section can be skipped as the official provided Let’s Encrypt script will automatically detect and install)


# Debian
$ apt-get install git

# CentOS 6
$ yum install centos-release-SCL && yum update
$ yum install python27
$ scl enable python27 bash
$ yum install python27-python-devel python27-python-setuptools python27-python-tools python27-python-virtualenv
$ yum install augeas-libs dialog gcc libffi-devel openssl-devel python-devel
$ yum install python-argparse

# CentOS 7
$ yum install -y git python27
$ yum install -y augeas-libs dialog gcc libffi-devel openssl-devel python-devel
$ yum install python-argparseCopy the code

To check which OS version is installed on your VPS host, run the cat /etc/issue or cat /etc/redhat-release command.

2. Obtain the Let’s Encrypt FREE SSL certificate

Getting a Let’s Encrypt free SSL certificate is easy. You just need to execute the following command to automatically generate an SSL certificate and private key on your VPS.


$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-autoCopy the code

After testing, the above code for Debian system support best, can complete automatic detection and installation of the corresponding software. If you are running another Linux system, Redhat or CentOS 6 May require the EPEL software source to be configured. Python 2.7 or later is required.

After the preceding command is executed, a dialog box is displayed asking you to agree to the user agreement.

You will then be prompted to close Nginx or Apache.

Let’s Encrypt uses ports 80 and 443, so you need to disable applications that use those ports.

When you see the following, you have successfully obtained your Let’s Encrypt free SSL certificate.


IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/freehao123.org/fullchain.pem. Your cert will
   expire on 2016-03-09. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-leCopy the code

See below:

At this point, the certificate application is closed.

3. Configure the SSL certificate

Add the SSL configuration to the Nginx config file. This configuration has been written in the Nginx config file.

4. The script automatically obtains the SSL certificate

The free SSL certificate will expire every 3 months. If you have to apply for the certificate manually every time, it will be a bit of trouble, and if you forget, the SSL certificate will expire.

Use the script to quickly obtain Let’s Encrypt SSL certificate and call acme_tiny.py to authenticate, obtain, and update the certificate without additional dependencies.

Project homepage: github.com/xdtianyu/sc…

Download the project locally


$ wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
$ wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
$ chmod +x letsencrypt.shCopy the code

Configuration file. Just change DOMAIN_KEY DOMAIN_DIR DOMAINS to your own information


ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="freehao123.com.key"
DOMAIN_DIR="/var/www/freehao123.com"
DOMAINS="DNS:freehao123.com,DNS:www.freehao123.com"Copy the code

The system automatically generates the required key file. Run:


./letsencrypt.sh letsencrypt.confCopy the code

Note that need to have the binding domain name to the/directory, var/www/www.freehao123.com by freehao123.com www.freehao123.com can access to the directory/var/www/freehao123.com, Used for domain name authentication.

You can successfully obtain the Let’s Encrypt SSL certificate by performing the preceding operations, but the biggest problem is DNS Query timed out, and the SSL certificate fails to be obtained because the DNS fails to resolve the domain name.


Traceback (most recent call last):
  File "/tmp/acme_tiny.py", line 198, in 
    main(sys.argv[1:])
  File "/tmp/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "/tmp/acme_tiny.py", line 149, in get_crt
    domain, challenge_status))
ValueError: hkh.freehao123.info challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'url': u'http://hkh.freehao123.info/.well-known/acme-challenge/sikHlqvbN4MrWkScgr1oZ9RX-lR1l__Z7FWVLhlYR0Q', u'hostname': u'hkh.freehao123.info', u'addressUsed': u'', u'port': u'80', u'addressesResolved': None}],  u'https://acme-v01.api.letsencrypt.org/acme/challenge/5m1su6O5MmJYlGzCJnEUAnvhweAJwECBhEcvsQi5B2Q/1408863', u'token': u'sikHlqvbN4MrWkScgr1oZ9RX-lR1l__Z7FWVLhlYR0Q', u'error': {u'type': u'urn:acme:error:connection', u'detail': u'DNS query timed out'}, u'type': u'http-01'}Copy the code

If this happens, add a VPN and try again.

Once you have configured the script to automatically obtain SSL certificates, you do not need to worry about your SSL certificates expiring.

At this point, access your blog site’s corresponding port 443, which is HTTPS.

Administration bureau record/Public security record

At this point, the site is already “online” and can be accessed successfully. However, the following interface is displayed when you access port 80 normally.

However, if Https is configured, access to port 443 is fine.

I guess I can forward all requests from port 80 to 443, so I can avoid requests from port 80. But I didn’t try.

If we want to make our blog accessible in a normal way, we need to apply for the record of the administration bureau. I bought in Ali cloud server, application for a direct link, very convenient.

The application process needs to fill in the personal information first, the application place should write the ID card location. Some places have special regulations, such as Shanghai and Beijing, if you have a residence permit, you can write the location of the residence permit. Then you have to upload a picture of your hand-held ID card and some hand-signed scanned copies.

After these are submitted, a curtain will be mailed to you, and you need to take photos and upload again for the record.

It is to wait after, put on record commonly from submit to examine and verify pass probably 10 working days or so. If you feel slow, you can also call the review progress.

When the bureau has approved the record, it will send you an email, there is also a public security record. I read many tutorials did not say to the public security record. Maybe it’s new. Click the link in the mail to continue to file for public security.

Public security record also needs to fill in personal information. Here all submitted after the submission is complete, there is no trouble for the administration bureau to record, just need to wait for the approval.

When these two put on record are perfect through, can be regarded as put on record through, the website can go online normally. Before launching, remember to add the registration number in the footer of the website. These instructions in the record through the mail there are detailed instructions, the mail said to do things once, OK.

CDN optimize access speed

Once the site is online, access will be faster than the server in a foreign GitPage access. But if the site has a lot of images, or if the quality of the images in the article is very high, the visit speed will still decrease.

This is where we need to add CDN to accelerate.

Here I use seven cow CDN cloud service. Apply for a good, set up their own warehouse, you can need to cache into the CDN resources uploaded. Pictures, videos, music can go in there. What is quoted in the blog is the outer chain of these resources above seven cows.

Here need to remind attention is that seven cattle remember to set up a good anti-theft chain and flow reminder, otherwise others will steal a lot of traffic from you here, to the end of the month, we spent a lot of money in vain.

Since the whole station set Https before, so seven cows here pictures also need to use Https, Https traffic is much less than HTTP free traffic.

Once set up, I ran a score to compare the speed of the blog I had posted on GitPage.

Seven. Later maintenance

Maintenance here basically refers to blog updates and releases and changes to the Ghost configuration.

In their own Github put all the Ghost configuration in the warehouse, and add their server SSH Key to github Key inside.

Git clone a copy to the local, each change in the local, after debugging, first push a copy to the remote. Then log in to the server, pull down the latest code, and the application is ready. Once pull is done, just execute


$ service nginx restart
$ pm2 restart ghostCopy the code

Just execute these two sentences.

There may also be some HTTPS problems, encountered in Google to find the error code is ok.

There is a problem that HTTPS is not compatible with Baidu sharing.

Here is a modified share code Github address github.com/hrwhisper/b…

Static decompress the package and dump it in the root directory of the site.

Then the corresponding Baidu share code, change bdimg.share.baidu.com/ to /

.src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)]; Instead. SRC = "/ static/API/js/share js? v=89860593.js? cdnversion='+~(-new Date()/36e5)];Copy the code

That will do. If you want to know exactly how this is done, look at the author’s article, right

Baidu share solution does not support HTTPS is another way to use seven cattle image storage

Looked at the share access to the code from baidu, inside the main loading the: bdimg.share.baidu.com/static/api/… HTTPS is not supported. Use seven Cow’s image storage, or use your own server’s Nginx reverse proxy to support HTTPS.

The implementation can be seen in this article

The last

After our hard work all the way to step on the pit over, build out of the blog, will cherish. This is our programmer’s own home, let’s decorate our new home with one thoughtful blog after another.

Reference links:

How To Create a Blog with Ghost and Nginx on Ubuntu 14.04 free SSL certificate Let’s Encrypt installation use tutorial :Apache and Nginx SSL configuration manual teaches you how to build your own Ghost blog