Docker-Compose部署

创建Docker-Compose.yaml文件

version: "3"

services:

halo:

image: registry.fit2cloud.com/halo/halo:2.21

restart: on-failure:3

network_mode: "host"

volumes:

- ./halo2:/root/.halo2

environment:

# JVM 参数，默认为 -Xmx256m -Xms256m，可以根据实际情况做调整，置空表示不添加 JVM 参数

- JVM_OPTS=-Xmx256m -Xms256m

command:

# 修改为自己已有的 MySQL 配置

- --spring.r2dbc.url=r2dbc:pool:mariadb://127.0.0.1:3306/halo

- --spring.r2dbc.username=*

- --spring.r2dbc.password=*

- --spring.sql.init.platform=mariadb

# 外部访问地址，请根据实际需要修改

- --halo.external-url=*

# 端口号 默认8090

- --server.port=8090

运行容器

docker-compose up -d

安装证书申请

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d blog.example.com

配置nginx

文件路径：/etc/nginx/sites-enabled/halo

server {

listen 80;

server_name blog.example.com ; # ← 替换为你的实际域名

location / {

proxy_pass http://127.0.0.1:8090; # Halo 运行在 8090 端口

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_redirect off;

# 启用 WebSocket 支持（Halo 后台需要）

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

}

# HTTPS 服务器

server {

listen 443 ssl;

server_name blog.example.com;

#上传文件大小

client_max_body_size 50M;

# SSL 证书路径（Certbot 自动生成）

ssl_certificate /etc/letsencrypt/live/blog.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/blog.example.com/privkey.pem;

# 推荐的安全配置（来自 Mozilla 中间兼容性）

ssl_protocols TLSv1.2 TLSv1.3;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;

ssl_prefer_server_ciphers off;

# 启用 HSTS（防中间人攻击）

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# 反向代理到 Halo

location / {

proxy_pass http://127.0.0.1:8090;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_redirect off;

# WebSocket 支持

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

}

刷新nginx

sudo nginx -t && sudo systemctl reload nginx