Appearance
部署服务器
规划目录
/humi-web 主目录
/humi-web/docker Docker 相关文件存放目录
/humi-web/nginx/conf.d nginx 配置文件相关目录
/humi-web/app/vitepress/htdocs vitepress 存放目录
/humi-web/certs 证书存放目录
通过 github webhook 自动构建 vitepress
webhook 监听器
js
//index.js
const express = require("express");
const { exec } = require("child_process");
const crypto = require("crypto");
const app = express();
const port = 3000;
// 从环境变量获取 Webhook Secret
const webhookSecret = process.env.GITHUB_WEBHOOK_SECRET;
if (!webhookSecret) {
console.error("Webhook Secret not defined in environment variable.");
process.exit(1);
}
app.use(express.json());
app.post("/webhook", (req, res) => {
const contentType = req.get("content-type");
const payload =
contentType === "application/json" ? JSON.stringify(req.body) : req.body;
console.log(req.headers);
// 获取请求头中的签名信息
const signature = req.get("X-Hub-Signature-256");
if (
!signature ||
!verifySignature(payload, signature, webhookSecret) ||
contentType !== "application/json"
) {
console.error("Invalid signature. Request not from GitHub.");
return res.status(403).send("Invalid signature");
}
// 在这里处理 GitHub Webhook 事件
//console.log('Received GitHub Webhook:', payload);
console.log(
`sh /app/hook.sh ${req.body.repository.owner.name} ${req.body.repository.name}`
);
// 执行 Shell 命令
exec(
`sh /app/hook.sh ${req.body.repository.owner.name} ${req.body.repository.name}`,
(error, stdout, stderr) => {
if (error) {
console.error(`Error executing deploy script: ${error}`);
} else {
console.log(`Deploy script output: ${stdout}`);
}
}
);
res
.status(200)
.send("Webhook received and deploy script executed successfully");
});
function verifySignature(payload, signature, secret) {
const hmac = crypto.createHmac("sha256", secret);
const digest = Buffer.from(
"sha256=" + hmac.update(payload).digest("hex"),
"utf8"
);
const checksum = Buffer.from(signature, "utf8");
return crypto.timingSafeEqual(digest, checksum);
}
app.listen(port, () => {
console.log(`Server is running on port ${port}`);
});bash
#hook.sh
#!/bin/env sh
if [ ! -d /repo ]
then
mkdir -p /repo
fi
user=$1
repo=$2
if [ -d /repo/$repo ]
then
cd /repo/$repo
git pull https://$GITHUB_USERNAME:$GITHUB_REPO_TOKEN@github.com/$user/$repo.git
else
git clone https://$GITHUB_USERNAME:$GITHUB_REPO_TOKEN@github.com/$user/$repo.git /repo/$repo
fi
if [ -d /repo/$repo ]
then
cd /repo/$repo
yarn install
yarn run docs:build
rm -r /vitepress/htdocs
cp -r docs/.vitepress/dist /vitepress/htdocs
fi
echo "更新完成时间:"$(date)Dockerfile
FROM node:20.10.0-bullseye
WORKDIR /app
COPY src/* /app
RUN sed -i 's/deb.debian.org/mirrors.tencentyun.com/g' /etc/apt/sources.list
RUN yarn config set registry https://registry.npmmirror.com/
RUN cd /app \
&&apt update \
&& yarn install
RUN yarn global add pm2
RUN git config --global http.proxy http://clash:17890
CMD ["pm2-runtime", "index.js"]docker-compose.yaml
yaml
version: "3.1"
services:
gh_hook:
build: gh_hook
working_dir: /app
environment:
GITHUB_USERNAME: #
GITHUB_REPO_TOKEN: #
GITHUB_WEBHOOK_SECRET: #
volumes:
- /humi-web/app/vitepress:/vitepress当有更新推送到 github 时,github 会调用服务器的 webhook 接口,当接口被调用时,服务器会拉取最新的代码,然后自动构建,构建完成后将静态内容拷贝到/humi-web/app/vitepress/htdocs
配置 Docker
构建 wordpress
Dockerfile:
docker
from wordpress
copy humi-wordpress-setup.sh /
run chmod +x /humi-wordpress-setup.sh && /humi-wordpress-setup.sh
run a2enmod ssl
run a2ensite default-sslhumi-wordpress-setup.sh:
bash
#!/usr/bin/env sh
dm="example.com"
openssl req -new -newkey rsa:2048 -x509 -nodes -days 3650 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key -subj "/C=CN/ST=ShenZhen/L=ShenZhen/O=Oricur Inc./OU=Web Security/CN=$dm"docker-compose
yaml
version: "3.1"
services:
nginx:
image: nginx
restart: always
volumes:
- /humi-web:/humi
- /humi-web/nginx/conf.d:/etc/nginx/conf.d
ports:
- 80:80
- 443:443
wordpress:
build: wordpress
restart: always
environment:
WORDPRESS_DB_HOST: wp-db
WORDPRESS_DB_USER: wp
WORDPRESS_DB_PASSWORD: wppw
WORDPRESS_DB_NAME: wp
volumes:
- wp-data:/var/www/html
wp-db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: wp
MYSQL_USER: wp
MYSQL_PASSWORD: wppw
MYSQL_RANDOM_ROOT_PASSWORD: "1"
volumes:
- wp-db:/var/lib/mysql
volumes:
wp-data:
wp-db:自动获取证书
bash
# acme.sh
curl https://get.acme.sh | sh -s email=u@qq.com
domain_main='oricur.com'
certs_dir_prefix="/humi-web/certs"
#获取泛域名
export DP_Id=""
export DP_Key=""
cert_wide_domain_dir="$certs_dir_prefix/wide/$domain_main"
mkdir -p $cert_wide_domain_dir
echo "创建文件夹:$cert_wide_domain_dir"
acme.sh --issue --dns dns_dp -d *.$domain_main \
--key-file $cert_wide_domain_dir/key \
--fullchain-file $cert_wide_domain_dir/fullchain
#获取根域名
cert_root_domain_dir="$certs_dir_prefix/root/$domain_main"
mkdir -p $cert_root_domain_dir
echo "创建文件夹:$cert_root_domain_dir"
acme.sh --issue --dns dns_dp -d $domain_main \
--key-file $cert_root_domain_dir/key \
--fullchain-file $cert_root_domain_dir/fullchain