确保已安装Docker和Docker Compose
准备域名
开放服务器端口
sudo ufw allow 80,443/tcp (Ubuntu)bashmkdir -p ~/vanblog-production/{caddy-proxy,data}
cd ~/vanblog-production
创建 caddy-proxy/Caddyfile 文件:
caddyfile# 全局配置 { email your-email@example.com # 替换为你的邮箱 acme_ca https://acme-v02.api.letsencrypt.org/directory } # 主域名配置 your-domain.com { # 反向代理到VanBlog容器 reverse_proxy vanblog:80 # 安全增强配置 header { Strict-Transport-Security "max-age=31536000;" X-Content-Type-Options nosniff X-Frame-Options DENY Referrer-Policy strict-origin-when-cross-origin } # 性能优化 encode zstd gzip } # www域名重定向 www.your-domain.com { redir https://your-domain.com{uri} permanent } # HTTP重定向到HTTPS http:// { redir https://{host}{uri} permanent }
创建 docker-compose.yml 文件:
yamlversion: '3.8'
networks:
vanblog-network:
driver: bridge
services:
vanblog:
image: kevinchina/deeplearning:vanblog-latest
restart: unless-stopped
environment:
TZ: Asia/Shanghai
EMAIL: your-email@example.com # 替换为你的邮箱
NODE_ENV: production
VAN_BLOG_VERSION: latest
volumes:
- ./data/static:/app/static
- ./log:/var/log
- ./caddy/config:/root/.config/caddy
- ./caddy/data:/root/.local/share/caddy
- ./aliyunpan/config:/root/.config/aliyunpan
networks:
- vanblog-network
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80"]
interval: 30s
timeout: 10s
retries: 3
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy-proxy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/data:/data
- ./caddy/config:/config
networks:
- vanblog-network
depends_on:
vanblog:
condition: service_healthy
mongo:
image: mongo:5.0
restart: unless-stopped
environment:
TZ: Asia/Shanghai
volumes:
- ./data/mongo:/data/db
networks:
- vanblog-network
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
interval: 30s
timeout: 10s
retries: 3
在启动前,请确保替换以下内容:
your-domain.com 替换为你的实际域名your-email@example.com 替换为你的实际邮箱bashdocker compose up -d
检查服务状态
bashdocker compose ps
查看日志
bashdocker compose logs -f caddy # 查看证书申请情况
docker compose logs -f vanblog # 查看应用日志
访问测试
http://your-domain.com 应自动跳转到HTTPS修改 docker-compose.yml 中mongo服务部分:
yamlmongo:
image: mongo:5.0
environment:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: your-strong-password
# 其他配置保持不变...
然后在vanblog服务中添加环境变量:
yamlvanblog:
environment:
# 原有环境变量...
MONGO_USERNAME: admin
MONGO_PASSWORD: your-strong-password
修改 Caddyfile:
caddyfileyour-domain.com { reverse_proxy vanblog:80 # Cloudflare专用配置 tls { dns cloudflare {env.CF_API_TOKEN} } # 其他配置保持不变... }
在docker-compose.yml中caddy服务添加环境变量:
yamlcaddy:
environment:
CF_API_TOKEN: "your-cloudflare-api-token"
创建备份脚本 backup.sh:
bash#!/bin/bash
BACKUP_DIR="/path/to/backups"
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
# 备份MongoDB
docker compose exec mongo mongodump --archive --gzip > $BACKUP_DIR/vanblog-mongo-$TIMESTAMP.gz
# 备份静态文件
tar czvf $BACKUP_DIR/vanblog-static-$TIMESTAMP.tar.gz ./data/static
# 备份Caddy配置
tar czvf $BACKUP_DIR/vanblog-caddy-$TIMESTAMP.tar.gz ./caddy-proxy ./caddy
更新VanBlog
bashdocker compose pull vanblog docker compose up -d
重启服务
bashdocker compose restart
查看资源使用
bashdocker stats
清理无用资源
bashdocker system prune
证书申请失败
docker compose logs caddyMongoDB连接问题
docker compose logs mongoVanBlog无法访问
docker compose psdocker compose logs vanblog通过以上步骤,你已经成功部署了一个带HTTPS的生产级VanBlog环境,具有自动证书续期、安全增强和性能优化等特性。
本文作者:任浪漫
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!