TLS를 사용하여 VPS에서 정적 웹사이트 호스팅

12583 단어 devopsjamstackhosting
호스팅은 복잡하거나 비쌀 필요가 없습니다. DigitalOcean( ref link )에서 $6/월에 정적 사이트를 호스팅하는 방법을 보여드리겠습니다.

이것은 약간 기술적이며 터미널에 몇 가지 사항을 입력해야 합니다. 도중에 각 라인이 무엇을 하는지 설명하겠습니다.

서버 생성

Log on to the DigitalOcean cloud console 새 물방울을 만듭니다.

  • 배포: Ubuntu LTS 또는 Debian 괜찮음

  • 요금제 : 베이직

  • 옵션 : AMD, $6/월(1G 램, 20G SSD, 1TB 대역폭)

  • 데이터 센터: 가장 가까운 곳을 선택하세요.

  • 인증: 비밀번호를 선택하거나 공개 SSH 키를 사용합니다(저는 SSH 키를 사용합니다).

  • 호스트 이름: 기억하는 데 도움이 되는 것. 광산은 "hostingdemo"라고 합니다
    • .

    DigitalOcean은 $9.60/월에 자동 백업을 제공하며 원하는 경우 선택할 수 있지만 우리의 경우에는 사이트를 다른 위치에 구축하고 업로드할 것입니다.



    몇 초 후에 서버가 준비된 것을 볼 수 있습니다.

    서버에 로그온

    Note the IP address field. Click it to copy the address. You need SSH. It should already be installed on your Linux, Mac or Windows machine.

    In your terminal shell (open terminal og cmd).

    ssh root@your-droplet-ip-address

    If you selected a password, you'll be prompted for that. If you selected an SSH key and that key is setup on your machine you're all logged in.

    필요한 것을 설치

    We'll be using Caddy 웹 서버가 자동 TLS 기능을 사용하도록 합니다. 다른 옵션은 nginx 또는 apache일 수 있습니다.

    # Install the web server
apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo apt-key add -
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee -a /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install caddy
# Update your server, highly recommended
apt dist-upgrade -y


    이제 브라우저를 열고 액세스http://your-droplet-ip-address



    쉬웠죠?

    업로드할 웹 사용자 추가

    So far, we've been using "root", a system user that can do anything. We don't want to spread that around. Create a new user:

    useradd webuser --password somethingstronger -s /sbin/nologin -m

    This creates "webuser" with the password "somethingstronger" (and I do mean, it... use your own strong password), disables the SSH login and creates a home directory.

    SFTP 활성화

    To be able to upload files from a non-privleged user we need to change the SSH configuration a bit. Open the SSH daemon config in "/etc/ssh/sshd_config".

    nano /etc/ssh/sshd_config

    Make sure that the following lines look like this:

    Subsystem sftp internal-sftp
PasswordAuthentication yes

    The first one enables use of SFTP without having a login shell (like our limited webuser) and the second allows password logins for SSH.

    Restart the SSH server

    service ssh restart

    Test the login from your machine (this works on Mac and Linux, unsure about Windows)

    sftp webuser@your-droplet-ip

webuser@your-droplet-ip's password: 
Connected to your-droplet-ip.
sftp>

    웹 사용자 디렉토리에서 파일을 제공하도록 캐디에게 지시하십시오.

    nano /etc/caddy/Caddyfile

:80

# Set this path to your site's directory.
root * /home/webuser

# Enable the static file server.
file_server

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

    This tells Caddy to serve from the webuser home directory instead. But, we need to give it access.

    usermod -a -G webuser caddy
service caddy restart

    웹 서버 테스트

    Upload an "index.html" to your server. Use whatever SFTP client you like (like FileZilla or winscp). From my local machine, I create a simple HTML file on my computer called "index.html" with "hello world" in it. Then I uploaded it to our server.

    sftp sftp webuser@your-droplet-ip
put index.html


    호스트 이름 또는 도메인 추가

    I added a DNS record to give my server a name. How exactly you add this depends on your DNS hosting provider. DigitalOcean has this under "Networking -> Domains".

    • Hostname : whateveryouwant (I used "hostingdemo")
    • Record Type : A
    • Target : your-droplet-ip-address

    이제 브라우저에서 http://hostingdemo.andri.dk을 가리키면 ...



    암호화 추가(TLS/SSL)

    To do this, we open our Caddyfile again in "/etc/caddy/Caddyfile" and change it to the following:

    hostingdemo.andri.dk # replace this with your hostname

# Set this path to your site's directory.
root * /home/webuser

# Enable the static file server.
file_server

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

    Reload the configuration.

    service caddy reload

    Then in your browser change the URL from "http" to "https" and reload.

    마무리

  • We created a new server on DigitalOcean
  • We added a new non-privileged user "webuser" and configured it to upload the site
  • We setup a DNS name for our new site
    •
  • We setup Caddy with automatic TLS using Lets Encrypt

    • 보너스

    Github Actions로 Jamstack 사이트 자동 업로드

    This is covered in more details in my post, but copy paste the following into a .github/workflows/deploy.yaml file in your repo on Github.

    You need the following secrets set up on your repo:

    • SFTP_HOST : host or ip of droplet
    • SFTP_USER : webuser
    • SFTP_PASS : yourverysecretpassword 
    name: buildpack
on: [push, pull_request]
jobs:
  remote-build:
    runs-on: ubuntu-latest
    container:
      image: docker:stable
      volumes:
        - /home/runner:/workspace
    env:
      IMG_NAME: ${{ github.workflow }}
      NODE_ENV: production # Makes this a little more clean on the Node side
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Downloads and caches the pack command (the code is open)
      - uses: andrioid/setup-pack@main
      # Attempt to fetch any previous image so that we may use it for caching
      - run: docker pull ghcr.io/${GITHUB_REPOSITORY}/${IMG_NAME} || true
      # Builds your site with buildpacks (heroku builder)
      - run: pack build ghcr.io/${GITHUB_REPOSITORY}/${IMG_NAME} --builder=heroku/buildpacks:20
      # Pushes your new image to Github's Container Registry
      - run: docker push ghcr.io/${GITHUB_REPOSITORY}/${IMG_NAME}
      # Copy the build assets from the container and cleanup
      - run: CONTAINER_ID=$(docker create ghcr.io/${GITHUB_REPOSITORY}/${IMG_NAME}:latest /bin/sh) && docker cp ${CONTAINER_ID}:/workspace/public . && docker rm ${CONTAINER_ID}
      - run: ls -alh public
      - uses: actions/upload-artifact@v2
        with:
          name: public
          path: public/

  deploy-via-sftp:
    needs: remote-build
    runs-on: ubuntu-latest
    env:
      RCLONE_CONFIG_VPS_TYPE: sftp
      RCLONE_CONFIG_VPS_HOST: ${{ secrets.SFTP_HOST }}
      RCLONE_CONFIG_VPS_USER: ${{ secrets.SFTP_USER }}
      RCLONE_CONFIG_VPS_PASS_PLAIN: ${{ secrets.SFTP_PASS }}
    steps:
      - uses: andrioid/setup-rclone-action@main
      - uses: actions/download-artifact@v2
        with:
          name: public
          path: public
      - run: echo "RCLONE_CONFIG_VPS_PASS=$(rclone obscure ${RCLONE_CONFIG_VPS_PASS_PLAIN})" >> $GITHUB_ENV
      - run: rclone -v copy public vps:.

    This requires you to have a repository on Github and that your site can be built with Buildpacks. I have this running with Gatsby, but it should work with almost anything that builds into public/ .

    이제 내 Jamstack 예제 사이트가 VPS에 배포되었습니다!
    메신저 봇
    Mac에서 개발한 봇을 Azure에서 운영

    좋은 웹페이지 즐겨찾기

    개발자 우수 사이트 수집

    개발자가 알아야 할 필수 사이트 100선 추천 우리는 당신을 위해 100개의 자주 사용하는 개발자 학습 사이트를 정리했습니다
    best100-homepage