使用docker部署halo

新建一个目录~/halo

docker-compose.yml

其完整内容如下：

version: "3"

services:
  halo:
    image: registry.fit2cloud.com/halo/halo:2.21
    restart: on-failure:3
    depends_on:
      halodb:
        condition: service_healthy
    networks:
      halo_network:
    volumes:
      - ./halo2:/root/.halo2
    ports:
      - "8090:8090"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8090/actuator/health/readiness"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 30s
    environment:
      # JVM 参数，默认为 -Xmx256m -Xms256m，可以根据实际情况做调整，置空表示不添加 JVM 参数
      - JVM_OPTS=-Xmx256m -Xms256m
    command:
      - --spring.r2dbc.url=r2dbc:pool:postgresql://halodb/halo
      - --spring.r2dbc.username=halo
      # PostgreSQL 的密码，请保证与下方 POSTGRES_PASSWORD 的变量值一致。
      - --spring.r2dbc.password=yourpassword
      - --spring.sql.init.platform=postgresql
      # 外部访问地址，请根据实际需要修改
      - --halo.external-url=https://blog.tvzr.com/
  halodb:
    image: postgres:15.4
    restart: on-failure:3
    networks:
      halo_network:
    volumes:
      - ./db:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD", "pg_isready" ]
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      - POSTGRES_PASSWORD=yourpassword
      - POSTGRES_USER=halo
      - POSTGRES_DB=halo
      - PGUSER=halo
  webserver:
    depends_on:
      - halo
    image: nginx:1.27.1-alpine
    container_name: webserver
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx-conf:/etc/nginx/conf.d
      - certbot-etc:/etc/letsencrypt
      - certbot-www:/var/www/certbot
    networks:
      - halo_network

  certbot:
    depends_on:
      - webserver
    image: certbot/certbot
    container_name: certbot
    volumes:
      - certbot-etc:/etc/letsencrypt
      - certbot-www:/var/www/certbot
    command: certonly --webroot -w /var/www/certbot --email iat@outlook.com --agree-tos --no-eff-email --force-renewal -d yourdomain
volumes:
  certbot-etc:
  certbot-www:
networks:
  halo_network:

创建nginx配置目录

mkdir -p ~/halo/nginx-conf

在该目录创建nginx.conf

# HTTP 块 (用于 Let's Encrypt 验证和 HTTPS 重定向)
server {
    listen 80;
    server_name yourdomain;

    # 关键：暴露 Certbot 的 ACME 挑战目录
    # 所有对 /.well-known/acme-challenge/ 的请求都指向 Certbot 写入的目录
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
        # 避免 Certbot 创建的文件被缓存
        default_type "text/plain";
        # 确保 Nginx 立即停止处理
        try_files $uri =404;
    }

    # 其他 HTTP 流量，全部强制重定向到 HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

# HTTPS 块 (用于 Halo 服务)
server {
    listen 443 ssl;
    server_name yourdomain;

    # SSL 证书路径。这些路径在 Certbot 成功运行后才存在于 certbot-etc 卷中。
    ssl_certificate /etc/letsencrypt/live/yourdomain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain/privkey.pem;

    # 推荐的 SSL 设置（根据 Nginx 文档调整）
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # 现代浏览器安全配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # 反向代理到 Halo 容器
    location / {
        proxy_pass http://halo:8090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        proxy_request_buffering off;
    }
}

最开始的时候，先保留80端口，等证书申请好了再把443的配置贴进去。

启动halo

cd ~/halo

docker compose up -d

查看进程

docker ps
CONTAINER ID   IMAGE                                   COMMAND                  CREATED       STATUS                 PORTS                                                                      NAMES
f02ff4abbc2f   nginx:1.27.1-alpine                     "/docker-entrypoint.…"   5 weeks ago   Up 5 weeks             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   webserver
0513e0ab3542   registry.fit2cloud.com/halo/halo:2.21   "sh -c 'java -Dreact…"   5 weeks ago   Up 5 weeks (healthy)   0.0.0.0:8090->8090/tcp, :::8090->8090/tcp                                  halo-halo-1
e4af7d394a06   postgres:15.4                           "docker-entrypoint.s…"   5 weeks ago   Up 5 weeks (healthy)   5432/tcp                                                                   halo-halodb-1

在1C1G的服务器上运行，完全没啥压力。