Shulou(Shulou.com)06/03 Report--

Used other blog systems, do not like, not light enough, not fast enough! I have done a total of two blog systems, and the perfectionist (after all, × × seat) really don't want to struggle too much on this matter. Eiblog should be a relatively stable blog system, and it will be used by bloggers in the future. You don't have to worry about stability and maintenance, but the deployment process of the system is too complicated, and friends without computer knowledge are not recommended to build it. Welcome to consult. The advantages of this blog (obviously fast, safe), waiting for you to experience.

Introduction

The whole blog system involves the following modules:

MongoDB, the blog uses mongodb as the storage database.

Elasticsearch, which uses elasticsearch as the blog's on-site search, albeit with a slightly higher memory footprint.

Disqus, as a blog comment system, is mostly blocked in China, so it implements two ways of comment.

Nginx, as a reverse proxy server, and do the relevant http header and certificate settings.

Google Analytics, as a data analysis and statistics tool for blog system.

Qiniu CDN, as the static file storage of the blog system, the image attachment of the blog post is uploaded here.

The related technologies are:

Golang, the back-end of the blog system is written in golang, and open source to Eiblog.

HTML Javascript CSS, the front end of the blog system is written by html and jquery, and the style is CSS.

Glide, written by golang. As the package dependency manager of the blog system, its open source address is Glide.

Docker, blog system can be deployed by docker, convenient and fast.

Docker Compose, the blog system can be fully run by docker, and compose plays a good management role.

SSL certificate, https is the future trend, the whole blog system will revolve around the certificate, please prepare a valid ssl certificate in advance.

Travis, as an automatic building tool of the blog system, automatically builds docker images and pushes them to the image repository.

Yaml, the configuration file of the blog system uses yaml, please know.

As the work of the blogger, what functions did Eiblog achieve, what features did it have, and what optimization did it do?

At present, the system only has the home page, special topic, archive, friend chain, about, search interface. It is believed that it can meet the needs of most users.

Static files such as .js and .css are stored locally, and small image base64 is built into css, which will not cause network delay and speed up web page access. Version control mode, dynamically update static files.

Use Google statistics, and achieve asynchronous (send access information to the backend, the back end submitted to Google) statistics to speed up the access speed.

The back-end processing is accelerated by directly caching the html documents transferred by markdown. The response speed is within 3ms, which is really very fast.

Specific format [! [alt] (https://st.deepzz.com/static/img/avatar.jpg = 256x256)] lazy loading policy for images to speed up access.

Through the configuration of Nginx, enable compression to reduce the transmission volume, the server transmits certificate chain, open Session Resumption, Session Ticket, OCSP Stapling and other accelerated certificate handshakes to improve speed again.

The number of comments in the article (not important) runs at the back end with regular scripts and regular updates, so sometimes the number of comments is not correct. This reduces api calls and achieves the goal of speeding up access again.

In view of the reason why disqus is blocked, the alternative comment mode of Jerry Qu is realized to ensure the fluency of comments.

Open source Typecho complete background system, full-featured markdown editor, let you experience what is simple and refreshing.

The blog background directly connects with Qiniu SDK to achieve the simple function of uploading and deleting files in the background.

Use elasticsearch as the site search, add google opensearch function, search more natural.

Of course, a lot of efforts have been made on information security, although we are only a small blog system.

CDN, using Qiniu fusion CDN, and https, to achieve the whole station https. Qiniu can apply for a free certificate.

CT, certificate transparency testing, provides an open audit and monitoring system. Any domain name owner or CA can determine whether the certificate has been issued incorrectly or used maliciously, thereby improving the security of the HTTPS website.

OCSP, online Certificate status Protocol. An online inquiry service used to verify the validity of certificates.

HSTS, which forces clients, such as browsers, to use HTTPS to create a connection to the server. It can solve the problem of HTTPS downgrade * *.

HPKP,HTTP public key fixed extension to guard against middlemen caused by "obtaining website certificates by forged or improper means". This feature allows us to choose which CA to trust.

SSL Protocols, which lists the supported TLS protocols, SSLv3 has been proved to be insecure.

SSL dhparam, Diffie Herman key exchange.

Cipher suite, listed servers support cipher suites.

It is easy to see the httpsecurityreport score 96 dint ssllabs score A score, which is perfect. These security-related configurations will be exposed later in the deployment process.

Related picture display:

Note: picture 1, picture 2 is the blog interface, picture 3 is the background interface, and picture 4 is the performance display.

All right, having said so much and boasted so much, let's actually build an Eiblog.

Installation

1. Eiblog provides downloads of compressed packages for multiple platforms, which can be downloaded from Eiblog release to select the appropriate version and platform. It can also be done by:

$curl-L https://github.com/eiblog/eiblog/releases/download/v0.1.0/eiblog-v0.1.0.`uname-s | tr'[Amurz]''[Amurz]'`- amd64.tar.gz > eiblog- v0.1.0.`uname-s | tr'[Amurz]''[Amurz]'`-amd64.tar.gz

2. If you are lucky enough to be a Gopher, I believe you will do it yourself, you can pass:

$go get https://github.com/eiblog/eiblog

The source code compiles the binary file to run.

3. If you also have research on docker technology, you can also install it through docker:

$docker pull registry.cn-hangzhou.aliyuncs.com/deepzz/eiblog

Only eiblog binaries are provided inside the image because the demand for customization of other content is too high. So you need to map out the conf, static, and views directories, which we'll talk about later.

Local testing

After we have downloaded the executable, we can start testing locally.

Local testing requires setting up two services, mongodb and elasticsearch3.4.1 (optional, the search service is not available).

Eiblog will connect hostname to eidb and eisearch by default, so you need to fill in the information under / etc/hosts. If the mongodb address you set up is 127.0.0.1pur27017jrystriticSearch, the address is 192.168.99.100pur9200, such as:

SH$ sudo vi / etc/hosts# is built with two lines of 127.0.0.1 eidb192.168.99.100 eisearchMongoDB at the end

1. MongoDB is built. Mac can be installed through brew install mongo. For other platforms, please check the information.

Elasticsearch building

2. Elasticsearch building, which is a little more complicated. Bloggers have not yet touched how to install it directly, so it is recommended to build it through docker. It should be noted that the parser provided by es is not friendly to Chinese word segmentation, and the elasticsearch-analysis-ik word separator is used here. If you want to know more about Github or implement blog site search.

Pull mirrors docker pull elasticsearch:2.4.1, which is required.

Add the environment variable ES_JAVA_OPTS: "- Xms512m-Xmx512m" unless you want your server to crash.

Map related directories:

Conf/es/config:/usr/share/elasticsearch/config conf/es/plugins:/usr/share/elasticsearch/plugins conf/es/data:/usr/share/elasticsearch/data conf/es/logs:/usr/share/elasticsearch/logs

If you want to see more details, please check the docker-compose.yml file.

To summarize, the command for docker to run es is:

SH$ docker run-d-name eisearch\-p 9200 Xms512m Xmx512m 9200\-e ES_JAVA_OPTS: "- Xms512m-Xmx512m"\-v conf/es/config:/usr/share/elasticsearch/config\-v conf/es/plugins:/usr/share/elasticsearch/plugins\-v conf/es/data:/usr/share/elasticsearch/data\-v conf/es/logs:/usr/share/elasticsearch/logs\ elasticsearch:2.4.1

Then execute. / eiblog, and our eiblog is ready to run.

Through 127.0.0.1 username 9000, you can enter the home page of the blog, and 127.0.0.1:9000/admin/login enters the background to log in. The account password is username and password under eiblog/conf/app.yml. That is, the initial account password deepz, deepzz.

Prepare for deployment

If you feel the charm of the blog, you still want to build it. So, congratulations, you've got a blog system that you don't want to replace. Next, we follow the steps to further explain the deployment process.

Only the deployment instructions for Docker are provided here. If you need other ways to deploy, please refer to this method.

Prerequisite preparation

Some necessary things need to be prepared here, if you are ready. Please skip it.

A server.

A domain name, the domestic server needs to be put on record.

A valid certificate. You can usually use it free of charge. Such as: Let's Encrypt, in addition, qcloud, Qiniu also provide free certificate applications, all of which are globally credible.

CDN of Qiniu. The blog is only designed to connect to Qiniu cdn. I believe the CDN service provider will not let you down.

Disqus . As a blog comment system, you have to have the ability to register to this account. I think you can write another blog. Simply put, you need shorname and public key.

Google Analystic . Data statistical analysis tools.

Superfeedr . Accelerate RSS subscriptions.

Twitter . I hope you can have a twitter account.

When these are ready, follow the instructions in conf/app.yml to change the configuration.

It is difficult to understand whether there are so many requirements. In fact, the blog system was only designed for people, and it was the one I wanted in my heart. Bloggers do not want how many people to use the blog, but want to say to those who pursue the ultimate: you need this blog system.

Document preparation

Although most of the documents are ready. But there are some default files that need to be specifically pointed out and require you to write a special path on the CDN.

If your CDN domain name is st.example.com, then:

Favicon.ico, whose URL should be st.example.com/static/img/favicon.ico. So your file in CDN is called static/img/favicon.ico, as follows.

Background picture on the left, about 500,1200, CDN Chinese file name: static/img/bg04.jpg. If you need to change, replace the name in eiblog/view/st_blog.css.

Avatar, between 160 "160" 256 "256", CDN file name: static/img/avatar.jpg. In addition, you need to encode the image in Base64 and replace the image in the appropriate location in eiblog/views/st_blog.css.

Blank.gif,CDN file name: static/img/blank.gif. Please download the picture here and upload it to your CDN.

Default_avatar.png,CDN file name: static/img/default_avatar.png, please download and upload to your CDN here.

Disqus.js, the file name will change, and will not change with each update if it is not mentioned. The format of the CDN file name is: static/js/name.js. I used static/js/disqus_a9d3fd.js to write this article. Please download it here and upload it to your CDN.

Note: my CDN has done hotlink protection, so please upload these resources to your CDN in case static resources cannot be accessed.

Configuration description

I believe it's only 60% of the way to here. It's not too late to give up.

All the documents under eiblog/conf will be explained here. I hope you will be ready.

├── app.yml # blog profile ├── blackip.yml # blog ip blacklist ├── es # elasticsearch configuration │ ├── config # profile │ │ ├── analysis # synonym │ │ ├── elasticsearch.yml # specific configuration │ │ ├── logging.yml # Log configuration │ │ └── scripts # script folder │ └── plugins # plug-ins folder │ └── ik1.10.1 # ik Separator ├── nginx # nginx configuration │ ├── domain # domain name configuration Nginx will read the .conf file under the folder │ │ └── deepzz.conf │ ├── ip.blacklist # nginx ip blacklist │ └── nginx.conf # nginx configuration Please replace the original configuration ├── scts # ct file │ ├── aviator.sct │ └── digicert.sct ├── ssl # certificate file For more information, please see deepzz.conf │ ├── dhparams.pem │ ├── domain.key │ ├── domain.pem │ ├── full_chained.pem │ └── session_ticket.key └── tpl # template file ├── feedTpl.xml ├── opensearchTpl.xml └── sitemapTpl.xml

1. App.yml, the configuration file of the whole program, which has listed the description of all the configuration items, which will not be described here.

2. Blackip.yml, if you don't use Nginx, the blog has a built-in ip filtering system. 3. Es full name elasticsearch, a very powerful distributed search engine, github uses it. There is little need to modify the configuration, but es/analysis/synonym.txt is synonymous, and you can add as much as you already have.

├── es │ ├── config │ │ ├── analysis │ └── synonym.txt # synonym configuration │ │ ├── elasticsearch.yml # Separator configuration │ │ ├── logging.yml # Log configuration │ │ └── scripts # script │ └── plugins # Chinese word segmentation plug-in │ └── ik1.10.0 │

Note that although the scripts folder is empty, it must exist, otherwise the elasticsearch will report an error.

4. Nginx, the system uses nginx as the proxy (I believe that the blog system will not monopolize a server ~). Please replace the configuration of the original nginx with nginx.conf. The configuration file for the blog system is domain/deepzz.conf, or rename it (as long as it satisfies * .conf). Deepzz.conf files are the most knowledgeable. Maybe you want to figure it out one by one, maybe...

Note that this configuration needs to be updated from nginx to the latest version and openssl to 1.0.2j. For more information, please refer to the full Nginx configuration section of this blog of Jerry Qu.

5. Scts to store ct files.

6. Ssl, where all the contents related to the certificate are stored.

├── dhparams.pem # see eiblog/conf/nginx/domain/deepzz.conf ├── domain.key # certificate private key, download ├── domain.pem # certificate chain from the general issuer Generally, you can download it directly from the certificate issuer to ├── full_chained.pem # see eiblog/conf/nginx/domain/deepzz.conf └── session_ticket.key # see eiblog/conf/nginx/domain/deepzz.conf

7. Tpl template is relevant and does not need to be modified.

Start deploying docker

Please make sure that you have completed all the steps mentioned above and have successfully tested locally. MognoDB and Elasticsearch are installed and running successfully on the server.

First of all, please upload the conf,static,views folder tested locally to the server, and suggest storing it under the server / data/eiblog.

Note whether an empty conf/es/config/scripts folder exists

SH$ tree / data/eiblog-L 1 ├── conf ├── static ├── views

Then, PULL the image locally to the server.

# Eiblog image $docker pull registry.cn-hangzhou.aliyuncs.com/deepzz/eiblog under PULL

Finally, execute the docker run command. I hope you can succeed.

SH$ docker run-d-- name eiblog-- restart=always\-- add-host disqus.com:23.235.33.134\-- link eidb-- link eisearch\-p 9000 add-host disqus.com:23.235.33.134\-e GODEBUG=netdns=cgo\-v / data/eiblog/logdata:/eiblog/logdata\-v / data/eiblog/conf:/eiblog/conf\-v / data/eiblog/static:/eiblog/static\-v / data/eiblog/views:/eiblog/views \ registry.cn-hangzhou.aliyuncs.com/deepzz/eiblog

Here the default MongDB and Elasticsearch are both docker deployments, and the name is eidb,eisearch.

Nginx + docker

Deployment through Nginx+docker is recommended by bloggers. Docker Compose is used here to manage our entire blog system.

Please confirm that you have successfully installed Nginx, docker and docker-compose. For Nginx, be sure to refer to the complete Nginx configuration section of Jerry Qu.

First, upload the locally tested conf,static,views,docker-compose.yml folders and files to the server. The first three folders are recommended to be stored in the server / data/eiblog, and the docker-compose.yml is stored in a convenient place for you.

Note whether an empty conf/es/config/scripts folder exists

SH$ tree / data/eiblog-L 1 ├── conf ├── static ├── views$ ls ~ / docker-compose.yml

Then, execute:

$cd ~ $docker-compose up-d

Wait a little time and run successfully.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.