4.1.1 ghost搭建

vps上搭建ghost , 查看 官网教程

1. dnspod解析2级域名blog.scott.world

2. 更新系统

# Update package lists
sudo apt-get update

# Update installed packages
sudo apt-get upgrade

3. Install NGINX

sudo apt-get install nginx
sudo ufw enable
sudo ufw allow 80
sudo ufw allow 443

4. 更改ssh端口并只允许scott用户登录

# 先登录vps
adduser scott
sudo vi /etc/ssh/sshd_config
#cmd+t再开一个端口，记录登录的状态，如果是你修改处了问题或者忘了端口，可能导致你下次连登录都登不进去了

Port 39999    //这句话干了2件事，首先关掉了默认的22端口，其次你必须在39999登录才登的进去
# 找到 useDNS 保证它是no 在最末尾增加一行
UseDNS no
AllowUsers scott  //允许scott从39999端口登录
# 保存，退出,重启ssh
ubuntu： sudo service ssh restart
centos： systemctl restart sshd.service 或 service sshd restart
# 开防火墙
sudo ufw allow 39999
新开一个窗口
ssh -p 39999 scott@ipv4
注意密码是创建用户的密码， 改密码用 passwd scott/root
如果登陆成功，恭喜端口改掉了

此处报错

iMac-52:~ apple$ ssh -p 39999 root@142.93.37.197
Permission denied (publickey)
# 指当前用户没有保存客户端的ssh key
# 切换到scott用户
ssh-keygen -b 4096 -t rsa
一路会车
尝试用客户端连接
~ ssh -p 39999 scott@ip
scott@142.93.187.211: Permission denied (publickey).
原因是scott用户根本没有authorized_keys
vim authorized_keys
# 把mac的公钥贴进去

禁用root登录，禁止密码登陆，只允许ssh key登陆

sudo vi /etc/ssh/sshd_config
# 输入账号对应的密码
# 不允许空密码登录 
PermitEmptyPasswords no
# 关掉root登录，因为root能做的事，我门新增的用户都能做
PermitRootLogin no 
# 把密码登录的形式关掉，因为我们配置了ssh，只需验证mac 和 vps上的ssh即可登录
PasswordAuthentication no

重启ssh

sudo service ssh restart
#新开一个窗口，分别从22，39999端口测试root是否被挡在外面

然后需要注意配置权限了，否则SSH不会工作的

1. 将.ssh目录的权限为700
2. 将authorized_keys目录的权限为600

再次登陆，ssh -p 39999 scott@ipv4 ok

修改本地的mac ssh免密登录配置

Host ocean
  HostName 142.93.37.197
  Port 39999
  User scott
  IdentityFile ~/.ssh/id_rsa

开始搭建

# Install MySQL
sudo apt-get install mysql-server

# To set a password, run
sudo mysql
# Now update your user with this password
# Replace 'password' with your password, but keep the quote marks!
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'tanyun161019';
CREATE DATABASE IF NOT EXISTS ghost_blog;
# Then exit MySQL
quit
# and login to your Ubuntu user again
adduser scott
usermod -aG sudo scott
su - scott


# Add the NodeSource APT repository for Node 8
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash
# Install Node.js and npm
sudo apt-get install -y nodejs
sudo apt-get install -y npm

# Install Ghost-CLI
sudo npm install ghost-cli@latest -g

#setting
sudo mkdir -p /var/www/ghost
sudo chown scott:scott /var/www/ghost
sudo chmod 775 /var/www/ghost
cd /var/www/ghost
# 安装ghost
ghost install
? Enter your blog URL: https://blog.scott.world
? Enter your MySQL hostname: localhost
? Enter your MySQL username: root
? Enter your MySQL password: [hidden]
? Enter your Ghost database name: ghost_blog
✔ Configuring Ghost
✔ Setting up instance
+ sudo useradd --system --user-group ghost
+ sudo chown -R ghost:ghost /var/www/ghost/content
✔ Setting up "ghost" system user
? Do you wish to set up "ghost" mysql user? Yes
✔ Setting up "ghost" mysql user
? Do you wish to set up Nginx? Yes
✔ Creating nginx config file at /var/www/ghost/system/files/blog.scott.world.conf
+ sudo ln -sf /var/www/ghost/system/files/blog.scott.world.conf /etc/nginx/sites-available/blog.scott.world.conf
+ sudo ln -sf /etc/nginx/sites-available/blog.scott.world.conf /etc/nginx/sites-enabled/blog.scott.world.conf
+ sudo nginx -s reload
✔ Setting up Nginx
? Do you wish to set up SSL? Yes
? Enter your email (For SSL Certificate) mbp98k@gmail.com
一路回车，这时候会提示
Ghost was installed successfully! To complete setup of your publication, visit: 

    https://blog.scott.world/ghost/
# 其实是服务访问的，curl https://blog.scott.world/ghost/ 什么都没有
# 但是curl https://localhost/ghost/ 却行
# 原因是只在本地监听，将监听端口改为0.0.0.0 即可
sudo vim config.production.json 
将
"server": {
    "port": 2368,
    "host": "127.0.0.1"
},
host改为： 0.0.0.0
# 重启
ghost restart

这时候你还是不能访问,为什么，因为加了https（会直接走443，2368是不会通的）

scott@test:/etc/nginx/conf.d$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
2368                       ALLOW       Anywhere                  
10086                      ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
2368 (v6)                  ALLOW       Anywhere (v6)             
10086 (v6)                 ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)

nginx代理

cd /etc/nginx/conf.d
sudo vim blog-scott-world-2368.conf

server {
  listen 80;
  # your ip
  server_name blog.scott.world;

  location / {
    proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:2368;
        client_max_body_size 10m;
  }

}
sudo nginx -t
sudo service nginx reload

再刷新网页，铛铛铛铛……^ _ ^

其实也不用自己配nginx，后来发现的

scott@NewYork:/var/www/ghost/system/files$ cat blog.scott.world.conf
server {
    listen 80;
    listen [::]:80;

    server_name blog.scott.world;
    root /var/www/ghost/system/nginx-root;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}