The whole process of deploying Hexo blog to Tencent ECS (Nginx, certificate, HTTPS) is here

Posted by swjohnson on Wed, 05 Jan 2022 22:06:45 +0100


Ashamed to say, Blog It has been built for a long time and has been deployed on Coding and Github Pages for free. The former has been migrated to Tencent cloud Serverless, resulting in problems in the original configuration. There is no time to study it carefully. It happens that Tencent server has wool to mattress and makes a decisive migration. As for choosing Tencent cloud, it was recorded in Tencent cloud, but the domain name was purchased in Alibaba, It feels good, but the whole is irrelevant and has no impact

Deployment environment

Local environmentMacOS Monterey 12.0.1
Server environmentCentOS Linux release 8.2.2004 (Core)

Local environment configuration

There are too many hexo local building processes on the Internet. I won't repeat them here. I just do a little preparatory work to link the server

Generate Git key

ssh-keygen -C ""

All the way back, you should be able to stop at ~ / You can see two newly generated key files in ssh / Directory:

  1. Public key:
  2. Private key: id_rsa

We need to copy the contents of the public key to the server later

Server environment configuration

The server is very pure and has nothing, so we need to install what we need a little bit

  • Git
  • Nginx

It is strongly recommended that you reset the default password of Tencent ECS before performing the following operations

Git installation and configuration


Switch to root (just enter the password you just reset)

su root

First, you need to install package dependencies

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel
yum install  gcc perl-ExtUtils-MakeMaker

Enter the specified directory (select usr/local/src here) and select the latest version Git (2.34.1 is used here) download and unzip

cd /usr/local/src
tar -zxvf git-2.19.0.tar.gz

The extracted git files are all source files. We need to compile them. Enter the GIT decompression directory for compilation and installation. The installation location (usr/local/git is selected here). The whole process may need to wait

cd git-2.34.1
make prefix=/usr/local/git all
make prefix=/usr/local/git install

After installation, we need to configure environment variables and open the environment variable configuration file:

vim /etc/profile

Add Git installation directory information at the bottom of the file to give students who are not familiar with Vim quick operation steps. Just press the letters below (is this nanny service in place)

G (quick cursor to end of file)

o (add a new blank line and enter Insert mode)

Paste the following

Esc (enter Normal mode)

: wq (save and exit)

export PATH

Refresh the environment variable to make it effective

source /etc/profile

At this time, Git should have been installed. You can check whether the Git version number is the same as the version you specified:

git --version

Git new users and configurations

Create git user and password

adduser git
passwd git

Adding git user to sudoers file also gives Vim shortcut

chmod 740 /etc/sudoers
vim /etc/sudoers

/## Allow

This allows quick positioning to the following locations:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

Add git user content in the following line, save and exit

git      ALL=(ALL)       ALL

Modify back sudoers file permissions

chmod 400 /etc/sudoers


The ID generated locally above_ rsa. Copy the contents of the pub public key to the remote server. This command will generate authorized in the git user home directory of the remote server by default_ Keys file (~ /. ssh/authorized_keys), where server_ip is public IP, not internal IP. Don't copy it wrong

ssh-copy-id -i ~/.ssh/ git@server_ip

At this time, you can test the connection through the ssh command (with the - v command, you can output a detailed log)

ssh -v git@server_ip

Blog site directory configuration

Create blog site directory location

Similarly, switch to the root directory and create the root directory for the blog site (select / home/hexo here)

su root
mkdir /home/hexo

Grant git user rights

chown git:git -R /home/hexo

Automated configuration

Specify the directory location (select git user home directory / home/git here) and create a blog named blog bare repo of GIT

cd /home/git 
git init --bare blog.git

What is bare repo and some advanced uses of bare repo can be seen in the following three articles. The following details are just not introduced too much

  1. Git Worktree Dharma is really fragrant
  2. Git Worktree advanced usage
  3. Generate Git Worktree working directory with one click

Also give git users corresponding permissions

chown git:git -R blog.git

Using automatic configuration naturally requires Git hook function. Here, we need post receive to create a new file in the blog hooks Directory:

vim blog.git/hooks/post-receive

Then add the following contents (pay attention to directory matching), save and exit:

git --work-tree=/home/hexo --git-dir=/home/git/blog.git checkout -f

Finally, give the file executable permissions

chmod +x /home/git/blog.git/hooks/post-receive

Next, create a link to prevent errors in the subsequent deploy process

sudo ln -s /usr/local/git/bin/git-receive-pack  /usr/bin/git-receive-pack

At this point, the basic preparations are completed. Next, we need to deal with the contents of Nginx

Nginx installation and configuration


Similarly, switch to root, install nginx, and finally start

su root
yum install -y nginx
systemctl start nginx.service

At this time, enter the public IP address in the browser, and you should see the default welcome interface of Nginx

to configure

Configure Nginx here to redirect all Http requests to Https requests. This requires that we have an SSL certificate. The certificate can be applied on the ECS, and the corresponding version can be downloaded (choose Nginx certificate here). After downloading, unzip it. Take my certificate as an example:


0 directories, 2 files

Copy the above certificates to the remote server through the scp command. Normally, the Nginx certificates should be stored in the / etc/nginx/cert directory. Here, select / home/ssl_cert (if the directory does not exist, please create it yourself)

scp ~/Downloads/6317712_www.dayarch.top_nginx/ root@server_ip:/home/ssl_cert
scp ~/Downloads/6317712_www.dayarch.top_nginx/ root@server_ip:/home/ssl_cert

Then open the configuration file of Nginx for overall configuration

    listen 80;
    server_name; # Personal domain name
    rewrite ^(.*)$ https://$server_name$ permanent; #  redirect

server {
    listen 443; 
    server_name;  # Personal domain name
    ssl on; 
    ssl_certificate      /home/ssl_cert/; # . pem certificate
    ssl_certificate_key  /home/ssl_cert/; # . key certificate
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /home/hexo;  # Blog site home directory
        index index.php  index.html index.htm; 

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;

Check with nginx -t command. If everything is normal, the following results will be output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx service

systemctl restart nginx.service

So far, all the preparations have been completed. Next, we need to do some blog configuration

Local blog configuration modification

We need to configure the Git warehouse information of the remote server into the Hexo site configuration file (_config.yml)

  - type: git
    repo: git@server_ip:/home/git/blog.git
    branch: master

Execute the command of hexo successively for deployment

hexo clean
hexo generate
hexo deploy

So far, we are only one step away from success

Domain name resolution

Log in to the domain name server you purchased (for example, I am in Alibaba cloud), configure domain name resolution, and point it to the public address of our server:


Next, you can enter the domain name in the browser, verify it, and enjoy your achievements

Rigong Yibing | original

Topics: Java