Ghost 1.x on CentOS 6

1. Prerequisite

安装Ghost之前, 我们需要先安装以下:

  1. Nginx
  2. Certbot
  3. MySQL
  4. Migrate Data (db schema)

1.1 Nginx

$ yum install -y nginx
$ nginx -v
$ service nginx status
$ vi /etc/nginx/conf.d/ghost.conf
// ghost.conf
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ninoishere.com www.ninoishere.com blog.ninoishere.com;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:2368;
    }
}
$ service nginx start

1.2 Certbot

Certbot - All Instructions

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto

$ sudo ./path/to/certbot-auto --nginx

NIN: 运行certbot-auto --nginx 前需要配置好 nginx.
Ref: Trouble w/ Certbot & Let's Encrypt on Nginx/Ubuntu14.04 | DigitalOcean

1.3 Mysql

// 安装
sudo yum install mysql-server
sudo /sbin/chkconfig --levels 235 mysqld on
sudo service mysqld start


// 配置mysql hardening
mysql_secure_installation  //配置MySql
按回车
Set root password? [Y/n] # 设置root密码
anonymous users? [Y/n]  Y# 删除匿名用户
Disallow root login remotely? [Y/n] Y # 禁止root用户远程登录
Remove test database and access to it? [Y/n] Y # 删除默认的 test 数据库
Reload privilege tables now? [Y/n] Y # 刷新授权表使修改生效

// 配置ghost blog db
mysql -u root -p
输入刚刚设置的密码
进入数据库了,开始进一步配置:
create database ghost; # 创建ghost数据库
grant all privileges on ghost.* to 'ghost'@'%' identified by 'ghost';#为新建的库添加用户和密码
flush privileges; #刷新数据库信息

1.4 knex-migrator

npm install -g knex-migrator
cd /var/www/ghost
knex-migrator init

Ref: ghost centos 安装一直不顺利,有没有简洁安装方案

2. Ghost Installation

$ mkdir -p /var/www/
$ useradd -c "Ghost Application" ghost
$ cd /var/www
$ wget https://ghost.org/zip/ghost-latest.zip
$ unzip ghost-latest.zip -d ghost
$ chown -R ghost:ghost /var/www/ghost/
$ rm ghost-latest.zip
$ su - ghost
$ cd /var/www/ghost
$ npm install --production

不知道为何zip file中移除了config.example.js。


// config.example.js

{
        "url": "http://www.example.com",    //NIN: 这一句反应在admin - view my blog
        "server": {
                "port": 2368,
                "host": "127.0.0.1"
        },
        "database": {
                "client": "mysql",
                "connection": {
                        "host": "localhost",
                        "user": "myuser",
                        "password": "mypassword",
                        "database": "mydb",
                        "charset": "utf8"
                }
        },
        "mail": {
                "transport": "SMTP",
                "options": {
                        "service": "Mailgun",
                        "auth": {
                                "user": "postmaster@example.mailgun.org",
                                "pass": "1234567890"
               }
        },
        "logging": {
                "transports": [
                        "file",
                        "stdout"
                ]
        },
        "process": "systemd",
        "paths": {
                "contentPath": "/var/www/ghostblog/content"
        }
}

将上面的 json 创建于 project root 目录.

$ vi /var/www/ghost/config.production.json
// 1.x对于 config.js 的修改很大, zip 包也去除了该文件. 遗憾找不到官方的 sample, 传说是需要 run ghost install 的时候会生成.
//
// npm start --production是不 work 的.

$ npm start

2.1 Forever

$ su - ghost
$ cd /var/www/ghost
$ npm install forever
$ echo "export PATH=/var/www/ghost/node_modules/forever/bin:$PATH" >> ~/.bashrc
$ source ~/.bashrc
$ /var/www/ghost/node_modules/forever/bin/forever start index.js

Ref

Misc

这是certbot生成的一份conf

// /etc/nginx/conf.d/ghost.conf
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ninoishere.com www.ninoishere.com blog.ninoishere.com;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:2368;
    }

ssl_certificate /etc/letsencrypt/live/blog.ninoishere.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blog.ninoishere.com/privkey.pem; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}
Show Comments