Docker deploys Halo blog and configures SSL certificate

Alibaba cloud tools and Resource Center

Help developers work more efficiently and provide tools and resources around the whole life cycle of developers

Environment used in this article: alicloud ECS server, newly installed CentOS 8.4. The front content of this article: purchase ECs, purchase domain name and file, release port 808090443 in the security group / firewall of cloud service console (if pagoda panel is installed, it also needs to be released in the panel). This article will introduce deploying Halo blog through Docker, automatically applying for certificate through certbot and installing https access.

Halo blog installation

  1. Install Docker

    This article uses a newly installed system, so Docker is not installed. If Docker is installed, you can skip this step. Log in to the terminal, enter the following contents and press enter to complete the Docker installation. This command is also applicable to Ubuntu.

    curl -fsSL | bash -s docker --mirror Aliyun

  2. Create a working directory for Halo blog

    In this article, the halo blog working directory is placed in the home directory and named. Halo. This directory will be used to store all blog configuration, articles, topics and other data. If there is a need for backup or migration, you can directly copy this directory.

    Create a directory and go to the directory MKDIR ~ /. Halo & & CD ~ /. Halo

  3. Download the default configuration file to the working directory

    wget -O ./application.yaml

    The configuration file contains port, database, cache, background root path and other configurations. Generally, it does not need to be changed after downloading. If it is necessary to change the database used, please refer to Official documents.

  4. Pull Halo image

    docker pull halohub/halo:latest

  5. Create container

    docker run -it -d --name halo -p 8090:8090 -v ~/.halo:/root/.halo --restart=unless-stopped halohub/halo:1.4.11

    8090: 8090 the first 8090 is the host port and the second 8090 is the container port, which means mapping the 8090 port of the host to the 8090 port of the container.

    ~/. halo:/root/.halo means mapping the ~ /. Halo directory of the host to the / root/.halo directory of the container. Note that the latter cannot be changed.

    Please refer to for the specific meanings of other parameters Official documents.

  6. You can use it now http://ip: The port number accesses the installation boot interface. However, it is recommended to initialize the blog after completing the following reverse proxy and SSL certificate configuration.

Reverse proxy using Nginx

Note that the following content is based on using the 8090 host port. If there is any change, please note that the 8090 is changed to the self modified port in the configuration file

  1. Installing Nginx

    # The following codes apply to CentOS
    # Add Nginx source
    sudo rpm -Uvh
    # Installing Nginx
    sudo yum install -y nginx
    # Start Nginx
    sudo systemctl start nginx.service
    # Set startup and self startup Nginx
    sudo systemctl enable nginx.service
    # The following code applies to Ubuntu
    sudo update
    sudo apt install nginx
  2. Configure Nginx

    # Download Halo's official Nginx configuration template
    curl -o /etc/nginx/conf.d/halo.conf --create-dirs

    It needs to be modified after downloading. The default path of Nginx installed by the above method is / etc/nginx

    # For vim editing halo.conf
    vim /etc/nginx/conf.d/halo.conf

    The content after opening should be similar

    server {
        listen 80;
        server_name; # Modify to your own domain name
        location / {
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass; #  If you want to change the default host 8090 port, please modify the port selected here for execution

    After modification

    # Check the configuration for errors
    sudo nginx -t
    # Reload Nginx configuration
    sudo nginx -s reload

    Use certbot to request and automatically install SSL certificates

    Alibaba cloud / Tencent cloud and other cloud service providers can also apply for and download free SSL certificates. Please refer to the relevant tutorials for such certificates. This article only introduces the application for certificates through certbot and automatic installation.

    1. To install the certbot and certbot nginx plug-ins:

      # Select the corresponding command according to your own system
      # CentOS installs certbot and certbot nginx plug-ins
      sudo yum install certbot -y
      sudo yum install python3-certbot-nginx -y
      # Install certbot and the certbot nginx plug-in for Ubuntu
      sudo apt install certbot
      sudo apt install python3-certbot-nginx
    2. To request and automatically configure a certificate:

      sudo certbot --nginx

    You need to enter the mailbox and press y or a to agree to the relevant agreement. For details, please refer to the output after entering the command

    1. auto renew

      The free certificate applied here can be renewed for free. Theoretically, it can be used for free all the time. Here is a command to automatically execute renewal

      sudo certbot renew --dry-run


Here, all the steps have been completed. You can access Halo blog directly through the domain name. Note that most domain names registered by domestic service providers need to be filed, otherwise they cannot be used. Please refer to the cloud service provider's documentation for details.

After setting the reverse proxy, you must set the correct blog address in the background management interface of the blog, otherwise it may lead to unsuccessful CSS loading, style confusion and other errors.

This article is transferred from:

Tags: LK

Posted on Tue, 07 Sep 2021 16:45:09 -0400 by mistertylersmith