chore: add config

json-q · json-q · commit 44fa52f6981c · 2025-10-21T22:36:11.000+08:00
diff --git a/docker/acme.docker-compose.yml b/docker/acme.docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  acme-sh:
+    image: neilpang/acme.sh
+    container_name: acme
+    restart: always
+    command: daemon
+    environment:
+      - Ali_Key=xxx
+      - Ali_Secret=yyy
+    volumes:
+      - ./acme:/acme.sh
+    network_mode: host
diff --git a/docker/github-action-for-docker.yml b/docker/github-action-for-docker.yml
@@ -0,0 +1,45 @@
+name: Deploy Blog
+
+on:
+  push:
+    branches: main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Connect server to deploy blog
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          # 无缓存时，构建大约需要 10min+，8 次拉取重试约 8min+
+          command_timeout: 30m
+          script: |
+            cd ${{ secrets.BLOG_PATH_REMOTE }}
+            MAX_RETRIES=8
+            RETRY_COUNT=0
+
+            while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
+              echo "▶️ Attempt $((RETRY_COUNT+1))/$MAX_RETRIES: Pulling code..."
+              if git pull origin main; then
+                echo "✅ Git pull succeeded"
+                docker stop blog || true
+                docker rm blog || true
+                docker rmi nextjs || true
+                docker build -t nextjs .
+                docker compose up -d
+                exit 0
+              else
+                echo "❌ Git pull failed (attempt $((RETRY_COUNT+1))/$MAX_RETRIES)"
+                ((RETRY_COUNT++))
+                sleep 5
+              fi
+            done
+
+            echo "🛑 Error: Failed to pull code after $MAX_RETRIES attempts"
+            exit 1
diff --git a/docker/minio-docker-compose.yml b/docker/minio-docker-compose.yml
@@ -0,0 +1,27 @@
+name: 'minio'
+services:
+  minio:
+    container_name: minio
+    image: minio/minio
+    restart: always
+    environment:
+      - TZ=Asia/Shanghai
+      - MINIO_ROOT_USER=your_minio_username
+      - MINIO_ROOT_PASSWORD=youer_minio_password
+    networks:
+      - nginx-network
+    ports:
+      - '9000:9000'
+      - '9999:9999'
+    volumes:
+      - ./db:/data
+      - ./config:/root/.minio
+    command: minio server /data --console-address ":9999"
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live']
+      interval: 30s
+      timeout: 20s
+      retries: 3
+networks:
+  nginx-network:
+    external: true
diff --git a/docker/nginx-docker-compose.yml b/docker/nginx-docker-compose.yml
@@ -0,0 +1,23 @@
+services:
+  nginx:
+    image: nginx # nginx:alpine
+    container_name: nginx
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./html:/usr/share/nginx/html
+      - ./logs:/var/log/nginx
+      - /data/container/acme/acme:/etc/nginx/ssl
+      # - ./nginx.conf:/etc/nginx/nginx.conf  # dcoker 不支持文件挂载
+      - ./conf.d:/etc/nginx/conf.d # conf.d 下的 *.conf 会被识别成 nginx 配置文件
+      - ./default.d:/etc/nginx/default.d
+    environment:
+      - TZ=Asia/Shanghai
+    privileged: true # 解决nginx的文件调用的权限问题
+    networks:
+      - nginx-network # 提前手动创建网络 docker network create nginx-network
+networks:
+  nginx-network:
+    external: true
diff --git a/docker/nginx.conf b/docker/nginx.conf
@@ -0,0 +1,101 @@
+server {
+  listen 80;
+  server_name test.com www.test.com;
+  return 301 https://$host$request_uri;
+}
+
+# standalone mode
+server {
+  listen 443 ssl;
+  http2 on;
+  server_name test.com www.test.com;
+  ssl_certificate "/etc/nginx/ssl/test.com_ecc/test.com.cer"; # fullchain.cer (recommended)
+  ssl_certificate_key "/etc/nginx/ssl/test.com_ecc/test.com.key";
+  ssl_session_cache shared:SSL:1m;
+  ssl_session_timeout 10m;
+  ssl_ciphers HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers on;
+
+  # root /usr/share/nginx/html;
+
+  location / {
+    #  root /usr/share/nginx/html;
+    #  try_files $uri $uri/ /index.html;
+    #  index  index.html index.htm;
+    proxy_pass http://blog:3000; # container name is 'blog'
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+}
+
+# export mode
+server {
+  # ....
+  root /usr/share/nginx/html/jsonq/out;
+
+  location / {
+    try_files $uri $uri.html $uri/ =404;
+  }
+
+  # This is necessary when `trailingSlash: false`.
+  # You can omit this when `trailingSlash: true`.
+  location /blog/ {
+    rewrite ^/blog/(.*)$ /blog/$1.html break;
+  }
+
+  location ^~ /cdn-static/ {
+    proxy_pass https://testingcf.jsdelivr.net/gh/json-q/picture-blog@main/;
+  }
+
+  error_page 404 /404.html;
+  location = /404.html {
+    internal;
+  }
+}
+
+server {
+  listen 80;
+  server_name minio.test.com www.minio.test.com;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  #...
+
+  location / {
+    proxy_pass http://minio:9999;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    # support websocket
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+}
+
+# img.test.com
+server {
+  listen 80;
+  server_name img.test.com www.img.test.com;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  #...
+
+  client_max_body_size 50m;
+  proxy_buffer_size 128k;
+  proxy_buffers 4 256k;
+  proxy_busy_buffers_size 256k;
+  proxy_temp_file_write_size 512k;
+
+  add_header Cache-Control "public, max-age=2592000";
+  location / {
+    proxy_pass http://minio:9000;
+    proxy_set_header Host $http_host;
+  }
+}
