From c97d31afe4c1fcea3fabf0002b9560c9bcc92d88 Mon Sep 17 00:00:00 2001 From: joyzhao Date: Fri, 9 Jan 2026 16:41:14 +0800 Subject: [PATCH] =?UTF-8?q?feat(blog):=20=E6=B7=BB=E5=8A=A0=201Panel=20?= =?UTF-8?q?=E8=87=AA=E5=8A=A8=E5=8C=96=E9=83=A8=E7=BD=B2=E7=AC=94=E8=AE=B0?= =?UTF-8?q?=EF=BC=8C=E6=8F=90=E4=BE=9B=E8=BD=BB=E9=87=8F=E7=BA=A7=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=96=B9=E6=A1=88=E5=92=8C=20SSH=20=E5=85=8D=E5=AF=86?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../posts/{2025060801.md => 2024060801.md} | 45 +++++++++----- .../posts/{2025060801.md => 2024060801.md} | 61 +++++++++++-------- 2 files changed, 66 insertions(+), 40 deletions(-) rename src/pages/blog/posts/{2025060801.md => 2024060801.md} (71%) rename src/pages/zh/blog/posts/{2025060801.md => 2024060801.md} (63%) diff --git a/src/pages/blog/posts/2025060801.md b/src/pages/blog/posts/2024060801.md similarity index 71% rename from src/pages/blog/posts/2025060801.md rename to src/pages/blog/posts/2024060801.md index 1268780..1861ac8 100644 --- a/src/pages/blog/posts/2025060801.md +++ b/src/pages/blog/posts/2024060801.md @@ -1,4 +1,15 @@ -# 1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local +--- +layout: "@/layouts/BlogPostLayout.astro" +title: "1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local" +description: "Learn how to build a lightweight deployment pipeline using 1Panel with SSH key authentication and ACL permissions. Complete guide for solo developers to automate server deployments." +date: "2024-06-08" +image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop" +tags: ["1Panel", "DevOps", "Automation", "SSH", "Deployment"] +tagId: ["1panel", "devops", "automation", "ssh", "deployment"] +category: "DevOps" +categoryId: "devops" +readTime: "5 min read" +--- Updating code used to make me feel like a "human FTP client": @@ -15,11 +26,13 @@ Running scripts as root? That's like performing surgery with a chainsaw. Let's c ```bash # Create the deployment account -sudo adduser deploy_zgy +sudo adduser deploy_user # Critical: disable password login, SSH keys only # Even if someone guesses the password, they can't get in -sudo usermod -s /usr/sbin/nologin deploy_zgy +# -l locks the password account (禁用密码登录) +# -u unlocks the password account (如需恢复密码登录) +sudo passwd -l deploy_user ``` ## 2. The Permission Puzzle: ACL to the Rescue @@ -34,10 +47,10 @@ sudo apt install acl -y # Grant access to sites directory (make sure this is your web root) # -R means recursive, but be careful if directory has other sites -sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites +sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites # Set default inheritance: new sites get access automatically -sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites +sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites ``` ## 3. SSH Key Access: No More Password Typing @@ -46,31 +59,31 @@ Copy your local SSH public key to the server, and never type a password again. ```bash # Create SSH directory for deployment user -sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh +sudo -u deploy_user mkdir -p /home/deploy_user/.ssh # Append your public key (using >> not > to avoid overwriting) -echo "your-public-key-here" >> /home/deploy_zgy/.ssh/authorized_keys +echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys # Permissions must be exact, or SSH will refuse -sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh -sudo chmod 700 /home/deploy_zgy/.ssh -sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys +sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh +sudo chmod 700 /home/deploy_user/.ssh +sudo chmod 600 /home/deploy_user/.ssh/authorized_keys ``` -**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_zgy@your-server-ip`. +**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_user@your-server-ip`. ## 4. SSH Aliases (For the Truly Lazy) Memorize IP addresses? Not in this decade. Add this to your local `~/.ssh/config`: ```text -Host ny-web # Nickname for your server - HostName 192.xxx.xxx.xxx # Your server IP - User deploy_zgy # Login user +Host your-server-alias # Nickname for your server + HostName your-server-ip-address # Your server IP + User deploy_user # Login user IdentityFile ~/.ssh/id_rsa # Private key path ``` -Now just type `ssh ny-web` and you're in. Magic. +Now just type `ssh your-server-alias` and you're in. Magic. ## 5. The Grand Finale: One-Command Deployment @@ -90,7 +103,7 @@ echo "🚀 Syncing to production..." # -z: compress during transfer # --delete: ⚠️ Warning: removes files on target that don't exist locally! # Remove this flag for first sync to be safe -rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/my-project-folder/ +rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/ echo "✅ Deployment complete!" echo "⏱️ Next time just run: ./deploy.sh" diff --git a/src/pages/zh/blog/posts/2025060801.md b/src/pages/zh/blog/posts/2024060801.md similarity index 63% rename from src/pages/zh/blog/posts/2025060801.md rename to src/pages/zh/blog/posts/2024060801.md index c1c9f02..eae3615 100644 --- a/src/pages/zh/blog/posts/2025060801.md +++ b/src/pages/zh/blog/posts/2024060801.md @@ -1,6 +1,17 @@ -# 1Panel 自动化部署笔记:告别“手动操作”,本地一键起飞 +--- +layout: "@/layouts/BlogPostLayout.astro" +title: "1Panel 自动化部署笔记:告别\"手动操作\",本地一键起飞" +description: "学习如何基于 1Panel 构建轻量级部署流水线,配合 SSH 密钥认证和 ACL 权限管理。本文为单兵作战的开发者提供了完整的自动化部署方案。" +date: "2024-06-08" +image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop" +tags: ["1Panel", "DevOps", "自动化", "SSH", "部署"] +tagId: ["1panel", "devops", "automation", "ssh", "deployment"] +category: "DevOps" +categoryId: "devops" +readTime: "5 min read" +--- -以前每次更新代码,都感觉自己像个“人肉传输带”: +以前每次更新代码,都感觉自己像个"人肉传输带": 1. 本地吭哧吭哧打包 2. 打开浏览器,输密码登录 1Panel 面板 @@ -9,24 +20,26 @@ 这一套流程下来,没个三五分钟搞不定,关键还特别容易漏文件。上周就因为我忘记上传一个新加的配置文件,线上挂了十分钟才反应过来。痛定思痛,我决定搞一套轻量级部署方案——不用整 Jenkins 那种大炮打蚊子,特别适合我这种单兵作战的小项目,要的就是快、稳、不求人。 -## 1. 先整个“跑腿小弟”账号 +## 1. 先整个"跑腿小弟"账号 -用 root 跑脚本?那太野了,万一脚本写崩了,服务器直接原地升天。得建个专门干这活的“小弟账号”。 +用 root 跑脚本?那太野了,万一脚本写崩了,服务器直接原地升天。得建个专门干这活的"小弟账号"。 ```bash # 创建专门负责部署的账号 -sudo adduser deploy_zgy +sudo adduser deploy_user # 关键一步:禁用这个账号的密码登录,只认 SSH 密钥 # 这样就算有人猜到密码也进不来,安全第一 -sudo usermod -s /usr/sbin/nologin deploy_zgy +# -l 锁定账号密码(禁用密码登录) +# -u 解锁账号密码(如需恢复密码登录) +sudo passwd -l deploy_user ``` -## 2. 权限难题的“优雅解法”:ACL 授权 +## 2. 权限难题的"优雅解法":ACL 授权 这里有个坑:1Panel 管理的文件有自己的一套权限体系,如果你用 `chown` 强行改属主,面板里的网站可能就直接 500 错误了。 -我的解决方案是 **ACL**(访问控制列表)。这玩意就像给文件加了张“访客通行证”,让 `deploy_zgy` 这个账号能读写文件,但又不会破坏 1Panel 原本的文件归属关系。 +我的解决方案是 **ACL**(访问控制列表)。这玩意就像给文件加了张"访客通行证",让 `deploy_user` 这个账号能读写文件,但又不会破坏 1Panel 原本的文件归属关系。 ```bash # 先安装 ACL 工具 @@ -34,10 +47,10 @@ sudo apt install acl -y # 给 sites 目录开绿灯(注意:确认这是你的网站根目录) # -R 表示递归,但如果目录里已有其他站点,建议先备份或确认操作 -sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites +sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites -# 设置默认权限继承:以后在面板里新建的站点,自动给 deploy_zgy 权限 -sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites +# 设置默认权限继承:以后在面板里新建的站点,自动给 deploy_user 权限 +sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites ``` ## 3. SSH 免密登录:从此进出如风 @@ -46,31 +59,31 @@ sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites ```bash # 切换到部署账号的家目录 -sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh +sudo -u deploy_user mkdir -p /home/deploy_user/.ssh # 追加你的公钥(用 >> 而不是 >,避免覆盖别人的密钥) -echo "你的公钥内容,就是 id_rsa.pub 文件里那串" >> /home/deploy_zgy/.ssh/authorized_keys +echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys # 权限必须严格设置,否则 SSH 会拒绝连接 -sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh -sudo chmod 700 /home/deploy_zgy/.ssh -sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys +sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh +sudo chmod 700 /home/deploy_user/.ssh +sudo chmod 600 /home/deploy_user/.ssh/authorized_keys ``` -**更懒的方法**:如果你本地有 `ssh-copy-id` 命令,直接 `ssh-copy-id deploy_zgy@你的服务器IP`。 +**更懒的方法**:如果你本地有 `ssh-copy-id` 命令,直接 `ssh-copy-id deploy_user@your-server-ip-address`。 ## 4. SSH 别名配置(懒癌患者的福音) 记 IP 地址?不存在的。在本地 `~/.ssh/config` 文件里加一段: ```text -Host ny-web # 给你服务器起的外号,随便起,好记就行 - HostName 192.xxx.xxx.xxx # 你的服务器 IP - User deploy_zgy # 登录用户 +Host your-server-alias # 给你服务器起的外号,随便起,好记就行 + HostName your-server-ip-address # 你的服务器 IP + User deploy_user # 登录用户 IdentityFile ~/.ssh/id_rsa # 私钥路径 ``` -配置完,以后登录就直接 `ssh ny-web`,爽! +配置完,以后登录就直接 `ssh your-server-alias`,爽! ## 5. 终极一击:一键部署脚本 @@ -90,7 +103,7 @@ echo "🚀 开始同步到生产环境..." # -z: 压缩传输 # --delete: ⚠️ 注意:这会删除目标端有而源端没有的文件! # 首次同步建议先去掉这个参数,确认无误后再加上 -rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/我的项目文件夹/ +rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/ echo "✅ 部署完成!" echo "⏱️ 下次更新只需: ./deploy.sh" @@ -101,7 +114,7 @@ echo "⏱️ 下次更新只需: ./deploy.sh" ## 6. 我踩过的坑和注意事项 1. **首次同步别用 `--delete`**:先完整同步一次,确认文件都对,再加这个参数。不然可能把服务器上的重要文件删了。 -2. **ACL 权限检查**:如果同步后还是没权限,可以用 `getfacl /opt/1panel/www/sites/你的项目` 看看 ACL 设置是否生效。 +2. **ACL 权限检查**:如果同步后还是没权限,可以用 `getfacl /opt/1panel/www/sites/your-project-directory` 看看 ACL 设置是否生效。 3. **文件路径要对**:1Panel 的默认站点路径是 `/opt/1panel/www/sites/`,但如果你改过,记得调整。 4. **前端项目注意**:打包前清理 `node_modules`,这玩意别传到服务器。 @@ -111,4 +124,4 @@ echo "⏱️ 下次更新只需: ./deploy.sh" 对于还没到需要 CI/CD 的中小型项目,这种轻量级方案简直完美。几分钟配置,一劳永逸。如果你也在用 1Panel,又被手动上传困扰,试试这个方案吧。 -**最后提醒**:任何自动化操作都有风险,尤其是删除操作。第一次在生产环境用的时候,建议先找个测试目录跑一遍,确认无误再上。祝大家部署顺利,永不宕机! \ No newline at end of file +**最后提醒**:任何自动化操作都有风险,尤其是删除操作。第一次在生产环境用的时候,建议先找个测试目录跑一遍,确认无误再上。祝大家部署顺利,永不宕机!