feat(blog): 添加 1Panel 自动化部署笔记，提供轻量级部署方案和 SSH 免密登录配置

src/pages/blog/posts/2024060801.md

@@ -1,4 +1,15 @@
-# 1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local
+---
+layout: "@/layouts/BlogPostLayout.astro"
+title: "1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local"
+description: "Learn how to build a lightweight deployment pipeline using 1Panel with SSH key authentication and ACL permissions. Complete guide for solo developers to automate server deployments."
+date: "2024-06-08"
+image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop"
+tags: ["1Panel", "DevOps", "Automation", "SSH", "Deployment"]
+tagId: ["1panel", "devops", "automation", "ssh", "deployment"]
+category: "DevOps"
+categoryId: "devops"
+readTime: "5 min read"
+---
 
 Updating code used to make me feel like a "human FTP client":
 
@@ -15,11 +26,13 @@ Running scripts as root? That's like performing surgery with a chainsaw. Let's c
 
 ```bash
 # Create the deployment account
-sudo adduser deploy_zgy
+sudo adduser deploy_user
 
 # Critical: disable password login, SSH keys only
 # Even if someone guesses the password, they can't get in
-sudo usermod -s /usr/sbin/nologin deploy_zgy
+# -l locks the password account (禁用密码登录)
+# -u unlocks the password account (如需恢复密码登录)
+sudo passwd -l deploy_user
 ```
 
 ## 2. The Permission Puzzle: ACL to the Rescue
@@ -34,10 +47,10 @@ sudo apt install acl -y
 
 # Grant access to sites directory (make sure this is your web root)
 # -R means recursive, but be careful if directory has other sites
-sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites
+sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites
 
 # Set default inheritance: new sites get access automatically
-sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
+sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites
 ```
 
 ## 3. SSH Key Access: No More Password Typing
@@ -46,31 +59,31 @@ Copy your local SSH public key to the server, and never type a password again.
 
 ```bash
 # Create SSH directory for deployment user
-sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh
+sudo -u deploy_user mkdir -p /home/deploy_user/.ssh
 
 # Append your public key (using >> not > to avoid overwriting)
-echo "your-public-key-here" >> /home/deploy_zgy/.ssh/authorized_keys
+echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys
 
 # Permissions must be exact, or SSH will refuse
-sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh
+sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh
-sudo chmod 700 /home/deploy_zgy/.ssh
+sudo chmod 700 /home/deploy_user/.ssh
-sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys
+sudo chmod 600 /home/deploy_user/.ssh/authorized_keys
 ```
 
-**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_zgy@your-server-ip`.
+**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_user@your-server-ip`.
 
 ## 4. SSH Aliases (For the Truly Lazy)
 
 Memorize IP addresses? Not in this decade. Add this to your local `~/.ssh/config`:
 
 ```text
-Host ny-web  # Nickname for your server
+Host your-server-alias  # Nickname for your server
-    HostName 192.xxx.xxx.xxx  # Your server IP
+    HostName your-server-ip-address  # Your server IP
-    User deploy_zgy  # Login user
+    User deploy_user  # Login user
     IdentityFile ~/.ssh/id_rsa  # Private key path
 ```
 
-Now just type `ssh ny-web` and you're in. Magic.
+Now just type `ssh your-server-alias` and you're in. Magic.
 
 ## 5. The Grand Finale: One-Command Deployment
 
@@ -90,7 +103,7 @@ echo "🚀 Syncing to production..."
 # -z: compress during transfer
 # --delete: ⚠️ Warning: removes files on target that don't exist locally!
 #          Remove this flag for first sync to be safe
-rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/my-project-folder/
+rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/
 
 echo "✅ Deployment complete!"
 echo "⏱️ Next time just run: ./deploy.sh"

src/pages/zh/blog/posts/2024060801.md

@@ -1,6 +1,17 @@
-# 1Panel 自动化部署笔记：告别“手动操作”，本地一键起飞
+---
+layout: "@/layouts/BlogPostLayout.astro"
+title: "1Panel 自动化部署笔记：告别\"手动操作\"，本地一键起飞"
+description: "学习如何基于 1Panel 构建轻量级部署流水线，配合 SSH 密钥认证和 ACL 权限管理。本文为单兵作战的开发者提供了完整的自动化部署方案。"
+date: "2024-06-08"
+image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop"
+tags: ["1Panel", "DevOps", "自动化", "SSH", "部署"]
+tagId: ["1panel", "devops", "automation", "ssh", "deployment"]
+category: "DevOps"
+categoryId: "devops"
+readTime: "5 min read"
+---
 
-以前每次更新代码，都感觉自己像个“人肉传输带”：
+以前每次更新代码，都感觉自己像个"人肉传输带"：
 
 1. 本地吭哧吭哧打包
 2. 打开浏览器，输密码登录 1Panel 面板
@@ -9,24 +20,26 @@
 
 这一套流程下来，没个三五分钟搞不定，关键还特别容易漏文件。上周就因为我忘记上传一个新加的配置文件，线上挂了十分钟才反应过来。痛定思痛，我决定搞一套轻量级部署方案——不用整 Jenkins 那种大炮打蚊子，特别适合我这种单兵作战的小项目，要的就是快、稳、不求人。
 
-## 1. 先整个“跑腿小弟”账号
+## 1. 先整个"跑腿小弟"账号
 
-用 root 跑脚本？那太野了，万一脚本写崩了，服务器直接原地升天。得建个专门干这活的“小弟账号”。
+用 root 跑脚本？那太野了，万一脚本写崩了，服务器直接原地升天。得建个专门干这活的"小弟账号"。
 
 ```bash
 # 创建专门负责部署的账号
-sudo adduser deploy_zgy
+sudo adduser deploy_user
 
 # 关键一步：禁用这个账号的密码登录，只认 SSH 密钥
 # 这样就算有人猜到密码也进不来，安全第一
-sudo usermod -s /usr/sbin/nologin deploy_zgy
+# -l 锁定账号密码（禁用密码登录）
+# -u 解锁账号密码（如需恢复密码登录）
+sudo passwd -l deploy_user
 ```
 
-## 2. 权限难题的“优雅解法”：ACL 授权
+## 2. 权限难题的"优雅解法"：ACL 授权
 
 这里有个坑：1Panel 管理的文件有自己的一套权限体系，如果你用 `chown` 强行改属主，面板里的网站可能就直接 500 错误了。
 
-我的解决方案是 **ACL**（访问控制列表）。这玩意就像给文件加了张“访客通行证”，让 `deploy_zgy` 这个账号能读写文件，但又不会破坏 1Panel 原本的文件归属关系。
+我的解决方案是 **ACL**（访问控制列表）。这玩意就像给文件加了张"访客通行证"，让 `deploy_user` 这个账号能读写文件，但又不会破坏 1Panel 原本的文件归属关系。
 
 ```bash
 # 先安装 ACL 工具
@@ -34,10 +47,10 @@ sudo apt install acl -y
 
 # 给 sites 目录开绿灯（注意：确认这是你的网站根目录）
 # -R 表示递归，但如果目录里已有其他站点，建议先备份或确认操作
-sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites
+sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites
 
-# 设置默认权限继承：以后在面板里新建的站点，自动给 deploy_zgy 权限
+# 设置默认权限继承：以后在面板里新建的站点，自动给 deploy_user 权限
-sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
+sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites
 ```
 
 ## 3. SSH 免密登录：从此进出如风
@@ -46,31 +59,31 @@ sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
 
 ```bash
 # 切换到部署账号的家目录
-sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh
+sudo -u deploy_user mkdir -p /home/deploy_user/.ssh
 
 # 追加你的公钥（用 >> 而不是 >，避免覆盖别人的密钥）
-echo "你的公钥内容，就是 id_rsa.pub 文件里那串" >> /home/deploy_zgy/.ssh/authorized_keys
+echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys
 
 # 权限必须严格设置，否则 SSH 会拒绝连接
-sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh
+sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh
-sudo chmod 700 /home/deploy_zgy/.ssh
+sudo chmod 700 /home/deploy_user/.ssh
-sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys
+sudo chmod 600 /home/deploy_user/.ssh/authorized_keys
 ```
 
-**更懒的方法**：如果你本地有 `ssh-copy-id` 命令，直接 `ssh-copy-id deploy_zgy@你的服务器IP`。
+**更懒的方法**：如果你本地有 `ssh-copy-id` 命令，直接 `ssh-copy-id deploy_user@your-server-ip-address`。
 
 ## 4. SSH 别名配置（懒癌患者的福音）
 
 记 IP 地址？不存在的。在本地 `~/.ssh/config` 文件里加一段：
 
 ```text
-Host ny-web  # 给你服务器起的外号，随便起，好记就行
+Host your-server-alias  # 给你服务器起的外号，随便起，好记就行
-    HostName 192.xxx.xxx.xxx  # 你的服务器 IP
+    HostName your-server-ip-address  # 你的服务器 IP
-    User deploy_zgy  # 登录用户
+    User deploy_user  # 登录用户
     IdentityFile ~/.ssh/id_rsa  # 私钥路径
 ```
 
-配置完，以后登录就直接 `ssh ny-web`，爽！
+配置完，以后登录就直接 `ssh your-server-alias`，爽！
 
 ## 5. 终极一击：一键部署脚本
 
@@ -90,7 +103,7 @@ echo "🚀 开始同步到生产环境..."
 # -z: 压缩传输
 # --delete: ⚠️ 注意：这会删除目标端有而源端没有的文件！
 #          首次同步建议先去掉这个参数，确认无误后再加上
-rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/我的项目文件夹/
+rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/
 
 echo "✅ 部署完成！"
 echo "⏱️ 下次更新只需: ./deploy.sh"
@@ -101,7 +114,7 @@ echo "⏱️ 下次更新只需: ./deploy.sh"
 ## 6. 我踩过的坑和注意事项
 
 1. **首次同步别用 `--delete`**：先完整同步一次，确认文件都对，再加这个参数。不然可能把服务器上的重要文件删了。
-2. **ACL 权限检查**：如果同步后还是没权限，可以用 `getfacl /opt/1panel/www/sites/你的项目` 看看 ACL 设置是否生效。
+2. **ACL 权限检查**：如果同步后还是没权限，可以用 `getfacl /opt/1panel/www/sites/your-project-directory` 看看 ACL 设置是否生效。
 3. **文件路径要对**：1Panel 的默认站点路径是 `/opt/1panel/www/sites/`，但如果你改过，记得调整。
 4. **前端项目注意**：打包前清理 `node_modules`，这玩意别传到服务器。