feat(blog): 添加 1Panel 自动化部署笔记,提供轻量级部署方案和 SSH 免密登录配置
This commit is contained in:
joyzhao
@@ -1,4 +1,15 @@
|
||||
# 1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local
|
||||
---
|
||||
layout: "@/layouts/BlogPostLayout.astro"
|
||||
title: "1Panel Automated Deployment Notes: Say Goodbye to Manual Uploads, One-Command Takeoff from Local"
|
||||
description: "Learn how to build a lightweight deployment pipeline using 1Panel with SSH key authentication and ACL permissions. Complete guide for solo developers to automate server deployments."
|
||||
date: "2024-06-08"
|
||||
image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop"
|
||||
tags: ["1Panel", "DevOps", "Automation", "SSH", "Deployment"]
|
||||
tagId: ["1panel", "devops", "automation", "ssh", "deployment"]
|
||||
category: "DevOps"
|
||||
categoryId: "devops"
|
||||
readTime: "5 min read"
|
||||
---
|
||||
|
||||
Updating code used to make me feel like a "human FTP client":
|
||||
|
||||
@@ -15,11 +26,13 @@ Running scripts as root? That's like performing surgery with a chainsaw. Let's c
|
||||
|
||||
```bash
|
||||
# Create the deployment account
|
||||
sudo adduser deploy_zgy
|
||||
sudo adduser deploy_user
|
||||
|
||||
# Critical: disable password login, SSH keys only
|
||||
# Even if someone guesses the password, they can't get in
|
||||
sudo usermod -s /usr/sbin/nologin deploy_zgy
|
||||
# -l locks the password account (禁用密码登录)
|
||||
# -u unlocks the password account (如需恢复密码登录)
|
||||
sudo passwd -l deploy_user
|
||||
```
|
||||
|
||||
## 2. The Permission Puzzle: ACL to the Rescue
|
||||
@@ -34,10 +47,10 @@ sudo apt install acl -y
|
||||
|
||||
# Grant access to sites directory (make sure this is your web root)
|
||||
# -R means recursive, but be careful if directory has other sites
|
||||
sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites
|
||||
sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites
|
||||
|
||||
# Set default inheritance: new sites get access automatically
|
||||
sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
|
||||
sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites
|
||||
```
|
||||
|
||||
## 3. SSH Key Access: No More Password Typing
|
||||
@@ -46,31 +59,31 @@ Copy your local SSH public key to the server, and never type a password again.
|
||||
|
||||
```bash
|
||||
# Create SSH directory for deployment user
|
||||
sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh
|
||||
sudo -u deploy_user mkdir -p /home/deploy_user/.ssh
|
||||
|
||||
# Append your public key (using >> not > to avoid overwriting)
|
||||
echo "your-public-key-here" >> /home/deploy_zgy/.ssh/authorized_keys
|
||||
echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys
|
||||
|
||||
# Permissions must be exact, or SSH will refuse
|
||||
sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh
|
||||
sudo chmod 700 /home/deploy_zgy/.ssh
|
||||
sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys
|
||||
sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh
|
||||
sudo chmod 700 /home/deploy_user/.ssh
|
||||
sudo chmod 600 /home/deploy_user/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_zgy@your-server-ip`.
|
||||
**Even lazier method**: If you have `ssh-copy-id` locally, just run `ssh-copy-id deploy_user@your-server-ip`.
|
||||
|
||||
## 4. SSH Aliases (For the Truly Lazy)
|
||||
|
||||
Memorize IP addresses? Not in this decade. Add this to your local `~/.ssh/config`:
|
||||
|
||||
```text
|
||||
Host ny-web # Nickname for your server
|
||||
HostName 192.xxx.xxx.xxx # Your server IP
|
||||
User deploy_zgy # Login user
|
||||
Host your-server-alias # Nickname for your server
|
||||
HostName your-server-ip-address # Your server IP
|
||||
User deploy_user # Login user
|
||||
IdentityFile ~/.ssh/id_rsa # Private key path
|
||||
```
|
||||
|
||||
Now just type `ssh ny-web` and you're in. Magic.
|
||||
Now just type `ssh your-server-alias` and you're in. Magic.
|
||||
|
||||
## 5. The Grand Finale: One-Command Deployment
|
||||
|
||||
@@ -90,7 +103,7 @@ echo "🚀 Syncing to production..."
|
||||
# -z: compress during transfer
|
||||
# --delete: ⚠️ Warning: removes files on target that don't exist locally!
|
||||
# Remove this flag for first sync to be safe
|
||||
rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/my-project-folder/
|
||||
rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/
|
||||
|
||||
echo "✅ Deployment complete!"
|
||||
echo "⏱️ Next time just run: ./deploy.sh"
|
||||
@@ -1,6 +1,17 @@
|
||||
# 1Panel 自动化部署笔记:告别“手动操作”,本地一键起飞
|
||||
---
|
||||
layout: "@/layouts/BlogPostLayout.astro"
|
||||
title: "1Panel 自动化部署笔记:告别\"手动操作\",本地一键起飞"
|
||||
description: "学习如何基于 1Panel 构建轻量级部署流水线,配合 SSH 密钥认证和 ACL 权限管理。本文为单兵作战的开发者提供了完整的自动化部署方案。"
|
||||
date: "2024-06-08"
|
||||
image: "https://images.unsplash.com/photo-1558494949-ef010cbdcc31?q=80&w=1470&auto=format&fit=crop"
|
||||
tags: ["1Panel", "DevOps", "自动化", "SSH", "部署"]
|
||||
tagId: ["1panel", "devops", "automation", "ssh", "deployment"]
|
||||
category: "DevOps"
|
||||
categoryId: "devops"
|
||||
readTime: "5 min read"
|
||||
---
|
||||
|
||||
以前每次更新代码,都感觉自己像个“人肉传输带”:
|
||||
以前每次更新代码,都感觉自己像个"人肉传输带":
|
||||
|
||||
1. 本地吭哧吭哧打包
|
||||
2. 打开浏览器,输密码登录 1Panel 面板
|
||||
@@ -9,24 +20,26 @@
|
||||
|
||||
这一套流程下来,没个三五分钟搞不定,关键还特别容易漏文件。上周就因为我忘记上传一个新加的配置文件,线上挂了十分钟才反应过来。痛定思痛,我决定搞一套轻量级部署方案——不用整 Jenkins 那种大炮打蚊子,特别适合我这种单兵作战的小项目,要的就是快、稳、不求人。
|
||||
|
||||
## 1. 先整个“跑腿小弟”账号
|
||||
## 1. 先整个"跑腿小弟"账号
|
||||
|
||||
用 root 跑脚本?那太野了,万一脚本写崩了,服务器直接原地升天。得建个专门干这活的“小弟账号”。
|
||||
用 root 跑脚本?那太野了,万一脚本写崩了,服务器直接原地升天。得建个专门干这活的"小弟账号"。
|
||||
|
||||
```bash
|
||||
# 创建专门负责部署的账号
|
||||
sudo adduser deploy_zgy
|
||||
sudo adduser deploy_user
|
||||
|
||||
# 关键一步:禁用这个账号的密码登录,只认 SSH 密钥
|
||||
# 这样就算有人猜到密码也进不来,安全第一
|
||||
sudo usermod -s /usr/sbin/nologin deploy_zgy
|
||||
# -l 锁定账号密码(禁用密码登录)
|
||||
# -u 解锁账号密码(如需恢复密码登录)
|
||||
sudo passwd -l deploy_user
|
||||
```
|
||||
|
||||
## 2. 权限难题的“优雅解法”:ACL 授权
|
||||
## 2. 权限难题的"优雅解法":ACL 授权
|
||||
|
||||
这里有个坑:1Panel 管理的文件有自己的一套权限体系,如果你用 `chown` 强行改属主,面板里的网站可能就直接 500 错误了。
|
||||
|
||||
我的解决方案是 **ACL**(访问控制列表)。这玩意就像给文件加了张“访客通行证”,让 `deploy_zgy` 这个账号能读写文件,但又不会破坏 1Panel 原本的文件归属关系。
|
||||
我的解决方案是 **ACL**(访问控制列表)。这玩意就像给文件加了张"访客通行证",让 `deploy_user` 这个账号能读写文件,但又不会破坏 1Panel 原本的文件归属关系。
|
||||
|
||||
```bash
|
||||
# 先安装 ACL 工具
|
||||
@@ -34,10 +47,10 @@ sudo apt install acl -y
|
||||
|
||||
# 给 sites 目录开绿灯(注意:确认这是你的网站根目录)
|
||||
# -R 表示递归,但如果目录里已有其他站点,建议先备份或确认操作
|
||||
sudo setfacl -R -m u:deploy_zgy:rwx /opt/1panel/www/sites
|
||||
sudo setfacl -R -m u:deploy_user:rwx /opt/1panel/www/sites
|
||||
|
||||
# 设置默认权限继承:以后在面板里新建的站点,自动给 deploy_zgy 权限
|
||||
sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
|
||||
# 设置默认权限继承:以后在面板里新建的站点,自动给 deploy_user 权限
|
||||
sudo setfacl -R -d -m u:deploy_user:rwx /opt/1panel/www/sites
|
||||
```
|
||||
|
||||
## 3. SSH 免密登录:从此进出如风
|
||||
@@ -46,31 +59,31 @@ sudo setfacl -R -d -m u:deploy_zgy:rwx /opt/1panel/www/sites
|
||||
|
||||
```bash
|
||||
# 切换到部署账号的家目录
|
||||
sudo -u deploy_zgy mkdir -p /home/deploy_zgy/.ssh
|
||||
sudo -u deploy_user mkdir -p /home/deploy_user/.ssh
|
||||
|
||||
# 追加你的公钥(用 >> 而不是 >,避免覆盖别人的密钥)
|
||||
echo "你的公钥内容,就是 id_rsa.pub 文件里那串" >> /home/deploy_zgy/.ssh/authorized_keys
|
||||
echo "your-ssh-public-key-content" >> /home/deploy_user/.ssh/authorized_keys
|
||||
|
||||
# 权限必须严格设置,否则 SSH 会拒绝连接
|
||||
sudo chown -R deploy_zgy:deploy_zgy /home/deploy_zgy/.ssh
|
||||
sudo chmod 700 /home/deploy_zgy/.ssh
|
||||
sudo chmod 600 /home/deploy_zgy/.ssh/authorized_keys
|
||||
sudo chown -R deploy_user:deploy_user /home/deploy_user/.ssh
|
||||
sudo chmod 700 /home/deploy_user/.ssh
|
||||
sudo chmod 600 /home/deploy_user/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
**更懒的方法**:如果你本地有 `ssh-copy-id` 命令,直接 `ssh-copy-id deploy_zgy@你的服务器IP`。
|
||||
**更懒的方法**:如果你本地有 `ssh-copy-id` 命令,直接 `ssh-copy-id deploy_user@your-server-ip-address`。
|
||||
|
||||
## 4. SSH 别名配置(懒癌患者的福音)
|
||||
|
||||
记 IP 地址?不存在的。在本地 `~/.ssh/config` 文件里加一段:
|
||||
|
||||
```text
|
||||
Host ny-web # 给你服务器起的外号,随便起,好记就行
|
||||
HostName 192.xxx.xxx.xxx # 你的服务器 IP
|
||||
User deploy_zgy # 登录用户
|
||||
Host your-server-alias # 给你服务器起的外号,随便起,好记就行
|
||||
HostName your-server-ip-address # 你的服务器 IP
|
||||
User deploy_user # 登录用户
|
||||
IdentityFile ~/.ssh/id_rsa # 私钥路径
|
||||
```
|
||||
|
||||
配置完,以后登录就直接 `ssh ny-web`,爽!
|
||||
配置完,以后登录就直接 `ssh your-server-alias`,爽!
|
||||
|
||||
## 5. 终极一击:一键部署脚本
|
||||
|
||||
@@ -90,7 +103,7 @@ echo "🚀 开始同步到生产环境..."
|
||||
# -z: 压缩传输
|
||||
# --delete: ⚠️ 注意:这会删除目标端有而源端没有的文件!
|
||||
# 首次同步建议先去掉这个参数,确认无误后再加上
|
||||
rsync -avz --delete --progress ./dist/ ny-web:/opt/1panel/www/sites/我的项目文件夹/
|
||||
rsync -avz --delete --progress ./dist/ your-server-alias:/opt/1panel/www/sites/your-project-directory/
|
||||
|
||||
echo "✅ 部署完成!"
|
||||
echo "⏱️ 下次更新只需: ./deploy.sh"
|
||||
@@ -101,7 +114,7 @@ echo "⏱️ 下次更新只需: ./deploy.sh"
|
||||
## 6. 我踩过的坑和注意事项
|
||||
|
||||
1. **首次同步别用 `--delete`**:先完整同步一次,确认文件都对,再加这个参数。不然可能把服务器上的重要文件删了。
|
||||
2. **ACL 权限检查**:如果同步后还是没权限,可以用 `getfacl /opt/1panel/www/sites/你的项目` 看看 ACL 设置是否生效。
|
||||
2. **ACL 权限检查**:如果同步后还是没权限,可以用 `getfacl /opt/1panel/www/sites/your-project-directory` 看看 ACL 设置是否生效。
|
||||
3. **文件路径要对**:1Panel 的默认站点路径是 `/opt/1panel/www/sites/`,但如果你改过,记得调整。
|
||||
4. **前端项目注意**:打包前清理 `node_modules`,这玩意别传到服务器。
|
||||
|
||||
Reference in New Issue
Block a user