joywaygamess/server-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加 siyuan certd vaultwarden

Browse Source
This commit is contained in:
Joywayer
2026-04-07 16:03:47 +08:00
parent 3b01ca8ed3
commit 41a586b97b
25 changed files with 2894 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
siyuan/.env.example Normal file
View File

@@ -0,0 +1,31 @@
# ===== SiYuan 基础配置 =====
# SiYuan 访问域名(必须修改)
SIYUAN_DOMAIN=note.example.com
# Let's Encrypt 邮箱(必须修改)
CERTBOT_EMAIL=admin@example.com
# 访问授权码(必须修改,否则任何人都能访问你的数据)
SIYUAN_ACCESS_CODE=changeme
# ===== 镜像配置 =====
# SiYuan 镜像
SIYUAN_IMAGE=b3log/siyuan:latest
# 使用固定版本号(推荐生产环境):
# SIYUAN_IMAGE=b3log/siyuan:v3.6.3
# ===== 目录配置 =====
# SiYuan 工作空间目录
SIYUAN_DATA_DIR=/data/siyuan/workspace
# 备份目录
BACKUP_DIR=/var/backups/siyuan
# ===== 用户权限 =====
# 容器内运行用户/组 ID解决挂载目录权限问题
SIYUAN_PUID=1000
SIYUAN_PGID=1000

277
siyuan/README.md Normal file
View File

@@ -0,0 +1,277 @@
# SiYuan 笔记部署指南
隐私优先的个人知识管理系统支持块级引用、Markdown 所见即所得编辑器、闪卡间隔重复等功能。
## 功能特性
- 块级引用和双向链接
- Markdown 所见即所得编辑器
- 数学公式、流程图、甘特图等
- 闪卡间隔重复Spaced Repetition
- AI 写作(基于 OpenAI API
- Web 剪藏Chrome/Edge 扩展)
- 社区插件市场
## 技术栈
| 组件 | 版本 | 说明 |
|------|------|------|
| SiYuan | latest | 知识管理系统 |
| Nginx | 系统包 | 反向代理 + HTTPS 接入 |
| Docker | 最新版 | 容器运行环境 |
## Docker 版限制
> **重要**Docker 部署版与桌面版相比有以下限制:
>
> - **不支持**桌面和移动客户端连接,只能通过浏览器使用
> - **不支持**导出 PDF、HTML、Word 格式
> - **不支持**导入 Markdown 文件
## 前置条件
1. 一台 Linux 服务器Ubuntu 22.04/24.04 推荐)
2. 一个已解析到服务器的域名(如 `note.example.com`
3. 服务器 80/443 端口可从外网访问
## 目录结构
```
siyuan/
├── docker-compose.yml # 容器编排
├── .env.example # 配置模板
├── deploy.sh # 一键部署脚本
├── backup.sh # 备份脚本
├── nginx/
│ └── siyuan.conf # Nginx 反向代理配置
└── README.md # 本文件
```
服务器上的数据目录:
```
/data/siyuan/workspace/ # SiYuan 工作空间(笔记 + 资源文件)
/var/backups/siyuan/ # 备份文件
```
## 快速部署
### 第一步:上传文件到服务器
```bash
# 在本地执行,上传 base 和 siyuan 目录
scp -r base/ siyuan/ root@<服务器IP>:/opt/
```
### 第二步:登录服务器执行部署
```bash
ssh root@<服务器IP>
# 如果是全新服务器,先安装基础环境
cd /opt/base
cp .env.example .env
bash setup.sh
# 部署 SiYuan
cd /opt/siyuan
bash deploy.sh
# 首次运行会生成 .env按提示修改配置后重新运行
vi .env
bash deploy.sh
```
### 第三步:配置域名解析
在域名服务商(如阿里云 DNS添加 A 记录:
| 记录类型 | 主机记录 | 记录值 |
|----------|----------|--------|
| A | note | `<服务器公网IP>` |
### 第四步:登录使用
1. 浏览器访问 `https://note.yourdomain.com`
2. 输入 `.env` 中配置的 `SIYUAN_ACCESS_CODE` 授权码
## 配置说明
### .env 配置项
| 变量 | 说明 | 默认值 |
|------|------|--------|
| `SIYUAN_DOMAIN` | 访问域名 | 必填 |
| `CERTBOT_EMAIL` | Let's Encrypt 邮箱 | 必填 |
| `SIYUAN_ACCESS_CODE` | 访问授权码 | 必填 |
| `SIYUAN_IMAGE` | Docker 镜像 | `b3log/siyuan:latest` |
| `SIYUAN_DATA_DIR` | 工作空间目录 | `/data/siyuan/workspace` |
| `BACKUP_DIR` | 备份目录 | `/var/backups/siyuan` |
| `SIYUAN_PUID` | 容器用户 ID | `1000` |
| `SIYUAN_PGID` | 容器组 ID | `1000` |
### 修改访问授权码
```bash
cd /opt/siyuan
# 修改 .env 中的 SIYUAN_ACCESS_CODE
vi .env
# 重新创建容器使新授权码生效
docker compose up -d
```
### 用户权限说明
SiYuan 容器通过 `PUID``PGID` 环境变量控制运行用户。部署脚本会自动设置数据目录的所有权。如需手动调整:
```bash
chown -R 1000:1000 /data/siyuan/workspace
```
## 日常运维
### 查看日志
```bash
cd /opt/siyuan
docker compose logs -f
docker compose logs --tail 100
```
### 备份
```bash
cd /opt/siyuan
bash backup.sh
```
备份内容包括:
- 工作空间数据(笔记、资源文件、插件等)
- 部署配置(`docker-compose.yml` + `.env` + `nginx/`
备份文件保存在 `/var/backups/siyuan/`,自动清理 30 天前的旧备份。
### 恢复备份
```bash
# 查看可用备份
ls /var/backups/siyuan/
# 停止服务
cd /opt/siyuan && docker compose down
# 恢复数据
tar xzf /var/backups/siyuan/<日期>/siyuan-workspace.tar.gz -C /data/siyuan/
# 修复权限
chown -R 1000:1000 /data/siyuan/workspace
# 重启服务
cd /opt/siyuan && docker compose up -d
```
### 升级
```bash
cd /opt/siyuan
# 1. 备份当前数据
bash backup.sh
# 2. 拉取新镜像
docker compose pull
# 3. 停止旧容器并启动新容器
docker compose down
docker compose up -d
# 4. 检查运行状态
docker compose ps
docker compose logs --tail 20
```
### 停止 / 启动
```bash
cd /opt/siyuan
docker compose down # 停止
docker compose up -d # 启动
docker compose restart # 重启
```
## 数据存储结构
SiYuan 的数据存储在工作空间目录下:
```
workspace/
└── data/
├── assets/ # 插入的资源文件(图片等)
├── emojis/ # 自定义 Emoji
├── snippets/ # 代码片段
├── storage/ # 查询条件、布局、闪卡等
├── templates/ # 模板片段
├── widgets/ # 挂件
├── plugins/ # 插件
├── public/ # 公共数据
└── <笔记本>/ # 用户创建的笔记本(.sy 格式 JSON 文件)
```
## 故障排查
### 数据同步警告
> **不要**使用第三方同步盘Dropbox、OneDrive、坚果云等同步工作空间目录否则会导致数据损坏。如需多设备同步请使用 SiYuan 官方云端同步(付费功能)或手动导出导入。
### 容器无法启动
```bash
# 查看容器状态
docker compose ps
# 查看详细日志
docker compose logs --tail 50
```
### 权限问题
如果出现文件读写权限错误:
```bash
# 确认 PUID/PGID 与数据目录所有者一致
ls -la /data/siyuan/
chown -R 1000:1000 /data/siyuan/workspace
```
### 访问返回 502
```bash
# 检查 SiYuan 容器是否运行
docker compose ps
# 检查 6806 端口
curl -I http://127.0.0.1:6806
# 检查 Nginx 配置
nginx -t
```
### WebSocket 连接失败
确认 Nginx 配置中 `/ws` 路径已正确配置 WebSocket 反向代理(部署脚本已自动配置)。
## 注意事项
- **不要使用 URL 重写进行重定向**,否则可能导致认证出现问题。应当使用反向代理(部署脚本已正确配置)。
- **不要通过第三方同步盘同步数据**(如 Dropbox、OneDrive、坚果云等否则可能导致数据损坏。SiYuan 有自己的云端同步机制(付费功能)。
- 确认挂载卷的路径正确,否则删除容器后数据会丢失。
- 如果遇到权限问题,确认 `PUID`/`PGID` 环境变量与宿主机挂载目录的所有者一致。
## 端口说明
| 端口 | 协议 | 说明 |
|------|------|------|
| 80 | TCP | HTTP → HTTPS 重定向 |
| 443 | TCP | HTTPSNginx 反向代理) |
| 6806 | TCP | SiYuan HTTP仅监听 127.0.0.1 |

70
siyuan/backup.sh Normal file
View File

@@ -0,0 +1,70 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# SiYuan 备份脚本
# 备份工作空间数据 + 配置文件
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# 加载配置
if [ -f .env ]; then
set -a; source .env; set +a
else
echo "[ERROR] .env 文件不存在,请先运行 deploy.sh" >&2
exit 1
fi
# ===== 配置 =====
DATA_DIR="${SIYUAN_DATA_DIR:-/data/siyuan/workspace}"
BACKUP_BASE="${BACKUP_DIR:-/var/backups/siyuan}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR_FULL="${BACKUP_BASE}/${TIMESTAMP}"
RETENTION_DAYS=30
echo "========== SiYuan 备份 =========="
echo "时间: $(date '+%Y-%m-%d %H:%M:%S')"
echo "数据目录: $DATA_DIR"
echo "备份目录: $BACKUP_DIR_FULL"
echo ""
mkdir -p "$BACKUP_DIR_FULL"
# ===== 备份工作空间数据 =====
echo "[1/3] 备份 SiYuan 工作空间..."
if [ -d "$DATA_DIR" ]; then
tar czf "$BACKUP_DIR_FULL/siyuan-workspace.tar.gz" -C "$(dirname "$DATA_DIR")" "$(basename "$DATA_DIR")"
echo " ✓ 工作空间已备份"
else
echo " ⚠ 数据目录不存在: $DATA_DIR"
fi
# ===== 备份 docker-compose 和配置 =====
echo "[2/3] 备份部署配置..."
tar czf "$BACKUP_DIR_FULL/siyuan-config.tar.gz" \
-C "$SCRIPT_DIR" \
docker-compose.yml .env nginx/ 2>/dev/null || true
echo " ✓ 配置已备份"
# ===== 清理旧备份 =====
echo "[3/3] 清理 ${RETENTION_DAYS} 天前的旧备份..."
find "$BACKUP_BASE" -maxdepth 1 -type d -mtime +${RETENTION_DAYS} -exec rm -rf {} \; 2>/dev/null || true
echo " ✓ 旧备份已清理"
# ===== 汇总 =====
echo ""
echo "========== 备份完成 =========="
TOTAL_SIZE=$(du -sh "$BACKUP_DIR_FULL" | cut -f1)
echo "备份位置: $BACKUP_DIR_FULL"
echo "备份大小: $TOTAL_SIZE"
echo ""
echo "备份内容:"
ls -lh "$BACKUP_DIR_FULL/"
echo ""
echo "恢复方法:"
echo " cd $SCRIPT_DIR && docker compose down"
echo " tar xzf $BACKUP_DIR_FULL/siyuan-workspace.tar.gz -C $(dirname "$DATA_DIR")"
echo " chown -R ${SIYUAN_PUID:-1000}:${SIYUAN_PGID:-1000} $DATA_DIR"
echo " cd $SCRIPT_DIR && docker compose up -d"

185
siyuan/deploy.sh Normal file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env bash
set -euo pipefail
# ============================================
# SiYuan 一键部署脚本
# 自动安装 Docker + Nginx + SSL + SiYuan
# ============================================
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# ===== 加载公共基础函数 =====
BASE_DIR="$(cd "$SCRIPT_DIR/../base" 2>/dev/null && pwd)" || true
if [ -z "$BASE_DIR" ] || [ ! -f "$BASE_DIR/setup.sh" ]; then
echo "[ERROR] base/setup.sh 未找到" >&2
echo "请确保目录结构如下:" >&2
echo " /opt/base/setup.sh" >&2
echo " /opt/siyuan/deploy.sh (当前脚本)" >&2
exit 1
fi
source "$BASE_DIR/setup.sh"
# =============================================================
# SiYuan 专用函数
# =============================================================
init_env() {
step "初始化 SiYuan 配置"
if [ ! -f .env ]; then
if [ ! -f .env.example ]; then
error "缺少 .env.example 模板文件"
exit 1
fi
cp .env.example .env
log "已生成 .env 文件"
echo ""
warn "┌─────────────────────────────────────────────────┐"
warn "│ 请编辑 .env 文件,至少修改以下配置: │"
warn "│ │"
warn "│ SIYUAN_DOMAIN=note.yourdomain.com │"
warn "│ CERTBOT_EMAIL=you@yourdomain.com │"
warn "│ SIYUAN_ACCESS_CODE=你的访问授权码 │"
warn "│ │"
warn "│ 编辑命令: vi $SCRIPT_DIR/.env │"
warn "│ 编辑完成后重新运行: bash deploy.sh │"
warn "└─────────────────────────────────────────────────┘"
exit 0
fi
set -a; source .env; set +a
local has_error=0
if [[ -z "${SIYUAN_DOMAIN:-}" ]] || [[ "${SIYUAN_DOMAIN}" == "note.example.com" ]]; then
error "请在 .env 中将 SIYUAN_DOMAIN 修改为你的实际域名"
has_error=1
fi
if [[ -z "${CERTBOT_EMAIL:-}" ]] || [[ "${CERTBOT_EMAIL}" == "admin@example.com" ]]; then
error "请在 .env 中将 CERTBOT_EMAIL 修改为你的实际邮箱"
has_error=1
fi
if [[ -z "${SIYUAN_ACCESS_CODE:-}" ]] || [[ "${SIYUAN_ACCESS_CODE}" == "changeme" ]]; then
error "请在 .env 中将 SIYUAN_ACCESS_CODE 修改为一个安全的授权码"
has_error=1
fi
[ "$has_error" -eq 1 ] && { error "请修改 .env 后重新运行"; exit 1; }
log "配置检查通过"
log " 域名: ${SIYUAN_DOMAIN}"
log " 邮箱: ${CERTBOT_EMAIL}"
}
create_dirs() {
step "创建数据目录"
local data_dir="${SIYUAN_DATA_DIR:-/data/siyuan/workspace}"
local backup_dir="${BACKUP_DIR:-/var/backups/siyuan}"
local puid="${SIYUAN_PUID:-1000}"
local pgid="${SIYUAN_PGID:-1000}"
mkdir -p "$data_dir" "$backup_dir"
chown -R "$puid:$pgid" "$data_dir"
log "数据目录: $data_dir (所有者: $puid:$pgid)"
log "备份目录: $backup_dir"
}
start_services() {
step "启动 SiYuan 服务"
log "正在拉取镜像..."
docker compose pull
log "正在启动容器..."
docker compose up -d
log "等待 SiYuan 就绪..."
local max_wait=30
for i in $(seq 1 "$max_wait"); do
if curl -sf http://127.0.0.1:6806/ &> /dev/null; then
log "SiYuan 启动成功!"
return
fi
sleep 2
done
warn "SiYuan 可能仍在启动中,请稍后检查: docker compose logs -f"
}
show_info() {
set -a; source .env; set +a
echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
echo -e "${GREEN}║ SiYuan 笔记部署完成! ║${NC}"
echo -e "${GREEN}╠══════════════════════════════════════════════════════════╣${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} Web 访问: ${CYAN}https://${SIYUAN_DOMAIN}${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 访问授权码: 在 .env 中的 SIYUAN_ACCESS_CODE"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} 数据目录: ${SIYUAN_DATA_DIR:-/data/siyuan/workspace}"
echo -e "${GREEN}${NC} 备份目录: ${BACKUP_DIR:-/var/backups/siyuan}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}${NC} ${YELLOW}⚠ Docker 版不支持桌面/移动客户端连接${NC}"
echo -e "${GREEN}${NC} ${YELLOW}⚠ 不支持导出 PDF/Word/HTML 和导入 Markdown${NC}"
echo -e "${GREEN}${NC}"
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
echo ""
echo "常用命令:"
echo " 查看日志: cd $SCRIPT_DIR && docker compose logs -f"
echo " 重启服务: cd $SCRIPT_DIR && docker compose restart"
echo " 停止服务: cd $SCRIPT_DIR && docker compose down"
echo " 备份数据: cd $SCRIPT_DIR && bash backup.sh"
echo ""
}
# =============================================================
# 主流程
# =============================================================
main() {
echo -e "${CYAN}"
echo " ____ _ __ __"
echo " / ___|(_)\\ \\/ / _ _ __ _ __"
echo " \\___ \\| | \\ / | | | '_ \`_ \\"
echo " ___) | | / \\ |_| | | | | | |"
echo " |____/|_|/_/\\_\\__,_|_| |_| |_| Deploy Script"
echo -e "${NC}"
echo ""
check_root
load_base_env "$BASE_DIR"
# Step 1: 系统初始化
init_system
# Step 2: 安装 Docker
install_docker
# Step 3: 安装 Nginx
install_nginx
# Step 4: 初始化配置
init_env
# Step 5: 配置 Docker 镜像加速
configure_docker_mirrors
# Step 6: 创建数据目录
create_dirs
# Step 7: 配置防火墙
setup_firewall_base
# Step 8: 配置 SSL 证书
setup_ssl_cert "${SIYUAN_DOMAIN}" "${CERTBOT_EMAIL}" "siyuan"
# Step 9: 部署 Nginx 反向代理
deploy_nginx_conf "$SCRIPT_DIR/nginx/siyuan.conf" "${SIYUAN_DOMAIN}" "siyuan"
# Step 10: 启动服务
start_services
# 完成
show_info
}
main "$@"

28
siyuan/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
siyuan:
image: ${SIYUAN_IMAGE:-b3log/siyuan:latest}
container_name: siyuan
restart: unless-stopped
command:
- --workspace=/siyuan/workspace/
- --accessAuthCode=${SIYUAN_ACCESS_CODE:?请在 .env 中设置 SIYUAN_ACCESS_CODE}
environment:
- TZ=Asia/Shanghai
- PUID=${SIYUAN_PUID:-1000}
- PGID=${SIYUAN_PGID:-1000}
volumes:
- ${SIYUAN_DATA_DIR:-/data/siyuan/workspace}:/siyuan/workspace
- /etc/localtime:/etc/localtime:ro
ports:
- "127.0.0.1:6806:6806"
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:6806"]
interval: 30s
timeout: 5s
retries: 3
start_period: 15s
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"

70
siyuan/nginx/siyuan.conf Normal file
View File

@@ -0,0 +1,70 @@
server {
listen 80;
listen [::]:80;
server_name __DOMAIN__;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name __DOMAIN__;
# SSL 证书
ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem;
# SSL 参数
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# 上传大小限制(资源文件、图片等上传)
client_max_body_size 128M;
# 反向代理到 SiYuan
location / {
proxy_pass http://127.0.0.1:6806;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# WebSocket 支持(官方要求 /ws 路径配置 WebSocket 反向代理)
location /ws {
proxy_pass http://127.0.0.1:6806;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
}