cd's blogs
0%

重新打扫下荒凉的博客

Posted on In

两年没有动过博客,然后,域名过期,Node.js,hexo,theme各种版本老旧。很荒凉的感觉,重新打扫一下。

相关工具版本升级

node.js 升级

通过npm来安装n, 然后通过n来安装最新稳定版的node。

1
2
3
4
5
6
7
8
9
$ npm -v
5.6.0
$ node -v
v8.11.3
$ npm cache clean -f
$ npm install -g n
$ sudo n stable
$ node -v
v12.18.4

hexo 升级

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
$ npx update
npx: installed 657 in 41.672s
[09:35:05] using file ~/Users/xxx/.npm/_npx/56179/lib/node_modules/update/lib/updatefile.js
[09:35:05] starting update.default
[09:35:05] ✔ running: init

  Current updaters: init

 no updaters were saved.
[09:35:06] finished update.default ✔ 221ms
internal/modules/cjs/loader.js:968
  throw err;
  ^

Error: Cannot find module 'set-blocking'
Require stack:
- /Users/xxx/.npm/_npx/56179/lib/node_modules/update/bin/update.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:965:15)
    at Function.Module._load (internal/modules/cjs/loader.js:841:27)
    at Module.require (internal/modules/cjs/loader.js:1025:19)
    at require (internal/modules/cjs/helpers.js:72:18)
    at process.<anonymous> (/Users/xxx/.npm/_npx/56179/lib/node_modules/update/bin/update.js:4:3)
    at process.emit (events.js:327:22)
    at process.exit (internal/process/per_thread.js:167:15)
    at /Users/xxx/.npm/_npx/56179/lib/node_modules/update/bin/update.js:55:15
    at /Users/xxx/.npm/_npx/56179/lib/node_modules/update/node_modules/base-generators/index.js:482:13
    at /Users/xxx/.npm/_npx/56179/lib/node_modules/update/node_modules/async-each-series/index.js:15:40 {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/Users/xxx/.npm/_npx/56179/lib/node_modules/update/bin/update.js'
  ]
}

直接npx update有错误。先npm update & install一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
➜   npm update
➜   npm install
audited 561 packages in 5.506s

3 packages are looking for funding
  run `npm fund` for details

found 52 vulnerabilities (22 low, 12 moderate, 18 high)
  run `npm audit fix` to fix them, or `npm audit` for details
➜   npm audit fix
added 16 packages from 53 contributors, removed 3 packages and updated 13 packages in 8.957s

4 packages are looking for funding
  run `npm fund` for details

fixed 18 of 52 vulnerabilities in 561 scanned packages
  11 vulnerabilities required manual review and could not be updated
  3 package updates for 23 vulnerabilities involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)
➜   npm audit fix --force
npm WARN using --force I sure hope you know what you are doing.
+ hexo-deployer-git@2.1.0
+ hexo-renderer-marked@3.2.0
+ hexo@5.2.0
added 22 packages from 286 contributors, removed 370 packages, updated 55 packages and moved 1 package in 17.734s

6 packages are looking for funding
  run `npm fund` for details

fixed 23 of 34 vulnerabilities in 574 scanned packages
  11 vulnerabilities required manual review and could not be updated
  3 package updates for 23 vulnerabilities involved breaking changes
  (installed due to `--force` option)
➜ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ hexo-deployer-git                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ hexo-deployer-git > swig-templates > optimist > minimist     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 226 scanned packages
  1 vulnerability requires manual review. See the full report for details. 
➜ npx hexo -v
INFO  Validating config
WARN  Deprecated config detected: "external_link" with a Boolean value is deprecated. See https://hexo.io/docs/configuration for more details.
hexo: 5.2.0
hexo-cli: 4.2.0
os: Darwin 17.7.0 darwin x64
node: 12.18.4
v8: 7.8.279.23-node.39
uv: 1.38.0
zlib: 1.2.11
brotli: 1.0.7
ares: 1.16.0
modules: 72
nghttp2: 1.41.0
napi: 6
llhttp: 2.1.2
http_parser: 2.9.3
openssl: 1.1.1g
cldr: 37.0
icu: 67.1
tz: 2019c
unicode: 13.0

可以看到hexo已经升级,hexo-deployer-git存在一个low的安全问题。验证hexo版本的时候存在一个warning,
WARN Deprecated config detected: "external_link" with a Boolean value is deprecated. See https://hexo.io/docs/configuration for more details.看了下文档,更改下_config.yml的external_link部分。从

1
external_link: true # Open external links in new tab

修改为

1
2
3
4
external_link:
     enable: true # Open external links in new tab
     field: site
     exclude: ''

hexo-theme-next升级

保存对hexo-theme-next的修改,然后git pull

1
2
3
4
➜ cd themes/next
➜ git:(master) ✗ git stash
➜ git:(master) ✗ git pull
➜ git:(master) ✗ git stash apply

git stash apply如果有冲突,解决冲突。

运行hexo

1
2
3
4
➜ npx hexo server
INFO  Validating config
INFO  Start processing
INFO  Hexo is running at http://localhost:4000/. Press Ctrl+C to stop.

浏览器访问后,没发现有什么问题。

更改blog的网址

之前用的域名过期了,也无意接着再用,申请一个新域名。出于对whois隐私的担心,选择了国外的域名商NameSilo。

更改github pages的网址

打开github pages的仓库,直接在setting里面更改Custom domain 为自己的域名。我使用的子域名是www。

添加DNS记录

尝试使用NameSilo自己的域名服务器。添加相关的DNS记录后,长时间后,仍然无法通过自己的域名访问github pages。所以,改用dnspod的域名服务器。
首先把NameSilo的域名服务器替换成dnspod的。回到dnspod,添加DNS记录。

主机记录 记录类型 记录值
www CNAME xxx.github.io
@ CNAME www.yourcustom.domain
这样稍等一会儿,就可以通过自己的域名访问github pages了。

启动https

之前是通过cloudflare来启动网站的https的,现在github pages自己已经支持了。把Enforce HTTPS勾上就可以了,只是我这边现在显示还在等待证书签发。

添加google analytics

添加自己的网站,获取相应的tracking code(类似UA-xxxxx-x),然后将tracking code填在hexo下的_config.yml中。

1
google_analytics: UA-xxxxx-x

重新发布

进入source目录下,把CNAME更改为新配置的域名,删除之前添加的baidu_verify_XX.html和googleXX.html这两个用于认证的文件。

1
2
3
➜ npx hexo clean
➜ npx hexo generate
➜ npx hexo deploy