When I decided to rebuild my personal site luoyao.info, I wanted a setup that’s fast, stable, and easy to maintain.
After trying several stacks, I settled on Hugo + Nginx + Cloudflare, running on a Debian 12 Lightsail instance.
This post documents the full deployment process—from server setup to SSL configuration—so you can reproduce it easily.
1. Environment Overview
| Component | Description |
|---|---|
| VPS | Amazon Lightsail (Debian 12) |
| Domain | luoyao.info (managed via Cloudflare) |
| SSL Mode | Full (Strict) |
| Web Server | Nginx |
| Site Generator | Hugo Extended v0.150 |
| Access | SSH key (passwordless login) |
2. Prepare the Server
ssh admin@<YOUR_LIGHTSAIL_IP>
sudo timedatectl set-timezone Asia/Shanghai
sudo apt update
sudo apt install -y nginx git unzip curl
3. Install Hugo (Extended)
The Debian package is outdated, so install the latest release manually:
cd /tmp
curl -LO https://github.com/gohugoio/hugo/releases/download/v0.150.0/hugo_extended_0.150.0_Linux-64bit.deb
sudo dpkg -i hugo_extended_0.150.0_Linux-64bit.deb
hugo version
Make sure it shows extended.
4. Create the Hugo Site
sudo mkdir -p /var/www/luoyao.info && sudo chown -R $USER:$USER /var/www/luoyao.info
cd /var/www/luoyao.info
hugo new site blog
cd blog
git init
Install PaperMod theme:
git submodule add https://github.com/adityatelange/hugo-PaperMod.git themes/PaperMod
echo 'theme = "PaperMod"' >> hugo.toml
Create a quick test post:
hugo new posts/hello-world.md
sed -i 's/draft: true/draft: false/' content/posts/hello-world.md
5. Build Static Files
hugo --minify -d /var/www/luoyao.info/public
sudo chown -R www-data:www-data /var/www/luoyao.info/public
All generated HTML now lives under /var/www/luoyao.info/public.
6. Configure Cloudflare Origin SSL
In Cloudflare → SSL/TLS → Origin Server,
create a new Origin Certificate and private key, then copy them to your server:
sudo mkdir -p /etc/ssl/cloudflare
sudo nano /etc/ssl/cloudflare/luoyao.info.pem
sudo nano /etc/ssl/cloudflare/luoyao.info.key
sudo chmod 600 /etc/ssl/cloudflare/luoyao.info.*
7. Configure Nginx
sudo tee /etc/nginx/sites-available/luoyao.info >/dev/null <<'EOF'
server {
listen 80;
listen [::]:80;
server_name luoyao.info www.luoyao.info;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name luoyao.info www.luoyao.info;
root /var/www/luoyao.info/public;
index index.html;
ssl_certificate /etc/ssl/cloudflare/luoyao.info.pem;
ssl_certificate_key /etc/ssl/cloudflare/luoyao.info.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(css|js|jpg|jpeg|png|gif|svg|ico|webp|woff2?)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri =404;
}
}
EOF
sudo ln -s /etc/nginx/sites-available/luoyao.info /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl enable --now nginx
Your site should now load correctly via https://luoyao.info.
8. Cloudflare DNS and SSL Settings
| Setting | Value |
|---|---|
| A Record | @ and www → your Lightsail IP (orange cloud = proxied) |
| SSL/TLS Mode | Full (Strict) |
| Always Use HTTPS | ON |
| Automatic HTTPS Rewrites | ON |
If you get a 526/525 error, check that your Nginx certificate matches the Cloudflare Origin cert.
9. Optional: Git Push Deployment
To auto-deploy updates from Git:
sudo -u www-data mkdir -p /var/www/luoyao.info/repo
cd /var/www/luoyao.info/repo
git init --bare
Add this hooks/post-receive script:
#!/bin/bash
set -e
WORKTREE=/var/www/luoyao.info/blog
PUBLIC=/var/www/luoyao.info/public
git --work-tree="$WORKTREE" --git-dir="$(pwd)" checkout -f
cd "$WORKTREE"
git submodule update --init --recursive
hugo --minify -d "$PUBLIC"
chown -R www-data:www-data "$PUBLIC"
Then activate it:
chmod +x hooks/post-receive
git remote add prod admin@<YOUR_LIGHTSAIL_IP>:/var/www/luoyao.info/repo
git push prod main
10. Final Notes
After fine-tuning SSL chains and CDN caching, luoyao.info went live smoothly.
This stack feels refreshingly minimal—no databases, no frameworks, just Markdown and static pages served fast worldwide.
Whenever I publish a new post:
hugo
sudo systemctl reload nginx
Within seconds, Cloudflare propagates it globally.
If you want a secure and efficient personal site, Hugo + Nginx + Cloudflare on a small Debian VPS is a perfect balance of control and simplicity.