Hexo should be configured for deploy key security build reproducibility and content pipeline control.
HEXO_URL=https://hexo.example.com
HEXO_ROOT=/
HEXO_DEPLOY_TYPE=rsync
HEXO_DEPLOY_HOST=web01
HEXO_ENV=production
- Protect deploy SSH keys and rotate on team change
- Pin themes and plugins to known good versions
- Validate build output before publish
- Use staged preview environment for editorial review
¶ Backup and recovery
Back up database or content storage, custom themes or modules, and environment configuration. Validate restore with one published page and one media asset render check.
- HTTPS enforced at reverse proxy.
- Authentication and authorization events monitored.
- Application errors and background jobs monitored.
- Restore test run on schedule and documented.
Running Hexo in regulated environments? We assist with:
- 🔐 TLS/SSL configuration
- 🔑 Authentication and authorization setup
- 📋 Audit logging and compliance reporting
- 🛡️ Security hardening benchmarks (CIS, STIG)
Secure your deployment: office@linux-server-admin.com | Contact Page