更新
This commit is contained in:
@@ -0,0 +1,144 @@
|
||||
#!/bin/bash
|
||||
|
||||
# HTTPS 快速部署脚本
|
||||
# 用于配置 Let's Encrypt SSL 证书和 Nginx
|
||||
|
||||
set -e
|
||||
|
||||
# 颜色输出
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# 配置变量
|
||||
DOMAIN="api.zzzhengyangtang.cn"
|
||||
EMAIL="your-email@example.com" # 修改为您的邮箱
|
||||
NGINX_CONF="/etc/nginx/sites-available/admin"
|
||||
PROJECT_ROOT=$(pwd)
|
||||
|
||||
echo -e "${GREEN}========================================${NC}"
|
||||
echo -e "${GREEN}HTTPS 部署脚本${NC}"
|
||||
echo -e "${GREEN}========================================${NC}"
|
||||
echo ""
|
||||
|
||||
# 检查是否为 root 用户
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo -e "${RED}错误: 请使用 root 权限运行此脚本${NC}"
|
||||
echo "使用: sudo bash setup-https.sh"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 步骤 1: 检查域名解析
|
||||
echo -e "${YELLOW}[1/6] 检查域名解析...${NC}"
|
||||
if host $DOMAIN > /dev/null 2>&1; then
|
||||
echo -e "${GREEN}✓ 域名解析正常${NC}"
|
||||
host $DOMAIN
|
||||
else
|
||||
echo -e "${RED}✗ 域名解析失败${NC}"
|
||||
echo "请确保域名 $DOMAIN 已正确解析到此服务器"
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# 步骤 2: 安装 Certbot
|
||||
echo -e "${YELLOW}[2/6] 检查并安装 Certbot...${NC}"
|
||||
if ! command -v certbot &> /dev/null; then
|
||||
echo "正在安装 Certbot..."
|
||||
if [ -f /etc/debian_version ]; then
|
||||
apt update
|
||||
apt install -y certbot python3-certbot-nginx
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
yum install -y certbot python3-certbot-nginx
|
||||
else
|
||||
echo -e "${RED}不支持的操作系统${NC}"
|
||||
exit 1
|
||||
fi
|
||||
echo -e "${GREEN}✓ Certbot 安装完成${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ Certbot 已安装${NC}"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# 步骤 3: 获取 SSL 证书
|
||||
echo -e "${YELLOW}[3/6] 获取 SSL 证书...${NC}"
|
||||
if [ ! -d "/etc/letsencrypt/live/$DOMAIN" ]; then
|
||||
echo "正在申请证书..."
|
||||
certbot certonly --nginx -d $DOMAIN --email $EMAIL --agree-tos --non-interactive
|
||||
echo -e "${GREEN}✓ SSL 证书获取成功${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ SSL 证书已存在${NC}"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# 步骤 4: 配置 Nginx
|
||||
echo -e "${YELLOW}[4/6] 配置 Nginx...${NC}"
|
||||
|
||||
# 提示用户输入项目路径
|
||||
read -p "请输入项目 server/public/admin 的完整路径 [默认: $PROJECT_ROOT/../server/public/admin]: " ADMIN_PATH
|
||||
ADMIN_PATH=${ADMIN_PATH:-"$PROJECT_ROOT/../server/public/admin"}
|
||||
|
||||
read -p "请输入后端 API 端口 [默认: 8000]: " API_PORT
|
||||
API_PORT=${API_PORT:-8000}
|
||||
|
||||
# 复制并修改配置文件
|
||||
cp nginx-production.conf $NGINX_CONF
|
||||
|
||||
# 替换路径
|
||||
sed -i "s|/path/to/your/server/public/admin|$ADMIN_PATH|g" $NGINX_CONF
|
||||
sed -i "s|http://127.0.0.1:8000|http://127.0.0.1:$API_PORT|g" $NGINX_CONF
|
||||
|
||||
# 创建软链接
|
||||
if [ ! -L "/etc/nginx/sites-enabled/admin" ]; then
|
||||
ln -s $NGINX_CONF /etc/nginx/sites-enabled/admin
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}✓ Nginx 配置完成${NC}"
|
||||
echo ""
|
||||
|
||||
# 步骤 5: 测试 Nginx 配置
|
||||
echo -e "${YELLOW}[5/6] 测试 Nginx 配置...${NC}"
|
||||
if nginx -t; then
|
||||
echo -e "${GREEN}✓ Nginx 配置测试通过${NC}"
|
||||
else
|
||||
echo -e "${RED}✗ Nginx 配置测试失败${NC}"
|
||||
echo "请检查配置文件: $NGINX_CONF"
|
||||
exit 1
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# 步骤 6: 重启 Nginx
|
||||
echo -e "${YELLOW}[6/6] 重启 Nginx...${NC}"
|
||||
systemctl restart nginx
|
||||
echo -e "${GREEN}✓ Nginx 重启成功${NC}"
|
||||
echo ""
|
||||
|
||||
# 设置证书自动续期
|
||||
echo -e "${YELLOW}配置证书自动续期...${NC}"
|
||||
if ! crontab -l | grep -q "certbot renew"; then
|
||||
(crontab -l 2>/dev/null; echo "0 2 * * * certbot renew --quiet") | crontab -
|
||||
echo -e "${GREEN}✓ 自动续期任务已添加${NC}"
|
||||
else
|
||||
echo -e "${GREEN}✓ 自动续期任务已存在${NC}"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# 完成
|
||||
echo -e "${GREEN}========================================${NC}"
|
||||
echo -e "${GREEN}HTTPS 配置完成!${NC}"
|
||||
echo -e "${GREEN}========================================${NC}"
|
||||
echo ""
|
||||
echo -e "访问地址: ${GREEN}https://$DOMAIN/admin${NC}"
|
||||
echo ""
|
||||
echo "后续步骤:"
|
||||
echo "1. 确保防火墙允许 443 端口"
|
||||
echo " sudo ufw allow 443/tcp"
|
||||
echo ""
|
||||
echo "2. 在浏览器中访问 https://$DOMAIN/admin"
|
||||
echo ""
|
||||
echo "3. 检查证书状态"
|
||||
echo " sudo certbot certificates"
|
||||
echo ""
|
||||
echo "4. 测试自动续期"
|
||||
echo " sudo certbot renew --dry-run"
|
||||
echo ""
|
||||
Reference in New Issue
Block a user