#!/bin/bash # HTTPS 快速部署脚本 # 用于配置 Let's Encrypt SSL 证书和 Nginx set -e # 颜色输出 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # 配置变量 DOMAIN="api.zzzhengyangtang.cn" EMAIL="your-email@example.com" # 修改为您的邮箱 NGINX_CONF="/etc/nginx/sites-available/admin" PROJECT_ROOT=$(pwd) echo -e "${GREEN}========================================${NC}" echo -e "${GREEN}HTTPS 部署脚本${NC}" echo -e "${GREEN}========================================${NC}" echo "" # 检查是否为 root 用户 if [ "$EUID" -ne 0 ]; then echo -e "${RED}错误: 请使用 root 权限运行此脚本${NC}" echo "使用: sudo bash setup-https.sh" exit 1 fi # 步骤 1: 检查域名解析 echo -e "${YELLOW}[1/6] 检查域名解析...${NC}" if host $DOMAIN > /dev/null 2>&1; then echo -e "${GREEN}✓ 域名解析正常${NC}" host $DOMAIN else echo -e "${RED}✗ 域名解析失败${NC}" echo "请确保域名 $DOMAIN 已正确解析到此服务器" exit 1 fi echo "" # 步骤 2: 安装 Certbot echo -e "${YELLOW}[2/6] 检查并安装 Certbot...${NC}" if ! command -v certbot &> /dev/null; then echo "正在安装 Certbot..." if [ -f /etc/debian_version ]; then apt update apt install -y certbot python3-certbot-nginx elif [ -f /etc/redhat-release ]; then yum install -y certbot python3-certbot-nginx else echo -e "${RED}不支持的操作系统${NC}" exit 1 fi echo -e "${GREEN}✓ Certbot 安装完成${NC}" else echo -e "${GREEN}✓ Certbot 已安装${NC}" fi echo "" # 步骤 3: 获取 SSL 证书 echo -e "${YELLOW}[3/6] 获取 SSL 证书...${NC}" if [ ! -d "/etc/letsencrypt/live/$DOMAIN" ]; then echo "正在申请证书..." certbot certonly --nginx -d $DOMAIN --email $EMAIL --agree-tos --non-interactive echo -e "${GREEN}✓ SSL 证书获取成功${NC}" else echo -e "${GREEN}✓ SSL 证书已存在${NC}" fi echo "" # 步骤 4: 配置 Nginx echo -e "${YELLOW}[4/6] 配置 Nginx...${NC}" # 提示用户输入项目路径 read -p "请输入项目 server/public/admin 的完整路径 [默认: $PROJECT_ROOT/../server/public/admin]: " ADMIN_PATH ADMIN_PATH=${ADMIN_PATH:-"$PROJECT_ROOT/../server/public/admin"} read -p "请输入后端 API 端口 [默认: 8000]: " API_PORT API_PORT=${API_PORT:-8000} # 复制并修改配置文件 cp nginx-production.conf $NGINX_CONF # 替换路径 sed -i "s|/path/to/your/server/public/admin|$ADMIN_PATH|g" $NGINX_CONF sed -i "s|http://127.0.0.1:8000|http://127.0.0.1:$API_PORT|g" $NGINX_CONF # 创建软链接 if [ ! -L "/etc/nginx/sites-enabled/admin" ]; then ln -s $NGINX_CONF /etc/nginx/sites-enabled/admin fi echo -e "${GREEN}✓ Nginx 配置完成${NC}" echo "" # 步骤 5: 测试 Nginx 配置 echo -e "${YELLOW}[5/6] 测试 Nginx 配置...${NC}" if nginx -t; then echo -e "${GREEN}✓ Nginx 配置测试通过${NC}" else echo -e "${RED}✗ Nginx 配置测试失败${NC}" echo "请检查配置文件: $NGINX_CONF" exit 1 fi echo "" # 步骤 6: 重启 Nginx echo -e "${YELLOW}[6/6] 重启 Nginx...${NC}" systemctl restart nginx echo -e "${GREEN}✓ Nginx 重启成功${NC}" echo "" # 设置证书自动续期 echo -e "${YELLOW}配置证书自动续期...${NC}" if ! crontab -l | grep -q "certbot renew"; then (crontab -l 2>/dev/null; echo "0 2 * * * certbot renew --quiet") | crontab - echo -e "${GREEN}✓ 自动续期任务已添加${NC}" else echo -e "${GREEN}✓ 自动续期任务已存在${NC}" fi echo "" # 完成 echo -e "${GREEN}========================================${NC}" echo -e "${GREEN}HTTPS 配置完成!${NC}" echo -e "${GREEN}========================================${NC}" echo "" echo -e "访问地址: ${GREEN}https://$DOMAIN/admin${NC}" echo "" echo "后续步骤:" echo "1. 确保防火墙允许 443 端口" echo " sudo ufw allow 443/tcp" echo "" echo "2. 在浏览器中访问 https://$DOMAIN/admin" echo "" echo "3. 检查证书状态" echo " sudo certbot certificates" echo "" echo "4. 测试自动续期" echo " sudo certbot renew --dry-run" echo ""