Files
zyt/admin/setup-https.sh
2026-03-13 14:08:52 +08:00

145 lines
4.1 KiB
Bash

#!/bin/bash
# HTTPS 快速部署脚本
# 用于配置 Let's Encrypt SSL 证书和 Nginx
set -e
# 颜色输出
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# 配置变量
DOMAIN="api.zzzhengyangtang.cn"
EMAIL="your-email@example.com" # 修改为您的邮箱
NGINX_CONF="/etc/nginx/sites-available/admin"
PROJECT_ROOT=$(pwd)
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}HTTPS 部署脚本${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
# 检查是否为 root 用户
if [ "$EUID" -ne 0 ]; then
echo -e "${RED}错误: 请使用 root 权限运行此脚本${NC}"
echo "使用: sudo bash setup-https.sh"
exit 1
fi
# 步骤 1: 检查域名解析
echo -e "${YELLOW}[1/6] 检查域名解析...${NC}"
if host $DOMAIN > /dev/null 2>&1; then
echo -e "${GREEN}✓ 域名解析正常${NC}"
host $DOMAIN
else
echo -e "${RED}✗ 域名解析失败${NC}"
echo "请确保域名 $DOMAIN 已正确解析到此服务器"
exit 1
fi
echo ""
# 步骤 2: 安装 Certbot
echo -e "${YELLOW}[2/6] 检查并安装 Certbot...${NC}"
if ! command -v certbot &> /dev/null; then
echo "正在安装 Certbot..."
if [ -f /etc/debian_version ]; then
apt update
apt install -y certbot python3-certbot-nginx
elif [ -f /etc/redhat-release ]; then
yum install -y certbot python3-certbot-nginx
else
echo -e "${RED}不支持的操作系统${NC}"
exit 1
fi
echo -e "${GREEN}✓ Certbot 安装完成${NC}"
else
echo -e "${GREEN}✓ Certbot 已安装${NC}"
fi
echo ""
# 步骤 3: 获取 SSL 证书
echo -e "${YELLOW}[3/6] 获取 SSL 证书...${NC}"
if [ ! -d "/etc/letsencrypt/live/$DOMAIN" ]; then
echo "正在申请证书..."
certbot certonly --nginx -d $DOMAIN --email $EMAIL --agree-tos --non-interactive
echo -e "${GREEN}✓ SSL 证书获取成功${NC}"
else
echo -e "${GREEN}✓ SSL 证书已存在${NC}"
fi
echo ""
# 步骤 4: 配置 Nginx
echo -e "${YELLOW}[4/6] 配置 Nginx...${NC}"
# 提示用户输入项目路径
read -p "请输入项目 server/public/admin 的完整路径 [默认: $PROJECT_ROOT/../server/public/admin]: " ADMIN_PATH
ADMIN_PATH=${ADMIN_PATH:-"$PROJECT_ROOT/../server/public/admin"}
read -p "请输入后端 API 端口 [默认: 8000]: " API_PORT
API_PORT=${API_PORT:-8000}
# 复制并修改配置文件
cp nginx-production.conf $NGINX_CONF
# 替换路径
sed -i "s|/path/to/your/server/public/admin|$ADMIN_PATH|g" $NGINX_CONF
sed -i "s|http://127.0.0.1:8000|http://127.0.0.1:$API_PORT|g" $NGINX_CONF
# 创建软链接
if [ ! -L "/etc/nginx/sites-enabled/admin" ]; then
ln -s $NGINX_CONF /etc/nginx/sites-enabled/admin
fi
echo -e "${GREEN}✓ Nginx 配置完成${NC}"
echo ""
# 步骤 5: 测试 Nginx 配置
echo -e "${YELLOW}[5/6] 测试 Nginx 配置...${NC}"
if nginx -t; then
echo -e "${GREEN}✓ Nginx 配置测试通过${NC}"
else
echo -e "${RED}✗ Nginx 配置测试失败${NC}"
echo "请检查配置文件: $NGINX_CONF"
exit 1
fi
echo ""
# 步骤 6: 重启 Nginx
echo -e "${YELLOW}[6/6] 重启 Nginx...${NC}"
systemctl restart nginx
echo -e "${GREEN}✓ Nginx 重启成功${NC}"
echo ""
# 设置证书自动续期
echo -e "${YELLOW}配置证书自动续期...${NC}"
if ! crontab -l | grep -q "certbot renew"; then
(crontab -l 2>/dev/null; echo "0 2 * * * certbot renew --quiet") | crontab -
echo -e "${GREEN}✓ 自动续期任务已添加${NC}"
else
echo -e "${GREEN}✓ 自动续期任务已存在${NC}"
fi
echo ""
# 完成
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}HTTPS 配置完成!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo -e "访问地址: ${GREEN}https://$DOMAIN/admin${NC}"
echo ""
echo "后续步骤:"
echo "1. 确保防火墙允许 443 端口"
echo " sudo ufw allow 443/tcp"
echo ""
echo "2. 在浏览器中访问 https://$DOMAIN/admin"
echo ""
echo "3. 检查证书状态"
echo " sudo certbot certificates"
echo ""
echo "4. 测试自动续期"
echo " sudo certbot renew --dry-run"
echo ""