123 lines
3.3 KiB
Bash
Executable File
123 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
||
# ============================================
|
||
# 更新 Nginx 配置以启用 HTTPS
|
||
# ============================================
|
||
# 用途:为 api.muststudy.xin 配置 HTTPS(使用现有证书)
|
||
# 使用方法:在服务器上执行 bash deploy/update-nginx-ssl.sh
|
||
# ============================================
|
||
|
||
set -e
|
||
|
||
# 颜色
|
||
GREEN='\033[0;32m'
|
||
YELLOW='\033[1;33m'
|
||
RED='\033[0;31m'
|
||
BLUE='\033[0;34m'
|
||
NC='\033[0m'
|
||
|
||
echo -e "${BLUE}🔒 更新 Nginx 配置以启用 HTTPS...${NC}"
|
||
echo ""
|
||
|
||
DOMAIN="api.muststudy.xin"
|
||
NGINX_CONF="/etc/nginx/conf.d/wildgrowth-api.conf"
|
||
CERT_PATH="/etc/letsencrypt/live/${DOMAIN}"
|
||
|
||
# 检查证书是否存在
|
||
if [ ! -d "$CERT_PATH" ]; then
|
||
echo -e "${RED}❌ SSL 证书不存在: ${CERT_PATH}${NC}"
|
||
echo -e "${YELLOW}请先运行: bash deploy/setup-ssl-api.sh${NC}"
|
||
exit 1
|
||
fi
|
||
|
||
echo -e "${GREEN}✅ 找到 SSL 证书: ${CERT_PATH}${NC}"
|
||
echo ""
|
||
|
||
# 更新 Nginx 配置
|
||
echo -e "${BLUE}📝 更新 Nginx 配置...${NC}"
|
||
|
||
cat > $NGINX_CONF <<'EOF'
|
||
# HTTP 重定向到 HTTPS
|
||
server {
|
||
listen 80;
|
||
server_name api.muststudy.xin;
|
||
|
||
# Let's Encrypt 验证
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
}
|
||
|
||
# 其他请求重定向到 HTTPS
|
||
location / {
|
||
return 301 https://$server_name$request_uri;
|
||
}
|
||
}
|
||
|
||
# HTTPS 配置
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name api.muststudy.xin;
|
||
|
||
# SSL 证书配置
|
||
ssl_certificate /etc/letsencrypt/live/api.muststudy.xin/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/api.muststudy.xin/privkey.pem;
|
||
|
||
# SSL 安全配置
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_session_cache shared:SSL:10m;
|
||
ssl_session_timeout 10m;
|
||
|
||
# 日志
|
||
access_log /var/log/nginx/wildgrowth-api-access.log;
|
||
error_log /var/log/nginx/wildgrowth-api-error.log;
|
||
|
||
# 上传文件大小限制
|
||
client_max_body_size 10M;
|
||
|
||
location / {
|
||
proxy_pass http://localhost:3000;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection 'upgrade';
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
|
||
# 超时设置(增加到5分钟,支持长时间运行的AI生成任务)
|
||
proxy_connect_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
proxy_read_timeout 300s;
|
||
}
|
||
}
|
||
EOF
|
||
|
||
# 测试 Nginx 配置
|
||
echo -e "${BLUE}🔍 测试 Nginx 配置...${NC}"
|
||
if nginx -t; then
|
||
echo -e "${GREEN}✅ Nginx 配置验证通过${NC}"
|
||
|
||
# 重载 Nginx
|
||
systemctl reload nginx
|
||
echo -e "${GREEN}✅ Nginx 已重载${NC}"
|
||
else
|
||
echo -e "${RED}❌ Nginx 配置验证失败${NC}"
|
||
exit 1
|
||
fi
|
||
|
||
echo ""
|
||
echo "============================================"
|
||
echo -e "${GREEN}🎉 HTTPS 配置完成!${NC}"
|
||
echo "============================================"
|
||
echo ""
|
||
echo "📊 配置信息:"
|
||
echo " - HTTP (80): 自动重定向到 HTTPS"
|
||
echo " - HTTPS (443): 已启用 SSL"
|
||
echo " - 证书路径: ${CERT_PATH}"
|
||
echo ""
|
||
echo "🌐 测试命令:"
|
||
echo " curl https://${DOMAIN}/health"
|
||
echo ""
|