wendazhi
/
001project_wildgrowth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
001project_wildgrowth/backend/deploy/setup-ssl-api.sh

183 lines
5.3 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# ============================================
# SSL 证书配置脚本Let's Encrypt
# ============================================
# 用途:为 api.muststudy.xin 配置 HTTPS
# 使用方法:在服务器上执行 bash deploy/setup-ssl-api.sh
# ============================================
set -e
# 颜色
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
BLUE='\033[0;34m'
NC='\033[0m'
echo -e "${BLUE}🔒 开始配置 SSL 证书...${NC}"
echo ""
# 配置变量
DOMAIN="api.muststudy.xin"
NGINX_CONF="/etc/nginx/conf.d/wildgrowth-api.conf"
# ============================================
# 第一步:检查并安装 Certbot
# ============================================
echo -e "${BLUE}📦 第一步:检查 Certbot...${NC}"
if ! command -v certbot &> /dev/null; then
echo -e "${YELLOW}⚠️ Certbot 未安装,开始安装...${NC}"
# 检测系统类型
if [ -f /etc/redhat-release ]; then
# CentOS/RHEL
yum install -y epel-release
yum install -y certbot python3-certbot-nginx
elif [ -f /etc/debian_version ]; then
# Debian/Ubuntu
apt-get update
apt-get install -y certbot python3-certbot-nginx
else
echo -e "${RED}❌ 无法检测系统类型,请手动安装 certbot${NC}"
exit 1
fi
echo -e "${GREEN}✅ Certbot 安装完成${NC}"
else
echo -e "${GREEN}✅ Certbot 已安装${NC}"
fi
echo ""
# ============================================
# 第二步:确保 Nginx 配置存在HTTP
# ============================================
echo -e "${BLUE}🌐 第二步:检查 Nginx 配置...${NC}"
if [ ! -f "$NGINX_CONF" ]; then
echo -e "${YELLOW}⚠️ Nginx 配置文件不存在,创建基础配置...${NC}"
cat > $NGINX_CONF <<'EOF'
server {
listen 80;
server_name api.muststudy.xin;
# 日志
access_log /var/log/nginx/wildgrowth-api-access.log;
error_log /var/log/nginx/wildgrowth-api-error.log;
# 上传文件大小限制
client_max_body_size 10M;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
EOF
# 测试并重载 Nginx
if nginx -t; then
systemctl reload nginx
echo -e "${GREEN}✅ Nginx 配置已创建${NC}"
else
echo -e "${RED}❌ Nginx 配置有误${NC}"
exit 1
fi
else
echo -e "${GREEN}✅ Nginx 配置文件已存在${NC}"
fi
echo ""
# ============================================
# 第三步:申请 SSL 证书
# ============================================
echo -e "${BLUE}🔐 第三步:申请 SSL 证书...${NC}"
echo -e "${YELLOW}⚠️ 这将为 ${DOMAIN} 申请 Let's Encrypt 证书${NC}"
echo ""
# 检查证书是否已存在
if [ -d "/etc/letsencrypt/live/${DOMAIN}" ]; then
echo -e "${YELLOW}⚠️ 证书已存在,是否续期?${NC}"
read -p "续期证书?(y/n): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
certbot renew --dry-run
echo -e "${GREEN}✅ 证书续期测试完成${NC}"
else
echo -e "${YELLOW}⚠️ 跳过证书续期${NC}"
fi
else
# 申请新证书
echo -e "${BLUE}正在申请 SSL 证书...${NC}"
certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@muststudy.xin
if [ $? -eq 0 ]; then
echo -e "${GREEN}✅ SSL 证书申请成功${NC}"
else
echo -e "${RED}❌ SSL 证书申请失败${NC}"
echo -e "${YELLOW}提示:请确保:${NC}"
echo " 1. 域名 ${DOMAIN} 已正确解析到服务器 IP"
echo " 2. 防火墙已开放 80 和 443 端口"
echo " 3. Nginx 正在运行"
exit 1
fi
fi
echo ""
# ============================================
# 第四步:验证 SSL 配置
# ============================================
echo -e "${BLUE}✅ 第四步:验证 SSL 配置...${NC}"
# 测试 Nginx 配置
if nginx -t; then
systemctl reload nginx
echo -e "${GREEN}✅ Nginx 配置验证通过${NC}"
else
echo -e "${RED}❌ Nginx 配置验证失败${NC}"
exit 1
fi
# 测试 HTTPS 连接
echo ""
echo -e "${BLUE}测试 HTTPS 连接...${NC}"
if curl -s -k https://${DOMAIN}/health > /dev/null; then
echo -e "${GREEN}✅ HTTPS 连接正常${NC}"
else
echo -e "${YELLOW}⚠️ HTTPS 连接测试失败,请检查配置${NC}"
fi
echo ""
echo "============================================"
echo -e "${GREEN}🎉 SSL 配置完成!${NC}"
echo "============================================"
echo ""
echo "📊 验证信息:"
echo " - 证书路径: /etc/letsencrypt/live/${DOMAIN}/"
echo " - HTTPS URL: https://${DOMAIN}"
echo ""
echo "📝 证书自动续期:"
echo " Let's Encrypt 证书有效期为 90 天"
echo " Certbot 会自动续期,或手动运行: certbot renew"
echo ""
echo "🌐 测试命令:"
echo " curl https://${DOMAIN}/health"
echo ""
Reference in New Issue View Git Blame Copy Permalink