#!/bin/bash
# ============================================================
# Genex Nginx 部署脚本
# 跳板机: 14.215.128.96 (gcx-jump)
# SSH:    ssh -i ~/.ssh/id_ed25519 root@14.215.128.96
# ============================================================
set -euo pipefail

CONF_NAME="genex-api.conf"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
CONF_SRC="${SCRIPT_DIR}/${CONF_NAME}"

echo "=== Genex Nginx 部署 ==="

# 1. 安装 Nginx 配置
echo "[1/4] 安装配置 → /etc/nginx/sites-available/"
cp "${CONF_SRC}" /etc/nginx/sites-available/${CONF_NAME}

# 2. 启用站点
echo "[2/4] 创建 sites-enabled 软链..."
ln -sf /etc/nginx/sites-available/${CONF_NAME} /etc/nginx/sites-enabled/${CONF_NAME}

# 3. 创建 certbot webroot
echo "[3/4] 创建 ACME 验证目录..."
mkdir -p /var/www/certbot

# 4. 测试并重载
echo "[4/4] 测试配置并重载..."
nginx -t
systemctl reload nginx

echo ""
echo "=== 部署完成 ==="
echo "HTTPS 已启用: https://api.gogenex.com"
echo ""
echo "续签 SSL 证书 (自动续签已配置):"
echo "  certbot renew --dry-run"
echo ""
echo "新增域名证书:"
echo "  certbot certonly --webroot -w /var/www/certbot -d admin.gogenex.com -d ws.gogenex.com"