hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rwadurian/frontend/mobile-upgrade/nginx/setup-ssl.sh

202 lines
4.8 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# RWADurian Mobile Upgrade SSL 证书配置脚本
# 使用 Let's Encrypt 申请 SSL 证书
set -e
DOMAIN="update.szaiai.com"
EMAIL="admin@szaiai.com" # 修改为你的邮箱
NGINX_CONF="/etc/nginx/sites-available/$DOMAIN"
NGINX_ENABLED="/etc/nginx/sites-enabled/$DOMAIN"
CERTBOT_WEBROOT="/var/www/certbot"
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# 检查是否为 root
check_root() {
if [ "$EUID" -ne 0 ]; then
log_error "请使用 root 权限运行此脚本"
exit 1
fi
}
# 安装 Certbot
install_certbot() {
log_info "检查 Certbot 安装..."
if command -v certbot &> /dev/null; then
log_success "Certbot 已安装"
return
fi
log_info "安装 Certbot..."
# Ubuntu/Debian
if command -v apt &> /dev/null; then
apt update
apt install -y certbot python3-certbot-nginx
# CentOS/RHEL
elif command -v yum &> /dev/null; then
yum install -y epel-release
yum install -y certbot python3-certbot-nginx
else
log_error "不支持的系统,请手动安装 certbot"
exit 1
fi
log_success "Certbot 安装完成"
}
# 配置 Nginx (首次,无 SSL)
setup_nginx_initial() {
log_info "配置 Nginx (HTTP only用于证书申请)..."
# 创建临时配置文件(仅 HTTP
cat > "$NGINX_CONF" << 'EOF'
server {
listen 80;
listen [::]:80;
server_name update.szaiai.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
EOF
# 创建 certbot webroot 目录
mkdir -p "$CERTBOT_WEBROOT"
# 启用站点
ln -sf "$NGINX_CONF" "$NGINX_ENABLED"
# 测试并重载 Nginx
nginx -t && systemctl reload nginx
log_success "Nginx HTTP 配置完成"
}
# 申请 SSL 证书
obtain_certificate() {
log_info "申请 Let's Encrypt SSL 证书..."
certbot certonly \
--webroot \
--webroot-path="$CERTBOT_WEBROOT" \
--email "$EMAIL" \
--agree-tos \
--no-eff-email \
-d "$DOMAIN"
log_success "SSL 证书申请成功"
}
# 配置 Nginx (完整 HTTPS)
setup_nginx_ssl() {
log_info "配置 Nginx (HTTPS)..."
# 获取脚本所在目录
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# 复制完整配置
cp "$SCRIPT_DIR/update.szaiai.com.conf" "$NGINX_CONF"
# 测试并重载 Nginx
nginx -t && systemctl reload nginx
log_success "Nginx HTTPS 配置完成"
}
# 设置自动续期
setup_auto_renewal() {
log_info "配置证书自动续期..."
# 测试续期
certbot renew --dry-run
log_success "自动续期配置完成 (cron job 已由 certbot 自动创建)"
}
# 显示帮助
show_help() {
echo ""
echo "RWADurian Mobile Upgrade SSL 配置脚本"
echo ""
echo "使用方法: sudo ./setup-ssl.sh [命令]"
echo ""
echo "命令:"
echo " install 完整安装 (默认)"
echo " renew 手动续期证书"
echo " status 查看证书状态"
echo " help 显示帮助"
echo ""
echo "注意: 运行前请确保:"
echo " 1. 域名 DNS 已指向本服务器"
echo " 2. 防火墙已开放 80 和 443 端口"
echo " 3. Docker 应用已启动在 3020 端口"
echo ""
}
# 完整安装
full_install() {
check_root
install_certbot
setup_nginx_initial
obtain_certificate
setup_nginx_ssl
setup_auto_renewal
echo ""
log_success "=========================================="
log_success "SSL 配置完成!"
log_success "访问地址: https://$DOMAIN"
log_success "=========================================="
}
# 主函数
main() {
case "${1:-install}" in
install)
full_install
;;
renew)
check_root
certbot renew
systemctl reload nginx
;;
status)
certbot certificates
;;
help|--help|-h)
show_help
;;
*)
log_error "未知命令: $1"
show_help
exit 1
;;
esac
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink