init: ALiYunManager 基础设施项目 — nginx配置/docker-compose/部署文档

2026-05-16 23:27:24 +08:00
commit 0413d2715c
28 changed files with 2590 additions and 0 deletions
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# ============================================
+# 备份脚本
+# 备份 Nginx 配置和 SSL 证书
+# ============================================
+
+BACKUP_DIR="/opt/backups"
+DATE=$(date +%Y%m%d_%H%M%S)
+BACKUP_NAME="aliyun-manager_backup_$DATE"
+
+echo "=========================================="
+echo "  开始备份"
+echo "=========================================="
+
+mkdir -p "$BACKUP_DIR"
+
+# 备份配置
+cd "$(dirname "$0")/.."
+tar czf "$BACKUP_DIR/${BACKUP_NAME}.tar.gz" \
+    nginx/nginx.conf \
+    nginx/conf.d/ \
+    nginx/ssl/ \
+    services/ \
+    docker-compose.yml \
+    .env \
+    2>/dev/null || true
+
+# 保留最近 30 天的备份
+cd "$BACKUP_DIR"
+ls -t *.tar.gz | tail -n +31 | xargs rm -f 2>/dev/null || true
+
+echo "备份完成: $BACKUP_DIR/${BACKUP_NAME}.tar.gz"
+echo ""
+echo "最近备份列表:"
+ls -lh "$BACKUP_DIR"/*.tar.gz 2>/dev/null | tail -5
@@ -0,0 +1,108 @@
+#!/bin/bash
+
+# ============================================
+# 服务器初始化脚本
+# 在全新的阿里云服务器上运行此脚本
+# ============================================
+
+set -e
+
+echo "=========================================="
+echo "  阿里云服务器初始化"
+echo "=========================================="
+echo ""
+
+# 更新系统
+if command -v apt-get &> /dev/null; then
+    echo "检测到 Debian/Ubuntu 系统"
+    apt-get update
+    apt-get upgrade -y
+    apt-get install -y curl wget git vim unzip ufw
+elif command -v yum &> /dev/null; then
+    echo "检测到 CentOS/RHEL 系统"
+    yum update -y
+    yum install -y curl wget git vim unzip firewalld
+fi
+
+# 安装 Docker
+echo ""
+echo "正在安装 Docker..."
+if ! command -v docker &> /dev/null; then
+    curl -fsSL https://get.docker.com | sh
+    systemctl start docker
+    systemctl enable docker
+    echo "Docker 安装完成"
+else
+    echo "Docker 已安装，跳过"
+fi
+
+# 安装 Docker Compose
+echo ""
+echo "正在安装 Docker Compose..."
+if ! command -v docker-compose &> /dev/null; then
+    DOCKER_COMPOSE_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
+    curl -L "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+    chmod +x /usr/local/bin/docker-compose
+    ln -sf /usr/local/bin/docker-compose /usr/bin/docker-compose
+    echo "Docker Compose 安装完成"
+else
+    echo "Docker Compose 已安装，跳过"
+fi
+
+# 配置防火墙
+echo ""
+echo "正在配置防火墙..."
+if command -v ufw &> /dev/null; then
+    ufw default deny incoming
+    ufw default allow outgoing
+    ufw allow 22/tcp
+    ufw allow 80/tcp
+    ufw allow 443/tcp
+    ufw --force enable
+    echo "UFW 防火墙配置完成"
+elif command -v firewall-cmd &> /dev/null; then
+    systemctl start firewalld
+    systemctl enable firewalld
+    firewall-cmd --permanent --add-service=ssh
+    firewall-cmd --permanent --add-service=http
+    firewall-cmd --permanent --add-service=https
+    firewall-cmd --reload
+    echo "Firewalld 防火墙配置完成"
+fi
+
+# 配置时区
+echo ""
+echo "设置时区为 Asia/Shanghai..."
+timedatectl set-timezone Asia/Shanghai || true
+
+# Docker 镜像加速（阿里云）
+echo ""
+echo "配置 Docker 镜像加速..."
+mkdir -p /etc/docker
+cat > /etc/docker/daemon.json << 'EOF'
+{
+    "registry-mirrors": [
+        "https://mirror.ccs.tencentyun.com",
+        "https://hub-mirror.c.163.com"
+    ],
+    "log-driver": "json-file",
+    "log-opts": {
+        "max-size": "10m",
+        "max-file": "3"
+    }
+}
+EOF
+systemctl restart docker
+
+echo ""
+echo "=========================================="
+echo "  服务器初始化完成"
+echo "=========================================="
+echo ""
+echo "Docker 版本:"
+docker --version
+echo "Docker Compose 版本:"
+docker-compose --version
+echo ""
+echo "下一步：上传项目文件并运行 ./deploy.sh"
+echo ""
@@ -0,0 +1,13 @@
+/var/log/nginx/*.log {
+    daily
+    missingok
+    rotate 14
+    compress
+    delaycompress
+    notifempty
+    create 0644 nginx nginx
+    sharedscripts
+    postrotate
+        docker exec main-nginx nginx -s reload > /dev/null 2>&1 || true
+    endscript
+}
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# ============================================
+# SSL 证书自动配置脚本 (使用 Certbot)
+# ============================================
+# 前置条件：
+# 1. 域名已解析到服务器
+# 2. 80 端口可从外网访问
+# 3. Docker 和 Docker Compose 已安装
+# ============================================
+
+set -e
+
+DOMAIN_RESUME_WEB=${DOMAIN_RESUME_WEB:-me.dxz99wyr.cn}
+DOMAIN_MINIAPP_WEB=${DOMAIN_MINIAPP_WEB:-www.dxz99wyr.cn}
+DOMAIN_RESUME_API=${DOMAIN_RESUME_API:-api-resume.dxz99wyr.cn}
+DOMAIN_MINIAPP_API=${DOMAIN_MINIAPP_API:-api-miniapp.dxz99wyr.cn}
+
+# 证书存储目录
+SSL_DIR="$(cd "$(dirname "$0")/.." && pwd)/nginx/ssl"
+mkdir -p "$SSL_DIR"
+
+echo "=========================================="
+echo "  SSL 证书自动配置"
+echo "=========================================="
+echo ""
+echo "将为以下域名申请证书："
+echo "  - $DOMAIN_RESUME_WEB"
+echo "  - $DOMAIN_MINIAPP_WEB"
+echo "  - $DOMAIN_RESUME_API"
+echo "  - $DOMAIN_MINIAPP_API"
+echo ""
+
+# 检查 Certbot 是否安装
+if ! command -v certbot &> /dev/null; then
+    echo "正在安装 Certbot..."
+    if command -v apt-get &> /dev/null; then
+        apt-get update
+        apt-get install -y certbot
+    elif command -v yum &> /dev/null; then
+        yum install -y certbot
+    elif command -v apk &> /dev/null; then
+        apk add certbot
+    else
+        echo "错误：无法自动安装 Certbot，请手动安装"
+        exit 1
+    fi
+fi
+
+# 使用 Certbot 申请证书（standalone 模式）
+echo "正在申请证书..."
+certbot certonly \
+    --standalone \
+    --agree-tos \
+    --non-interactive \
+    --email admin@dxz99wyr.cn \
+    -d "$DOMAIN_RESUME_WEB" \
+    -d "$DOMAIN_MINIAPP_WEB" \
+    -d "$DOMAIN_RESUME_API" \
+    -d "$DOMAIN_MINIAPP_API" \
+    || {
+        echo ""
+        echo "证书申请失败，可能原因："
+        echo "  1. 域名未正确解析到本服务器"
+        echo "  2. 80 端口被占用或防火墙阻止"
+        echo "  3. 请确保上述域名都已添加 A 记录指向本服务器 IP"
+        exit 1
+    }
+
+# 复制证书到项目目录
+CERT_DIR="/etc/letsencrypt/live"
+for domain in "$DOMAIN_RESUME_WEB" "$DOMAIN_MINIAPP_WEB" "$DOMAIN_RESUME_API" "$DOMAIN_MINIAPP_API"; do
+    if [ -d "$CERT_DIR/$domain" ]; then
+        cp "$CERT_DIR/$domain/fullchain.pem" "$SSL_DIR/$domain.crt"
+        cp "$CERT_DIR/$domain/privkey.pem" "$SSL_DIR/$domain.key"
+        echo "已复制证书: $domain"
+    fi
+done
+
+# 设置自动续期
+echo ""
+echo "设置证书自动续期..."
+(crontab -l 2>/dev/null | grep -v "certbot renew"; echo "0 3 * * * certbot renew --quiet --deploy-hook 'docker exec main-nginx nginx -s reload'") | crontab -
+
+echo ""
+echo "=========================================="
+echo "  SSL 证书配置完成"
+echo "=========================================="
+echo ""
+echo "请执行以下步骤启用 HTTPS："
+echo "  1. 将 nginx/conf.d/ssl-template.conf 的内容取消注释"
+echo "  2. 根据实际域名修改 server_name 和证书路径"
+echo "  3. 重启 Nginx: docker-compose restart nginx"
+echo ""
+echo "证书将自动续期，每天凌晨 3 点检查"
+echo ""
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# ============================================
+# 更新单个服务脚本
+# 用法: ./update-service.sh <服务名>
+# 示例: ./update-service.sh resume-web
+# ============================================
+
+SERVICE_NAME=$1
+
+if [ -z "$SERVICE_NAME" ]; then
+    echo "错误：请指定服务名"
+    echo "用法: $0 <服务名>"
+    echo "可用服务: resume-web, miniapp-web, resume-api, miniapp-api"
+    exit 1
+fi
+
+if [ ! -d "services/$SERVICE_NAME" ]; then
+    echo "错误：服务 '$SERVICE_NAME' 不存在"
+    exit 1
+fi
+
+echo "=========================================="
+echo "  更新服务: $SERVICE_NAME"
+echo "=========================================="
+
+# 如果有 Dockerfile，重新构建
+if [ -f "services/$SERVICE_NAME/Dockerfile" ]; then
+    echo "检测到 Dockerfile，正在构建镜像..."
+    docker-compose build "$SERVICE_NAME"
+fi
+
+# 重启指定服务
+echo "正在重启服务..."
+docker-compose up -d --no-deps --force-recreate "$SERVICE_NAME"
+
+# 检查健康状态
+echo ""
+echo "等待服务启动..."
+sleep 3
+
+if docker-compose ps | grep "$SERVICE_NAME" | grep -q "Up"; then
+    echo "服务 $SERVICE_NAME 更新成功"
+else
+    echo "警告：服务 $SERVICE_NAME 状态异常，请检查日志"
+    docker-compose logs --tail=50 "$SERVICE_NAME"
+fi