init: ALiYunManager 基础设施项目 — nginx配置/docker-compose/部署文档

2026-05-16 23:27:24 +08:00
commit 0413d2715c
28 changed files with 2590 additions and 0 deletions
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+# ============================================
+# SSL 证书自动配置脚本 (使用 Certbot)
+# ============================================
+# 前置条件：
+# 1. 域名已解析到服务器
+# 2. 80 端口可从外网访问
+# 3. Docker 和 Docker Compose 已安装
+# ============================================
+
+set -e
+
+DOMAIN_RESUME_WEB=${DOMAIN_RESUME_WEB:-me.dxz99wyr.cn}
+DOMAIN_MINIAPP_WEB=${DOMAIN_MINIAPP_WEB:-www.dxz99wyr.cn}
+DOMAIN_RESUME_API=${DOMAIN_RESUME_API:-api-resume.dxz99wyr.cn}
+DOMAIN_MINIAPP_API=${DOMAIN_MINIAPP_API:-api-miniapp.dxz99wyr.cn}
+
+# 证书存储目录
+SSL_DIR="$(cd "$(dirname "$0")/.." && pwd)/nginx/ssl"
+mkdir -p "$SSL_DIR"
+
+echo "=========================================="
+echo "  SSL 证书自动配置"
+echo "=========================================="
+echo ""
+echo "将为以下域名申请证书："
+echo "  - $DOMAIN_RESUME_WEB"
+echo "  - $DOMAIN_MINIAPP_WEB"
+echo "  - $DOMAIN_RESUME_API"
+echo "  - $DOMAIN_MINIAPP_API"
+echo ""
+
+# 检查 Certbot 是否安装
+if ! command -v certbot &> /dev/null; then
+    echo "正在安装 Certbot..."
+    if command -v apt-get &> /dev/null; then
+        apt-get update
+        apt-get install -y certbot
+    elif command -v yum &> /dev/null; then
+        yum install -y certbot
+    elif command -v apk &> /dev/null; then
+        apk add certbot
+    else
+        echo "错误：无法自动安装 Certbot，请手动安装"
+        exit 1
+    fi
+fi
+
+# 使用 Certbot 申请证书（standalone 模式）
+echo "正在申请证书..."
+certbot certonly \
+    --standalone \
+    --agree-tos \
+    --non-interactive \
+    --email admin@dxz99wyr.cn \
+    -d "$DOMAIN_RESUME_WEB" \
+    -d "$DOMAIN_MINIAPP_WEB" \
+    -d "$DOMAIN_RESUME_API" \
+    -d "$DOMAIN_MINIAPP_API" \
+    || {
+        echo ""
+        echo "证书申请失败，可能原因："
+        echo "  1. 域名未正确解析到本服务器"
+        echo "  2. 80 端口被占用或防火墙阻止"
+        echo "  3. 请确保上述域名都已添加 A 记录指向本服务器 IP"
+        exit 1
+    }
+
+# 复制证书到项目目录
+CERT_DIR="/etc/letsencrypt/live"
+for domain in "$DOMAIN_RESUME_WEB" "$DOMAIN_MINIAPP_WEB" "$DOMAIN_RESUME_API" "$DOMAIN_MINIAPP_API"; do
+    if [ -d "$CERT_DIR/$domain" ]; then
+        cp "$CERT_DIR/$domain/fullchain.pem" "$SSL_DIR/$domain.crt"
+        cp "$CERT_DIR/$domain/privkey.pem" "$SSL_DIR/$domain.key"
+        echo "已复制证书: $domain"
+    fi
+done
+
+# 设置自动续期
+echo ""
+echo "设置证书自动续期..."
+(crontab -l 2>/dev/null | grep -v "certbot renew"; echo "0 3 * * * certbot renew --quiet --deploy-hook 'docker exec main-nginx nginx -s reload'") | crontab -
+
+echo ""
+echo "=========================================="
+echo "  SSL 证书配置完成"
+echo "=========================================="
+echo ""
+echo "请执行以下步骤启用 HTTPS："
+echo "  1. 将 nginx/conf.d/ssl-template.conf 的内容取消注释"
+echo "  2. 根据实际域名修改 server_name 和证书路径"
+echo "  3. 重启 Nginx: docker-compose restart nginx"
+echo ""
+echo "证书将自动续期，每天凌晨 3 点检查"
+echo ""