Superuser
97 lines
3.1 KiB
Bash
97 lines
3.1 KiB
Bash
#!/bin/bash
|
||
|
||
# ============================================
|
||
# SSL 证书自动配置脚本 (使用 Certbot)
|
||
# ============================================
|
||
# 前置条件:
|
||
# 1. 域名已解析到服务器
|
||
# 2. 80 端口可从外网访问
|
||
# 3. Docker 和 Docker Compose 已安装
|
||
# ============================================
|
||
|
||
set -e
|
||
|
||
DOMAIN_RESUME_WEB=${DOMAIN_RESUME_WEB:-me.dxz99wyr.cn}
|
||
DOMAIN_MINIAPP_WEB=${DOMAIN_MINIAPP_WEB:-www.dxz99wyr.cn}
|
||
DOMAIN_RESUME_API=${DOMAIN_RESUME_API:-api-resume.dxz99wyr.cn}
|
||
DOMAIN_MINIAPP_API=${DOMAIN_MINIAPP_API:-api-miniapp.dxz99wyr.cn}
|
||
|
||
# 证书存储目录
|
||
SSL_DIR="$(cd "$(dirname "$0")/.." && pwd)/nginx/ssl"
|
||
mkdir -p "$SSL_DIR"
|
||
|
||
echo "=========================================="
|
||
echo " SSL 证书自动配置"
|
||
echo "=========================================="
|
||
echo ""
|
||
echo "将为以下域名申请证书:"
|
||
echo " - $DOMAIN_RESUME_WEB"
|
||
echo " - $DOMAIN_MINIAPP_WEB"
|
||
echo " - $DOMAIN_RESUME_API"
|
||
echo " - $DOMAIN_MINIAPP_API"
|
||
echo ""
|
||
|
||
# 检查 Certbot 是否安装
|
||
if ! command -v certbot &> /dev/null; then
|
||
echo "正在安装 Certbot..."
|
||
if command -v apt-get &> /dev/null; then
|
||
apt-get update
|
||
apt-get install -y certbot
|
||
elif command -v yum &> /dev/null; then
|
||
yum install -y certbot
|
||
elif command -v apk &> /dev/null; then
|
||
apk add certbot
|
||
else
|
||
echo "错误:无法自动安装 Certbot,请手动安装"
|
||
exit 1
|
||
fi
|
||
fi
|
||
|
||
# 使用 Certbot 申请证书(standalone 模式)
|
||
echo "正在申请证书..."
|
||
certbot certonly \
|
||
--standalone \
|
||
--agree-tos \
|
||
--non-interactive \
|
||
--email admin@dxz99wyr.cn \
|
||
-d "$DOMAIN_RESUME_WEB" \
|
||
-d "$DOMAIN_MINIAPP_WEB" \
|
||
-d "$DOMAIN_RESUME_API" \
|
||
-d "$DOMAIN_MINIAPP_API" \
|
||
|| {
|
||
echo ""
|
||
echo "证书申请失败,可能原因:"
|
||
echo " 1. 域名未正确解析到本服务器"
|
||
echo " 2. 80 端口被占用或防火墙阻止"
|
||
echo " 3. 请确保上述域名都已添加 A 记录指向本服务器 IP"
|
||
exit 1
|
||
}
|
||
|
||
# 复制证书到项目目录
|
||
CERT_DIR="/etc/letsencrypt/live"
|
||
for domain in "$DOMAIN_RESUME_WEB" "$DOMAIN_MINIAPP_WEB" "$DOMAIN_RESUME_API" "$DOMAIN_MINIAPP_API"; do
|
||
if [ -d "$CERT_DIR/$domain" ]; then
|
||
cp "$CERT_DIR/$domain/fullchain.pem" "$SSL_DIR/$domain.crt"
|
||
cp "$CERT_DIR/$domain/privkey.pem" "$SSL_DIR/$domain.key"
|
||
echo "已复制证书: $domain"
|
||
fi
|
||
done
|
||
|
||
# 设置自动续期
|
||
echo ""
|
||
echo "设置证书自动续期..."
|
||
(crontab -l 2>/dev/null | grep -v "certbot renew"; echo "0 3 * * * certbot renew --quiet --deploy-hook 'docker exec main-nginx nginx -s reload'") | crontab -
|
||
|
||
echo ""
|
||
echo "=========================================="
|
||
echo " SSL 证书配置完成"
|
||
echo "=========================================="
|
||
echo ""
|
||
echo "请执行以下步骤启用 HTTPS:"
|
||
echo " 1. 将 nginx/conf.d/ssl-template.conf 的内容取消注释"
|
||
echo " 2. 根据实际域名修改 server_name 和证书路径"
|
||
echo " 3. 重启 Nginx: docker-compose restart nginx"
|
||
echo ""
|
||
echo "证书将自动续期,每天凌晨 3 点检查"
|
||
echo ""
|