|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
|
|
|
set -e |
|
|
|
|
|
echo "🔒 设置SSL证书..." |
|
|
echo |
|
|
|
|
|
|
|
|
if [ "$EUID" -ne 0 ]; then |
|
|
echo "❌ 请使用sudo运行此脚本" |
|
|
exit 1 |
|
|
fi |
|
|
|
|
|
|
|
|
read -p "请输入您的域名 (例如: example.com): " DOMAIN |
|
|
if [ -z "$DOMAIN" ]; then |
|
|
echo "❌ 域名不能为空" |
|
|
exit 1 |
|
|
fi |
|
|
|
|
|
read -p "请输入您的邮箱地址: " EMAIL |
|
|
if [ -z "$EMAIL" ]; then |
|
|
echo "❌ 邮箱地址不能为空" |
|
|
exit 1 |
|
|
fi |
|
|
|
|
|
echo "域名: $DOMAIN" |
|
|
echo "邮箱: $EMAIL" |
|
|
echo |
|
|
|
|
|
|
|
|
echo "📦 安装nginx..." |
|
|
apt update |
|
|
apt install -y nginx |
|
|
|
|
|
|
|
|
echo "📦 安装certbot..." |
|
|
apt install -y certbot python3-certbot-nginx |
|
|
|
|
|
|
|
|
echo "⚙️ 创建nginx配置..." |
|
|
cat > /etc/nginx/sites-available/chatapp << EOF |
|
|
server { |
|
|
listen 80; |
|
|
server_name $DOMAIN www.$DOMAIN; |
|
|
|
|
|
location /.well-known/acme-challenge/ { |
|
|
root /var/www/html; |
|
|
} |
|
|
|
|
|
location / { |
|
|
proxy_pass http://localhost:3000; |
|
|
proxy_set_header Host \$host; |
|
|
proxy_set_header X-Real-IP \$remote_addr; |
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; |
|
|
proxy_set_header X-Forwarded-Proto \$scheme; |
|
|
} |
|
|
|
|
|
location /api/ { |
|
|
proxy_pass http://localhost:5000; |
|
|
proxy_set_header Host \$host; |
|
|
proxy_set_header X-Real-IP \$remote_addr; |
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; |
|
|
proxy_set_header X-Forwarded-Proto \$scheme; |
|
|
} |
|
|
|
|
|
location /socket.io/ { |
|
|
proxy_pass http://localhost:5000; |
|
|
proxy_http_version 1.1; |
|
|
proxy_set_header Upgrade \$http_upgrade; |
|
|
proxy_set_header Connection "upgrade"; |
|
|
proxy_set_header Host \$host; |
|
|
proxy_set_header X-Real-IP \$remote_addr; |
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; |
|
|
proxy_set_header X-Forwarded-Proto \$scheme; |
|
|
} |
|
|
} |
|
|
EOF |
|
|
|
|
|
|
|
|
ln -sf /etc/nginx/sites-available/chatapp /etc/nginx/sites-enabled/ |
|
|
rm -f /etc/nginx/sites-enabled/default |
|
|
|
|
|
|
|
|
nginx -t |
|
|
|
|
|
|
|
|
systemctl restart nginx |
|
|
systemctl enable nginx |
|
|
|
|
|
echo "✅ nginx配置完成" |
|
|
echo |
|
|
|
|
|
|
|
|
echo "🔒 获取SSL证书..." |
|
|
certbot --nginx -d $DOMAIN -d www.$DOMAIN --email $EMAIL --agree-tos --no-eff-email |
|
|
|
|
|
|
|
|
echo "⏰ 设置证书自动续期..." |
|
|
(crontab -l 2>/dev/null; echo "0 12 * * * /usr/bin/certbot renew --quiet") | crontab - |
|
|
|
|
|
|
|
|
echo "⚙️ 应用完整nginx配置..." |
|
|
sed "s/your-domain.com/$DOMAIN/g" nginx-proxy.conf > /etc/nginx/sites-available/chatapp |
|
|
nginx -t |
|
|
systemctl reload nginx |
|
|
|
|
|
echo |
|
|
echo "🎉 SSL设置完成!" |
|
|
echo |
|
|
echo "🌐 您的网站现在可以通过以下地址访问:" |
|
|
echo " - https://$DOMAIN" |
|
|
echo " - https://www.$DOMAIN" |
|
|
echo |
|
|
echo "🔒 SSL证书信息:" |
|
|
certbot certificates |
|
|
echo |
|
|
echo "📋 管理命令:" |
|
|
echo " - 续期证书: sudo certbot renew" |
|
|
echo " - 查看证书: sudo certbot certificates" |
|
|
echo " - 测试续期: sudo certbot renew --dry-run" |
|
|
|
