123 lines
3.3 KiB
Bash
123 lines
3.3 KiB
Bash
|
#!/bin/bash
|
|||
|
|
# ============================================
|
|||
|
|
# 更新 Nginx 配置以启用 HTTPS
|
|||
|
|
# ============================================
|
|||
|
|
# 用途:为 api.muststudy.xin 配置 HTTPS(使用现有证书)
|
|||
|
|
# 使用方法:在服务器上执行 bash deploy/update-nginx-ssl.sh
|
|||
|
|
# ============================================
|
|||
|
|
|
|||
|
|
set -e
|
|||
|
|
|
|||
|
|
# 颜色
|
|||
|
|
GREEN='\033[0;32m'
|
|||
|
|
YELLOW='\033[1;33m'
|
|||
|
|
RED='\033[0;31m'
|
|||
|
|
BLUE='\033[0;34m'
|
|||
|
|
NC='\033[0m'
|
|||
|
|
|
|||
|
|
echo -e "${BLUE}🔒 更新 Nginx 配置以启用 HTTPS...${NC}"
|
|||
|
|
echo ""
|
|||
|
|
|
|||
|
|
DOMAIN="api.muststudy.xin"
|
|||
|
|
NGINX_CONF="/etc/nginx/conf.d/wildgrowth-api.conf"
|
|||
|
|
CERT_PATH="/etc/letsencrypt/live/${DOMAIN}"
|
|||
|
|
|
|||
|
|
# 检查证书是否存在
|
|||
|
|
if [ ! -d "$CERT_PATH" ]; then
|
|||
|
|
echo -e "${RED}❌ SSL 证书不存在: ${CERT_PATH}${NC}"
|
|||
|
|
echo -e "${YELLOW}请先运行: bash deploy/setup-ssl-api.sh${NC}"
|
|||
|
|
exit 1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
echo -e "${GREEN}✅ 找到 SSL 证书: ${CERT_PATH}${NC}"
|
|||
|
|
echo ""
|
|||
|
|
|
|||
|
|
# 更新 Nginx 配置
|
|||
|
|
echo -e "${BLUE}📝 更新 Nginx 配置...${NC}"
|
|||
|
|
|
|||
|
|
cat > $NGINX_CONF <<'EOF'
|
|||
|
|
# HTTP 重定向到 HTTPS
|
|||
|
|
server {
|
|||
|
|
listen 80;
|
|||
|
|
server_name api.muststudy.xin;
|
|||
|
|
|
|||
|
|
# Let's Encrypt 验证
|
|||
|
|
location /.well-known/acme-challenge/ {
|
|||
|
|
root /var/www/certbot;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# 其他请求重定向到 HTTPS
|
|||
|
|
location / {
|
|||
|
|
return 301 https://$server_name$request_uri;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# HTTPS 配置
|
|||
|
|
server {
|
|||
|
|
listen 443 ssl http2;
|
|||
|
|
server_name api.muststudy.xin;
|
|||
|
|
|
|||
|
|
# SSL 证书配置
|
|||
|
|
ssl_certificate /etc/letsencrypt/live/api.muststudy.xin/fullchain.pem;
|
|||
|
|
ssl_certificate_key /etc/letsencrypt/live/api.muststudy.xin/privkey.pem;
|
|||
|
|
|
|||
|
|
# SSL 安全配置
|
|||
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|||
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|||
|
|
ssl_prefer_server_ciphers on;
|
|||
|
|
ssl_session_cache shared:SSL:10m;
|
|||
|
|
ssl_session_timeout 10m;
|
|||
|
|
|
|||
|
|
# 日志
|
|||
|
|
access_log /var/log/nginx/wildgrowth-api-access.log;
|
|||
|
|
error_log /var/log/nginx/wildgrowth-api-error.log;
|
|||
|
|
|
|||
|
|
# 上传文件大小限制
|
|||
|
|
client_max_body_size 10M;
|
|||
|
|
|
|||
|
|
location / {
|
|||
|
|
proxy_pass http://localhost:3000;
|
|||
|
|
proxy_http_version 1.1;
|
|||
|
|
proxy_set_header Upgrade $http_upgrade;
|
|||
|
|
proxy_set_header Connection 'upgrade';
|
|||
|
|
proxy_set_header Host $host;
|
|||
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|||
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|||
|
|
proxy_cache_bypass $http_upgrade;
|
|||
|
|
|
|||
|
|
# 超时设置(增加到5分钟,支持长时间运行的AI生成任务)
|
|||
|
|
proxy_connect_timeout 300s;
|
|||
|
|
proxy_send_timeout 300s;
|
|||
|
|
proxy_read_timeout 300s;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
EOF
|
|||
|
|
|
|||
|
|
# 测试 Nginx 配置
|
|||
|
|
echo -e "${BLUE}🔍 测试 Nginx 配置...${NC}"
|
|||
|
|
if nginx -t; then
|
|||
|
|
echo -e "${GREEN}✅ Nginx 配置验证通过${NC}"
|
|||
|
|
|
|||
|
|
# 重载 Nginx
|
|||
|
|
systemctl reload nginx
|
|||
|
|
echo -e "${GREEN}✅ Nginx 已重载${NC}"
|
|||
|
|
else
|
|||
|
|
echo -e "${RED}❌ Nginx 配置验证失败${NC}"
|
|||
|
|
exit 1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
echo ""
|
|||
|
|
echo "============================================"
|
|||
|
|
echo -e "${GREEN}🎉 HTTPS 配置完成!${NC}"
|
|||
|
|
echo "============================================"
|
|||
|
|
echo ""
|
|||
|
|
echo "📊 配置信息:"
|
|||
|
|
echo " - HTTP (80): 自动重定向到 HTTPS"
|
|||
|
|
echo " - HTTPS (443): 已启用 SSL"
|
|||
|
|
echo " - 证书路径: ${CERT_PATH}"
|
|||
|
|
echo ""
|
|||
|
|
echo "🌐 测试命令:"
|
|||
|
|
echo " curl https://${DOMAIN}/health"
|
|||
|
|
echo ""
|