Spaces:
Configuration error
Configuration error
| # SSL证书设置脚本 - 使用Let's Encrypt | |
| set -e | |
| echo "🔒 设置SSL证书..." | |
| echo | |
| # 检查是否为root用户 | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "❌ 请使用sudo运行此脚本" | |
| exit 1 | |
| fi | |
| # 获取域名 | |
| read -p "请输入您的域名 (例如: example.com): " DOMAIN | |
| if [ -z "$DOMAIN" ]; then | |
| echo "❌ 域名不能为空" | |
| exit 1 | |
| fi | |
| read -p "请输入您的邮箱地址: " EMAIL | |
| if [ -z "$EMAIL" ]; then | |
| echo "❌ 邮箱地址不能为空" | |
| exit 1 | |
| fi | |
| echo "域名: $DOMAIN" | |
| echo "邮箱: $EMAIL" | |
| echo | |
| # 安装nginx | |
| echo "📦 安装nginx..." | |
| apt update | |
| apt install -y nginx | |
| # 安装certbot | |
| echo "📦 安装certbot..." | |
| apt install -y certbot python3-certbot-nginx | |
| # 创建基本nginx配置 | |
| echo "⚙️ 创建nginx配置..." | |
| cat > /etc/nginx/sites-available/chatapp << EOF | |
| server { | |
| listen 80; | |
| server_name $DOMAIN www.$DOMAIN; | |
| location /.well-known/acme-challenge/ { | |
| root /var/www/html; | |
| } | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto \$scheme; | |
| } | |
| location /api/ { | |
| proxy_pass http://localhost:5000; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto \$scheme; | |
| } | |
| location /socket.io/ { | |
| proxy_pass http://localhost:5000; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade \$http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto \$scheme; | |
| } | |
| } | |
| EOF | |
| # 启用站点 | |
| ln -sf /etc/nginx/sites-available/chatapp /etc/nginx/sites-enabled/ | |
| rm -f /etc/nginx/sites-enabled/default | |
| # 测试nginx配置 | |
| nginx -t | |
| # 重启nginx | |
| systemctl restart nginx | |
| systemctl enable nginx | |
| echo "✅ nginx配置完成" | |
| echo | |
| # 获取SSL证书 | |
| echo "🔒 获取SSL证书..." | |
| certbot --nginx -d $DOMAIN -d www.$DOMAIN --email $EMAIL --agree-tos --no-eff-email | |
| # 设置自动续期 | |
| echo "⏰ 设置证书自动续期..." | |
| (crontab -l 2>/dev/null; echo "0 12 * * * /usr/bin/certbot renew --quiet") | crontab - | |
| # 复制完整的nginx配置 | |
| echo "⚙️ 应用完整nginx配置..." | |
| sed "s/your-domain.com/$DOMAIN/g" nginx-proxy.conf > /etc/nginx/sites-available/chatapp | |
| nginx -t | |
| systemctl reload nginx | |
| echo | |
| echo "🎉 SSL设置完成!" | |
| echo | |
| echo "🌐 您的网站现在可以通过以下地址访问:" | |
| echo " - https://$DOMAIN" | |
| echo " - https://www.$DOMAIN" | |
| echo | |
| echo "🔒 SSL证书信息:" | |
| certbot certificates | |
| echo | |
| echo "📋 管理命令:" | |
| echo " - 续期证书: sudo certbot renew" | |
| echo " - 查看证书: sudo certbot certificates" | |
| echo " - 测试续期: sudo certbot renew --dry-run" | |