web

setup-frontend-proxy.sh

@@ -0,0 +1,174 @@
+#!/bin/bash
+
+echo "========================================"
+echo "  配置前端 Nginx HTTPS 代理"
+echo "========================================"
+echo ""
+
+# 检查是否为 root 用户
+if [ "$EUID" -ne 0 ]; then 
+    echo "❌ 请使用 sudo 运行此脚本"
+    echo "   sudo bash setup-frontend-proxy.sh"
+    exit 1
+fi
+
+echo "📋 步骤 1/5: 检查 Nginx 是否安装"
+if ! command -v nginx &> /dev/null; then
+    echo "❌ Nginx 未安装，正在安装..."
+    apt update
+    apt install -y nginx
+else
+    echo "✓ Nginx 已安装"
+fi
+echo ""
+
+echo "📋 步骤 2/5: 检查 SSL 证书"
+if [ ! -f "/etc/letsencrypt/live/gvizee.com/fullchain.pem" ]; then
+    echo "⚠️  未找到 SSL 证书，需要先安装证书"
+    echo ""
+    echo "请选择："
+    echo "  1. 使用 Let's Encrypt 自动申请（推荐）"
+    echo "  2. 我已有证书，手动配置"
+    echo "  3. 跳过（使用 HTTP）"
+    read -p "请输入选项 (1-3): " ssl_choice
+    
+    if [ "$ssl_choice" = "1" ]; then
+        echo "安装 Certbot..."
+        apt install -y certbot python3-certbot-nginx
+        
+        echo "申请 SSL 证书..."
+        certbot certonly --nginx -d gvizee.com -d www.gvizee.com
+        
+        if [ $? -eq 0 ]; then
+            echo "✓ SSL 证书申请成功"
+        else
+            echo "❌ SSL 证书申请失败，请检查域名解析"
+            exit 1
+        fi
+    elif [ "$ssl_choice" = "2" ]; then
+        echo "请手动配置证书后重新运行此脚本"
+        exit 0
+    else
+        echo "⚠️  将使用 HTTP 配置（不推荐）"
+    fi
+else
+    echo "✓ SSL 证书已存在"
+fi
+echo ""
+
+echo "📋 步骤 3/5: 配置 Nginx"
+
+# 检查配置文件是否存在
+if [ ! -f "nginx-frontend-proxy.conf" ]; then
+    echo "❌ 找不到 nginx-frontend-proxy.conf 文件"
+    echo "   请确保在项目根目录运行此脚本"
+    exit 1
+fi
+
+# 备份旧配置
+if [ -f "/etc/nginx/sites-available/gvizee.com" ]; then
+    cp /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-available/gvizee.com.backup.$(date +%Y%m%d%H%M%S)
+    echo "✓ 已备份旧配置"
+fi
+
+# 复制配置文件
+cp nginx-frontend-proxy.conf /etc/nginx/sites-available/gvizee.com
+ln -sf /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-enabled/
+
+# 删除默认配置（如果存在）
+rm -f /etc/nginx/sites-enabled/default
+
+echo "✓ Nginx 配置已更新"
+echo ""
+
+echo "📋 步骤 4/5: 测试 Nginx 配置"
+nginx -t
+
+if [ $? -eq 0 ]; then
+    echo "✓ Nginx 配置测试通过"
+else
+    echo "❌ Nginx 配置测试失败，请检查配置文件"
+    exit 1
+fi
+echo ""
+
+echo "📋 步骤 5/5: 重启 Nginx"
+systemctl restart nginx
+
+if [ $? -eq 0 ]; then
+    echo "✓ Nginx 已重启"
+else
+    echo "❌ Nginx 重启失败"
+    exit 1
+fi
+echo ""
+
+echo "========================================"
+echo "  配置防火墙"
+echo "========================================"
+echo ""
+
+# 检查 ufw 是否安装
+if command -v ufw &> /dev/null; then
+    echo "配置防火墙..."
+    ufw allow 80/tcp
+    ufw allow 443/tcp
+    echo "✓ 防火墙已配置"
+else
+    echo "⚠️  未检测到 ufw，请手动配置防火墙"
+fi
+echo ""
+
+echo "========================================"
+echo "  验证配置"
+echo "========================================"
+echo ""
+
+# 获取服务器IP
+SERVER_IP=$(hostname -I | awk '{print $1}')
+
+echo "测试 HTTPS 连接..."
+sleep 2
+
+# 测试健康检查
+if curl -k -s https://gvizee.com/health > /dev/null 2>&1; then
+    echo "✓ HTTPS 健康检查成功"
+else
+    echo "⚠️  HTTPS 健康检查失败，请检查配置"
+fi
+
+# 测试 API 代理
+if curl -k -s https://gvizee.com/api/v1/banners > /dev/null 2>&1; then
+    echo "✓ API 代理测试成功"
+else
+    echo "⚠️  API 代理测试失败，请检查后端服务"
+fi
+echo ""
+
+echo "========================================"
+echo "  配置完成！"
+echo "========================================"
+echo ""
+echo "✅ 前端 HTTPS 代理已成功配置"
+echo ""
+echo "📝 架构说明："
+echo "   浏览器 (HTTPS) → Nginx (gvizee.com:443)"
+echo "   Nginx → 后端服务 (104.244.91.212:8060 HTTP)"
+echo ""
+echo "🌐 访问地址："
+echo "   前端: https://gvizee.com/"
+echo "   API: https://gvizee.com/api/v1/..."
+echo ""
+echo "🔍 测试命令："
+echo "   curl -k https://gvizee.com/health"
+echo "   curl -k https://gvizee.com/api/v1/banners"
+echo ""
+echo "📄 查看日志："
+echo "   sudo tail -f /var/log/nginx/access.log"
+echo "   sudo tail -f /var/log/nginx/error.log"
+echo ""
+echo "⚠️  注意："
+echo "   - 前端文件需要部署到: /var/www/gvizee.com/"
+echo "   - 确保后端服务运行在: 104.244.91.212:8060"
+echo "   - 后端无需配置 HTTPS，保持 HTTP 即可"
+echo ""