#!/bin/bash echo "========================================" echo " 配置前端 Nginx HTTPS 代理" echo "========================================" echo "" # 检查是否为 root 用户 if [ "$EUID" -ne 0 ]; then echo "❌ 请使用 sudo 运行此脚本" echo " sudo bash setup-frontend-proxy.sh" exit 1 fi echo "📋 步骤 1/5: 检查 Nginx 是否安装" if ! command -v nginx &> /dev/null; then echo "❌ Nginx 未安装,正在安装..." apt update apt install -y nginx else echo "✓ Nginx 已安装" fi echo "" echo "📋 步骤 2/5: 检查 SSL 证书" if [ ! -f "/etc/letsencrypt/live/gvizee.com/fullchain.pem" ]; then echo "⚠️ 未找到 SSL 证书,需要先安装证书" echo "" echo "请选择:" echo " 1. 使用 Let's Encrypt 自动申请(推荐)" echo " 2. 我已有证书,手动配置" echo " 3. 跳过(使用 HTTP)" read -p "请输入选项 (1-3): " ssl_choice if [ "$ssl_choice" = "1" ]; then echo "安装 Certbot..." apt install -y certbot python3-certbot-nginx echo "申请 SSL 证书..." certbot certonly --nginx -d gvizee.com -d www.gvizee.com if [ $? -eq 0 ]; then echo "✓ SSL 证书申请成功" else echo "❌ SSL 证书申请失败,请检查域名解析" exit 1 fi elif [ "$ssl_choice" = "2" ]; then echo "请手动配置证书后重新运行此脚本" exit 0 else echo "⚠️ 将使用 HTTP 配置(不推荐)" fi else echo "✓ SSL 证书已存在" fi echo "" echo "📋 步骤 3/5: 配置 Nginx" # 检查配置文件是否存在 if [ ! -f "nginx-frontend-proxy.conf" ]; then echo "❌ 找不到 nginx-frontend-proxy.conf 文件" echo " 请确保在项目根目录运行此脚本" exit 1 fi # 备份旧配置 if [ -f "/etc/nginx/sites-available/gvizee.com" ]; then cp /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-available/gvizee.com.backup.$(date +%Y%m%d%H%M%S) echo "✓ 已备份旧配置" fi # 复制配置文件 cp nginx-frontend-proxy.conf /etc/nginx/sites-available/gvizee.com ln -sf /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-enabled/ # 删除默认配置(如果存在) rm -f /etc/nginx/sites-enabled/default echo "✓ Nginx 配置已更新" echo "" echo "📋 步骤 4/5: 测试 Nginx 配置" nginx -t if [ $? -eq 0 ]; then echo "✓ Nginx 配置测试通过" else echo "❌ Nginx 配置测试失败,请检查配置文件" exit 1 fi echo "" echo "📋 步骤 5/5: 重启 Nginx" systemctl restart nginx if [ $? -eq 0 ]; then echo "✓ Nginx 已重启" else echo "❌ Nginx 重启失败" exit 1 fi echo "" echo "========================================" echo " 配置防火墙" echo "========================================" echo "" # 检查 ufw 是否安装 if command -v ufw &> /dev/null; then echo "配置防火墙..." ufw allow 80/tcp ufw allow 443/tcp echo "✓ 防火墙已配置" else echo "⚠️ 未检测到 ufw,请手动配置防火墙" fi echo "" echo "========================================" echo " 验证配置" echo "========================================" echo "" # 获取服务器IP SERVER_IP=$(hostname -I | awk '{print $1}') echo "测试 HTTPS 连接..." sleep 2 # 测试健康检查 if curl -k -s https://gvizee.com/health > /dev/null 2>&1; then echo "✓ HTTPS 健康检查成功" else echo "⚠️ HTTPS 健康检查失败,请检查配置" fi # 测试 API 代理 if curl -k -s https://gvizee.com/api/v1/banners > /dev/null 2>&1; then echo "✓ API 代理测试成功" else echo "⚠️ API 代理测试失败,请检查后端服务" fi echo "" echo "========================================" echo " 配置完成!" echo "========================================" echo "" echo "✅ 前端 HTTPS 代理已成功配置" echo "" echo "📝 架构说明:" echo " 浏览器 (HTTPS) → Nginx (gvizee.com:443)" echo " Nginx → 后端服务 (104.244.91.212:8060 HTTP)" echo "" echo "🌐 访问地址:" echo " 前端: https://gvizee.com/" echo " API: https://gvizee.com/api/v1/..." echo "" echo "🔍 测试命令:" echo " curl -k https://gvizee.com/health" echo " curl -k https://gvizee.com/api/v1/banners" echo "" echo "📄 查看日志:" echo " sudo tail -f /var/log/nginx/access.log" echo " sudo tail -f /var/log/nginx/error.log" echo "" echo "⚠️ 注意:" echo " - 前端文件需要部署到: /var/www/gvizee.com/" echo " - 确保后端服务运行在: 104.244.91.212:8060" echo " - 后端无需配置 HTTPS,保持 HTTP 即可" echo ""