ai_dianshang/setup-frontend-proxy.sh

#!/bin/bash

echo "========================================"
echo "  配置前端 Nginx HTTPS 代理"
echo "========================================"
echo ""

# 检查是否为 root 用户
if [ "$EUID" -ne 0 ]; then 
    echo "❌ 请使用 sudo 运行此脚本"
    echo "   sudo bash setup-frontend-proxy.sh"
    exit 1
fi

echo "📋 步骤 1/5: 检查 Nginx 是否安装"
if ! command -v nginx &> /dev/null; then
    echo "❌ Nginx 未安装，正在安装..."
    apt update
    apt install -y nginx
else
    echo "✓ Nginx 已安装"
fi
echo ""

echo "📋 步骤 2/5: 检查 SSL 证书"
if [ ! -f "/etc/letsencrypt/live/gvizee.com/fullchain.pem" ]; then
    echo "⚠️  未找到 SSL 证书，需要先安装证书"
    echo ""
    echo "请选择："
    echo "  1. 使用 Let's Encrypt 自动申请（推荐）"
    echo "  2. 我已有证书，手动配置"
    echo "  3. 跳过（使用 HTTP）"
    read -p "请输入选项 (1-3): " ssl_choice
    
    if [ "$ssl_choice" = "1" ]; then
        echo "安装 Certbot..."
        apt install -y certbot python3-certbot-nginx
        
        echo "申请 SSL 证书..."
        certbot certonly --nginx -d gvizee.com -d www.gvizee.com
        
        if [ $? -eq 0 ]; then
            echo "✓ SSL 证书申请成功"
        else
            echo "❌ SSL 证书申请失败，请检查域名解析"
            exit 1
        fi
    elif [ "$ssl_choice" = "2" ]; then
        echo "请手动配置证书后重新运行此脚本"
        exit 0
    else
        echo "⚠️  将使用 HTTP 配置（不推荐）"
    fi
else
    echo "✓ SSL 证书已存在"
fi
echo ""

echo "📋 步骤 3/5: 配置 Nginx"

# 检查配置文件是否存在
if [ ! -f "nginx-frontend-proxy.conf" ]; then
    echo "❌ 找不到 nginx-frontend-proxy.conf 文件"
    echo "   请确保在项目根目录运行此脚本"
    exit 1
fi

# 备份旧配置
if [ -f "/etc/nginx/sites-available/gvizee.com" ]; then
    cp /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-available/gvizee.com.backup.$(date +%Y%m%d%H%M%S)
    echo "✓ 已备份旧配置"
fi

# 复制配置文件
cp nginx-frontend-proxy.conf /etc/nginx/sites-available/gvizee.com
ln -sf /etc/nginx/sites-available/gvizee.com /etc/nginx/sites-enabled/

# 删除默认配置（如果存在）
rm -f /etc/nginx/sites-enabled/default

echo "✓ Nginx 配置已更新"
echo ""

echo "📋 步骤 4/5: 测试 Nginx 配置"
nginx -t

if [ $? -eq 0 ]; then
    echo "✓ Nginx 配置测试通过"
else
    echo "❌ Nginx 配置测试失败，请检查配置文件"
    exit 1
fi
echo ""

echo "📋 步骤 5/5: 重启 Nginx"
systemctl restart nginx

if [ $? -eq 0 ]; then
    echo "✓ Nginx 已重启"
else
    echo "❌ Nginx 重启失败"
    exit 1
fi
echo ""

echo "========================================"
echo "  配置防火墙"
echo "========================================"
echo ""

# 检查 ufw 是否安装
if command -v ufw &> /dev/null; then
    echo "配置防火墙..."
    ufw allow 80/tcp
    ufw allow 443/tcp
    echo "✓ 防火墙已配置"
else
    echo "⚠️  未检测到 ufw，请手动配置防火墙"
fi
echo ""

echo "========================================"
echo "  验证配置"
echo "========================================"
echo ""

# 获取服务器IP
SERVER_IP=$(hostname -I | awk '{print $1}')

echo "测试 HTTPS 连接..."
sleep 2

# 测试健康检查
if curl -k -s https://gvizee.com/health > /dev/null 2>&1; then
    echo "✓ HTTPS 健康检查成功"
else
    echo "⚠️  HTTPS 健康检查失败，请检查配置"
fi

# 测试 API 代理
if curl -k -s https://gvizee.com/api/v1/banners > /dev/null 2>&1; then
    echo "✓ API 代理测试成功"
else
    echo "⚠️  API 代理测试失败，请检查后端服务"
fi
echo ""

echo "========================================"
echo "  配置完成！"
echo "========================================"
echo ""
echo "✅ 前端 HTTPS 代理已成功配置"
echo ""
echo "📝 架构说明："
echo "   浏览器 (HTTPS) → Nginx (gvizee.com:443)"
echo "   Nginx → 后端服务 (104.244.91.212:8060 HTTP)"
echo ""
echo "🌐 访问地址："
echo "   前端: https://gvizee.com/"
echo "   API: https://gvizee.com/api/v1/..."
echo ""
echo "🔍 测试命令："
echo "   curl -k https://gvizee.com/health"
echo "   curl -k https://gvizee.com/api/v1/banners"
echo ""
echo "📄 查看日志："
echo "   sudo tail -f /var/log/nginx/access.log"
echo "   sudo tail -f /var/log/nginx/error.log"
echo ""
echo "⚠️  注意："
echo "   - 前端文件需要部署到: /var/www/gvizee.com/"
echo "   - 确保后端服务运行在: 104.244.91.212:8060"
echo "   - 后端无需配置 HTTPS，保持 HTTP 即可"
echo ""