121 lines
3.0 KiB
Bash
121 lines
3.0 KiB
Bash
#!/bin/bash
|
||
|
||
echo "========================================"
|
||
echo " 配置 HTTPS 反向代理"
|
||
echo "========================================"
|
||
echo ""
|
||
|
||
# 检查是否为 root 用户
|
||
if [ "$EUID" -ne 0 ]; then
|
||
echo "❌ 请使用 sudo 运行此脚本"
|
||
echo " sudo bash setup-https.sh"
|
||
exit 1
|
||
fi
|
||
|
||
echo "📋 步骤 1/5: 创建 SSL 证书目录"
|
||
mkdir -p /etc/nginx/ssl
|
||
echo "✓ 目录已创建: /etc/nginx/ssl"
|
||
echo ""
|
||
|
||
echo "📋 步骤 2/5: 生成自签名 SSL 证书"
|
||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||
-keyout /etc/nginx/ssl/server.key \
|
||
-out /etc/nginx/ssl/server.crt \
|
||
-subj "/C=US/ST=State/L=City/O=Organization/CN=104.244.91.212"
|
||
|
||
if [ $? -eq 0 ]; then
|
||
echo "✓ SSL 证书生成成功"
|
||
else
|
||
echo "❌ SSL 证书生成失败"
|
||
exit 1
|
||
fi
|
||
echo ""
|
||
|
||
echo "📋 步骤 3/5: 配置 Nginx"
|
||
# 检查配置文件是否存在
|
||
if [ ! -f "nginx-https-proxy.conf" ]; then
|
||
echo "❌ 找不到 nginx-https-proxy.conf 文件"
|
||
echo " 请确保在项目根目录运行此脚本"
|
||
exit 1
|
||
fi
|
||
|
||
# 复制配置文件
|
||
cp nginx-https-proxy.conf /etc/nginx/sites-available/api-https
|
||
ln -sf /etc/nginx/sites-available/api-https /etc/nginx/sites-enabled/
|
||
|
||
echo "✓ Nginx 配置已更新"
|
||
echo ""
|
||
|
||
echo "📋 步骤 4/5: 测试 Nginx 配置"
|
||
nginx -t
|
||
|
||
if [ $? -eq 0 ]; then
|
||
echo "✓ Nginx 配置测试通过"
|
||
else
|
||
echo "❌ Nginx 配置测试失败,请检查配置文件"
|
||
exit 1
|
||
fi
|
||
echo ""
|
||
|
||
echo "📋 步骤 5/5: 重启 Nginx"
|
||
systemctl restart nginx
|
||
|
||
if [ $? -eq 0 ]; then
|
||
echo "✓ Nginx 已重启"
|
||
else
|
||
echo "❌ Nginx 重启失败"
|
||
exit 1
|
||
fi
|
||
echo ""
|
||
|
||
echo "========================================"
|
||
echo " 配置防火墙"
|
||
echo "========================================"
|
||
echo ""
|
||
|
||
# 检查 ufw 是否安装
|
||
if command -v ufw &> /dev/null; then
|
||
echo "配置防火墙允许 443 端口..."
|
||
ufw allow 443/tcp
|
||
echo "✓ 防火墙已配置"
|
||
else
|
||
echo "⚠️ 未检测到 ufw,请手动配置防火墙允许 443 端口"
|
||
fi
|
||
echo ""
|
||
|
||
echo "========================================"
|
||
echo " 验证配置"
|
||
echo "========================================"
|
||
echo ""
|
||
|
||
echo "测试 HTTPS 连接..."
|
||
sleep 2
|
||
|
||
# 测试健康检查
|
||
if curl -k -s https://127.0.0.1:8060/health > /dev/null 2>&1; then
|
||
echo "✓ HTTPS 健康检查成功"
|
||
else
|
||
echo "⚠️ HTTPS 健康检查失败,请检查后端服务是否运行"
|
||
fi
|
||
echo ""
|
||
|
||
echo "========================================"
|
||
echo " 配置完成!"
|
||
echo "========================================"
|
||
echo ""
|
||
echo "✅ HTTPS 已成功配置"
|
||
echo ""
|
||
echo "📝 接下来的步骤:"
|
||
echo "1. 确保后端服务运行在 8060 端口"
|
||
echo "2. 访问 https://104.244.91.212:8060/health 测试"
|
||
echo "3. 如果看到安全警告,点击'高级' → '继续访问'"
|
||
echo "4. 前端会自动使用 HTTPS API"
|
||
echo ""
|
||
echo "🔍 查看日志:"
|
||
echo " sudo tail -f /var/log/nginx/api_error.log"
|
||
echo ""
|
||
echo "⚠️ 注意:"
|
||
echo " - 自签名证书会在浏览器显示警告"
|
||
echo " - 生产环境建议使用 Let's Encrypt 证书"
|
||
echo ""
|