wangbo/easyai
35
1
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
0496fe7288
easyai/https.sh
wangbo b7dddfb750 fix(https): 修复域名提取携带分号导致证书申请失败 
修正 https.sh 中 server_name 提取与 certbot 参数构建逻辑,避免将 `credit99.cn;` 等非法域名传给 certbot;同时在 start.sh 增加域名规范化与格式校验,提前拦截协议前缀、路径和分号等脏输入。

Made-with: Cursor
2026-03-31 15:04:56 +08:00

165 lines
4.7 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

if command -v nginx &> /dev/null; then
echo "✅ Nginx 已安装,跳过安装步骤"
else
echo "🚀 安装 Nginx"
# 检测系统类型
if command -v apt &> /dev/null; then
# Debian/Ubuntu 系统
apt install -y nginx
elif command -v yum &> /dev/null; then
# CentOS/RHEL 系统
yum install -y nginx
elif command -v dnf &> /dev/null; then
# 较新版本的 Fedora/RHEL 系统
dnf install -y nginx
else
echo "❌ 不支持的操作系统:未找到支持的包管理器"
exit 1
fi
fi
# 函数:尝试使用指定的包管理器安装
try_install() {
local cmd=$1
if command -v "$cmd" &> /dev/null; then
echo "📦 尝试使用 $cmd 安装 snapd..."
if sudo "$cmd" install -y snapd; then
return 0
fi
fi
return 1
}
# 检查 Certbot 是否已安装
if command -v certbot &> /dev/null; then
echo "✅ Certbot 已安装,跳过安装步骤"
else
echo "🚀 安装 Certbot"
# 检测系统类型
if [ -f /etc/debian_version ]; then
# Ubuntu/Debian 系统
apt install -y certbot python3-certbot-nginx
# 也可以使用snapd安装
# apt install -y snapd
# # 使用snap安装 certbot
# snap install --classic certbot
# # Prepare the Certbot command
# sudo ln -s /snap/bin/certbot /usr/bin/certbot
elif [ -f /etc/redhat-release ]; then
# CentOS/RHEL 系统
# 首先安装 EPEL 仓库
yum install -y epel-release
# 安装 snapd
# 检查是否已安装
if command -v snap &> /dev/null; then
echo "✅ snapd 已经安装"
exit 0
fi
echo "🔍 检测系统包管理器..."
# 尝试使用 dnf 安装
if try_install "dnf"; then
echo "✅ 使用 dnf 安装 snapd 成功"
# 尝试使用 yum 安装
elif try_install "yum"; then
echo "✅ 使用 yum 安装 snapd 成功"
# 尝试使用 apt-get 安装(适用于 Debian/Ubuntu
elif try_install "apt-get"; then
echo "✅ 使用 apt-get 安装 snapd 成功"
else
echo "❌ 无法安装 snapd未找到支持的包管理器"
exit 1
fi
# 启用 snapd 服务
systemctl enable --now snapd.socket
# 创建符号链接
ln -s /var/lib/snapd/snap /snap
# 安装 certbot
snap install --classic certbot
# Prepare the Certbot command
sudo ln -s /snap/bin/certbot /usr/bin/certbot
else
echo "❌ 不支持的操作系统"
exit 1
fi
fi
# 验证安装
echo "🔍 验证安装"
if command -v nginx &> /dev/null && command -v certbot &> /dev/null; then
echo "✅ Nginx 和 Certbot 安装成功"
nginx -v
certbot --version
else
echo "❌ 安装验证失败"
exit 1
fi
echo "🚀 复制当前目录的配置文件到nginx配置文件目录"
# 支持 EASYAI_PROXY_CONF 指定配置文件(如 51easyai.com.conf
CONF_FILE="${EASYAI_PROXY_CONF:-easyai-proxy.conf}"
if [ -f "./$CONF_FILE" ]; then
cp "./$CONF_FILE" "/etc/nginx/conf.d/$CONF_FILE"
else
cp -r ./easyai-proxy.conf /etc/nginx/conf.d/ 2>/dev/null || { echo "❌ 未找到 nginx 配置文件"; exit 1; }
fi
echo "🚀 重载nginx"
sudo nginx -s reload
# 停止 Nginx 服务以释放 80 端口
sudo nginx -s stop
echo "🚀 使用certbot 自动配置证书"
# 从 Nginx 配置文件中提取所有域名
CONF_FILE="${EASYAI_PROXY_CONF:-easyai-proxy.conf}"
SERVER_NAME_LINES=$(
if [ -f "/etc/nginx/conf.d/$CONF_FILE" ]; then
grep "server_name" "/etc/nginx/conf.d/$CONF_FILE" 2>/dev/null || true
else
find /etc/nginx/conf.d/ -name "easyai-proxy.conf" -exec grep "server_name" {} \; 2>/dev/null || true
fi
)
DOMAINS=$(echo "$SERVER_NAME_LINES" | \
grep -v "#" | \
awk '{for(i=2;i<=NF;i++) if($i!=";") print $i}' | \
sed 's/;//g' | \
sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | \
grep -E '^[A-Za-z0-9.-]+$' | \
grep -vE '^(\*|localhost)$' | \
sort -u | \
tr '\n' ' ')
if [ -n "$DOMAINS" ]; then
# 停止 Nginx 服务
echo "停止 Nginx 服务..."
sudo nginx -s stop
# 构建域名参数字符串
DOMAIN_ARGS=()
for domain in $DOMAINS; do
DOMAIN_ARGS+=("-d" "$domain")
done
# 使用 certbot --nginx 插件安装证书
sudo certbot --nginx \
--non-interactive \
--agree-tos \
--email wangbo@51easyai.com \
--rsa-key-size 2048 \
--preferred-challenges http \
--force-renewal \
"${DOMAIN_ARGS[@]}"
# 启动 Nginx 服务
echo "启动 Nginx 服务..."
sudo nginx
fi
Reference in New Issue View Git Blame Copy Permalink