diff --git a/.env.example b/.env.example index 8cc90c6..1801f5c 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,5 @@ DATABASE_URL=postgresql://user:password@localhost:5432/novalon NEXTAUTH_SECRET=your-secret-key-here NEXTAUTH_URL=https://novalon.cn -RESEND_API_KEY=your-resend-api-key-here \ No newline at end of file +RESEND_API_KEY=your-resend-api-key-here +OPS_ALERT_EMAIL=ops@novalon.cn \ No newline at end of file diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index a59c16a..03ce2d6 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -63,6 +63,7 @@ - `NEXTAUTH_SECRET`: NextAuth密钥 - `NEXTAUTH_URL`: 应用URL - `RESEND_API_KEY`: Resend邮件服务API密钥 + - `OPS_ALERT_EMAIL`: 运维告警邮箱(默认: ops@novalon.cn) ### 5. setup-ssl.sh - **作用**: SSL证书配置脚本 @@ -191,11 +192,34 @@ sudo chmod 600 /home/novalon/docker-app/ssl/privkey.pem ``` **自动续期配置**: + +部署脚本会自动配置SSL证书自动续期任务: + +```bash +# 部署脚本会自动添加以下cron任务 +0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx' +``` + +**手动配置自动续期**(如果需要): + ```bash # 添加cron任务 -0 0,12 * * * certbot renew --quiet +(crontab -l 2>/dev/null; echo "0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx'") | crontab - + +# 验证cron任务 +crontab -l + +# 手动测试续期 +certbot renew --dry-run ``` +**自动续期说明**: +- 每天凌晨0点和中午12点自动检查证书续期 +- 证书到期前30天内才会实际续期 +- 续期成功后自动重启nginx容器以加载新证书 +- 续期过程静默执行,不产生输出 +- 续期失败时不会影响现有证书使用 + #### 步骤5: 部署执行 ✅ **自动化部署**: diff --git a/deploy.sh b/deploy.sh index 280439b..861110b 100755 --- a/deploy.sh +++ b/deploy.sh @@ -13,10 +13,12 @@ echo "🐳 容器名称: $PROJECT_DIR" echo "📦 版本号: 1.0.0" echo "" -echo "📋 步骤1: 准备部署文件..." -mkdir -p "$DEPLOY_DIR" -chmod 755 "$DEPLOY_DIR" -echo "✅ 部署目录已准备" +echo "📋 步骤1: 验证SSH连接..." +if ! ssh -o ConnectTimeout=5 "$SERVER_USER@$SERVER_IP" exit; then + echo "❌ 无法连接到服务器 $SERVER_IP" + exit 1 +fi +echo "✅ SSH连接验证成功" echo "" echo "📋 步骤2: 上传部署文件..." @@ -37,7 +39,7 @@ if [ ! -f .env ]; then echo "📝 创建.env文件..." cp .env.example .env echo "⚠️ 请编辑.env文件,填入正确的环境变量" - echo "⚠️ 必须配置: DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, RESEND_API_KEY" + echo "⚠️ 必须配置: DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, RESEND_API_KEY, OPS_ALERT_EMAIL" exit 1 fi @@ -47,13 +49,38 @@ docker-compose pull docker-compose up -d echo "📋 等待服务启动..." -sleep 10 +timeout=60 +elapsed=0 +while [ $elapsed -lt $timeout ]; do + if docker ps | grep -q "novalon-website"; then + echo "✅ 服务已启动" + break + fi + sleep 2 + elapsed=$((elapsed + 2)) +done +if [ $elapsed -ge $timeout ]; then + echo "❌ 服务启动超时" + exit 1 +fi echo "📋 检查容器状态..." -docker ps | grep '$PROJECT_DIR' +docker ps | grep "$PROJECT_DIR" echo "📋 检查容器日志..." -docker logs $PROJECT_DIR --tail 50 +docker logs novalon-website --tail 50 + +echo "📋 配置SSL证书自动续期..." +# 添加certbot自动续期cron任务 +if ! crontab -l | grep -q "certbot renew"; then + if ! (crontab -l 2>/dev/null; echo "0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx'") | crontab -; then + echo "❌ SSL证书自动续期任务配置失败" + exit 1 + fi + echo "✅ SSL证书自动续期任务已配置" +else + echo "✅ SSL证书自动续期任务已存在" +fi echo "✅ 部署完成!" ENDSSH @@ -70,4 +97,5 @@ echo " 1. 验证网站可访问性" echo " 2. 检查容器运行状态: docker ps" echo " 3. 查看容器日志: docker logs $PROJECT_DIR" echo " 4. 验证HTTPS配置" -echo " 5. 测试网站主要功能" \ No newline at end of file +echo " 5. 测试网站主要功能" +echo " 6. 检查SSL证书自动续期: crontab -l" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 9d9a8c5..1795df8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,6 +15,7 @@ services: - NEXTAUTH_SECRET=${NEXTAUTH_SECRET} - NEXTAUTH_URL=${NEXTAUTH_URL} - RESEND_API_KEY=${RESEND_API_KEY} + - OPS_ALERT_EMAIL=${OPS_ALERT_EMAIL:-ops@novalon.cn} volumes: - ./public:/app/public - ./node_modules:/app/node_modules