From 8b48617bb7593b6edf990dbbe85a93bb7d8674d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= <xiangzhang1024@gmail.com>
Date: Thu, 26 Mar 2026 19:35:27 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=83=A8=E7=BD=B2?=
 =?UTF-8?q?=E8=84=9A=E6=9C=AC=E4=B8=AD=E7=9A=84=E5=85=B3=E9=94=AE=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98=E5=B9=B6=E6=B7=BB=E5=8A=A0=E8=BF=90=E7=BB=B4=E5=91=8A?=
 =?UTF-8?q?=E8=AD=A6=E9=82=AE=E7=AE=B1=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修复deploy.sh中的关键问题：
  - 删除本地创建远程目录的错误代码
  - 修复SCP目标路径错误
  - 修复grep中的变量展开问题
  - 修复容器日志查看命令
  - 实现健康检查机制替代硬编码等待时间
  - 添加SSH连接验证
  - 添加cron任务配置的错误处理
- 添加运维告警邮箱环境变量OPS_ALERT_EMAIL
- 更新部署文档，添加SSL证书自动续期详细说明
---
 .env.example       |  3 ++-
 DEPLOYMENT.md      | 26 +++++++++++++++++++++++++-
 deploy.sh          | 46 +++++++++++++++++++++++++++++++++++++---------
 docker-compose.yml |  1 +
 4 files changed, 65 insertions(+), 11 deletions(-)

diff --git a/.env.example b/.env.example
index 8cc90c6..1801f5c 100644
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,5 @@
 DATABASE_URL=postgresql://user:password@localhost:5432/novalon
 NEXTAUTH_SECRET=your-secret-key-here
 NEXTAUTH_URL=https://novalon.cn
-RESEND_API_KEY=your-resend-api-key-here
\ No newline at end of file
+RESEND_API_KEY=your-resend-api-key-here
+OPS_ALERT_EMAIL=ops@novalon.cn
\ No newline at end of file
diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
index a59c16a..03ce2d6 100644
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@@ -63,6 +63,7 @@
   - `NEXTAUTH_SECRET`: NextAuth密钥
   - `NEXTAUTH_URL`: 应用URL
   - `RESEND_API_KEY`: Resend邮件服务API密钥
+  - `OPS_ALERT_EMAIL`: 运维告警邮箱（默认: ops@novalon.cn）
 
 ### 5. setup-ssl.sh
 - **作用**: SSL证书配置脚本
@@ -191,11 +192,34 @@ sudo chmod 600 /home/novalon/docker-app/ssl/privkey.pem
 ```
 
 **自动续期配置**:
+
+部署脚本会自动配置SSL证书自动续期任务：
+
+```bash
+# 部署脚本会自动添加以下cron任务
+0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx'
+```
+
+**手动配置自动续期**（如果需要）:
+
 ```bash
 # 添加cron任务
-0 0,12 * * * certbot renew --quiet
+(crontab -l 2>/dev/null; echo "0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx'") | crontab -
+
+# 验证cron任务
+crontab -l
+
+# 手动测试续期
+certbot renew --dry-run
 ```
 
+**自动续期说明**:
+- 每天凌晨0点和中午12点自动检查证书续期
+- 证书到期前30天内才会实际续期
+- 续期成功后自动重启nginx容器以加载新证书
+- 续期过程静默执行，不产生输出
+- 续期失败时不会影响现有证书使用
+
 #### 步骤5: 部署执行 ✅
 
 **自动化部署**:
diff --git a/deploy.sh b/deploy.sh
index 280439b..861110b 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -13,10 +13,12 @@ echo "🐳 容器名称: $PROJECT_DIR"
 echo "📦 版本号: 1.0.0"
 echo ""
 
-echo "📋 步骤1: 准备部署文件..."
-mkdir -p "$DEPLOY_DIR"
-chmod 755 "$DEPLOY_DIR"
-echo "✅ 部署目录已准备"
+echo "📋 步骤1: 验证SSH连接..."
+if ! ssh -o ConnectTimeout=5 "$SERVER_USER@$SERVER_IP" exit; then
+    echo "❌ 无法连接到服务器 $SERVER_IP"
+    exit 1
+fi
+echo "✅ SSH连接验证成功"
 
 echo ""
 echo "📋 步骤2: 上传部署文件..."
@@ -37,7 +39,7 @@ if [ ! -f .env ]; then
     echo "📝 创建.env文件..."
     cp .env.example .env
     echo "⚠️  请编辑.env文件，填入正确的环境变量"
-    echo "⚠️  必须配置: DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, RESEND_API_KEY"
+    echo "⚠️  必须配置: DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, RESEND_API_KEY, OPS_ALERT_EMAIL"
     exit 1
 fi
 
@@ -47,13 +49,38 @@ docker-compose pull
 docker-compose up -d
 
 echo "📋 等待服务启动..."
-sleep 10
+timeout=60
+elapsed=0
+while [ $elapsed -lt $timeout ]; do
+    if docker ps | grep -q "novalon-website"; then
+        echo "✅ 服务已启动"
+        break
+    fi
+    sleep 2
+    elapsed=$((elapsed + 2))
+done
+if [ $elapsed -ge $timeout ]; then
+    echo "❌ 服务启动超时"
+    exit 1
+fi
 
 echo "📋 检查容器状态..."
-docker ps | grep '$PROJECT_DIR'
+docker ps | grep "$PROJECT_DIR"
 
 echo "📋 检查容器日志..."
-docker logs $PROJECT_DIR --tail 50
+docker logs novalon-website --tail 50
+
+echo "📋 配置SSL证书自动续期..."
+# 添加certbot自动续期cron任务
+if ! crontab -l | grep -q "certbot renew"; then
+    if ! (crontab -l 2>/dev/null; echo "0 0,12 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx'") | crontab -; then
+        echo "❌ SSL证书自动续期任务配置失败"
+        exit 1
+    fi
+    echo "✅ SSL证书自动续期任务已配置"
+else
+    echo "✅ SSL证书自动续期任务已存在"
+fi
 
 echo "✅ 部署完成！"
 ENDSSH
@@ -70,4 +97,5 @@ echo "   1. 验证网站可访问性"
 echo "   2. 检查容器运行状态: docker ps"
 echo "   3. 查看容器日志: docker logs $PROJECT_DIR"
 echo "   4. 验证HTTPS配置"
-echo "   5. 测试网站主要功能"
\ No newline at end of file
+echo "   5. 测试网站主要功能"
+echo "   6. 检查SSL证书自动续期: crontab -l"
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 9d9a8c5..1795df8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
       - NEXTAUTH_URL=${NEXTAUTH_URL}
       - RESEND_API_KEY=${RESEND_API_KEY}
+      - OPS_ALERT_EMAIL=${OPS_ALERT_EMAIL:-ops@novalon.cn}
     volumes:
       - ./public:/app/public
       - ./node_modules:/app/node_modules