- 移除未使用的YAML锚点定义 - 替换commands字段中的锚点引用为实际值 - 移除有问题的通知步骤 - 修复测试文件中的问题 - 添加新的测试用例和配置文件
This commit is contained in:
张翔
Executable
+96
@@ -0,0 +1,96 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
echo "========================================="
|
||||
echo "方案B: 单独域名SSL证书申请 (HTTP验证)"
|
||||
echo "========================================="
|
||||
echo "说明: 使用Let's Encrypt HTTP验证方式"
|
||||
echo "优点: 无需API密钥,配置简单"
|
||||
echo "缺点: 需要为每个域名单独申请证书"
|
||||
echo ""
|
||||
|
||||
NGINX_CONTAINER="novalon-nginx"
|
||||
EMAIL="ops@novalon.cn"
|
||||
SSL_BASE_DIR="/home/novalon/docker-app/novalon-nginx/ssl"
|
||||
|
||||
DOMAINS=(
|
||||
"git.f.novalon.cn"
|
||||
"ci.f.novalon.cn"
|
||||
"registry.f.novalon.cn"
|
||||
)
|
||||
|
||||
echo "前置条件检查:"
|
||||
echo "1. 确保Nginx容器正在运行"
|
||||
if ! docker ps | grep -q ${NGINX_CONTAINER}; then
|
||||
echo "错误: Nginx容器未运行"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "2. 确保DNS解析已配置"
|
||||
for domain in "${DOMAINS[@]}"; do
|
||||
echo "检查 ${domain}..."
|
||||
if ! nslookup ${domain} | grep -q "139.155.109.62"; then
|
||||
echo "警告: ${domain} DNS解析未生效"
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "步骤1: 创建certbot验证目录..."
|
||||
mkdir -p /var/www/certbot
|
||||
docker exec ${NGINX_CONTAINER} mkdir -p /var/www/certbot
|
||||
|
||||
echo ""
|
||||
echo "步骤2: 确保Nginx配置包含ACME验证路径..."
|
||||
echo "检查Nginx配置..."
|
||||
|
||||
echo ""
|
||||
echo "步骤3: 为每个域名申请证书..."
|
||||
|
||||
for domain in "${DOMAINS[@]}"; do
|
||||
echo ""
|
||||
echo "申请证书: ${domain}"
|
||||
|
||||
certbot certonly \
|
||||
--webroot \
|
||||
--webroot-path /var/www/certbot \
|
||||
--email ${EMAIL} \
|
||||
--agree-tos \
|
||||
--no-eff-email \
|
||||
-d ${domain}
|
||||
|
||||
echo "复制证书到nginx SSL目录..."
|
||||
mkdir -p ${SSL_BASE_DIR}/${domain}
|
||||
|
||||
cp /etc/letsencrypt/live/${domain}/fullchain.pem ${SSL_BASE_DIR}/${domain}/
|
||||
cp /etc/letsencrypt/live/${domain}/privkey.pem ${SSL_BASE_DIR}/${domain}/
|
||||
|
||||
chmod 644 ${SSL_BASE_DIR}/${domain}/fullchain.pem
|
||||
chmod 600 ${SSL_BASE_DIR}/${domain}/privkey.pem
|
||||
|
||||
echo "✓ ${domain} 证书申请成功"
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "步骤4: 设置自动续期..."
|
||||
(crontab -l 2>/dev/null | grep -v "certbot renew"; echo "0 3 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx' >> /var/log/certbot-renew.log 2>&1") | crontab -
|
||||
|
||||
echo ""
|
||||
echo "========================================="
|
||||
echo "证书申请完成!"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
echo "证书路径:"
|
||||
for domain in "${DOMAINS[@]}"; do
|
||||
echo " ${domain}:"
|
||||
echo " - ${SSL_BASE_DIR}/${domain}/fullchain.pem"
|
||||
echo " - ${SSL_BASE_DIR}/${domain}/privkey.pem"
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "容器内路径: /etc/nginx/ssl/{domain}/"
|
||||
echo "有效期: 90天"
|
||||
echo "自动续期: 每天凌晨3点检查"
|
||||
echo ""
|
||||
echo "下一步: 更新Nginx配置并重启容器"
|
||||
echo "========================================="
|
||||
Reference in New Issue
Block a user