#!/bin/bash set -e echo "=========================================" echo "二级域名SSL证书配置部署脚本" echo "=========================================" echo "" echo "请选择SSL证书申请方案:" echo "" echo "方案A: 通配符证书 (DNS验证)" echo " - 一个证书覆盖所有 *.f.novalon.cn" echo " - 需要腾讯云API密钥" echo " - 适合: 有API密钥且希望简化证书管理" echo "" echo "方案B: 单独证书 (HTTP验证)" echo " - 为每个域名单独申请证书" echo " - 无需API密钥" echo " - 适合: 没有API密钥或希望独立管理每个域名" echo "" read -p "请选择方案 [A/B]: " choice case $choice in [Aa]) echo "" echo "选择方案A: 通配符证书" if [ -f "scripts/ssl-wildcard-dns.sh" ]; then echo "" echo "上传SSL证书申请脚本..." scp scripts/ssl-wildcard-dns.sh root@139.155.109.62:/home/novalon/docker-app/ ssh root@139.155.109.62 "chmod +x /home/novalon/docker-app/ssl-wildcard-dns.sh" echo "✓ SSL证书申请脚本已上传" else echo "✗ 找不到ssl-wildcard-dns.sh文件" exit 1 fi echo "" echo "上传Nginx配置..." if [ -f "nginx-wildcard.conf" ]; then scp nginx-wildcard.conf root@139.155.109.62:/home/novalon/docker-app/novalon-nginx/nginx.conf echo "✓ Nginx配置已上传" else echo "✗ 找不到nginx-wildcard.conf文件" exit 1 fi echo "" echo "=========================================" echo "请在服务器上执行以下命令:" echo "=========================================" echo "" echo "ssh root@139.155.109.62" echo "" echo "export TENCENTCLOUD_SECRET_ID=your-secret-id" echo "export TENCENTCLOUD_SECRET_KEY=your-secret-key" echo "" echo "cd /home/novalon/docker-app" echo "./ssl-wildcard-dns.sh" echo "" echo "docker restart novalon-nginx" echo "" echo "=========================================" ;; [Bb]) echo "" echo "选择方案B: 单独证书" if [ -f "scripts/ssl-individual-http.sh" ]; then echo "" echo "上传SSL证书申请脚本..." scp scripts/ssl-individual-http.sh root@139.155.109.62:/home/novalon/docker-app/ ssh root@139.155.109.62 "chmod +x /home/novalon/docker-app/ssl-individual-http.sh" echo "✓ SSL证书申请脚本已上传" else echo "✗ 找不到ssl-individual-http.sh文件" exit 1 fi echo "" echo "上传Nginx配置..." if [ -f "nginx-individual.conf" ]; then scp nginx-individual.conf root@139.155.109.62:/home/novalon/docker-app/novalon-nginx/nginx.conf echo "✓ Nginx配置已上传" else echo "✗ 找不到nginx-individual.conf文件" exit 1 fi echo "" read -p "是否现在申请证书? [y/N]: " confirm if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then echo "" echo "申请SSL证书..." ssh root@139.155.109.62 "cd /home/novalon/docker-app && ./ssl-individual-http.sh" echo "" echo "重启Nginx容器..." ssh root@139.155.109.62 "docker restart novalon-nginx" else echo "" echo "=========================================" echo "请在服务器上执行以下命令:" echo "=========================================" echo "" echo "ssh root@139.155.109.62" echo "" echo "cd /home/novalon/docker-app" echo "./ssl-individual-http.sh" echo "" echo "docker restart novalon-nginx" echo "" echo "=========================================" fi ;; *) echo "无效选择" exit 1 ;; esac echo "" echo "=========================================" echo "部署完成!" echo "=========================================" echo "" echo "测试访问:" echo " - https://git.f.novalon.cn" echo " - https://ci.f.novalon.cn" echo " - https://registry.f.novalon.cn" echo "" echo "检查SSL证书:" echo " openssl s_client -connect git.f.novalon.cn:443 -servername git.f.novalon.cn | openssl x509 -noout -text | grep -A 1 'Subject Alternative Name'" echo "========================================="