novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
novalon-website/scripts/deploy-subdomain-ssl.sh
T
张翔 ebaa7f3c50
ci/woodpecker/manual/woodpecker Pipeline was successful
Details
fix: 修复Woodpecker CI配置文件中的linter错误 
- 移除未使用的YAML锚点定义
- 替换commands字段中的锚点引用为实际值
- 移除有问题的通知步骤
- 修复测试文件中的问题
- 添加新的测试用例和配置文件
2026-03-28 09:42:45 +08:00

138 lines
4.6 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
set -e
echo "========================================="
echo "二级域名SSL证书配置部署脚本"
echo "========================================="
echo ""
echo "请选择SSL证书申请方案:"
echo ""
echo "方案A: 通配符证书 (DNS验证)"
echo " - 一个证书覆盖所有 *.f.novalon.cn"
echo " - 需要腾讯云API密钥"
echo " - 适合: 有API密钥且希望简化证书管理"
echo ""
echo "方案B: 单独证书 (HTTP验证)"
echo " - 为每个域名单独申请证书"
echo " - 无需API密钥"
echo " - 适合: 没有API密钥或希望独立管理每个域名"
echo ""
read -p "请选择方案 [A/B]: " choice
case $choice in
[Aa])
echo ""
echo "选择方案A: 通配符证书"
if [ -f "scripts/ssl-wildcard-dns.sh" ]; then
echo ""
echo "上传SSL证书申请脚本..."
scp scripts/ssl-wildcard-dns.sh root@139.155.109.62:/home/novalon/docker-app/
ssh root@139.155.109.62 "chmod +x /home/novalon/docker-app/ssl-wildcard-dns.sh"
echo "✓ SSL证书申请脚本已上传"
else
echo "✗ 找不到ssl-wildcard-dns.sh文件"
exit 1
fi
echo ""
echo "上传Nginx配置..."
if [ -f "nginx-wildcard.conf" ]; then
scp nginx-wildcard.conf root@139.155.109.62:/home/novalon/docker-app/novalon-nginx/nginx.conf
echo "✓ Nginx配置已上传"
else
echo "✗ 找不到nginx-wildcard.conf文件"
exit 1
fi
echo ""
echo "========================================="
echo "请在服务器上执行以下命令:"
echo "========================================="
echo ""
echo "ssh root@139.155.109.62"
echo ""
echo "export TENCENTCLOUD_SECRET_ID=your-secret-id"
echo "export TENCENTCLOUD_SECRET_KEY=your-secret-key"
echo ""
echo "cd /home/novalon/docker-app"
echo "./ssl-wildcard-dns.sh"
echo ""
echo "docker restart novalon-nginx"
echo ""
echo "========================================="
;;
[Bb])
echo ""
echo "选择方案B: 单独证书"
if [ -f "scripts/ssl-individual-http.sh" ]; then
echo ""
echo "上传SSL证书申请脚本..."
scp scripts/ssl-individual-http.sh root@139.155.109.62:/home/novalon/docker-app/
ssh root@139.155.109.62 "chmod +x /home/novalon/docker-app/ssl-individual-http.sh"
echo "✓ SSL证书申请脚本已上传"
else
echo "✗ 找不到ssl-individual-http.sh文件"
exit 1
fi
echo ""
echo "上传Nginx配置..."
if [ -f "nginx-individual.conf" ]; then
scp nginx-individual.conf root@139.155.109.62:/home/novalon/docker-app/novalon-nginx/nginx.conf
echo "✓ Nginx配置已上传"
else
echo "✗ 找不到nginx-individual.conf文件"
exit 1
fi
echo ""
read -p "是否现在申请证书? [y/N]: " confirm
if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
echo ""
echo "申请SSL证书..."
ssh root@139.155.109.62 "cd /home/novalon/docker-app && ./ssl-individual-http.sh"
echo ""
echo "重启Nginx容器..."
ssh root@139.155.109.62 "docker restart novalon-nginx"
else
echo ""
echo "========================================="
echo "请在服务器上执行以下命令:"
echo "========================================="
echo ""
echo "ssh root@139.155.109.62"
echo ""
echo "cd /home/novalon/docker-app"
echo "./ssl-individual-http.sh"
echo ""
echo "docker restart novalon-nginx"
echo ""
echo "========================================="
fi
;;
*)
echo "无效选择"
exit 1
;;
esac
echo ""
echo "========================================="
echo "部署完成!"
echo "========================================="
echo ""
echo "测试访问:"
echo " - https://git.f.novalon.cn"
echo " - https://ci.f.novalon.cn"
echo " - https://registry.f.novalon.cn"
echo ""
echo "检查SSL证书:"
echo " openssl s_client -connect git.f.novalon.cn:443 -servername git.f.novalon.cn | openssl x509 -noout -text | grep -A 1 'Subject Alternative Name'"
echo "========================================="
Reference in New Issue View Git Blame Copy Permalink