novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
747405dc963c65359ebb9f6104f19956e356a422
novalon-website/scripts/ssl-individual-http-v2.sh
T
张翔 ebaa7f3c50
ci/woodpecker/manual/woodpecker Pipeline was successful
Details
fix: 修复Woodpecker CI配置文件中的linter错误 
- 移除未使用的YAML锚点定义
- 替换commands字段中的锚点引用为实际值
- 移除有问题的通知步骤
- 修复测试文件中的问题
- 添加新的测试用例和配置文件
2026-03-28 09:42:45 +08:00

98 lines
2.8 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
echo "========================================="
echo "方案B: 单独域名SSL证书申请 (HTTP验证)"
echo "========================================="
echo "说明: 使用Let's Encrypt HTTP验证方式"
echo "优点: 无需API密钥,配置简单"
echo "缺点: 需要为每个域名单独申请证书"
echo ""
NGINX_CONTAINER="novalon-nginx"
EMAIL="ops@novalon.cn"
SSL_BASE_DIR="/home/novalon/docker-app/novalon-nginx/ssl"
DOMAINS=(
"git.f.novalon.cn"
"ci.f.novalon.cn"
"registry.f.novalon.cn"
)
echo "前置条件检查:"
echo "1. 确保Nginx容器正在运行"
if ! docker ps | grep -q ${NGINX_CONTAINER}; then
echo "错误: Nginx容器未运行"
exit 1
fi
echo "2. 确保DNS解析已配置"
for domain in "${DOMAINS[@]}"; do
echo "检查 ${domain}..."
if ! nslookup ${domain} | grep -q "139.155.109.62"; then
echo "警告: ${domain} DNS解析未生效"
fi
done
echo ""
echo "步骤1: 创建certbot验证目录..."
mkdir -p /home/novalon/docker-app/certbot
docker exec ${NGINX_CONTAINER} mkdir -p /var/www/certbot
echo ""
echo "步骤2: 为每个域名申请证书..."
for domain in "${DOMAINS[@]}"; do
echo ""
echo "申请证书: ${domain}"
certbot certonly \
--webroot \
--webroot-path /home/novalon/docker-app/certbot \
--email ${EMAIL} \
--agree-tos \
--no-eff-email \
-d ${domain} || {
echo "警告: ${domain} 证书申请失败,跳过"
continue
}
echo "复制证书到nginx SSL目录..."
mkdir -p ${SSL_BASE_DIR}/${domain}
cp /etc/letsencrypt/live/${domain}/fullchain.pem ${SSL_BASE_DIR}/${domain}/
cp /etc/letsencrypt/live/${domain}/privkey.pem ${SSL_BASE_DIR}/${domain}/
chmod 644 ${SSL_BASE_DIR}/${domain}/fullchain.pem
chmod 600 ${SSL_BASE_DIR}/${domain}/privkey.pem
echo "${domain} 证书申请成功"
done
echo ""
echo "步骤3: 设置自动续期..."
(crontab -l 2>/dev/null | grep -v "certbot renew"; echo "0 3 * * * certbot renew --quiet --post-hook 'docker restart novalon-nginx' >> /var/log/certbot-renew.log 2>&1") | crontab -
echo ""
echo "========================================="
echo "证书申请完成!"
echo "========================================="
echo ""
echo "证书路径:"
for domain in "${DOMAINS[@]}"; do
if [ -f "${SSL_BASE_DIR}/${domain}/fullchain.pem" ]; then
echo " ${domain}:"
echo " - ${SSL_BASE_DIR}/${domain}/fullchain.pem"
echo " - ${SSL_BASE_DIR}/${domain}/privkey.pem"
fi
done
echo ""
echo "容器内路径: /etc/nginx/ssl/{domain}/"
echo "有效期: 90天"
echo "自动续期: 每天凌晨3点检查"
echo ""
echo "下一步: 更新Nginx配置并重启容器"
echo "========================================="
Reference in New Issue View Git Blame Copy Permalink