commit 761b94dd7122be5c3e33eec2f0f502e2b1c3f0a4 Author: gogongxt Date: Wed Dec 3 12:02:28 2025 +0800 first commit diff --git a/chat.gogongxt.com b/chat.gogongxt.com new file mode 100644 index 0000000..38ab995 --- /dev/null +++ b/chat.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name chat.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://chat.gogongxt.com:61011; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/chat.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.gogongxt.com/privkey.pem; +} diff --git a/code.gogongxt.com b/code.gogongxt.com new file mode 100644 index 0000000..371846a --- /dev/null +++ b/code.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name code.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://code.gogongxt.com:61041; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/code.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/code.gogongxt.com/privkey.pem; +} diff --git a/git.gogongxt.com b/git.gogongxt.com new file mode 100644 index 0000000..57ff9da --- /dev/null +++ b/git.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name git.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://git.gogongxt.com:61001; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/git.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.gogongxt.com/privkey.pem; +} diff --git a/gogongxt.com b/gogongxt.com new file mode 100644 index 0000000..b12081b --- /dev/null +++ b/gogongxt.com @@ -0,0 +1,22 @@ +server { + listen 80; + server_name gogongxt.com; + + root /home/gogongxt/blog/public; + index index.html; + + # 静态文件直接返回 + location / { + try_files $uri $uri/ =404; + } + + # Python API 反向代理 + # location /api/ { + # proxy_pass http://127.0.0.1:8000; + # } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gogongxt.com/privkey.pem; +} diff --git a/images.gogongxt.com b/images.gogongxt.com new file mode 100644 index 0000000..2b75d18 --- /dev/null +++ b/images.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name images.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://images.gogongxt.com:61021; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/images.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/images.gogongxt.com/privkey.pem; +} diff --git a/install.py b/install.py new file mode 100644 index 0000000..18a2b6c --- /dev/null +++ b/install.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python3 +import argparse +import os +import subprocess +import sys +from pathlib import Path + +# ============================================================ +# 手动指定要管理的站点配置文件(脚本同目录下) +# ============================================================ +NGINX_SITES = [ + "gogongxt.com", + "git.gogongxt.com", + "images.gogongxt.com", + "chat.gogongxt.com", + "nas.gogongxt.com", + "tools.gogongxt.com", + "code.gogongxt.com", +] + +# ============================================================ +# 常量配置 +# ============================================================ +NGINX_AVAILABLE = Path("/etc/nginx/sites-available") +NGINX_ENABLED = Path("/etc/nginx/sites-enabled") +LOCAL_DIR = Path(__file__).parent.resolve() # 当前脚本所在目录 + + +# ============================================================ +# 权限检查 +# ============================================================ +def require_root(): + if os.geteuid() != 0: + print("⚠️ 需要root权限,正在使用sudo重新执行...") + try: + os.execvp("sudo", ["sudo", sys.executable] + sys.argv) + except Exception as e: + print(f"❌ 无法自动提升权限: {e}") + sys.exit(1) + + +# ============================================================ +# 工具函数 +# ============================================================ +def run(cmd, check=True): + print(f"🔹 执行命令: {' '.join(cmd)}") + result = subprocess.run(cmd, check=check) + return result.returncode == 0 + + +def ensure_dirs(): + for d in (NGINX_AVAILABLE, NGINX_ENABLED): + d.mkdir(parents=True, exist_ok=True) + + +# ============================================================ +# 安装 / 卸载操作 +# ============================================================ +def install_nginx_configs(): + ensure_dirs() + print(f"📦 开始安装 {len(NGINX_SITES)} 个 Nginx 配置文件...") + + for name in NGINX_SITES: + src = LOCAL_DIR / name + dest_available = NGINX_AVAILABLE / name + dest_enabled = NGINX_ENABLED / name + + if not src.exists(): + print(f"⚠️ 跳过:未找到配置文件 {src}") + continue + + print(f"🔹 安装配置: {src.name}") + + # 删除已存在的目标文件/链接 + if dest_available.exists() or dest_available.is_symlink(): + print(f"🔸 删除旧的可用配置: {dest_available}") + dest_available.unlink(missing_ok=True) + + # 创建 sites-available 的软链接 + run(["sudo", "ln", "-s", str(src), str(dest_available)]) + + # 删除已存在的启用链接 + if dest_enabled.exists() or dest_enabled.is_symlink(): + print(f"🔸 删除旧的启用链接: {dest_enabled}") + dest_enabled.unlink(missing_ok=True) + + # 创建 sites-enabled 的软链接 + run(["sudo", "ln", "-s", str(dest_available), str(dest_enabled)]) + + print("🔍 检查 Nginx 配置语法...") + if run(["sudo", "nginx", "-t"], check=False): + print("✅ 配置检查通过,正在重启 Nginx...") + run(["sudo", "systemctl", "restart", "nginx"]) + else: + print("❌ nginx 配置错误,请手动修复后重试。") + sys.exit(1) + + print("✅ 所有配置已安装完成!") + + +def uninstall_nginx_configs(): + ensure_dirs() + print(f"🗑️ 开始卸载 {len(NGINX_SITES)} 个 Nginx 配置文件...") + + for name in NGINX_SITES: + dest_available = NGINX_AVAILABLE / name + dest_enabled = NGINX_ENABLED / name + + print(f"🔹 卸载配置: {name}") + if dest_enabled.exists() or dest_enabled.is_symlink(): + print(f"🗑️ 删除启用链接: {dest_enabled}") + dest_enabled.unlink(missing_ok=True) + if dest_available.exists() or dest_available.is_symlink(): + print(f"🗑️ 删除可用配置链接: {dest_available}") + dest_available.unlink(missing_ok=True) + + print("🔍 检查 Nginx 配置语法...") + if run(["sudo", "nginx", "-t"], check=False): + print("✅ 配置检查通过,正在重启 Nginx...") + run(["sudo", "systemctl", "restart", "nginx"]) + else: + print("⚠️ Nginx 配置检测未通过,请检查。") + + print("✅ 卸载完成。") + + +# ============================================================ +# 证书生成逻辑 +# ============================================================ +def generate_cert(domain=None): + if domain: + print(f"🔹 为域名 {domain} 生成或更新证书(standalone 模式)...") + cmd = ["sudo", "certbot", "certonly", "--standalone", "-d", domain] + else: + print("🔹 为所有 Nginx 域名生成证书...") + cmd = ["sudo", "certbot", "certonly", "--nginx"] + + run(cmd, check=False) + print("✅ 证书任务完成。") + + +# ============================================================ +# CLI 主入口 +# ============================================================ +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description="Manage Nginx site configs and certificates" + ) + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument("--install", action="store_true", help="Install Nginx configs") + group.add_argument( + "--uninstall", action="store_true", help="Uninstall Nginx configs" + ) + group.add_argument( + "--cert", + nargs="?", + const=True, + help="Generate SSL certs (optionally specify domain)", + ) + + args = parser.parse_args() + + require_root() + + if args.install: + install_nginx_configs() + elif args.uninstall: + uninstall_nginx_configs() + elif args.cert: + if args.cert is True: + generate_cert(None) + else: + generate_cert(args.cert) diff --git a/nas.gogongxt.com b/nas.gogongxt.com new file mode 100644 index 0000000..99d2e55 --- /dev/null +++ b/nas.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name nas.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://nas.gogongxt.com:60002; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/nas.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nas.gogongxt.com/privkey.pem; +} diff --git a/tools.gogongxt.com b/tools.gogongxt.com new file mode 100644 index 0000000..3c00528 --- /dev/null +++ b/tools.gogongxt.com @@ -0,0 +1,22 @@ +server { + listen 80; + server_name tools.gogongxt.com; + + root /home/gogongxt/tools; + index index.html; + + # 静态文件直接返回 + location / { + try_files $uri $uri/ =404; + } + + # Python API 反向代理 + location /api/ { + proxy_pass http://127.0.0.1:8000; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/tools.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tools.gogongxt.com/privkey.pem; +}