From 761b94dd7122be5c3e33eec2f0f502e2b1c3f0a4 Mon Sep 17 00:00:00 2001 From: gogongxt Date: Wed, 3 Dec 2025 12:02:28 +0800 Subject: [PATCH] first commit --- chat.gogongxt.com | 19 +++++ code.gogongxt.com | 19 +++++ git.gogongxt.com | 19 +++++ gogongxt.com | 22 ++++++ images.gogongxt.com | 19 +++++ install.py | 173 ++++++++++++++++++++++++++++++++++++++++++++ nas.gogongxt.com | 19 +++++ tools.gogongxt.com | 22 ++++++ 8 files changed, 312 insertions(+) create mode 100644 chat.gogongxt.com create mode 100644 code.gogongxt.com create mode 100644 git.gogongxt.com create mode 100644 gogongxt.com create mode 100644 images.gogongxt.com create mode 100644 install.py create mode 100644 nas.gogongxt.com create mode 100644 tools.gogongxt.com diff --git a/chat.gogongxt.com b/chat.gogongxt.com new file mode 100644 index 0000000..38ab995 --- /dev/null +++ b/chat.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name chat.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://chat.gogongxt.com:61011; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/chat.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.gogongxt.com/privkey.pem; +} diff --git a/code.gogongxt.com b/code.gogongxt.com new file mode 100644 index 0000000..371846a --- /dev/null +++ b/code.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name code.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://code.gogongxt.com:61041; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/code.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/code.gogongxt.com/privkey.pem; +} diff --git a/git.gogongxt.com b/git.gogongxt.com new file mode 100644 index 0000000..57ff9da --- /dev/null +++ b/git.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name git.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://git.gogongxt.com:61001; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/git.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.gogongxt.com/privkey.pem; +} diff --git a/gogongxt.com b/gogongxt.com new file mode 100644 index 0000000..b12081b --- /dev/null +++ b/gogongxt.com @@ -0,0 +1,22 @@ +server { + listen 80; + server_name gogongxt.com; + + root /home/gogongxt/blog/public; + index index.html; + + # 静态文件直接返回 + location / { + try_files $uri $uri/ =404; + } + + # Python API 反向代理 + # location /api/ { + # proxy_pass http://127.0.0.1:8000; + # } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gogongxt.com/privkey.pem; +} diff --git a/images.gogongxt.com b/images.gogongxt.com new file mode 100644 index 0000000..2b75d18 --- /dev/null +++ b/images.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name images.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://images.gogongxt.com:61021; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/images.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/images.gogongxt.com/privkey.pem; +} diff --git a/install.py b/install.py new file mode 100644 index 0000000..18a2b6c --- /dev/null +++ b/install.py @@ -0,0 +1,173 @@ +#!/usr/bin/env python3 +import argparse +import os +import subprocess +import sys +from pathlib import Path + +# ============================================================ +# 手动指定要管理的站点配置文件(脚本同目录下) +# ============================================================ +NGINX_SITES = [ + "gogongxt.com", + "git.gogongxt.com", + "images.gogongxt.com", + "chat.gogongxt.com", + "nas.gogongxt.com", + "tools.gogongxt.com", + "code.gogongxt.com", +] + +# ============================================================ +# 常量配置 +# ============================================================ +NGINX_AVAILABLE = Path("/etc/nginx/sites-available") +NGINX_ENABLED = Path("/etc/nginx/sites-enabled") +LOCAL_DIR = Path(__file__).parent.resolve() # 当前脚本所在目录 + + +# ============================================================ +# 权限检查 +# ============================================================ +def require_root(): + if os.geteuid() != 0: + print("⚠️ 需要root权限,正在使用sudo重新执行...") + try: + os.execvp("sudo", ["sudo", sys.executable] + sys.argv) + except Exception as e: + print(f"❌ 无法自动提升权限: {e}") + sys.exit(1) + + +# ============================================================ +# 工具函数 +# ============================================================ +def run(cmd, check=True): + print(f"🔹 执行命令: {' '.join(cmd)}") + result = subprocess.run(cmd, check=check) + return result.returncode == 0 + + +def ensure_dirs(): + for d in (NGINX_AVAILABLE, NGINX_ENABLED): + d.mkdir(parents=True, exist_ok=True) + + +# ============================================================ +# 安装 / 卸载操作 +# ============================================================ +def install_nginx_configs(): + ensure_dirs() + print(f"📦 开始安装 {len(NGINX_SITES)} 个 Nginx 配置文件...") + + for name in NGINX_SITES: + src = LOCAL_DIR / name + dest_available = NGINX_AVAILABLE / name + dest_enabled = NGINX_ENABLED / name + + if not src.exists(): + print(f"⚠️ 跳过:未找到配置文件 {src}") + continue + + print(f"🔹 安装配置: {src.name}") + + # 删除已存在的目标文件/链接 + if dest_available.exists() or dest_available.is_symlink(): + print(f"🔸 删除旧的可用配置: {dest_available}") + dest_available.unlink(missing_ok=True) + + # 创建 sites-available 的软链接 + run(["sudo", "ln", "-s", str(src), str(dest_available)]) + + # 删除已存在的启用链接 + if dest_enabled.exists() or dest_enabled.is_symlink(): + print(f"🔸 删除旧的启用链接: {dest_enabled}") + dest_enabled.unlink(missing_ok=True) + + # 创建 sites-enabled 的软链接 + run(["sudo", "ln", "-s", str(dest_available), str(dest_enabled)]) + + print("🔍 检查 Nginx 配置语法...") + if run(["sudo", "nginx", "-t"], check=False): + print("✅ 配置检查通过,正在重启 Nginx...") + run(["sudo", "systemctl", "restart", "nginx"]) + else: + print("❌ nginx 配置错误,请手动修复后重试。") + sys.exit(1) + + print("✅ 所有配置已安装完成!") + + +def uninstall_nginx_configs(): + ensure_dirs() + print(f"🗑️ 开始卸载 {len(NGINX_SITES)} 个 Nginx 配置文件...") + + for name in NGINX_SITES: + dest_available = NGINX_AVAILABLE / name + dest_enabled = NGINX_ENABLED / name + + print(f"🔹 卸载配置: {name}") + if dest_enabled.exists() or dest_enabled.is_symlink(): + print(f"🗑️ 删除启用链接: {dest_enabled}") + dest_enabled.unlink(missing_ok=True) + if dest_available.exists() or dest_available.is_symlink(): + print(f"🗑️ 删除可用配置链接: {dest_available}") + dest_available.unlink(missing_ok=True) + + print("🔍 检查 Nginx 配置语法...") + if run(["sudo", "nginx", "-t"], check=False): + print("✅ 配置检查通过,正在重启 Nginx...") + run(["sudo", "systemctl", "restart", "nginx"]) + else: + print("⚠️ Nginx 配置检测未通过,请检查。") + + print("✅ 卸载完成。") + + +# ============================================================ +# 证书生成逻辑 +# ============================================================ +def generate_cert(domain=None): + if domain: + print(f"🔹 为域名 {domain} 生成或更新证书(standalone 模式)...") + cmd = ["sudo", "certbot", "certonly", "--standalone", "-d", domain] + else: + print("🔹 为所有 Nginx 域名生成证书...") + cmd = ["sudo", "certbot", "certonly", "--nginx"] + + run(cmd, check=False) + print("✅ 证书任务完成。") + + +# ============================================================ +# CLI 主入口 +# ============================================================ +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description="Manage Nginx site configs and certificates" + ) + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument("--install", action="store_true", help="Install Nginx configs") + group.add_argument( + "--uninstall", action="store_true", help="Uninstall Nginx configs" + ) + group.add_argument( + "--cert", + nargs="?", + const=True, + help="Generate SSL certs (optionally specify domain)", + ) + + args = parser.parse_args() + + require_root() + + if args.install: + install_nginx_configs() + elif args.uninstall: + uninstall_nginx_configs() + elif args.cert: + if args.cert is True: + generate_cert(None) + else: + generate_cert(args.cert) diff --git a/nas.gogongxt.com b/nas.gogongxt.com new file mode 100644 index 0000000..99d2e55 --- /dev/null +++ b/nas.gogongxt.com @@ -0,0 +1,19 @@ +server { + listen 80; + server_name nas.gogongxt.com; + location / { + client_max_body_size 512M; + proxy_pass http://nas.gogongxt.com:60002; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/nas.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/nas.gogongxt.com/privkey.pem; +} diff --git a/tools.gogongxt.com b/tools.gogongxt.com new file mode 100644 index 0000000..3c00528 --- /dev/null +++ b/tools.gogongxt.com @@ -0,0 +1,22 @@ +server { + listen 80; + server_name tools.gogongxt.com; + + root /home/gogongxt/tools; + index index.html; + + # 静态文件直接返回 + location / { + try_files $uri $uri/ =404; + } + + # Python API 反向代理 + location /api/ { + proxy_pass http://127.0.0.1:8000; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/tools.gogongxt.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tools.gogongxt.com/privkey.pem; +}