first commit

chat.gogongxt.com

@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name chat.gogongxt.com;
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://chat.gogongxt.com:61011;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/chat.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chat.gogongxt.com/privkey.pem;
+}

code.gogongxt.com

@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name code.gogongxt.com;
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://code.gogongxt.com:61041;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/code.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/code.gogongxt.com/privkey.pem;
+}

git.gogongxt.com

@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name git.gogongxt.com;
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://git.gogongxt.com:61001;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/git.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/git.gogongxt.com/privkey.pem;
+}

gogongxt.com

@@ -0,0 +1,22 @@
+server {
+    listen 80;
+    server_name gogongxt.com;
+
+    root /home/gogongxt/blog/public;
+    index index.html;
+
+    # 静态文件直接返回
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # Python API 反向代理
+    # location /api/ {
+    #     proxy_pass http://127.0.0.1:8000;
+    # }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/gogongxt.com/privkey.pem;
+}

images.gogongxt.com

@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name images.gogongxt.com;
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://images.gogongxt.com:61021;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/images.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/images.gogongxt.com/privkey.pem;
+}

install.py

@@ -0,0 +1,173 @@
+#!/usr/bin/env python3
+import argparse
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+# ============================================================
+# 手动指定要管理的站点配置文件（脚本同目录下）
+# ============================================================
+NGINX_SITES = [
+    "gogongxt.com",
+    "git.gogongxt.com",
+    "images.gogongxt.com",
+    "chat.gogongxt.com",
+    "nas.gogongxt.com",
+    "tools.gogongxt.com",
+    "code.gogongxt.com",
+]
+
+# ============================================================
+# 常量配置
+# ============================================================
+NGINX_AVAILABLE = Path("/etc/nginx/sites-available")
+NGINX_ENABLED = Path("/etc/nginx/sites-enabled")
+LOCAL_DIR = Path(__file__).parent.resolve()  # 当前脚本所在目录
+
+
+# ============================================================
+# 权限检查
+# ============================================================
+def require_root():
+    if os.geteuid() != 0:
+        print("⚠️ 需要root权限，正在使用sudo重新执行...")
+        try:
+            os.execvp("sudo", ["sudo", sys.executable] + sys.argv)
+        except Exception as e:
+            print(f"❌ 无法自动提升权限: {e}")
+            sys.exit(1)
+
+
+# ============================================================
+# 工具函数
+# ============================================================
+def run(cmd, check=True):
+    print(f"🔹 执行命令: {' '.join(cmd)}")
+    result = subprocess.run(cmd, check=check)
+    return result.returncode == 0
+
+
+def ensure_dirs():
+    for d in (NGINX_AVAILABLE, NGINX_ENABLED):
+        d.mkdir(parents=True, exist_ok=True)
+
+
+# ============================================================
+# 安装 / 卸载操作
+# ============================================================
+def install_nginx_configs():
+    ensure_dirs()
+    print(f"📦 开始安装 {len(NGINX_SITES)} 个 Nginx 配置文件...")
+
+    for name in NGINX_SITES:
+        src = LOCAL_DIR / name
+        dest_available = NGINX_AVAILABLE / name
+        dest_enabled = NGINX_ENABLED / name
+
+        if not src.exists():
+            print(f"⚠️ 跳过：未找到配置文件 {src}")
+            continue
+
+        print(f"🔹 安装配置: {src.name}")
+
+        # 删除已存在的目标文件/链接
+        if dest_available.exists() or dest_available.is_symlink():
+            print(f"🔸 删除旧的可用配置: {dest_available}")
+            dest_available.unlink(missing_ok=True)
+
+        # 创建 sites-available 的软链接
+        run(["sudo", "ln", "-s", str(src), str(dest_available)])
+
+        # 删除已存在的启用链接
+        if dest_enabled.exists() or dest_enabled.is_symlink():
+            print(f"🔸 删除旧的启用链接: {dest_enabled}")
+            dest_enabled.unlink(missing_ok=True)
+
+        # 创建 sites-enabled 的软链接
+        run(["sudo", "ln", "-s", str(dest_available), str(dest_enabled)])
+
+    print("🔍 检查 Nginx 配置语法...")
+    if run(["sudo", "nginx", "-t"], check=False):
+        print("✅ 配置检查通过，正在重启 Nginx...")
+        run(["sudo", "systemctl", "restart", "nginx"])
+    else:
+        print("❌ nginx 配置错误，请手动修复后重试。")
+        sys.exit(1)
+
+    print("✅ 所有配置已安装完成！")
+
+
+def uninstall_nginx_configs():
+    ensure_dirs()
+    print(f"🗑️ 开始卸载 {len(NGINX_SITES)} 个 Nginx 配置文件...")
+
+    for name in NGINX_SITES:
+        dest_available = NGINX_AVAILABLE / name
+        dest_enabled = NGINX_ENABLED / name
+
+        print(f"🔹 卸载配置: {name}")
+        if dest_enabled.exists() or dest_enabled.is_symlink():
+            print(f"🗑️ 删除启用链接: {dest_enabled}")
+            dest_enabled.unlink(missing_ok=True)
+        if dest_available.exists() or dest_available.is_symlink():
+            print(f"🗑️ 删除可用配置链接: {dest_available}")
+            dest_available.unlink(missing_ok=True)
+
+    print("🔍 检查 Nginx 配置语法...")
+    if run(["sudo", "nginx", "-t"], check=False):
+        print("✅ 配置检查通过，正在重启 Nginx...")
+        run(["sudo", "systemctl", "restart", "nginx"])
+    else:
+        print("⚠️ Nginx 配置检测未通过，请检查。")
+
+    print("✅ 卸载完成。")
+
+
+# ============================================================
+# 证书生成逻辑
+# ============================================================
+def generate_cert(domain=None):
+    if domain:
+        print(f"🔹 为域名 {domain} 生成或更新证书（standalone 模式）...")
+        cmd = ["sudo", "certbot", "certonly", "--standalone", "-d", domain]
+    else:
+        print("🔹 为所有 Nginx 域名生成证书...")
+        cmd = ["sudo", "certbot", "certonly", "--nginx"]
+
+    run(cmd, check=False)
+    print("✅ 证书任务完成。")
+
+
+# ============================================================
+# CLI 主入口
+# ============================================================
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description="Manage Nginx site configs and certificates"
+    )
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument("--install", action="store_true", help="Install Nginx configs")
+    group.add_argument(
+        "--uninstall", action="store_true", help="Uninstall Nginx configs"
+    )
+    group.add_argument(
+        "--cert",
+        nargs="?",
+        const=True,
+        help="Generate SSL certs (optionally specify domain)",
+    )
+
+    args = parser.parse_args()
+
+    require_root()
+
+    if args.install:
+        install_nginx_configs()
+    elif args.uninstall:
+        uninstall_nginx_configs()
+    elif args.cert:
+        if args.cert is True:
+            generate_cert(None)
+        else:
+            generate_cert(args.cert)

nas.gogongxt.com

@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name nas.gogongxt.com;
+    location / {
+        client_max_body_size 512M;
+        proxy_pass http://nas.gogongxt.com:60002;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/nas.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/nas.gogongxt.com/privkey.pem;
+}

tools.gogongxt.com

@@ -0,0 +1,22 @@
+server {
+    listen 80;
+    server_name tools.gogongxt.com;
+
+    root /home/gogongxt/tools;
+    index index.html;
+
+    # 静态文件直接返回
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # Python API 反向代理
+    location /api/ {
+        proxy_pass http://127.0.0.1:8000;
+    }
+
+    listen 443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/tools.gogongxt.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tools.gogongxt.com/privkey.pem;
+}