From 774cee0afaf02b82a1c9d960fabedfab6802fd03 Mon Sep 17 00:00:00 2001
From: whm <973418690@qq.com>
Date: Fri, 27 Mar 2026 14:33:36 +0800
Subject: [PATCH] fix(deploy): ??????? 80/443 ???????????

Made-with: Cursor
---
 scripts/lib-yh-compose-deploy.sh | 52 ++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/scripts/lib-yh-compose-deploy.sh b/scripts/lib-yh-compose-deploy.sh
index 7d90a0c..c23d45e 100644
--- a/scripts/lib-yh-compose-deploy.sh
+++ b/scripts/lib-yh-compose-deploy.sh
@@ -4,6 +4,21 @@
 
 YH_COMPOSE_FILES="-f docker-compose.yml -f docker-compose.host-nginx.yml"
 
+require_cmd() {
+  local c="$1"
+  command -v "$c" >/dev/null 2>&1 || {
+    echo "错误: 缺少命令 $c，请先安装后重试。" >&2
+    exit 1
+  }
+}
+
+ensure_host_deploy_env() {
+  require_cmd systemctl
+  require_cmd ss
+  require_cmd sed
+  require_cmd awk
+}
+
 host_nginx_online() {
   command -v systemctl >/dev/null 2>&1 || return 1
   systemctl is-active nginx >/dev/null 2>&1 && return 0
@@ -11,7 +26,43 @@ host_nginx_online() {
   return 1
 }
 
+force_release_port() {
+  local p="$1"
+  local victims
+  victims="$(run_sudo ss -tlnp "sport = :$p" 2>/dev/null | sed -n 's/.*pid=\([0-9]\+\).*/\1/p' | awk '!seen[$0]++')"
+  [ -z "$victims" ] && return 0
+
+  for pid in $victims; do
+    [ -z "$pid" ] && continue
+    local comm
+    comm="$(run_sudo sh -c "cat /proc/$pid/comm 2>/dev/null" || true)"
+    if [ "$comm" = "nginx" ]; then
+      continue
+    fi
+    echo "端口 $p 被非宿主机 nginx 进程占用（pid=$pid, comm=${comm:-unknown}），强制停止..."
+    run_sudo kill -9 "$pid" 2>/dev/null || true
+  done
+}
+
+force_release_host_ports() {
+  # 先优先停掉所有发布了宿主机 80/443 的容器（最常见冲突源）
+  if command -v docker >/dev/null 2>&1; then
+    for cid in $(run_sudo docker ps --filter "publish=80" --format "{{.ID}}" 2>/dev/null); do
+      [ -n "$cid" ] && run_sudo docker rm -f "$cid" 2>/dev/null || true
+    done
+    for cid in $(run_sudo docker ps --filter "publish=443" --format "{{.ID}}" 2>/dev/null); do
+      [ -n "$cid" ] && run_sudo docker rm -f "$cid" 2>/dev/null || true
+    done
+  fi
+  # 再兜底杀掉非 nginx 的占用进程
+  force_release_port 80
+  force_release_port 443
+}
+
 ensure_host_nginx_started() {
+  ensure_host_deploy_env
+  force_release_host_ports
+
   if host_nginx_online; then
     echo "宿主机 Nginx 在线，跳过启动。"
     return 0
@@ -57,6 +108,7 @@ yh_install_host_nginx_site_conf() {
     return 0
   fi
 
+  ensure_host_deploy_env
   mkdir -p "$ROOT/verify-root"
   sed "s|__VERIFY_ROOT__|$ROOT/verify-root|g" "$tpl" | run_sudo tee "$out" >/dev/null