chore: 提交部署脚本与 nginx 证书私钥(pull-and-restart.sh, restart.sh, yuheng.yuxindazhineng.com.key)
Made-with: Cursor
This commit is contained in:
27
nginx/yuheng.yuxindazhineng.com.key
Normal file
27
nginx/yuheng.yuxindazhineng.com.key
Normal file
@@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA188iiRdYOJhtpDOpdnvcASNh37gYBih+dxDZ1NBdWWEWvb02
|
||||
9kEfwoAeBCL5vp+PQ1IroBNIc37ZpDbDzCsYjboSlD29x2gskem5tj2av5UkTLpb
|
||||
3LMLfzwRBOGjGL4Eps2iLEzIKEAz5N+GY+xRHOQgSSTOia6zg4uwTANom7eiRsj+
|
||||
cLlkambAhor4ZyqQ0mjgAF4LhCfutj909cvrCvWK9AgD1SpCu2TF09gQ3i6pGhzZ
|
||||
YZVCydCitypQ60xBix/VszVAdHBo73l1gluF71cu4+lrCsjzw3MpoeO0pD1i0cUb
|
||||
kAzF3ypSmgrv0+3adtazm6rY9PefqB4fFHDtAwIDAQABAoIBABiBivhqUDhNBtZI
|
||||
j4vG0NrIO8r9yqyYWJQIs9O4vYDyx3RQUjdwebzKc54gop+E2u3YHOAWkHmdA/Xj
|
||||
yiQbGLSvVoDC6hQEvlrrYY1SPYpX00FrQBc1ta6DEaOuQ6kBmuGeJDZHmcsIT1xE
|
||||
Day3HxbayNfFeDamQfhEGobnNC/KWxyy5b7tHLZdBueCRjx7u0uoxREPRtzsLBIr
|
||||
i19AoKgLH+RRwtLSU2b3yvLmExHkw3McUxB+tvbscBy3LJOc1Lh0Hqd1Tyyoscyz
|
||||
yAQvWl2y8VIWSVNKyq2MBKPRUSuMb0G2wHknuynVVzTSE/MGSyWJbh0FRt2AJ6X1
|
||||
LvW5R0ECgYEA76rU+zf5GYabFCXj3OMmYVoRfgGlQo6kvJBE8f4nB476sogONHqv
|
||||
nxECpVh4TUYUr48d0Vvgk+2kTHNsc9PSn+hP94qs+SJetfy2LleoVQkIZlvIpH31
|
||||
wKSZbR28j3NpdH9+/ptBH82eNxI+ta4bjNtNV8dumEAMfr4IdRGowZMCgYEA5oQU
|
||||
ZseMOW7YxTIJFeq74rYwavHYOonxykAioxGmZ8LZniscTr+kdhOJEd9w5WAa5Ena
|
||||
AvjHe9Ln6lk7PT7HkaFoOAYiXa5myYj2/Wpt5EpdZwIwwdFGk37wOiX4DZAgrr8L
|
||||
WkJTGjc7TVXOQ73buQIYeNi6bvtDs6h9p/wIDNECgYEA2fs/gUo0dyH1dIrNx76V
|
||||
zt+Tn06x12pTrOluu8bUCszheXXDrbmUeBGJnYdsy6Oc9twtW5i8Fu+CisJEdsjG
|
||||
/gfWi6gGkQXQrKcvr9CsWsM/b5G1WN7zoQZUQWlVcgefd4TqpXnh7qIeb6pZfPbh
|
||||
OejQXLEYBsPiWXhPyuKH4Z8CgYEAhLdel54j2Z08KKyaFohDDFAgqDH9cBajovIx
|
||||
/vjWeb7xU+M2NRCZO3Ib5LJkaWtfkDgE0Nky4NOYupANT0Gp3Oq0+ixt9MnIXBgD
|
||||
O/vesSUviXL1Z2F55MmcvZ3GpuhoKLPNcXXmKp3KAsh4LQBOVMIkHM+K5wK7A+Dq
|
||||
F6E/cUECgYAtesYx/R0pW6n/rUVvOELfHnXpxyCq0ZA/vnGcDp10yQbcoNXUM0Sf
|
||||
UMK5FRcD3q6Ghbm87aHdqKcyDY1Wxaj6aTR/QlpDY6WW/DdQ+KE4P5ts3i8GjRH6
|
||||
tBVCm7wrCkRtE14zKo1B1Oy6xrMDsPVmi8ITcFzIVMX/ajovPW+80Q==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
312
pull-and-restart.sh
Normal file
312
pull-and-restart.sh
Normal file
@@ -0,0 +1,312 @@
|
||||
#!/usr/bin/env bash
|
||||
# 拉取代码并重启:缺什么自动安装(curl、Git、Docker、Docker Compose),再 git 拉取 + docker compose 构建启动
|
||||
# 用法:cd 项目根 && chmod +x pull-and-restart.sh && ./pull-and-restart.sh
|
||||
# 行尾:LF
|
||||
set -e
|
||||
ROOT="${PROJECT_ROOT:-$(cd "$(dirname "$0")" && pwd)}"
|
||||
cd "$ROOT"
|
||||
|
||||
run_sudo() { sudo "$@"; }
|
||||
|
||||
# ---------- 检测并安装 curl(下载 Docker Compose 等需要)----------
|
||||
ensure_curl() {
|
||||
if command -v curl >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
echo "未检测到 curl,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq
|
||||
run_sudo apt-get install -y curl
|
||||
elif command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y curl
|
||||
elif command -v yum >/dev/null 2>&1; then
|
||||
run_sudo yum install -y curl
|
||||
else
|
||||
echo "无法自动安装 curl,请先安装 curl 后重试."
|
||||
exit 1
|
||||
fi
|
||||
echo "curl 已安装."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Git(国内服务器用系统源)----------
|
||||
ensure_git() {
|
||||
if command -v git >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
echo "未检测到 Git,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq
|
||||
run_sudo apt-get install -y git
|
||||
elif command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y git
|
||||
elif command -v yum >/dev/null 2>&1; then
|
||||
run_sudo yum install -y git
|
||||
else
|
||||
echo "无法自动安装 Git,请先安装 Git 后重试."
|
||||
exit 1
|
||||
fi
|
||||
echo "Git 已安装."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Docker(用 run_sudo 检测,与后续 compose 一致;支持 Podman 兼容层)----------
|
||||
ensure_docker() {
|
||||
if command -v docker >/dev/null 2>&1 && run_sudo docker info >/dev/null 2>&1; then
|
||||
echo "Docker 已就绪."
|
||||
return 0
|
||||
fi
|
||||
if command -v docker >/dev/null 2>&1; then
|
||||
echo "Docker/Podman 守护进程未连接,尝试启动..."
|
||||
run_sudo systemctl start podman 2>/dev/null || true
|
||||
run_sudo systemctl start docker 2>/dev/null || true
|
||||
if run_sudo docker info >/dev/null 2>&1; then
|
||||
echo "Docker 已就绪."
|
||||
return 0
|
||||
fi
|
||||
echo "错误:无法连接 Docker/Podman 守护进程,请执行: sudo systemctl start podman 或 sudo systemctl start docker" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "未检测到 Docker 或未启动,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq
|
||||
run_sudo apt-get install -y docker.io docker-compose-plugin 2>/dev/null || run_sudo apt-get install -y docker.io docker-compose
|
||||
run_sudo systemctl start docker
|
||||
run_sudo systemctl enable docker
|
||||
elif command -v dnf >/dev/null 2>&1 || command -v yum >/dev/null 2>&1; then
|
||||
if command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y docker
|
||||
else
|
||||
run_sudo yum install -y docker
|
||||
fi
|
||||
run_sudo systemctl start docker
|
||||
run_sudo systemctl enable docker
|
||||
else
|
||||
echo "无法自动安装 Docker,请先安装 Docker 与 Docker Compose 后重试."
|
||||
exit 1
|
||||
fi
|
||||
echo "Docker 安装完成."
|
||||
}
|
||||
|
||||
# ---------- 配置 Docker Hub 镜像加速(国内拉取超时时使用 Podman 镜像)----------
|
||||
ensure_registry_mirror() {
|
||||
REG_CONF_D="/etc/containers/registries.conf.d"
|
||||
REG_MIRROR_CONF="$REG_CONF_D/99-docker-mirror.conf"
|
||||
echo "配置 Docker Hub 镜像加速(Podman)..."
|
||||
run_sudo mkdir -p "$REG_CONF_D"
|
||||
run_sudo tee "$REG_MIRROR_CONF" >/dev/null <<'REGEOF'
|
||||
# 国内 Docker Hub 拉取加速,由 pull-and-restart.sh 生成(多镜像备用)
|
||||
unqualified-search-registries = ["docker.io"]
|
||||
[[registry]]
|
||||
location = "docker.io"
|
||||
[[registry.mirror]]
|
||||
location = "docker.m.daocloud.io"
|
||||
[[registry.mirror]]
|
||||
location = "docker.1ms.run"
|
||||
[[registry.mirror]]
|
||||
location = "docker.xuanyuan.me"
|
||||
REGEOF
|
||||
echo "已写入 $REG_MIRROR_CONF(docker.io 镜像: daocloud / 1ms / xuanyuan)."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Docker Compose(优先插件 docker compose,否则独立二进制)----------
|
||||
ensure_docker_compose() {
|
||||
run_sudo docker compose version >/dev/null 2>&1 && return 0
|
||||
command -v docker-compose >/dev/null 2>&1 && return 0
|
||||
[ -x /usr/local/bin/docker-compose ] && return 0
|
||||
# 优先尝试用包管理器安装插件,避免独立二进制架构不符导致 Bus error
|
||||
echo "未检测到 Docker Compose,正在尝试安装(优先插件)..."
|
||||
if command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
|
||||
if ! run_sudo docker compose version >/dev/null 2>&1; then
|
||||
echo "系统源无插件,尝试添加 Docker CE 源(阿里云镜像)..."
|
||||
run_sudo dnf install -y dnf-plugins-core 2>/dev/null || true
|
||||
run_sudo dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
|
||||
run_sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
|
||||
run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
elif command -v yum >/dev/null 2>&1; then
|
||||
run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
|
||||
if ! run_sudo docker compose version >/dev/null 2>&1; then
|
||||
echo "系统源无插件,尝试添加 Docker CE 源(阿里云镜像)..."
|
||||
run_sudo yum install -y yum-utils 2>/dev/null || true
|
||||
run_sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
|
||||
run_sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
|
||||
run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
elif command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq 2>/dev/null; run_sudo apt-get install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "Docker Compose 插件已就绪." && return 0
|
||||
# 回退:下载独立版(国内 DaoCloud 镜像)
|
||||
echo "正在安装独立版 Docker Compose(国内 DaoCloud 镜像)..."
|
||||
COMPOSE_ARCH="$(uname -m)"
|
||||
case "$COMPOSE_ARCH" in
|
||||
x86_64) COMPOSE_ARCH=x86_64 ;;
|
||||
aarch64|arm64) COMPOSE_ARCH=aarch64 ;;
|
||||
*) COMPOSE_ARCH=x86_64 ;;
|
||||
esac
|
||||
COMPOSE_VER="v2.24.0"
|
||||
COMPOSE_URL_CN="https://get.daocloud.io/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
|
||||
if ! run_sudo curl -sfL --connect-timeout 20 --max-time 90 "$COMPOSE_URL_CN" -o /usr/local/bin/docker-compose; then
|
||||
COMPOSE_URL="https://github.com/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
|
||||
run_sudo curl -sfL --max-time 90 "$COMPOSE_URL" -o /usr/local/bin/docker-compose
|
||||
fi
|
||||
run_sudo chmod +x /usr/local/bin/docker-compose
|
||||
# 若运行即崩溃(如 Bus error),删除以免后续误用
|
||||
run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || { run_sudo rm -f /usr/local/bin/docker-compose; echo "独立版运行失败(可能架构不符),请尝试: dnf install -y docker-compose-plugin 或 yum install -y docker-compose-plugin" >&2; return 0; }
|
||||
echo "Docker Compose 已安装."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Nginx(反代 + 强制 HTTPS,证书按域名存 /etc/ssl/yh_web/<域名>/)----------
|
||||
ensure_nginx() {
|
||||
if command -v nginx >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
echo "未检测到 Nginx,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq
|
||||
run_sudo apt-get install -y nginx
|
||||
elif command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y nginx
|
||||
elif command -v yum >/dev/null 2>&1; then
|
||||
run_sudo yum install -y nginx
|
||||
else
|
||||
echo "无法自动安装 Nginx,请手动安装后重试."
|
||||
exit 1
|
||||
fi
|
||||
run_sudo systemctl enable nginx 2>/dev/null || true
|
||||
run_sudo systemctl start nginx 2>/dev/null || true
|
||||
echo "Nginx 已安装."
|
||||
}
|
||||
|
||||
ensure_curl
|
||||
ensure_git
|
||||
ensure_docker
|
||||
ensure_docker_compose
|
||||
ensure_registry_mirror
|
||||
ensure_nginx
|
||||
|
||||
# 确定要用的 compose 命令;测试独立二进制时用 || true 避免 Bus error 导致脚本退出
|
||||
resolve_compose_cmd() {
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
|
||||
if [ -x /usr/local/bin/docker-compose ]; then
|
||||
r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
|
||||
if [ "$r" -eq 0 ]; then echo "/usr/local/bin/docker-compose"; return; fi
|
||||
echo "检测到 /usr/local/bin/docker-compose 无法运行(可能架构不符),正在重装..." >&2
|
||||
run_sudo rm -f /usr/local/bin/docker-compose
|
||||
ensure_docker_compose || true
|
||||
fi
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
|
||||
run_sudo docker-compose version >/dev/null 2>&1 && echo "docker-compose" && return
|
||||
ensure_docker_compose || true
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
|
||||
if [ -x /usr/local/bin/docker-compose ]; then
|
||||
r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
|
||||
[ "$r" -eq 0 ] && echo "/usr/local/bin/docker-compose" || echo ""
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
COMPOSE_CMD=""
|
||||
compose_cmd() {
|
||||
if [ -z "$COMPOSE_CMD" ]; then
|
||||
COMPOSE_CMD="$(resolve_compose_cmd)"
|
||||
fi
|
||||
if [ -z "$COMPOSE_CMD" ]; then
|
||||
echo "错误:无法找到 docker compose 或 docker-compose,请手动安装到 /usr/local/bin/docker-compose"
|
||||
exit 1
|
||||
fi
|
||||
# sudo 默认不传环境变量,显式传入以便 compose 使用 REGISTRY_MIRROR / GOPROXY
|
||||
run_sudo env REGISTRY_MIRROR="${REGISTRY_MIRROR}" GOPROXY="${GOPROXY}" $COMPOSE_CMD "$@"
|
||||
}
|
||||
|
||||
echo "=========================================="
|
||||
echo " yh_web 拉取并重启"
|
||||
echo " 路径: $ROOT"
|
||||
echo "=========================================="
|
||||
|
||||
# 环境配置:缺失时从 server/.env.example 复制(Docker 部署用 mongo:27017)
|
||||
if [ ! -f server/.env ]; then
|
||||
if [ -f server/.env.example ]; then
|
||||
cp server/.env.example server/.env
|
||||
echo "已从 server/.env.example 创建 server/.env(可按需修改)."
|
||||
else
|
||||
mkdir -p server
|
||||
NGINX_DEFAULT_DOMAIN="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
|
||||
cat > server/.env <<ENVEOF
|
||||
MONGODB_URI=mongodb://mongo:27017
|
||||
MONGODB_DB=yxd-agent-testing
|
||||
PORT=9527
|
||||
GIN_MODE=release
|
||||
ALLOWED_ORIGINS=https://${NGINX_DEFAULT_DOMAIN}
|
||||
ENVEOF
|
||||
echo "已创建默认 server/.env(ALLOWED_ORIGINS=https://${NGINX_DEFAULT_DOMAIN}),可按需修改."
|
||||
fi
|
||||
fi
|
||||
[ -f server/.env ] && sed -i 's/\r$//' server/.env
|
||||
[ -f server/.env ] && set -a && source server/.env && set +a
|
||||
|
||||
BRANCH="${GIT_BRANCH:-master}"
|
||||
echo "[1/3] 拉取代码..."
|
||||
if git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
|
||||
git fetch origin --progress
|
||||
git reset --hard "origin/$BRANCH"
|
||||
else
|
||||
echo "未检测到 Git 仓库,正在克隆..."
|
||||
export GIT_TERMINAL_PROMPT=0
|
||||
# 默认仓库地址(仅本地/服务器使用,不提交到仓库;可覆盖:export GIT_REPO_URL=...)
|
||||
REPO_URL="${GIT_REPO_URL:-https://whm:02f8ceeee5f1aeb197ff400e4d97abbcf5550015@gitea.yuxindazhineng.com/whm/web.git}"
|
||||
SELF="$(basename "$0")"
|
||||
tmp_backup="/tmp/yh_web_deploy_$$"
|
||||
mkdir -p "$tmp_backup"
|
||||
[ -f "$SELF" ] && cp -a "$SELF" "$tmp_backup/"
|
||||
[ -f server/.env ] && cp -a server/.env "$tmp_backup/" 2>/dev/null || true
|
||||
git init -b "$BRANCH"
|
||||
git remote add origin "$REPO_URL"
|
||||
git fetch origin --progress
|
||||
git reset --hard "origin/$BRANCH"
|
||||
[ -f "$tmp_backup/$SELF" ] && cp -a "$tmp_backup/$SELF" "$SELF" && chmod +x "$SELF"
|
||||
[ -f "$tmp_backup/.env" ] && mkdir -p server && cp -a "$tmp_backup/.env" server/.env
|
||||
rm -rf "$tmp_backup"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "[2/3] 重新构建并启动..."
|
||||
export GOPROXY="${GOPROXY:-https://goproxy.cn,direct}"
|
||||
# 国内直连 Docker Hub 超时时,用镜像拉取基础镜像(Dockerfile FROM 与 mongo 镜像)
|
||||
export REGISTRY_MIRROR="${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}"
|
||||
compose_cmd build --no-cache
|
||||
# 先显式从镜像站拉 mongo,避免 compose up 时直连 Docker Hub 超时
|
||||
echo "拉取 mongo 镜像..."
|
||||
run_sudo docker pull "${REGISTRY_MIRROR}mongo:7" || true
|
||||
# 证书目录在 compose up 前就要就绪(compose 内 nginx 容器会挂载)
|
||||
NGINX_DOMAIN="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
|
||||
NGINX_SSL_DIR="/etc/ssl/yh_web/$NGINX_DOMAIN"
|
||||
run_sudo mkdir -p "$NGINX_SSL_DIR"
|
||||
if [ -f "$ROOT/nginx/$NGINX_DOMAIN.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN.key" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.pem" "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.key" "$NGINX_SSL_DIR/privkey.pem"
|
||||
run_sudo chmod 644 "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem"
|
||||
elif [ -f "$ROOT/nginx/fullchain.pem" ] && [ -f "$ROOT/nginx/privkey.pem" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/fullchain.pem" "$ROOT/nginx/privkey.pem" "$NGINX_SSL_DIR/"
|
||||
run_sudo chmod 644 "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem"
|
||||
elif [ -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" "$NGINX_SSL_DIR/"
|
||||
run_sudo chmod 644 "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem"
|
||||
fi
|
||||
compose_cmd up -d --force-recreate
|
||||
|
||||
echo ""
|
||||
echo "[3/3] 证书与宿主机 Nginx(可选)..."
|
||||
NGINX_CONF_NAME="${NGINX_DOMAIN}.conf"
|
||||
if [ -f "$ROOT/nginx/$NGINX_CONF_NAME" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_CONF_NAME" /etc/nginx/conf.d/ 2>/dev/null || true
|
||||
if run_sudo nginx -t 2>/dev/null; then
|
||||
run_sudo systemctl reload nginx 2>/dev/null && echo "宿主机 Nginx 已重载." || true
|
||||
fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "完成. 对外仅 443;反代: https://$NGINX_DOMAIN"
|
||||
215
restart.sh
Normal file
215
restart.sh
Normal file
@@ -0,0 +1,215 @@
|
||||
#!/usr/bin/env bash
|
||||
# 直接重启:缺什么自动安装(curl、Docker、Docker Compose),再 docker compose 重启,不拉代码
|
||||
# 用法:cd 项目根 && chmod +x restart.sh && ./restart.sh
|
||||
# 行尾:LF
|
||||
set -e
|
||||
ROOT="${PROJECT_ROOT:-$(cd "$(dirname "$0")" && pwd)}"
|
||||
cd "$ROOT"
|
||||
|
||||
run_sudo() { sudo "$@"; }
|
||||
|
||||
ensure_curl() {
|
||||
if command -v curl >/dev/null 2>&1; then return 0; fi
|
||||
echo "未检测到 curl,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then run_sudo apt-get update -qq; run_sudo apt-get install -y curl
|
||||
elif command -v dnf >/dev/null 2>&1; then run_sudo dnf install -y curl
|
||||
elif command -v yum >/dev/null 2>&1; then run_sudo yum install -y curl
|
||||
else echo "无法自动安装 curl."; exit 1; fi
|
||||
echo "curl 已安装."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Docker(用 run_sudo 检测,与后续 compose 一致;支持 Podman)----------
|
||||
ensure_docker() {
|
||||
if command -v docker >/dev/null 2>&1 && run_sudo docker info >/dev/null 2>&1; then
|
||||
echo "Docker 已就绪."
|
||||
return 0
|
||||
fi
|
||||
if command -v docker >/dev/null 2>&1; then
|
||||
echo "Docker/Podman 守护进程未连接,尝试启动..."
|
||||
run_sudo systemctl start podman 2>/dev/null || true
|
||||
run_sudo systemctl start docker 2>/dev/null || true
|
||||
if run_sudo docker info >/dev/null 2>&1; then
|
||||
echo "Docker 已就绪."
|
||||
return 0
|
||||
fi
|
||||
echo "错误:无法连接 Docker/Podman 守护进程,请执行: sudo systemctl start podman 或 sudo systemctl start docker" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "未检测到 Docker 或未启动,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq
|
||||
run_sudo apt-get install -y docker.io docker-compose-plugin 2>/dev/null || run_sudo apt-get install -y docker.io docker-compose
|
||||
run_sudo systemctl start docker
|
||||
run_sudo systemctl enable docker
|
||||
elif command -v dnf >/dev/null 2>&1 || command -v yum >/dev/null 2>&1; then
|
||||
if command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y docker
|
||||
else
|
||||
run_sudo yum install -y docker
|
||||
fi
|
||||
run_sudo systemctl start docker
|
||||
run_sudo systemctl enable docker
|
||||
else
|
||||
echo "无法自动安装 Docker,请先安装 Docker 与 Docker Compose 后重试."
|
||||
exit 1
|
||||
fi
|
||||
echo "Docker 安装完成."
|
||||
}
|
||||
|
||||
ensure_registry_mirror() {
|
||||
REG_CONF_D="/etc/containers/registries.conf.d"
|
||||
REG_MIRROR_CONF="$REG_CONF_D/99-docker-mirror.conf"
|
||||
echo "配置 Docker Hub 镜像加速(Podman)..."
|
||||
run_sudo mkdir -p "$REG_CONF_D"
|
||||
run_sudo tee "$REG_MIRROR_CONF" >/dev/null <<'REGEOF'
|
||||
# 国内 Docker Hub 拉取加速,多镜像备用
|
||||
unqualified-search-registries = ["docker.io"]
|
||||
[[registry]]
|
||||
location = "docker.io"
|
||||
[[registry.mirror]]
|
||||
location = "docker.m.daocloud.io"
|
||||
[[registry.mirror]]
|
||||
location = "docker.1ms.run"
|
||||
[[registry.mirror]]
|
||||
location = "docker.xuanyuan.me"
|
||||
REGEOF
|
||||
echo "已写入 $REG_MIRROR_CONF"
|
||||
}
|
||||
|
||||
ensure_docker_compose() {
|
||||
run_sudo docker compose version >/dev/null 2>&1 && return 0
|
||||
command -v docker-compose >/dev/null 2>&1 && return 0
|
||||
[ -x /usr/local/bin/docker-compose ] && return 0
|
||||
echo "未检测到 Docker Compose,正在尝试安装(优先插件)..."
|
||||
if command -v dnf >/dev/null 2>&1; then
|
||||
run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
|
||||
if ! run_sudo docker compose version >/dev/null 2>&1; then
|
||||
echo "系统源无插件,尝试添加 Docker CE 源(阿里云镜像)..."
|
||||
run_sudo dnf install -y dnf-plugins-core 2>/dev/null || true
|
||||
run_sudo dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
|
||||
run_sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
|
||||
run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
elif command -v yum >/dev/null 2>&1; then
|
||||
run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
|
||||
if ! run_sudo docker compose version >/dev/null 2>&1; then
|
||||
echo "系统源无插件,尝试添加 Docker CE 源(阿里云镜像)..."
|
||||
run_sudo yum install -y yum-utils 2>/dev/null || true
|
||||
run_sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
|
||||
run_sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
|
||||
run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
elif command -v apt-get >/dev/null 2>&1; then
|
||||
run_sudo apt-get update -qq 2>/dev/null; run_sudo apt-get install -y docker-compose-plugin 2>/dev/null || true
|
||||
fi
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "Docker Compose 插件已就绪." && return 0
|
||||
echo "正在安装独立版 Docker Compose(国内 DaoCloud 镜像)..."
|
||||
COMPOSE_ARCH="$(uname -m)"
|
||||
case "$COMPOSE_ARCH" in
|
||||
x86_64) COMPOSE_ARCH=x86_64 ;;
|
||||
aarch64|arm64) COMPOSE_ARCH=aarch64 ;;
|
||||
*) COMPOSE_ARCH=x86_64 ;;
|
||||
esac
|
||||
COMPOSE_VER="v2.24.0"
|
||||
COMPOSE_URL_CN="https://get.daocloud.io/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
|
||||
if ! run_sudo curl -sfL --connect-timeout 20 --max-time 90 "$COMPOSE_URL_CN" -o /usr/local/bin/docker-compose; then
|
||||
COMPOSE_URL="https://github.com/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
|
||||
run_sudo curl -sfL --max-time 90 "$COMPOSE_URL" -o /usr/local/bin/docker-compose
|
||||
fi
|
||||
run_sudo chmod +x /usr/local/bin/docker-compose
|
||||
run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || { run_sudo rm -f /usr/local/bin/docker-compose; echo "独立版运行失败(可能架构不符),请尝试: dnf install -y docker-compose-plugin 或 yum install -y docker-compose-plugin" >&2; return 0; }
|
||||
echo "Docker Compose 已安装."
|
||||
}
|
||||
|
||||
# ---------- 检测并安装 Nginx(反代 + 强制 HTTPS)----------
|
||||
ensure_nginx() {
|
||||
command -v nginx >/dev/null 2>&1 && return 0
|
||||
echo "未检测到 Nginx,正在安装..."
|
||||
if command -v apt-get >/dev/null 2>&1; then run_sudo apt-get update -qq; run_sudo apt-get install -y nginx
|
||||
elif command -v dnf >/dev/null 2>&1; then run_sudo dnf install -y nginx
|
||||
elif command -v yum >/dev/null 2>&1; then run_sudo yum install -y nginx
|
||||
else echo "无法自动安装 Nginx."; exit 1; fi
|
||||
run_sudo systemctl enable nginx 2>/dev/null || true
|
||||
run_sudo systemctl start nginx 2>/dev/null || true
|
||||
echo "Nginx 已安装."
|
||||
}
|
||||
|
||||
ensure_curl
|
||||
ensure_docker
|
||||
ensure_docker_compose
|
||||
ensure_registry_mirror
|
||||
ensure_nginx
|
||||
|
||||
resolve_compose_cmd() {
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
|
||||
if [ -x /usr/local/bin/docker-compose ]; then
|
||||
r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
|
||||
if [ "$r" -eq 0 ]; then echo "/usr/local/bin/docker-compose"; return; fi
|
||||
echo "检测到 /usr/local/bin/docker-compose 无法运行(可能架构不符),正在重装..." >&2
|
||||
run_sudo rm -f /usr/local/bin/docker-compose
|
||||
ensure_docker_compose || true
|
||||
fi
|
||||
run_sudo docker-compose version >/dev/null 2>&1 && echo "docker-compose" && return
|
||||
ensure_docker_compose || true
|
||||
run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
|
||||
if [ -x /usr/local/bin/docker-compose ]; then
|
||||
r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
|
||||
[ "$r" -eq 0 ] && echo "/usr/local/bin/docker-compose" || echo ""
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
COMPOSE_CMD=""
|
||||
compose_cmd() {
|
||||
if [ -z "$COMPOSE_CMD" ]; then COMPOSE_CMD="$(resolve_compose_cmd)"; fi
|
||||
if [ -z "$COMPOSE_CMD" ]; then echo "错误:无法找到 docker compose,请手动安装到 /usr/local/bin/docker-compose"; exit 1; fi
|
||||
run_sudo env REGISTRY_MIRROR="${REGISTRY_MIRROR}" GOPROXY="${GOPROXY}" $COMPOSE_CMD "$@"
|
||||
}
|
||||
|
||||
echo "重启 yh_web ($ROOT)..."
|
||||
|
||||
# 环境配置:缺失时从 server/.env.example 复制
|
||||
if [ ! -f server/.env ]; then
|
||||
if [ -f server/.env.example ]; then
|
||||
cp server/.env.example server/.env
|
||||
echo "已从 server/.env.example 创建 server/.env"
|
||||
else
|
||||
mkdir -p server
|
||||
ND="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
|
||||
printf 'MONGODB_URI=mongodb://mongo:27017\nMONGODB_DB=yxd-agent-testing\nPORT=9527\nGIN_MODE=release\nALLOWED_ORIGINS=https://%s\n' "$ND" > server/.env
|
||||
echo "已创建默认 server/.env"
|
||||
fi
|
||||
fi
|
||||
[ -f server/.env ] && sed -i 's/\r$//' server/.env
|
||||
[ -f server/.env ] && set -a && source server/.env && set +a
|
||||
|
||||
export REGISTRY_MIRROR="${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}"
|
||||
NGINX_DOMAIN="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
|
||||
NGINX_SSL_DIR="/etc/ssl/yh_web/$NGINX_DOMAIN"
|
||||
NGINX_CONF_NAME="${NGINX_DOMAIN}.conf"
|
||||
run_sudo mkdir -p "$NGINX_SSL_DIR"
|
||||
if [ -f "$ROOT/nginx/$NGINX_DOMAIN.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN.key" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.pem" "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.key" "$NGINX_SSL_DIR/privkey.pem"
|
||||
run_sudo chmod 644 "$NGINX_SSL_DIR/fullchain.pem"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem"
|
||||
elif [ -f "$ROOT/nginx/fullchain.pem" ] && [ -f "$ROOT/nginx/privkey.pem" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/fullchain.pem" "$ROOT/nginx/privkey.pem" "$NGINX_SSL_DIR/"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem" 2>/dev/null || true
|
||||
elif [ -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" "$NGINX_SSL_DIR/"
|
||||
run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem" 2>/dev/null || true
|
||||
fi
|
||||
[ -f "$NGINX_SSL_DIR/fullchain.pem" ] && [ -f "$NGINX_SSL_DIR/privkey.pem" ] && echo "已同步证书到 $NGINX_SSL_DIR"
|
||||
compose_cmd down 2>/dev/null || true
|
||||
run_sudo docker pull "${REGISTRY_MIRROR}mongo:7" 2>/dev/null || true
|
||||
compose_cmd up -d
|
||||
|
||||
if [ -f "$ROOT/nginx/$NGINX_CONF_NAME" ]; then
|
||||
run_sudo cp -f "$ROOT/nginx/$NGINX_CONF_NAME" /etc/nginx/conf.d/ 2>/dev/null || true
|
||||
if run_sudo nginx -t 2>/dev/null; then
|
||||
run_sudo systemctl reload nginx 2>/dev/null && echo "Nginx 已重载." || true
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "完成. 对外仅 443,反代: https://$NGINX_DOMAIN"
|
||||
Reference in New Issue
Block a user