chore: 提交部署脚本与 nginx 证书私钥（pull-and-restart.sh, restart.sh, yuheng.yuxindazhineng.com.key）

Made-with: Cursor
2026-03-17 21:41:34 +08:00
parent 3993f7322e
commit eb2d5f6579
3 changed files with 554 additions and 0 deletions
--- a/restart.sh
+++ b/restart.sh
@@ -0,0 +1,215 @@
+#!/usr/bin/env bash
+# 直接重启：缺什么自动安装（curl、Docker、Docker Compose），再 docker compose 重启，不拉代码
+# 用法：cd 项目根 && chmod +x restart.sh && ./restart.sh
+# 行尾：LF
+set -e
+ROOT="${PROJECT_ROOT:-$(cd "$(dirname "$0")" && pwd)}"
+cd "$ROOT"
+
+run_sudo() { sudo "$@"; }
+
+ensure_curl() {
+  if command -v curl >/dev/null 2>&1; then return 0; fi
+  echo "未检测到 curl，正在安装..."
+  if command -v apt-get >/dev/null 2>&1; then run_sudo apt-get update -qq; run_sudo apt-get install -y curl
+  elif command -v dnf >/dev/null 2>&1; then run_sudo dnf install -y curl
+  elif command -v yum >/dev/null 2>&1; then run_sudo yum install -y curl
+  else echo "无法自动安装 curl."; exit 1; fi
+  echo "curl 已安装."
+}
+
+# ---------- 检测并安装 Docker（用 run_sudo 检测，与后续 compose 一致；支持 Podman）----------
+ensure_docker() {
+  if command -v docker >/dev/null 2>&1 && run_sudo docker info >/dev/null 2>&1; then
+    echo "Docker 已就绪."
+    return 0
+  fi
+  if command -v docker >/dev/null 2>&1; then
+    echo "Docker/Podman 守护进程未连接，尝试启动..."
+    run_sudo systemctl start podman 2>/dev/null || true
+    run_sudo systemctl start docker 2>/dev/null || true
+    if run_sudo docker info >/dev/null 2>&1; then
+      echo "Docker 已就绪."
+      return 0
+    fi
+    echo "错误：无法连接 Docker/Podman 守护进程，请执行: sudo systemctl start podman 或 sudo systemctl start docker" >&2
+    exit 1
+  fi
+  echo "未检测到 Docker 或未启动，正在安装..."
+  if command -v apt-get >/dev/null 2>&1; then
+    run_sudo apt-get update -qq
+    run_sudo apt-get install -y docker.io docker-compose-plugin 2>/dev/null || run_sudo apt-get install -y docker.io docker-compose
+    run_sudo systemctl start docker
+    run_sudo systemctl enable docker
+  elif command -v dnf >/dev/null 2>&1 || command -v yum >/dev/null 2>&1; then
+    if command -v dnf >/dev/null 2>&1; then
+      run_sudo dnf install -y docker
+    else
+      run_sudo yum install -y docker
+    fi
+    run_sudo systemctl start docker
+    run_sudo systemctl enable docker
+  else
+    echo "无法自动安装 Docker，请先安装 Docker 与 Docker Compose 后重试."
+    exit 1
+  fi
+  echo "Docker 安装完成."
+}
+
+ensure_registry_mirror() {
+  REG_CONF_D="/etc/containers/registries.conf.d"
+  REG_MIRROR_CONF="$REG_CONF_D/99-docker-mirror.conf"
+  echo "配置 Docker Hub 镜像加速（Podman）..."
+  run_sudo mkdir -p "$REG_CONF_D"
+  run_sudo tee "$REG_MIRROR_CONF" >/dev/null <<'REGEOF'
+# 国内 Docker Hub 拉取加速，多镜像备用
+unqualified-search-registries = ["docker.io"]
+[[registry]]
+location = "docker.io"
+[[registry.mirror]]
+location = "docker.m.daocloud.io"
+[[registry.mirror]]
+location = "docker.1ms.run"
+[[registry.mirror]]
+location = "docker.xuanyuan.me"
+REGEOF
+  echo "已写入 $REG_MIRROR_CONF"
+}
+
+ensure_docker_compose() {
+  run_sudo docker compose version >/dev/null 2>&1 && return 0
+  command -v docker-compose >/dev/null 2>&1 && return 0
+  [ -x /usr/local/bin/docker-compose ] && return 0
+  echo "未检测到 Docker Compose，正在尝试安装（优先插件）..."
+  if command -v dnf >/dev/null 2>&1; then
+    run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
+    if ! run_sudo docker compose version >/dev/null 2>&1; then
+      echo "系统源无插件，尝试添加 Docker CE 源（阿里云镜像）..."
+      run_sudo dnf install -y dnf-plugins-core 2>/dev/null || true
+      run_sudo dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
+      run_sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
+      run_sudo dnf install -y docker-compose-plugin 2>/dev/null || true
+    fi
+  elif command -v yum >/dev/null 2>&1; then
+    run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
+    if ! run_sudo docker compose version >/dev/null 2>&1; then
+      echo "系统源无插件，尝试添加 Docker CE 源（阿里云镜像）..."
+      run_sudo yum install -y yum-utils 2>/dev/null || true
+      run_sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2>/dev/null || \
+      run_sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 2>/dev/null || true
+      run_sudo yum install -y docker-compose-plugin 2>/dev/null || true
+    fi
+  elif command -v apt-get >/dev/null 2>&1; then
+    run_sudo apt-get update -qq 2>/dev/null; run_sudo apt-get install -y docker-compose-plugin 2>/dev/null || true
+  fi
+  run_sudo docker compose version >/dev/null 2>&1 && echo "Docker Compose 插件已就绪." && return 0
+  echo "正在安装独立版 Docker Compose（国内 DaoCloud 镜像）..."
+  COMPOSE_ARCH="$(uname -m)"
+  case "$COMPOSE_ARCH" in
+    x86_64) COMPOSE_ARCH=x86_64 ;;
+    aarch64|arm64) COMPOSE_ARCH=aarch64 ;;
+    *) COMPOSE_ARCH=x86_64 ;;
+  esac
+  COMPOSE_VER="v2.24.0"
+  COMPOSE_URL_CN="https://get.daocloud.io/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
+  if ! run_sudo curl -sfL --connect-timeout 20 --max-time 90 "$COMPOSE_URL_CN" -o /usr/local/bin/docker-compose; then
+    COMPOSE_URL="https://github.com/docker/compose/releases/download/${COMPOSE_VER}/docker-compose-linux-${COMPOSE_ARCH}"
+    run_sudo curl -sfL --max-time 90 "$COMPOSE_URL" -o /usr/local/bin/docker-compose
+  fi
+  run_sudo chmod +x /usr/local/bin/docker-compose
+  run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || { run_sudo rm -f /usr/local/bin/docker-compose; echo "独立版运行失败（可能架构不符），请尝试: dnf install -y docker-compose-plugin 或 yum install -y docker-compose-plugin" >&2; return 0; }
+  echo "Docker Compose 已安装."
+}
+
+# ---------- 检测并安装 Nginx（反代 + 强制 HTTPS）----------
+ensure_nginx() {
+  command -v nginx >/dev/null 2>&1 && return 0
+  echo "未检测到 Nginx，正在安装..."
+  if command -v apt-get >/dev/null 2>&1; then run_sudo apt-get update -qq; run_sudo apt-get install -y nginx
+  elif command -v dnf >/dev/null 2>&1; then run_sudo dnf install -y nginx
+  elif command -v yum >/dev/null 2>&1; then run_sudo yum install -y nginx
+  else echo "无法自动安装 Nginx."; exit 1; fi
+  run_sudo systemctl enable nginx 2>/dev/null || true
+  run_sudo systemctl start nginx 2>/dev/null || true
+  echo "Nginx 已安装."
+}
+
+ensure_curl
+ensure_docker
+ensure_docker_compose
+ensure_registry_mirror
+ensure_nginx
+
+resolve_compose_cmd() {
+  run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
+  if [ -x /usr/local/bin/docker-compose ]; then
+    r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
+    if [ "$r" -eq 0 ]; then echo "/usr/local/bin/docker-compose"; return; fi
+    echo "检测到 /usr/local/bin/docker-compose 无法运行（可能架构不符），正在重装..." >&2
+    run_sudo rm -f /usr/local/bin/docker-compose
+    ensure_docker_compose || true
+  fi
+  run_sudo docker-compose version >/dev/null 2>&1 && echo "docker-compose" && return
+  ensure_docker_compose || true
+  run_sudo docker compose version >/dev/null 2>&1 && echo "docker compose" && return
+  if [ -x /usr/local/bin/docker-compose ]; then
+    r=0; run_sudo /usr/local/bin/docker-compose version >/dev/null 2>&1 || r=1
+    [ "$r" -eq 0 ] && echo "/usr/local/bin/docker-compose" || echo ""
+  else
+    echo ""
+  fi
+}
+COMPOSE_CMD=""
+compose_cmd() {
+  if [ -z "$COMPOSE_CMD" ]; then COMPOSE_CMD="$(resolve_compose_cmd)"; fi
+  if [ -z "$COMPOSE_CMD" ]; then echo "错误：无法找到 docker compose，请手动安装到 /usr/local/bin/docker-compose"; exit 1; fi
+  run_sudo env REGISTRY_MIRROR="${REGISTRY_MIRROR}" GOPROXY="${GOPROXY}" $COMPOSE_CMD "$@"
+}
+
+echo "重启 yh_web ($ROOT)..."
+
+# 环境配置：缺失时从 server/.env.example 复制
+if [ ! -f server/.env ]; then
+  if [ -f server/.env.example ]; then
+    cp server/.env.example server/.env
+    echo "已从 server/.env.example 创建 server/.env"
+  else
+    mkdir -p server
+    ND="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
+    printf 'MONGODB_URI=mongodb://mongo:27017\nMONGODB_DB=yxd-agent-testing\nPORT=9527\nGIN_MODE=release\nALLOWED_ORIGINS=https://%s\n' "$ND" > server/.env
+    echo "已创建默认 server/.env"
+  fi
+fi
+[ -f server/.env ] && sed -i 's/\r$//' server/.env
+[ -f server/.env ] && set -a && source server/.env && set +a
+
+export REGISTRY_MIRROR="${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}"
+NGINX_DOMAIN="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
+NGINX_SSL_DIR="/etc/ssl/yh_web/$NGINX_DOMAIN"
+NGINX_CONF_NAME="${NGINX_DOMAIN}.conf"
+run_sudo mkdir -p "$NGINX_SSL_DIR"
+if [ -f "$ROOT/nginx/$NGINX_DOMAIN.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN.key" ]; then
+  run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.pem" "$NGINX_SSL_DIR/fullchain.pem"
+  run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN.key" "$NGINX_SSL_DIR/privkey.pem"
+  run_sudo chmod 644 "$NGINX_SSL_DIR/fullchain.pem"
+  run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem"
+elif [ -f "$ROOT/nginx/fullchain.pem" ] && [ -f "$ROOT/nginx/privkey.pem" ]; then
+  run_sudo cp -f "$ROOT/nginx/fullchain.pem" "$ROOT/nginx/privkey.pem" "$NGINX_SSL_DIR/"
+  run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem" 2>/dev/null || true
+elif [ -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" ] && [ -f "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" ]; then
+  run_sudo cp -f "$ROOT/nginx/$NGINX_DOMAIN/fullchain.pem" "$ROOT/nginx/$NGINX_DOMAIN/privkey.pem" "$NGINX_SSL_DIR/"
+  run_sudo chmod 600 "$NGINX_SSL_DIR/privkey.pem" 2>/dev/null || true
+fi
+[ -f "$NGINX_SSL_DIR/fullchain.pem" ] && [ -f "$NGINX_SSL_DIR/privkey.pem" ] && echo "已同步证书到 $NGINX_SSL_DIR"
+compose_cmd down 2>/dev/null || true
+run_sudo docker pull "${REGISTRY_MIRROR}mongo:7" 2>/dev/null || true
+compose_cmd up -d
+
+if [ -f "$ROOT/nginx/$NGINX_CONF_NAME" ]; then
+  run_sudo cp -f "$ROOT/nginx/$NGINX_CONF_NAME" /etc/nginx/conf.d/ 2>/dev/null || true
+  if run_sudo nginx -t 2>/dev/null; then
+    run_sudo systemctl reload nginx 2>/dev/null && echo "Nginx 已重载." || true
+  fi
+fi
+
+echo "完成. 对外仅 443，反代: https://$NGINX_DOMAIN"