#!/usr/bin/env bash # 生成本地 HTTPS 自签证书(局域网 PWA 安装用) # 用法: sudo bash scripts/gen_ssl_cert.sh [服务器局域网IP] set -euo pipefail SERVER_IP="${1:-}" SSL_DIR="/etc/nginx/ssl" KEY="${SSL_DIR}/trading_studio.key" CRT="${SSL_DIR}/trading_studio.crt" if [[ "${EUID:-0}" -ne 0 ]]; then echo "请使用 root: sudo bash scripts/gen_ssl_cert.sh 192.168.x.x" exit 1 fi if [[ -z "${SERVER_IP}" ]]; then SERVER_IP=$(hostname -I | awk '{print $1}') echo "[INFO] 未指定 IP,使用: ${SERVER_IP}" fi mkdir -p "${SSL_DIR}" openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ -keyout "${KEY}" \ -out "${CRT}" \ -subj "/CN=TradingStudio/O=Trading/C=CN" \ -addext "subjectAltName=IP:${SERVER_IP},DNS:trading.local,DNS:localhost" chmod 600 "${KEY}" echo "[OK] 证书已生成:" echo " ${CRT}" echo " ${KEY}" echo "" echo "手机/平板首次访问 HTTPS 需点「继续访问」信任自签证书,之后即可安装 App。"