fix: use webroot nginx site for acme.sh certificate issuance
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
+166
-166
@@ -1,166 +1,166 @@
|
||||
# Ubuntu 部署指南
|
||||
|
||||
仓库:[https://git.bz121.com/dekun/jiedian.git](https://git.bz121.com/dekun/jiedian.git)
|
||||
|
||||
| 项目 | 值 |
|
||||
|------|-----|
|
||||
| VPS IP | `47.76.87.111` |
|
||||
| 域名 | `66.hyf2.cc` |
|
||||
| 部署目录 | `/opt/jiedian` |
|
||||
| 系统 | Ubuntu 22.04 / 24.04 |
|
||||
|
||||
---
|
||||
|
||||
## 部署前准备
|
||||
|
||||
### 1. DNS 解析
|
||||
|
||||
在域名控制台添加 **A 记录**:
|
||||
|
||||
```
|
||||
66.hyf2.cc → 47.76.87.111
|
||||
```
|
||||
|
||||
验证(本地或 VPS 上执行):
|
||||
|
||||
```bash
|
||||
dig +short A 66.hyf2.cc
|
||||
# 应返回 47.76.87.111
|
||||
```
|
||||
|
||||
### 2. SSH 登录 VPS
|
||||
|
||||
```bash
|
||||
ssh root@47.76.87.111
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 一键部署(推荐)
|
||||
|
||||
在 VPS 上以 **root** 执行:
|
||||
|
||||
```bash
|
||||
# 安装 git
|
||||
apt update && apt install -y git
|
||||
|
||||
# 克隆到 /opt/jiedian
|
||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
||||
cd /opt/jiedian
|
||||
|
||||
# .env 已预填 IP/域名/密钥,直接安装
|
||||
bash scripts/install.sh
|
||||
```
|
||||
|
||||
安装完成后查看节点链接:
|
||||
|
||||
```bash
|
||||
cat /opt/jiedian/client/generated/share-links.txt
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 分步部署(如需手动控制)
|
||||
|
||||
```bash
|
||||
apt update && apt install -y git
|
||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
||||
cd /opt/jiedian
|
||||
|
||||
# 检查 .env(已预配置,一般无需修改)
|
||||
cat .env
|
||||
|
||||
# 若需重新生成密钥
|
||||
bash scripts/generate-keys.sh
|
||||
|
||||
# 执行安装
|
||||
bash scripts/install.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 安装脚本做了什么
|
||||
|
||||
1. 安装 sing-box、nginx、ufw
|
||||
2. 防火墙放行:`22/tcp`、`443/tcp`、`8443/udp`
|
||||
3. Nginx 伪装站监听 `127.0.0.1:8080`
|
||||
4. acme.sh 为 `66.hyf2.cc` 申请 Let's Encrypt 证书
|
||||
5. 生成 `/etc/sing-box/config.json` 并启动 systemd 服务
|
||||
6. 输出客户端分享链接到 `client/generated/share-links.txt`
|
||||
|
||||
---
|
||||
|
||||
## 节点信息
|
||||
|
||||
| 节点 | 协议 | 地址 | 端口 |
|
||||
|------|------|------|------|
|
||||
| 主力 | VLESS + Reality | `47.76.87.111` | 443/TCP |
|
||||
| 备用 | Hysteria2 | `66.hyf2.cc` | 8443/UDP |
|
||||
|
||||
Reality 伪装 SNI:`www.microsoft.com`(不是你的域名)
|
||||
|
||||
---
|
||||
|
||||
## 部署后验证
|
||||
|
||||
```bash
|
||||
# sing-box 运行状态
|
||||
systemctl status sing-box
|
||||
|
||||
# 端口监听
|
||||
ss -tlnp | grep 443
|
||||
ss -ulnp | grep 8443
|
||||
|
||||
# 配置语法检查
|
||||
sing-box check -c /etc/sing-box/config.json
|
||||
|
||||
# 查看日志
|
||||
journalctl -u sing-box -f
|
||||
```
|
||||
|
||||
客户端导入见 [client-import.md](client-import.md)。
|
||||
|
||||
---
|
||||
|
||||
## 常用运维
|
||||
|
||||
```bash
|
||||
cd /opt/jiedian
|
||||
|
||||
# 拉取最新配置(若仓库有更新)
|
||||
git pull
|
||||
|
||||
# 重新安装/更新
|
||||
bash scripts/install.sh
|
||||
|
||||
# 证书手动续期
|
||||
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
|
||||
systemctl restart sing-box
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 故障排查
|
||||
|
||||
| 问题 | 处理 |
|
||||
|------|------|
|
||||
| `set: pipefail: invalid option` | Windows 换行符问题,执行:`sed -i 's/\r$//' scripts/*.sh .env` 后重试 |
|
||||
| `dig` 未返回正确 IP | 等待 DNS 生效或检查解析记录 |
|
||||
| acme 证书失败 | 确认 80 端口可访问:`curl -I http://66.hyf2.cc` |
|
||||
| sing-box 启动失败 | `journalctl -u sing-box -n 50` 查看报错 |
|
||||
| 客户端连不上 | 核对 `share-links.txt` 与 `.env` 中密钥一致 |
|
||||
|
||||
更多见 [troubleshooting.md](troubleshooting.md)。
|
||||
|
||||
---
|
||||
|
||||
## 更新仓库(本地开发机)
|
||||
|
||||
```bash
|
||||
cd 节点
|
||||
git add .
|
||||
git commit -m "update config"
|
||||
git push origin main
|
||||
```
|
||||
|
||||
VPS 上 `git pull` 后重新运行 `bash scripts/install.sh` 即可同步。
|
||||
# Ubuntu 部署指南
|
||||
|
||||
仓库:[https://git.bz121.com/dekun/jiedian.git](https://git.bz121.com/dekun/jiedian.git)
|
||||
|
||||
| 项目 | 值 |
|
||||
|------|-----|
|
||||
| VPS IP | `47.76.87.111` |
|
||||
| 域名 | `66.hyf2.cc` |
|
||||
| 部署目录 | `/opt/jiedian` |
|
||||
| 系统 | Ubuntu 22.04 / 24.04 |
|
||||
|
||||
---
|
||||
|
||||
## 部署前准备
|
||||
|
||||
### 1. DNS 解析
|
||||
|
||||
在域名控制台添加 **A 记录**:
|
||||
|
||||
```
|
||||
66.hyf2.cc → 47.76.87.111
|
||||
```
|
||||
|
||||
验证(本地或 VPS 上执行):
|
||||
|
||||
```bash
|
||||
dig +short A 66.hyf2.cc
|
||||
# 应返回 47.76.87.111
|
||||
```
|
||||
|
||||
### 2. SSH 登录 VPS
|
||||
|
||||
```bash
|
||||
ssh root@47.76.87.111
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 一键部署(推荐)
|
||||
|
||||
在 VPS 上以 **root** 执行:
|
||||
|
||||
```bash
|
||||
# 安装 git
|
||||
apt update && apt install -y git
|
||||
|
||||
# 克隆到 /opt/jiedian
|
||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
||||
cd /opt/jiedian
|
||||
|
||||
# .env 已预填 IP/域名/密钥,直接安装
|
||||
bash scripts/install.sh
|
||||
```
|
||||
|
||||
安装完成后查看节点链接:
|
||||
|
||||
```bash
|
||||
cat /opt/jiedian/client/generated/share-links.txt
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 分步部署(如需手动控制)
|
||||
|
||||
```bash
|
||||
apt update && apt install -y git
|
||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
||||
cd /opt/jiedian
|
||||
|
||||
# 检查 .env(已预配置,一般无需修改)
|
||||
cat .env
|
||||
|
||||
# 若需重新生成密钥
|
||||
bash scripts/generate-keys.sh
|
||||
|
||||
# 执行安装
|
||||
bash scripts/install.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 安装脚本做了什么
|
||||
|
||||
1. 安装 sing-box、nginx、ufw
|
||||
2. 防火墙放行:`22/tcp`、`443/tcp`、`8443/udp`
|
||||
3. Nginx 伪装站监听 `127.0.0.1:8080`
|
||||
4. acme.sh 为 `66.hyf2.cc` 申请 Let's Encrypt 证书
|
||||
5. 生成 `/etc/sing-box/config.json` 并启动 systemd 服务
|
||||
6. 输出客户端分享链接到 `client/generated/share-links.txt`
|
||||
|
||||
---
|
||||
|
||||
## 节点信息
|
||||
|
||||
| 节点 | 协议 | 地址 | 端口 |
|
||||
|------|------|------|------|
|
||||
| 主力 | VLESS + Reality | `47.76.87.111` | 443/TCP |
|
||||
| 备用 | Hysteria2 | `66.hyf2.cc` | 8443/UDP |
|
||||
|
||||
Reality 伪装 SNI:`www.microsoft.com`(不是你的域名)
|
||||
|
||||
---
|
||||
|
||||
## 部署后验证
|
||||
|
||||
```bash
|
||||
# sing-box 运行状态
|
||||
systemctl status sing-box
|
||||
|
||||
# 端口监听
|
||||
ss -tlnp | grep 443
|
||||
ss -ulnp | grep 8443
|
||||
|
||||
# 配置语法检查
|
||||
sing-box check -c /etc/sing-box/config.json
|
||||
|
||||
# 查看日志
|
||||
journalctl -u sing-box -f
|
||||
```
|
||||
|
||||
客户端导入见 [client-import.md](client-import.md)。
|
||||
|
||||
---
|
||||
|
||||
## 常用运维
|
||||
|
||||
```bash
|
||||
cd /opt/jiedian
|
||||
|
||||
# 拉取最新配置(若仓库有更新)
|
||||
git pull
|
||||
|
||||
# 重新安装/更新
|
||||
bash scripts/install.sh
|
||||
|
||||
# 证书手动续期
|
||||
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
|
||||
systemctl restart sing-box
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 故障排查
|
||||
|
||||
| 问题 | 处理 |
|
||||
|------|------|
|
||||
| `set: pipefail: invalid option` | Windows 换行符问题,执行:`sed -i 's/\r$//' scripts/*.sh .env` 后重试 |
|
||||
| `dig` 未返回正确 IP | 等待 DNS 生效或检查解析记录 |
|
||||
| acme 证书失败 | 确认 80 端口可访问:`curl http://66.hyf2.cc/.well-known/acme-challenge/test`;检查 nginx acme 站点是否启用 |
|
||||
| sing-box 启动失败 | `journalctl -u sing-box -n 50` 查看报错 |
|
||||
| 客户端连不上 | 核对 `share-links.txt` 与 `.env` 中密钥一致 |
|
||||
|
||||
更多见 [troubleshooting.md](troubleshooting.md)。
|
||||
|
||||
---
|
||||
|
||||
## 更新仓库(本地开发机)
|
||||
|
||||
```bash
|
||||
cd 节点
|
||||
git add .
|
||||
git commit -m "update config"
|
||||
git push origin main
|
||||
```
|
||||
|
||||
VPS 上 `git pull` 后重新运行 `bash scripts/install.sh` 即可同步。
|
||||
|
||||
Reference in New Issue
Block a user