feat: enable HTTPS admin panel on port 443 for new deployments

Add Nginx SSL panel config, enable-panel-https.sh, secure Flask cookies, and update docs for https login.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-28 00:46:08 +08:00
parent 5704ab1a0a
commit 78b85c0d83
13 changed files with 175 additions and 47 deletions
+9 -8
View File
@@ -115,7 +115,8 @@ ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp comment 'SSH'
ufw allow 80/tcp comment 'HTTP-ACME-Panel'
ufw allow 80/tcp comment 'HTTP-ACME'
ufw allow 443/tcp comment 'Panel-HTTPS'
ufw allow 8443:8499/udp comment 'Hysteria2-multi-node'
ufw --force enable
@@ -126,13 +127,10 @@ cp "$ROOT_DIR/server/nginx/fallback.conf" /etc/nginx/sites-available/fallback
ln -sf /etc/nginx/sites-available/fallback /etc/nginx/sites-enabled/fallback
rm -f /etc/nginx/sites-enabled/default
log "部署 Nginx ACME + 管理面板反向代理 (80) ..."
log "部署 Nginx ACME 验证站点 (80) ..."
mkdir -p /var/www/acme
sed -e "s|__DOMAIN__|${DOMAIN}|g" \
-e "s|__PANEL_LOCATION__|${PANEL_LOCATION}|g" \
-e "s|__PANEL_PREFIX__|${PANEL_PREFIX}|g" \
-e "s|__PANEL_ALLOW__|${PANEL_ALLOW_BLOCK}|g" \
"$ROOT_DIR/server/nginx/acme.conf.template" \
"$ROOT_DIR/server/nginx/acme-bootstrap.conf.template" \
> /etc/nginx/sites-available/acme
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
nginx -t && systemctl enable nginx && systemctl restart nginx
@@ -160,8 +158,10 @@ log "安装 TLS 证书到 sing-box ..."
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem
log "部署 Nginx HTTPS 管理面板 (443) ..."
bash "$ROOT_DIR/scripts/enable-panel-https.sh"
rm -f /etc/nginx/sites-enabled/panel /etc/nginx/sites-available/panel
nginx -t && systemctl reload nginx
log "安装 Python 面板依赖 ..."
python3 -m venv "$ROOT_DIR/panel/venv"
@@ -229,7 +229,8 @@ systemctl restart sing-box jiedian-panel
log "部署完成!"
echo ""
echo "=========================================="
echo " 管理面板: http://${DOMAIN}${PANEL_LOCATION}"
echo " 管理面板: https://${DOMAIN}${PANEL_LOCATION}"
echo " HTTP 会自动跳转到 HTTPS"
echo " 面板路径: ${PANEL_PATH} (见 .env 中 PANEL_PATH"
echo " 用户名: ${PANEL_USERNAME}"
echo " 密码: ${PANEL_PASSWORD}"