feat: enable HTTPS admin panel on port 443 for new deployments

Add Nginx SSL panel config, enable-panel-https.sh, secure Flask cookies, and update docs for https login.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-28 00:46:08 +08:00
parent 5704ab1a0a
commit 78b85c0d83
13 changed files with 175 additions and 47 deletions
+54
View File
@@ -0,0 +1,54 @@
# HTTPACME 验证 + 面板跳转 HTTPS
server {
listen 80;
listen [::]:80;
server_name __DOMAIN__;
root /var/www/acme;
location /.well-known/acme-challenge/ {
default_type "text/plain";
try_files $uri =404;
}
location ^~ __PANEL_LOCATION__ {
return 301 https://$host$request_uri;
}
location / {
return 200 'ok';
add_header Content-Type text/plain;
}
}
# HTTPS:管理面板
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name __DOMAIN__;
ssl_certificate /etc/sing-box/certs/fullchain.pem;
ssl_certificate_key /etc/sing-box/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
location ^~ __PANEL_LOCATION__ {
__PANEL_ALLOW__
proxy_pass http://127.0.0.1:5080/;
proxy_http_version 1.1;
proxy_connect_timeout 10s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
proxy_set_header Host __DOMAIN__;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host __DOMAIN__;
proxy_set_header X-Forwarded-Prefix __PANEL_PREFIX__;
}
location / {
return 404;
}
}