#!/usr/bin/env bash # 为管理面板启用 Nginx HTTPS(443);install.sh 与新装/升级后调用 set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" ROOT_DIR="$(dirname "$SCRIPT_DIR")" ENV_FILE="${ROOT_DIR}/.env" [[ -f "$ENV_FILE" ]] || { echo "缺少 $ENV_FILE"; exit 1; } # shellcheck disable=SC1090 source "$ENV_FILE" : "${DOMAIN:?}" : "${VPS_IP:?}" normalize_panel_path() { local p="${1:-}" p="${p#/}" p="${p%/}" echo "$p" } PANEL_PATH="$(normalize_panel_path "${PANEL_PATH:-}")" if [[ -z "$PANEL_PATH" ]]; then echo "缺少 PANEL_PATH,请先运行 install.sh 或写入 .env" exit 1 fi PANEL_LOCATION="/${PANEL_PATH}/" PANEL_PREFIX="/${PANEL_PATH}" PANEL_ALLOW_BLOCK="" if [[ -n "${PANEL_ALLOW_IP:-}" ]]; then PANEL_ALLOW_BLOCK=" allow ${PANEL_ALLOW_IP}; deny all;" fi if [[ ! -f /etc/sing-box/certs/fullchain.pem ]] || [[ ! -f /etc/sing-box/certs/privkey.pem ]]; then echo "缺少 TLS 证书,请先完成 install.sh 或 acme.sh 申请证书" exit 1 fi if command -v ufw &>/dev/null; then ufw allow 443/tcp comment 'Panel-HTTPS' 2>/dev/null || true fi sed -e "s|__DOMAIN__|${DOMAIN}|g" \ -e "s|__PANEL_LOCATION__|${PANEL_LOCATION}|g" \ -e "s|__PANEL_PREFIX__|${PANEL_PREFIX}|g" \ -e "s|__PANEL_ALLOW__|${PANEL_ALLOW_BLOCK}|g" \ "$ROOT_DIR/server/nginx/panel.conf.template" \ > /etc/nginx/sites-available/jiedian-panel ln -sf /etc/nginx/sites-available/jiedian-panel /etc/nginx/sites-enabled/jiedian-panel rm -f /etc/nginx/sites-enabled/acme nginx -t systemctl reload nginx echo "面板 HTTPS 已启用: https://${DOMAIN}${PANEL_LOCATION}"