78b85c0d83
Add Nginx SSL panel config, enable-panel-https.sh, secure Flask cookies, and update docs for https login. Co-authored-by: Cursor <cursoragent@cursor.com>
61 lines
1.6 KiB
Bash
61 lines
1.6 KiB
Bash
#!/usr/bin/env bash
|
||
# 为管理面板启用 Nginx HTTPS(443);install.sh 与新装/升级后调用
|
||
set -euo pipefail
|
||
|
||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
||
ENV_FILE="${ROOT_DIR}/.env"
|
||
|
||
[[ -f "$ENV_FILE" ]] || { echo "缺少 $ENV_FILE"; exit 1; }
|
||
# shellcheck disable=SC1090
|
||
source "$ENV_FILE"
|
||
|
||
: "${DOMAIN:?}"
|
||
: "${VPS_IP:?}"
|
||
|
||
normalize_panel_path() {
|
||
local p="${1:-}"
|
||
p="${p#/}"
|
||
p="${p%/}"
|
||
echo "$p"
|
||
}
|
||
|
||
PANEL_PATH="$(normalize_panel_path "${PANEL_PATH:-}")"
|
||
if [[ -z "$PANEL_PATH" ]]; then
|
||
echo "缺少 PANEL_PATH,请先运行 install.sh 或写入 .env"
|
||
exit 1
|
||
fi
|
||
|
||
PANEL_LOCATION="/${PANEL_PATH}/"
|
||
PANEL_PREFIX="/${PANEL_PATH}"
|
||
|
||
PANEL_ALLOW_BLOCK=""
|
||
if [[ -n "${PANEL_ALLOW_IP:-}" ]]; then
|
||
PANEL_ALLOW_BLOCK=" allow ${PANEL_ALLOW_IP};
|
||
deny all;"
|
||
fi
|
||
|
||
if [[ ! -f /etc/sing-box/certs/fullchain.pem ]] || [[ ! -f /etc/sing-box/certs/privkey.pem ]]; then
|
||
echo "缺少 TLS 证书,请先完成 install.sh 或 acme.sh 申请证书"
|
||
exit 1
|
||
fi
|
||
|
||
if command -v ufw &>/dev/null; then
|
||
ufw allow 443/tcp comment 'Panel-HTTPS' 2>/dev/null || true
|
||
fi
|
||
|
||
sed -e "s|__DOMAIN__|${DOMAIN}|g" \
|
||
-e "s|__PANEL_LOCATION__|${PANEL_LOCATION}|g" \
|
||
-e "s|__PANEL_PREFIX__|${PANEL_PREFIX}|g" \
|
||
-e "s|__PANEL_ALLOW__|${PANEL_ALLOW_BLOCK}|g" \
|
||
"$ROOT_DIR/server/nginx/panel.conf.template" \
|
||
> /etc/nginx/sites-available/jiedian-panel
|
||
|
||
ln -sf /etc/nginx/sites-available/jiedian-panel /etc/nginx/sites-enabled/jiedian-panel
|
||
rm -f /etc/nginx/sites-enabled/acme
|
||
|
||
nginx -t
|
||
systemctl reload nginx
|
||
|
||
echo "面板 HTTPS 已启用: https://${DOMAIN}${PANEL_LOCATION}"
|