#!/bin/bash # 修复 webroot 路由配置,解决 HTTP-01 验证问题 set -e APISIX_ADMIN_URL="${APISIX_ADMIN_URL:-http://localhost:9180}" APISIX_ADMIN_KEY="${APISIX_ADMIN_KEY:-8206e6e42b6b53243c52a767cc633137}" echo "修复 webroot 路由配置..." # 获取所有需要配置的域名(从路由中提取) DOMAINS=$(curl -s "${APISIX_ADMIN_URL}/apisix/admin/routes" \ -H "X-API-KEY: ${APISIX_ADMIN_KEY}" \ | python3 -c " import sys, json try: data = json.load(sys.stdin) routes = data.get('list', []) domains = set() for r in routes: host = r.get('value', {}).get('host') if host and host not in ['localhost', '127.0.0.1']: domains.add(host) print(' '.join(domains)) except: print('') " 2>/dev/null || echo "") if [ -z "$DOMAINS" ]; then echo "未找到域名,使用默认配置" DOMAINS="jingrowtools.cn" fi echo "找到域名: $DOMAINS" # 创建统一的 webroot 路由(适用于所有域名,不指定 host) echo "创建统一的 webroot 验证路由(适用于所有域名)..." ROUTE_ID="certbot-webroot" # 创建/更新 webroot 路由 RESPONSE=$(curl -s -X PUT "${APISIX_ADMIN_URL}/apisix/admin/routes/${ROUTE_ID}" \ -H "X-API-KEY: ${APISIX_ADMIN_KEY}" \ -H "Content-Type: application/json" \ -d "{ \"uri\": \"/.well-known/acme-challenge/*\", \"name\": \"certbot-webroot\", \"priority\": 10000, \"plugins\": { \"serverless-pre-function\": { \"phase\": \"rewrite\", \"functions\": [ \"return function(conf, ctx) local uri = ctx.var.uri; local token = string.match(uri, '/%.well%-known/acme%-challenge/(.+)'); if not token then ngx.status = 404; ngx.say('Token not found in URI: ' .. (uri or 'nil')); return; end; local path = '/var/www/certbot/.well-known/acme-challenge/' .. token; local file = io.open(path, 'r'); if file then local content = file:read('*all'); file:close(); ngx.header.content_type = 'text/plain'; ngx.say(content); else ngx.status = 404; ngx.say('File not found: ' .. path); end end\" ] } }, \"status\": 1 }") if echo "$RESPONSE" | grep -q '"value"'; then echo "✅ Webroot 路由配置成功(适用于所有域名)" else echo "❌ Webroot 路由配置失败: $RESPONSE" fi echo "" echo "修复完成!" echo "" echo "测试验证路径:" echo " echo 'test-token' | sudo tee /var/www/certbot/.well-known/acme-challenge/test-token" echo " curl http://jingrowtools.cn/.well-known/acme-challenge/test-token"