shell/jshells
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

设置acme.json权限为600以便能自动申请SSL证书

Browse Source
This commit is contained in:
jingrow 2025-08-08 04:23:28 +08:00
parent c6248b67c0
commit 7f26f9f1dd
1 changed files with 45 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
install_jsite.sh
View File

@ -447,9 +447,9 @@ get_or_assign_port() {
fi fi
fi fi
# 如果没有保存过,则保存端口分配 # 如果没有保存过,则保存端口分配(重定向日志输出)
if [ "$already_saved" = false ]; then if [ "$already_saved" = false ]; then
save_port_assignment "$site_name" "$port" save_port_assignment "$site_name" "$port" >/dev/null 2>&1
fi fi
echo "$port" echo "$port"
@ -542,8 +542,8 @@ create_env_file() {
# 获取项目端口 # 获取项目端口
local project_port=$(get_or_assign_port "$SITE_NAME") local project_port=$(get_or_assign_port "$SITE_NAME")
# 更新SITE_URL以使用分配的端口 # 构建本地地址URL用于PUBLIC_SITE_URL
local site_url_with_port=$(echo "$SITE_URL" | sed "s|:[0-9]*|:$project_port|") local public_site_url="http://127.0.0.1:$project_port"
# 检查.env文件是否已存在 # 检查.env文件是否已存在
if [ -f "/home/jingrow/jsite/$SITE_NAME/.env" ]; then if [ -f "/home/jingrow/jsite/$SITE_NAME/.env" ]; then
@ -557,7 +557,7 @@ create_env_file() {
# 创建.env文件 # 创建.env文件
cat > "/home/jingrow/jsite/$SITE_NAME/.env" << EOF cat > "/home/jingrow/jsite/$SITE_NAME/.env" << EOF
PUBLIC_SITE_URL=$site_url_with_port PUBLIC_SITE_URL=$public_site_url
REVALIDATE_TOKEN=$REVALIDATE_TOKEN REVALIDATE_TOKEN=$REVALIDATE_TOKEN
@ -566,16 +566,13 @@ JINGROW_SITE_NAME=$SITE_NAME
JINGROW_SERVER_URL=$SERVER_URL JINGROW_SERVER_URL=$SERVER_URL
JINGROW_API_KEY=$API_KEY JINGROW_API_KEY=$API_KEY
JINGROW_API_SECRET=$API_SECRET JINGROW_API_SECRET=$API_SECRET
# 项目端口配置
PORT=$project_port
EOF EOF
# 设置文件权限 # 设置文件权限
chown jingrow:jingrow "/home/jingrow/jsite/$SITE_NAME/.env" chown jingrow:jingrow "/home/jingrow/jsite/$SITE_NAME/.env"
chmod 600 "/home/jingrow/jsite/$SITE_NAME/.env" chmod 600 "/home/jingrow/jsite/$SITE_NAME/.env"
log_success ".env文件创建完成 (端口: $project_port)" log_success ".env文件创建完成 (端口: $project_port, PUBLIC_SITE_URL: $public_site_url)"
} }
# 4.5. 创建PM2配置文件 # 4.5. 创建PM2配置文件
@ -790,6 +787,15 @@ install_traefik() {
# 设置目录权限 # 设置目录权限
chown -R jingrow:jingrow /home/jingrow/traefik-docker chown -R jingrow:jingrow /home/jingrow/traefik-docker
log_success "设置traefik目录权限" log_success "设置traefik目录权限"
# 设置 acme.json 文件权限Let's Encrypt 要求 600 权限)
if [ -f "/home/jingrow/traefik-docker/acme.json" ]; then
chmod 600 /home/jingrow/traefik-docker/acme.json
chown jingrow:jingrow /home/jingrow/traefik-docker/acme.json
log_success "设置 acme.json 文件权限为 600"
else
log_warning "acme.json 文件不存在,请检查 Traefik 配置"
fi
} }
# 6. 安装Docker如果未安装 # 6. 安装Docker如果未安装
@ -980,6 +986,36 @@ install_project_dependencies() {
fi fi
log_success "项目依赖安装完成" log_success "项目依赖安装完成"
# 构建项目
log_info "构建jsite/$SITE_NAME项目..."
# 获取当前内存大小MB并减去200MB作为构建内存限制
local total_memory_mb=$(free -m | awk 'NR==2{print $2}')
local build_memory_mb=$((total_memory_mb - 300))
# 确保内存限制至少为512MB
if [ "$build_memory_mb" -lt 512 ]; then
build_memory_mb=512
log_warning "可用内存不足设置构建内存限制为512MB"
fi
log_info "设置构建内存限制为 ${build_memory_mb}MB (总内存: ${total_memory_mb}MB)"
su - jingrow -c "
export NVM_DIR=\"\$HOME/.nvm\"
[ -s \"\$NVM_DIR/nvm.sh\" ] && \. \"\$NVM_DIR/nvm.sh\"
export NODE_OPTIONS=\"--max-old-space-size=$build_memory_mb\"
cd /home/jingrow/jsite/$SITE_NAME
npm run build
"
if [ $? -ne 0 ]; then
log_error "项目构建失败"
return 1
fi
log_success "项目构建完成 (内存限制: ${build_memory_mb}MB)"
} }
# 9. 显示部署信息 # 9. 显示部署信息