3344/dock
1
0
Fork 0
Code Issues Packages Projects Releases 1 Wiki Activity
Files
main
dock/ssl

83 lines
2.9 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
cat << 'EOF' > cert_factory_interactive.sh
#!/bin/bash
# ==========================================
# 跳板机 SSL 证书申请工厂 (交互版)
# ==========================================
# --- 1. 交互式输入 ---
echo "----------------------------------------------------"
read -p "请输入您要申请的域名 (例如: ui.shanghi.net): " DOMAIN
echo "----------------------------------------------------"
# 空值检查
if [ -z "$DOMAIN" ]; then
echo "❌ 错误:域名不能为空,脚本已退出。"
exit 1
fi
# --- 2. 关键提醒 (跳板机模式专用) ---
echo "⚠️ 【重要提醒】 ⚠️"
echo "您正在使用跳板机模式。在继续之前,请务必确认:"
echo "👉 域名 [$DOMAIN] 的 DNS 解析目前必须指向本机 IP"
echo " (拿到证书后,您再改回 NAT 机器的 IP)"
echo ""
read -p "确认解析已生效?按回车继续 (或按 Ctrl+C 取消)..."
# --- 3. 环境准备 ---
CERT_DIR="/data"
mkdir -p "$CERT_DIR"
echo "[1/3] 正在检查环境与清理端口..."
# 安装 socat
if ! command -v socat &> /dev/null; then
echo " -> 安装 socat..."
if [ -f /usr/bin/apt ]; then apt update && apt install socat -y >/dev/null; fi
if [ -f /usr/bin/yum ]; then yum install socat -y >/dev/null; fi
fi
# 清理 80 端口 (防止 Nginx 等占用)
if lsof -Pi :80 -sTCP:LISTEN -t >/dev/null ; then
echo " -> 发现 80 端口被占用,正在释放..."
fuser -k 80/tcp >/dev/null 2>&1
fi
# 开放防火墙
iptables -I INPUT -p tcp --dport 80 -j ACCEPT >/dev/null 2>&1
# --- 4. 开始申请 ---
echo "[2/3] 正在向 CA 机构申请证书 (需等待几秒)..."
~/.acme.sh/acme.sh --issue -d "$DOMAIN" --standalone --force
# --- 5. 结果处理 ---
if [ $? -eq 0 ]; then
echo "[3/3] 申请成功!正在导出文件..."
# 安装证书到 /data 目录
~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file "$CERT_DIR/$DOMAIN.key" \
--fullchain-file "$CERT_DIR/$DOMAIN.crt"
echo ""
echo "🎉 ======================================= 🎉"
echo " 证书申请成功!已保存到本机 /data"
echo "==========================================="
echo "📂 私钥 (Key): $CERT_DIR/$DOMAIN.key"
echo "📄 公钥 (Crt): $CERT_DIR/$DOMAIN.crt"
echo "==========================================="
echo "💡 下一步提示:"
echo "现在您可以把这两个文件复制到您的 NAT 机器上了。"
echo "scp -P <端口> $CERT_DIR/$DOMAIN.* root@<NAT_IP>:/您的路径/"
echo "==========================================="
else
echo ""
echo "❌ 申请失败!"
echo "常见原因:"
echo "1. 域名解析还没生效,或者解析的不是这台机器的 IP。"
echo "2. 云服务商的安全组(防火墙)没有放行 80 端口。"
fi
EOF
# 赋予权限并运行
chmod +x cert_factory_interactive.sh
./cert_factory_interactive.sh
Reference in New Issue View Git Blame Copy Permalink