deploy(M00-E): 补充API域名HTTPS检查

2026-06-15 16:34:36 +08:00
parent c51ba43fa9
commit f5445f16d7
19 changed files with 225 additions and 50 deletions
@@ -36,6 +36,8 @@
 - 更新业务服务：克隆/检查固定仓库，生成 release manifest。正式后端/后台未生成前仅执行安全 dry-run。
 - EMQX：输出原生 Apt/无 Docker/MQTTX 禁止策略和本机命令状态。
 - HTTPS：输出固定域名、API 路径和 Nginx 配置检查。
+- Nginx：提供 `deploy/nginx/api.txyundm.cn.conf.template`，菜单第 4 项会检查模板、站点文件、TLS 和健康端点。
+- 非交互检查：`setup.sh --preflight`、`setup.sh --status`、`setup.sh --https`、`setup.sh --diagnose`。
 - 状态：显示部署上下文、快检、仓库状态和当前 release manifest。
 - 备份：当前生成 manifest-only 备份记录，不触碰真实数据库。
 - 恢复/回滚：列出人工输入和回滚点，不自动改动生产数据。
@@ -1 +1 @@
-0.1.0-m00-deploy-baseline
+0.1.1-m00-domain-https-check
@@ -0,0 +1,58 @@
+server {
+    listen 80;
+    server_name api.txyundm.cn;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name api.txyundm.cn;
+
+    ssl_certificate /etc/letsencrypt/live/api.txyundm.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.txyundm.cn/privkey.pem;
+
+    client_max_body_size 20m;
+
+    access_log /var/log/nginx/qipai-api.access.log;
+    error_log /var/log/nginx/qipai-api.error.log;
+
+    location /app-api/ {
+        proxy_pass http://127.0.0.1:3000/app-api/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /admin-api/ {
+        proxy_pass http://127.0.0.1:3000/admin-api/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /uploads/ {
+        alias /opt/apps/uploads/;
+        autoindex off;
+    }
+
+    location /admin/ {
+        alias /opt/apps/qipai-admin/dist/;
+        try_files $uri $uri/ /admin/index.html;
+    }
+
+    location = /health {
+        return 200 "ok\n";
+        add_header Content-Type text/plain;
+    }
+}