From 22f5d77d44dc362abc153652dc68c6f89897e87e Mon Sep 17 00:00:00 2001 From: jeremygan2021 Date: Sun, 22 Mar 2026 23:28:36 +0800 Subject: [PATCH] create --- create_new_domain_cert.sh | 94 ++++++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 11 deletions(-) diff --git a/create_new_domain_cert.sh b/create_new_domain_cert.sh index d13ee06..48166d4 100755 --- a/create_new_domain_cert.sh +++ b/create_new_domain_cert.sh @@ -515,34 +515,106 @@ EOF # 最终验证 final_verification() { - log_step "最终验证..." + log_step "开始最终验证流程..." - # 删除临时 HTTP 配置(不再需要) + # 清理所有旧的相关配置文件 + log_info "清理旧配置文件..." + + # 删除临时 HTTP 配置 if [[ -f "$HTTP_CONF_FILE" ]]; then rm -f "$HTTP_CONF_FILE" - log_info "已删除临时 HTTP 配置" + log_info "已删除临时 HTTP 配置: $HTTP_CONF_FILE" + fi + + # 删除旧的符号链接 + if [[ -L "${NGINX_ENABLED}/${DOMAIN}.conf" ]]; then + rm -f "${NGINX_ENABLED}/${DOMAIN}.conf" + log_info "已删除旧符号链接: ${NGINX_ENABLED}/${DOMAIN}.conf" + fi + + # 删除 sites-available 中的旧配置 + if [[ -f "${NGINX_AVAILABLE}/${DOMAIN}.conf" ]]; then + rm -f "${NGINX_AVAILABLE}/${DOMAIN}.conf" + log_info "已删除旧配置: ${NGINX_AVAILABLE}/${DOMAIN}.conf" + fi + + # 删除 sites-enabled 中的旧符号链接 + if [[ -L "${NGINX_ENABLED}/${DOMAIN}.conf" ]]; then + rm -f "${NGINX_ENABLED}/${DOMAIN}.conf" + log_info "已删除旧符号链接: ${NGINX_ENABLED}/${DOMAIN}.conf" fi + # 等待一下确保配置已清理 + sleep 1 + # 验证 nginx 配置 - log_info "验证 nginx 配置..." + log_step "验证 nginx 配置..." if ! nginx -t; then log_error "nginx 配置验证失败" + log_error "请检查 /etc/nginx/conf.d 目录下的配置文件" exit 1 fi log_success "nginx 配置验证通过" - # 重载 nginx - log_step "重载 nginx 服务..." - if systemctl reload nginx >/dev/null 2>&1 || service nginx reload >/dev/null 2>&1 || nginx -s reload; then + # 重启 nginx 服务(确保完全重新加载配置) + log_step "重启 nginx 服务..." + if systemctl restart nginx >/dev/null 2>&1; then + log_success "nginx 重启成功" + elif systemctl reload nginx >/dev/null 2>&1; then log_success "nginx 重载成功" + elif service nginx restart >/dev/null 2>&1; then + log_success "nginx 重启成功 (service 命令)" + elif service nginx reload >/dev/null 2>&1; then + log_success "nginx 重载成功 (service 命令)" + elif nginx -s reload >/dev/null 2>&1; then + log_success "nginx 重载成功 (nginx -s)" else - log_error "nginx 重载失败" + log_error "nginx 重启/重载失败,请手动执行: systemctl restart nginx" exit 1 fi - # 清理旧的符号链接(如果存在) - if [[ -L "${NGINX_ENABLED}/${DOMAIN}.conf" ]]; then - rm -f "${NGINX_ENABLED}/${DOMAIN}.conf" + # 测试域名访问 + log_step "测试域名访问..." + echo "" + + # 测试 HTTPS 访问 + echo -e "${CYAN}测试 1: HTTPS 访问${NC}" + local https_response=$(curl -I -s --connect-timeout 10 "https://${DOMAIN}" 2>&1) + local https_code=$(echo "$https_response" | grep -i "HTTP/" | head -n1 | awk '{print $2}') + + if [[ "$https_code" == "200" ]] || [[ "$https_code" == "301" ]] || [[ "$https_code" == "302" ]]; then + log_success "✅ HTTPS 访问成功 (HTTP $https_code)" + else + log_warn "⚠️ HTTPS 响应异常: ${https_code:-无响应}" + fi + + # 测试 HTTP 跳转 + echo "" + echo -e "${CYAN}测试 2: HTTP 跳转测试${NC}" + local http_response=$(curl -I -s --connect-timeout 10 "http://${DOMAIN}" 2>&1) + local http_code=$(echo "$http_response" | grep -i "HTTP/" | head -n1 | awk '{print $2}') + local location=$(echo "$http_response" | grep -i "Location:" | head -n1) + + if [[ "$http_code" == "301" ]] || [[ "$http_code" == "302" ]]; then + log_success "✅ HTTP 跳转正常 (HTTP $http_code)" + if [[ -n "$location" ]]; then + log_info "跳转目标: $location" + fi + else + log_warn "⚠️ HTTP 跳转异常: ${http_code:-无响应}" + fi + + # 验证 SSL 证书 + echo "" + echo -e "${CYAN}测试 3: SSL 证书验证${NC}" + local ssl_verify=$(echo | openssl s_client -connect "${DOMAIN}:443" -servername "${DOMAIN}" 2>/dev/null | openssl x509 -noout -subject -dates 2>/dev/null) + if [[ -n "$ssl_verify" ]]; then + log_success "✅ SSL 证书有效" + echo "$ssl_verify" | while read line; do + log_info " $line" + done + else + log_warn "⚠️ SSL 证书验证失败" fi echo ""