#!/bin/bash # 服务器初始化和部署脚本 - Ubuntu 24.04 # 域名: tksea.top # IP: 43.155.133.187 set -e echo "========================================" echo "服务器初始化和部署脚本" echo "========================================" # 1. 更新系统 echo "[1/12] 更新系统包..." apt update && apt upgrade -y # 2. 安装基础工具 echo "[2/12] 安装基础工具..." apt install -y curl wget vim git htop net-tools unzipsoftware-properties-common # 3. 安装 Docker echo "[3/12] 安装 Docker..." if ! command -v docker &> /dev/null; then curl -fsSL https://get.docker.com | sh systemctl enable docker systemctl start docker fi # 4. 安装 Docker Compose echo "[4/12] 安装 Docker Compose..." if ! command -v docker-compose &> /dev/null; then apt install -y docker-compose-plugin fi # 5. 安装 Nginx echo "[5/12] 安装 Nginx..." apt install -y nginx # 6. 安装 Certbot echo "[6/12] 安装 Certbot..." snap install --classic certbot ln -sf /snap/bin/certbot /usr/bin/certbot # 7. 配置防火墙 echo "[7/12] 配置防火墙..." ufw allow 22/tcp ufw allow 80/tcp ufw allow 443/tcp ufw enable # 8. 创建应用目录 echo "[8/12] 创建应用目录..." mkdir -p /opt/gitea mkdir -p /opt/sub2api mkdir -p /opt/nginx/ssl # 9. 配置 Nginx echo "[9/12] 配置 Nginx..." cat > /etc/nginx/sites-available/tksea.top << 'EOF' server { listen 80; server_name tksea.top www.tksea.top; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name tksea.top www.tksea.top; # SSL 证书配置 (使用Let's Encrypt) ssl_certificate /etc/letsencrypt/live/tksea.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tksea.top/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # Gitea 代理 location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /git/ { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } EOF ln -sf /etc/nginx/sites-available/tksea.top /etc/nginx/sites-enabled/ nginx -t # 10. 配置 SSL 证书 echo "[10/12] 配置 SSL 证书..." certbot --nginx -d tksea.top -d www.tksea.top --non-interactive --agree-tos --email your-email@example.com # 11. 配置 SSL 自动续期 echo "[11/12] 配置 SSL 自动续期..." cat > /etc/cron.d/certbot-renew << 'EOF' 0 0 * * * root certbot renew --quiet --deploy-hook "nginx -s reload" EOF # 12. 创建 Docker Compose 文件 echo "[12/12] 创建 Docker Compose 文件..." # Gitea cat > /opt/gitea/docker-compose.yml << 'EOF' version: '3' services: gitea: image: gitea/gitea:latest container_name: gitea restart: unless-stopped ports: - "3000:3000" - "2222:22" volumes: - gitea-data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=sqlite3 - GITEA__server__DOMAIN=tksea.top - GITEA__server__ROOT_URL=https://tksea.top/ - GITEA__server__HTTP_PORT=3000 - GITEA__ssh__DOMAIN=tksea.top - GITEA__ssh__PORT=2222 networks: - gitea-network networks: gitea-network: name: gitea-network volumes: gitea-data: name: gitea-data EOF # 启动 Gitea cd /opt/gitea && docker compose up -d # 安装 Docker (如果还没有) echo "========================================" echo "部署完成!" echo "========================================" echo "" echo "服务状态:" docker ps echo "" echo "Nginx 状态:" systemctl status nginx --no-pager echo "" echo "SSL 证书状态:" certbot certificates echo "" echo "========================================" echo "后续步骤:" echo "1. 访问 https://tksea.top 完成 Gitea 初始化" echo "2. 配置 sub2api 项目部署" echo "========================================"