mirror of
https://github.com/jxxghp/MoviePilot.git
synced 2026-04-24 10:42:48 +08:00
fix build
This commit is contained in:
jxxghp
@@ -18,41 +18,65 @@ function WARN() {
|
||||
echo -e "${WARN} ${1}"
|
||||
}
|
||||
|
||||
# 仅当启用HTTPS且需要自动签发时执行
|
||||
if [ "$ENABLE_SSL" = "true" ] && [ "$AUTO_ISSUE_CERT" = "true" ]; then
|
||||
# 核心条件验证
|
||||
if [ "$ENABLE_SSL" = "true" ] && \
|
||||
[ "$AUTO_ISSUE_CERT" = "true" ] && \
|
||||
[ -n "$SSL_DOMAIN" ]; then
|
||||
|
||||
INFO "▄■▀▄■▀▄■▀▄■▀▄■▀ 证书管理开始 ▀■▄▀■▄▀■▄▀■▄▀■▄"
|
||||
|
||||
# 创建证书目录
|
||||
mkdir -p /config/certs/"${SSL_DOMAIN}"
|
||||
chown moviepilot:moviepilot /config/certs -R
|
||||
|
||||
# 安装acme.sh
|
||||
# 安装acme.sh(使用官方安装脚本)
|
||||
if [ ! -d "/config/acme.sh" ]; then
|
||||
INFO "→ 安装acme.sh..."
|
||||
git clone https://github.com/acmesh-official/acme.sh.git /config/acme.sh
|
||||
cd /config/acme.sh
|
||||
./acme.sh --install --home /config/acme.sh \
|
||||
--config-home /config/acme.sh/data \
|
||||
--cert-home /config/certs \
|
||||
--accountemail "${SSL_EMAIL}"
|
||||
|
||||
# 生成安装参数
|
||||
INSTALL_ARGS=(
|
||||
"--install-online"
|
||||
"--home" "/config/acme.sh"
|
||||
"--config-home" "/config/acme.sh/data"
|
||||
"--cert-home" "/config/certs"
|
||||
)
|
||||
|
||||
# 添加邮箱参数(如果设置)
|
||||
if [ -n "$SSL_EMAIL" ]; then
|
||||
INSTALL_ARGS+=("--accountemail" "$SSL_EMAIL")
|
||||
else
|
||||
WARN "未设置SSL_EMAIL,建议配置邮箱用于证书过期提醒"
|
||||
fi
|
||||
|
||||
# 执行官方安装命令
|
||||
curl -sSL https://get.acme.sh | sh -s -- "${INSTALL_ARGS[@]}"
|
||||
fi
|
||||
|
||||
# 签发证书(仅当证书不存在时)
|
||||
if [ ! -f "/config/certs/${SSL_DOMAIN}/fullchain.pem" ]; then
|
||||
# 检查必要参数
|
||||
[ -z "${DNS_PROVIDER}" ] && { ERROR "必须指定DNS_PROVIDER环境变量"; exit 1; }
|
||||
[ -z "${SSL_DOMAIN}" ] && { ERROR "必须指定SSL_DOMAIN环境变量"; exit 1; }
|
||||
# 必要参数检查
|
||||
REQUIRED_VARS=("DNS_PROVIDER")
|
||||
for var in "${REQUIRED_VARS[@]}"; do
|
||||
eval "value=\${${var}}"
|
||||
[ -z "$value" ] && { ERROR "必须设置环境变量: ${var}"; exit 1; }
|
||||
done
|
||||
|
||||
INFO "→ 签发证书: ${SSL_DOMAIN} (DNS验证方式: ${DNS_PROVIDER})"
|
||||
|
||||
# 导出所有ACME_ENV_开头的环境变量(自动去除前缀)
|
||||
# 加载ACME环境变量(带安全过滤)
|
||||
INFO "正在加载ACME环境变量..."
|
||||
for acme_var in $(env | grep '^ACME_ENV_'); do
|
||||
key="${acme_var#ACME_ENV_}"
|
||||
env | grep '^ACME_ENV_' | while read -r line; do
|
||||
key="${line#ACME_ENV_}"
|
||||
key="${key%%=*}"
|
||||
value="${acme_var#ACME_ENV_${key}=}"
|
||||
export "${key}=${value}"
|
||||
INFO "已加载环境变量: ${key}=******"
|
||||
value="${line#ACME_ENV_${key}=}"
|
||||
|
||||
# 过滤非法变量名
|
||||
if [[ "$key" =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then
|
||||
export "$key"="$value"
|
||||
INFO "已加载环境变量: ${key}=******"
|
||||
else
|
||||
WARN "跳过无效变量名: ${key}"
|
||||
fi
|
||||
done
|
||||
|
||||
# 签发证书
|
||||
@@ -61,6 +85,7 @@ if [ "$ENABLE_SSL" = "true" ] && [ "$AUTO_ISSUE_CERT" = "true" ]; then
|
||||
--domain "${SSL_DOMAIN}" \
|
||||
--key-file /config/certs/"${SSL_DOMAIN}"/privkey.pem \
|
||||
--fullchain-file /config/certs/"${SSL_DOMAIN}"/fullchain.pem \
|
||||
--reloadcmd "nginx -s reload" \
|
||||
--force
|
||||
|
||||
# 创建稳定符号链接
|
||||
@@ -74,4 +99,7 @@ if [ "$ENABLE_SSL" = "true" ] && [ "$AUTO_ISSUE_CERT" = "true" ]; then
|
||||
service cron start
|
||||
|
||||
INFO "▄■▀▄■▀▄■▀▄■▀▄■▀ 证书管理完成 ▀■▄▀■▄▀■▄▀■▄▀■▄"
|
||||
|
||||
elif [ "$ENABLE_SSL" = "true" ] && [ "$AUTO_ISSUE_CERT" = "true" ] && [ -z "$SSL_DOMAIN" ]; then
|
||||
WARN "已启用自动签发证书但未设置SSL_DOMAIN,跳过证书管理"
|
||||
fi
|
||||
@@ -32,8 +32,8 @@ if [ "$ENABLE_SSL" = "true" ]; then
|
||||
server_name ${SSL_DOMAIN:-moviepilot};
|
||||
|
||||
# SSL证书路径
|
||||
ssl_certificate /etc/ssl/certs/latest/fullchain.pem;
|
||||
ssl_certificate_key /etc/ssl/certs/latest/privkey.pem;
|
||||
ssl_certificate /config/certs/latest/fullchain.pem;
|
||||
ssl_certificate_key /config/certs/latest/privkey.pem;
|
||||
|
||||
# SSL安全配置
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
Reference in New Issue
Block a user