初始化1

This commit is contained in:
zg
2026-07-16 13:03:11 +08:00
parent 0bdfcbc1c8
commit e6b0f287cc
100 changed files with 12184 additions and 0 deletions

106
scripts/clean_mokee.py Normal file
View File

@@ -0,0 +1,106 @@
"""
清理 10.1.1.160 上所有 mokee.com 证书+Nginx配置+数据库记录
用法: python3 clean_mokee.py
"""
import paramiko
import pymysql
import sys
HOST = '10.1.1.160'
USER = 'root'
PASS = 'mokee.'
DB_HOST = '10.1.1.122'
DB_USER = 'nginxserver'
DB_PASS = 'mokee.'
DB_NAME = 'nginxserver'
def ssh_cmd(ssh, cmd, desc=''):
"""执行远程命令并打印结果"""
print(f"\n{'='*60}")
print(f">>> {desc or cmd}")
print('='*60)
stdin, stdout, stderr = ssh.exec_command(cmd)
out = stdout.read().decode().strip()
err = stderr.read().decode().strip()
if out:
print(out)
if err:
print('[stderr]', err)
return out
def main():
step = sys.argv[1] if len(sys.argv) > 1 else ''
if step == '':
# 第一步:查看
print('>>> 第一步:查看 mokee.com 相关文件 <<<')
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(HOST, username=USER, password=PASS, timeout=10)
ssh_cmd(ssh, 'ls -la /etc/nginx/ssl/*mokee* 2>/dev/null', 'mokee.com 证书文件')
ssh_cmd(ssh, 'ls -la /etc/nginx/conf.d/*mokee* 2>/dev/null', 'mokee.com Nginx配置')
ssh.close()
print('\n>>> 确认无误后执行: python3 clean_mokee.py delete')
elif step == 'delete':
# 第二步:清理
print('>>> 第二步:清理 mokee.com 证书+Nginx配置+数据库 <<<')
# --- 服务器端 ---
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(HOST, username=USER, password=PASS, timeout=10)
# 删证书
ssh_cmd(ssh, 'rm -fv /etc/nginx/ssl/*mokee*.pem /etc/nginx/ssl/*mokee*.key /etc/nginx/ssl/*mokee*.crt 2>&1', '删除证书文件')
# 删Nginx配置
ssh_cmd(ssh, 'rm -fv /etc/nginx/conf.d/*mokee*.conf 2>&1', '删除Nginx配置')
# 语法检查+重载
ssh_cmd(ssh, 'nginx -t 2>&1 && nginx -s reload 2>&1', 'Nginx语法检查+重载')
ssh.close()
print('\n>>> 服务器端清理完成')
# --- 数据库端 ---
print('\n>>> 清理数据库记录')
conn = pymysql.connect(host=DB_HOST, user=DB_USER, password=DB_PASS,
database=DB_NAME, charset='utf8mb4')
cur = conn.cursor()
# 先看
cur.execute("SELECT id, domain, cert_type, status FROM certificates WHERE domain LIKE '%mokee.com'")
certs = cur.fetchall()
print(f'证书记录: {len(certs)}')
for r in certs:
print(f' {r}')
cur.execute("SELECT id, domain, protocol, target FROM forwarding_rules WHERE domain LIKE '%mokee.com'")
rules = cur.fetchall()
print(f'转发规则: {len(rules)}')
for r in rules:
print(f' {r}')
# 删除
cur.execute("DELETE FROM certificates WHERE domain LIKE '%mokee.com'")
print(f'已删除证书记录: {cur.rowcount}')
cur.execute("DELETE FROM forwarding_rules WHERE domain LIKE '%mokee.com'")
print(f'已删除转发规则: {cur.rowcount}')
conn.commit()
cur.close()
conn.close()
print('\n>>> 全部清理完成!')
if __name__ == '__main__':
main()

23
scripts/enable_cors.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
# 启用 CORS 跨域支持
# 步骤1: 恢复带 CORS headers 的 nginx.conf
cp /etc/nginx/nginx.conf.bak.cors /etc/nginx/nginx.conf
# 步骤2: 给静态资源 location 也加 CORS
# (因为 add_header Cache-Control 会覆盖 http 块继承的 CORS headers
for f in /etc/nginx/conf.d/*.conf; do
if ! grep -q 'Access-Control-Allow-Origin' "$f"; then
sed -i 's/add_header Cache-Control/add_header Access-Control-Allow-Origin * always;\n add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;\n add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;\n add_header Cache-Control/' "$f"
fi
done
# 步骤3: 验证并重载
echo "=== nginx -t ==="
nginx -t && systemctl reload nginx && echo "=== DONE ==="
# 步骤4: 验证 CORS 是否生效
echo ""
echo "=== 验证 CORS ==="
curl -sI -H "Origin: http://test.com" -k https://gw.server.zgitm.com/ 2>&1 | grep -i access-control
curl -sI -H "Origin: http://test.com" -k https://web.gw.zgitm.com/ 2>&1 | grep -i access-control
echo "=== 完成 ==="

View File

@@ -0,0 +1,36 @@
#!/bin/bash
# 允许大文件上传(最大 2GB
# 全局 http 块 + server 块同时设置
# 1. nginx.conf http 块加全局默认值
if ! grep -q 'client_max_body_size' /etc/nginx/nginx.conf; then
sed -i '/gzip_types text\/plain/i\ client_max_body_size 2048m;\n client_body_timeout 300s;' /etc/nginx/nginx.conf
echo "[OK] nginx.conf: client_max_body_size 2048m"
else
echo "[SKIP] nginx.conf already has client_max_body_size"
fi
# 2. 每个 server 块也加上(覆盖可能的全局设置)
for f in /etc/nginx/conf.d/*.conf; do
if ! grep -q 'client_max_body_size' "$f"; then
sed -i '/server_name/a\ client_max_body_size 2048m;' "$f"
echo "[OK] $(basename $f): added"
else
echo "[SKIP] $(basename $f): already has"
fi
done
# 3. 更新 Python API 模板(未来新增规则自动带此配置)
TEMPLATE="/opt/nginx-api/services/nginx_service.py"
if [ -f "$TEMPLATE" ] && ! grep -q 'client_max_body_size' "$TEMPLATE"; then
sed -i '/server_name {domain};/a\ client_max_body_size 2048m;' "$TEMPLATE"
systemctl restart nginx-api
echo "[OK] Python template updated + API restarted"
else
echo "[SKIP] Python template already has client_max_body_size"
fi
# 4. 验证
echo ""
echo "=== nginx -t ==="
nginx -t && systemctl reload nginx && echo "=== DONE ==="

32
scripts/fix_nginx_conf.sh Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
# 修复 nginx conf.d 中残留的 CORS 修改痕迹
# 1. 删除孤立的 return 204;
# 2. 删除孤立的 }
# 3. 合并多余空行
for f in /etc/nginx/conf.d/*.conf; do
python3 -c "
import re
with open('$f', 'r') as fh:
c = fh.read()
# 删除 Access-Control 相关行(如果有残留)
c = re.sub(r'.*Access-Control-Allow.*\n', '', c)
c = re.sub(r'.*Access-Control-Max.*\n', '', c)
# 删除孤立的 return 204;
c = re.sub(r'[ \t]*return 204;\n', '', c)
# 删除 server_name 和 ssl_certificate 之间孤立的 }
c = re.sub(r'(server_name[^;]+;)\n\n }\n( ssl_certificate)', r'\1\n\n\2', c)
# 合并多余空行
c = re.sub(r'\n\n\n+', '\n\n', c)
with open('$f', 'w') as fh:
fh.write(c)
"
done
echo "=== nginx -t ==="
nginx -t

View File

@@ -0,0 +1,78 @@
"""审计字段数据库迁移脚本"""
import pymysql
conn = pymysql.connect(
host='10.1.1.122',
user='nginxserver',
password='mokee.',
database='nginxserver',
charset='utf8mb4',
autocommit=True
)
cur = conn.cursor()
tables = ['forwarding_rules', 'dns_zone_config', 'certificates']
columns = [
('created_by', 'VARCHAR(100) DEFAULT NULL', '创建人'),
('updated_by', 'VARCHAR(100) DEFAULT NULL', '更新人'),
]
for table in tables:
for col_name, col_def, col_comment in columns:
cur.execute(f"""SELECT COLUMN_NAME FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA='nginxserver' AND TABLE_NAME='{table}' AND COLUMN_NAME='{col_name}'""")
if not cur.fetchone():
cur.execute(f"ALTER TABLE {table} ADD COLUMN {col_name} {col_def} COMMENT '{col_comment}'")
print(f'{table}.{col_name} 已添加')
else:
print(f'{table}.{col_name} 已存在,跳过')
# 新建 dns_records 表
cur.execute("""SELECT TABLE_NAME FROM information_schema.TABLES
WHERE TABLE_SCHEMA='nginxserver' AND TABLE_NAME='dns_records'""")
if not cur.fetchone():
cur.execute("""
CREATE TABLE dns_records (
id BIGINT AUTO_INCREMENT PRIMARY KEY COMMENT '主键ID',
record_id VARCHAR(128) NOT NULL COMMENT '阿里云解析记录ID',
domain_zone VARCHAR(255) NOT NULL COMMENT '主域名',
rr VARCHAR(255) NOT NULL COMMENT '主机记录',
record_type VARCHAR(20) NOT NULL COMMENT '记录类型: A/CNAME/TXT',
record_value VARCHAR(500) NOT NULL COMMENT '记录值',
ttl INT DEFAULT 600 COMMENT 'TTL(秒)',
status TINYINT DEFAULT 1 COMMENT '0-已删除, 1-正常',
created_by VARCHAR(100) DEFAULT NULL COMMENT '创建人',
updated_by VARCHAR(100) DEFAULT NULL COMMENT '更新人',
created_at DATETIME DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
UNIQUE KEY uk_record_id (record_id),
INDEX idx_domain_zone (domain_zone),
INDEX idx_status (status)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
COMMENT='DNS解析记录本地审计表'
""")
print('dns_records 表已创建')
else:
print('dns_records 表已存在,跳过')
# 验证
print()
print('=== 验证结果 ===')
cur.execute("""SELECT TABLE_NAME, COLUMN_NAME, COLUMN_TYPE, COLUMN_COMMENT
FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA='nginxserver'
AND TABLE_NAME IN ('forwarding_rules', 'dns_zone_config', 'certificates')
AND COLUMN_NAME IN ('created_by', 'updated_by')
ORDER BY TABLE_NAME, COLUMN_NAME""")
for row in cur.fetchall():
print(row)
print()
cur.execute('SHOW CREATE TABLE dns_records')
row = cur.fetchone()
if row:
print('dns_records 表已就绪')
cur.close()
conn.close()
print('\n数据库迁移完成!')

View File

@@ -0,0 +1,32 @@
#!/bin/bash
# 修改所有代理超时为 12 小时
# 1. nginx.conf http 块加全局默认
if ! grep -q 'proxy_connect_timeout 43200s' /etc/nginx/nginx.conf; then
sed -i '/gzip_types text\/plain/i\ proxy_connect_timeout 43200s;\n proxy_send_timeout 43200s;\n proxy_read_timeout 43200s;\n' /etc/nginx/nginx.conf
echo "[OK] nginx.conf: global timeout 43200s"
else
echo "[SKIP] nginx.conf already has 43200s"
fi
# 2. 修改所有 conf.d 中的超时
for f in /etc/nginx/conf.d/*.conf; do
sed -i 's/proxy_connect_timeout 60s;/proxy_connect_timeout 43200s;/g' "$f"
sed -i 's/proxy_send_timeout 60s;/proxy_send_timeout 43200s;/g' "$f"
sed -i 's/proxy_read_timeout 60s;/proxy_read_timeout 43200s;/g' "$f"
echo "[OK] $(basename $f)"
done
# 3. 更新 Python 模板
TEMPLATE="/opt/nginx-api/services/nginx_service.py"
if [ -f "$TEMPLATE" ]; then
sed -i 's/proxy_connect_timeout 60s;/proxy_connect_timeout 43200s;/g' "$TEMPLATE"
sed -i 's/proxy_send_timeout 60s;/proxy_send_timeout 43200s;/g' "$TEMPLATE"
sed -i 's/proxy_read_timeout 60s;/proxy_read_timeout 43200s;/g' "$TEMPLATE"
systemctl restart nginx-api
echo "[OK] Python template updated + API restarted"
fi
echo ""
echo "=== nginx -t ==="
nginx -t && systemctl reload nginx && echo "=== DONE ==="