初始化1
This commit is contained in:
106
scripts/clean_mokee.py
Normal file
106
scripts/clean_mokee.py
Normal file
@@ -0,0 +1,106 @@
|
||||
"""
|
||||
清理 10.1.1.160 上所有 mokee.com 证书+Nginx配置+数据库记录
|
||||
用法: python3 clean_mokee.py
|
||||
"""
|
||||
import paramiko
|
||||
import pymysql
|
||||
import sys
|
||||
|
||||
HOST = '10.1.1.160'
|
||||
USER = 'root'
|
||||
PASS = 'mokee.'
|
||||
|
||||
DB_HOST = '10.1.1.122'
|
||||
DB_USER = 'nginxserver'
|
||||
DB_PASS = 'mokee.'
|
||||
DB_NAME = 'nginxserver'
|
||||
|
||||
|
||||
def ssh_cmd(ssh, cmd, desc=''):
|
||||
"""执行远程命令并打印结果"""
|
||||
print(f"\n{'='*60}")
|
||||
print(f">>> {desc or cmd}")
|
||||
print('='*60)
|
||||
stdin, stdout, stderr = ssh.exec_command(cmd)
|
||||
out = stdout.read().decode().strip()
|
||||
err = stderr.read().decode().strip()
|
||||
if out:
|
||||
print(out)
|
||||
if err:
|
||||
print('[stderr]', err)
|
||||
return out
|
||||
|
||||
|
||||
def main():
|
||||
step = sys.argv[1] if len(sys.argv) > 1 else ''
|
||||
|
||||
if step == '':
|
||||
# 第一步:查看
|
||||
print('>>> 第一步:查看 mokee.com 相关文件 <<<')
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||
ssh.connect(HOST, username=USER, password=PASS, timeout=10)
|
||||
|
||||
ssh_cmd(ssh, 'ls -la /etc/nginx/ssl/*mokee* 2>/dev/null', 'mokee.com 证书文件')
|
||||
ssh_cmd(ssh, 'ls -la /etc/nginx/conf.d/*mokee* 2>/dev/null', 'mokee.com Nginx配置')
|
||||
|
||||
ssh.close()
|
||||
|
||||
print('\n>>> 确认无误后执行: python3 clean_mokee.py delete')
|
||||
|
||||
elif step == 'delete':
|
||||
# 第二步:清理
|
||||
print('>>> 第二步:清理 mokee.com 证书+Nginx配置+数据库 <<<')
|
||||
|
||||
# --- 服务器端 ---
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||
ssh.connect(HOST, username=USER, password=PASS, timeout=10)
|
||||
|
||||
# 删证书
|
||||
ssh_cmd(ssh, 'rm -fv /etc/nginx/ssl/*mokee*.pem /etc/nginx/ssl/*mokee*.key /etc/nginx/ssl/*mokee*.crt 2>&1', '删除证书文件')
|
||||
|
||||
# 删Nginx配置
|
||||
ssh_cmd(ssh, 'rm -fv /etc/nginx/conf.d/*mokee*.conf 2>&1', '删除Nginx配置')
|
||||
|
||||
# 语法检查+重载
|
||||
ssh_cmd(ssh, 'nginx -t 2>&1 && nginx -s reload 2>&1', 'Nginx语法检查+重载')
|
||||
|
||||
ssh.close()
|
||||
print('\n>>> 服务器端清理完成')
|
||||
|
||||
# --- 数据库端 ---
|
||||
print('\n>>> 清理数据库记录')
|
||||
conn = pymysql.connect(host=DB_HOST, user=DB_USER, password=DB_PASS,
|
||||
database=DB_NAME, charset='utf8mb4')
|
||||
cur = conn.cursor()
|
||||
|
||||
# 先看
|
||||
cur.execute("SELECT id, domain, cert_type, status FROM certificates WHERE domain LIKE '%mokee.com'")
|
||||
certs = cur.fetchall()
|
||||
print(f'证书记录: {len(certs)} 条')
|
||||
for r in certs:
|
||||
print(f' {r}')
|
||||
|
||||
cur.execute("SELECT id, domain, protocol, target FROM forwarding_rules WHERE domain LIKE '%mokee.com'")
|
||||
rules = cur.fetchall()
|
||||
print(f'转发规则: {len(rules)} 条')
|
||||
for r in rules:
|
||||
print(f' {r}')
|
||||
|
||||
# 删除
|
||||
cur.execute("DELETE FROM certificates WHERE domain LIKE '%mokee.com'")
|
||||
print(f'已删除证书记录: {cur.rowcount} 条')
|
||||
|
||||
cur.execute("DELETE FROM forwarding_rules WHERE domain LIKE '%mokee.com'")
|
||||
print(f'已删除转发规则: {cur.rowcount} 条')
|
||||
|
||||
conn.commit()
|
||||
cur.close()
|
||||
conn.close()
|
||||
|
||||
print('\n>>> 全部清理完成!')
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
23
scripts/enable_cors.sh
Normal file
23
scripts/enable_cors.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# 启用 CORS 跨域支持
|
||||
# 步骤1: 恢复带 CORS headers 的 nginx.conf
|
||||
cp /etc/nginx/nginx.conf.bak.cors /etc/nginx/nginx.conf
|
||||
|
||||
# 步骤2: 给静态资源 location 也加 CORS
|
||||
# (因为 add_header Cache-Control 会覆盖 http 块继承的 CORS headers)
|
||||
for f in /etc/nginx/conf.d/*.conf; do
|
||||
if ! grep -q 'Access-Control-Allow-Origin' "$f"; then
|
||||
sed -i 's/add_header Cache-Control/add_header Access-Control-Allow-Origin * always;\n add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;\n add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;\n add_header Cache-Control/' "$f"
|
||||
fi
|
||||
done
|
||||
|
||||
# 步骤3: 验证并重载
|
||||
echo "=== nginx -t ==="
|
||||
nginx -t && systemctl reload nginx && echo "=== DONE ==="
|
||||
|
||||
# 步骤4: 验证 CORS 是否生效
|
||||
echo ""
|
||||
echo "=== 验证 CORS ==="
|
||||
curl -sI -H "Origin: http://test.com" -k https://gw.server.zgitm.com/ 2>&1 | grep -i access-control
|
||||
curl -sI -H "Origin: http://test.com" -k https://web.gw.zgitm.com/ 2>&1 | grep -i access-control
|
||||
echo "=== 完成 ==="
|
||||
36
scripts/enable_large_upload.sh
Normal file
36
scripts/enable_large_upload.sh
Normal file
@@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# 允许大文件上传(最大 2GB)
|
||||
# 全局 http 块 + server 块同时设置
|
||||
|
||||
# 1. nginx.conf http 块加全局默认值
|
||||
if ! grep -q 'client_max_body_size' /etc/nginx/nginx.conf; then
|
||||
sed -i '/gzip_types text\/plain/i\ client_max_body_size 2048m;\n client_body_timeout 300s;' /etc/nginx/nginx.conf
|
||||
echo "[OK] nginx.conf: client_max_body_size 2048m"
|
||||
else
|
||||
echo "[SKIP] nginx.conf already has client_max_body_size"
|
||||
fi
|
||||
|
||||
# 2. 每个 server 块也加上(覆盖可能的全局设置)
|
||||
for f in /etc/nginx/conf.d/*.conf; do
|
||||
if ! grep -q 'client_max_body_size' "$f"; then
|
||||
sed -i '/server_name/a\ client_max_body_size 2048m;' "$f"
|
||||
echo "[OK] $(basename $f): added"
|
||||
else
|
||||
echo "[SKIP] $(basename $f): already has"
|
||||
fi
|
||||
done
|
||||
|
||||
# 3. 更新 Python API 模板(未来新增规则自动带此配置)
|
||||
TEMPLATE="/opt/nginx-api/services/nginx_service.py"
|
||||
if [ -f "$TEMPLATE" ] && ! grep -q 'client_max_body_size' "$TEMPLATE"; then
|
||||
sed -i '/server_name {domain};/a\ client_max_body_size 2048m;' "$TEMPLATE"
|
||||
systemctl restart nginx-api
|
||||
echo "[OK] Python template updated + API restarted"
|
||||
else
|
||||
echo "[SKIP] Python template already has client_max_body_size"
|
||||
fi
|
||||
|
||||
# 4. 验证
|
||||
echo ""
|
||||
echo "=== nginx -t ==="
|
||||
nginx -t && systemctl reload nginx && echo "=== DONE ==="
|
||||
32
scripts/fix_nginx_conf.sh
Normal file
32
scripts/fix_nginx_conf.sh
Normal file
@@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
# 修复 nginx conf.d 中残留的 CORS 修改痕迹
|
||||
# 1. 删除孤立的 return 204;
|
||||
# 2. 删除孤立的 }
|
||||
# 3. 合并多余空行
|
||||
|
||||
for f in /etc/nginx/conf.d/*.conf; do
|
||||
python3 -c "
|
||||
import re
|
||||
with open('$f', 'r') as fh:
|
||||
c = fh.read()
|
||||
|
||||
# 删除 Access-Control 相关行(如果有残留)
|
||||
c = re.sub(r'.*Access-Control-Allow.*\n', '', c)
|
||||
c = re.sub(r'.*Access-Control-Max.*\n', '', c)
|
||||
|
||||
# 删除孤立的 return 204;
|
||||
c = re.sub(r'[ \t]*return 204;\n', '', c)
|
||||
|
||||
# 删除 server_name 和 ssl_certificate 之间孤立的 }
|
||||
c = re.sub(r'(server_name[^;]+;)\n\n }\n( ssl_certificate)', r'\1\n\n\2', c)
|
||||
|
||||
# 合并多余空行
|
||||
c = re.sub(r'\n\n\n+', '\n\n', c)
|
||||
|
||||
with open('$f', 'w') as fh:
|
||||
fh.write(c)
|
||||
"
|
||||
done
|
||||
|
||||
echo "=== nginx -t ==="
|
||||
nginx -t
|
||||
78
scripts/run_audit_migration.py
Normal file
78
scripts/run_audit_migration.py
Normal file
@@ -0,0 +1,78 @@
|
||||
"""审计字段数据库迁移脚本"""
|
||||
import pymysql
|
||||
|
||||
conn = pymysql.connect(
|
||||
host='10.1.1.122',
|
||||
user='nginxserver',
|
||||
password='mokee.',
|
||||
database='nginxserver',
|
||||
charset='utf8mb4',
|
||||
autocommit=True
|
||||
)
|
||||
cur = conn.cursor()
|
||||
|
||||
tables = ['forwarding_rules', 'dns_zone_config', 'certificates']
|
||||
columns = [
|
||||
('created_by', 'VARCHAR(100) DEFAULT NULL', '创建人'),
|
||||
('updated_by', 'VARCHAR(100) DEFAULT NULL', '更新人'),
|
||||
]
|
||||
|
||||
for table in tables:
|
||||
for col_name, col_def, col_comment in columns:
|
||||
cur.execute(f"""SELECT COLUMN_NAME FROM information_schema.COLUMNS
|
||||
WHERE TABLE_SCHEMA='nginxserver' AND TABLE_NAME='{table}' AND COLUMN_NAME='{col_name}'""")
|
||||
if not cur.fetchone():
|
||||
cur.execute(f"ALTER TABLE {table} ADD COLUMN {col_name} {col_def} COMMENT '{col_comment}'")
|
||||
print(f'{table}.{col_name} 已添加')
|
||||
else:
|
||||
print(f'{table}.{col_name} 已存在,跳过')
|
||||
|
||||
# 新建 dns_records 表
|
||||
cur.execute("""SELECT TABLE_NAME FROM information_schema.TABLES
|
||||
WHERE TABLE_SCHEMA='nginxserver' AND TABLE_NAME='dns_records'""")
|
||||
if not cur.fetchone():
|
||||
cur.execute("""
|
||||
CREATE TABLE dns_records (
|
||||
id BIGINT AUTO_INCREMENT PRIMARY KEY COMMENT '主键ID',
|
||||
record_id VARCHAR(128) NOT NULL COMMENT '阿里云解析记录ID',
|
||||
domain_zone VARCHAR(255) NOT NULL COMMENT '主域名',
|
||||
rr VARCHAR(255) NOT NULL COMMENT '主机记录',
|
||||
record_type VARCHAR(20) NOT NULL COMMENT '记录类型: A/CNAME/TXT',
|
||||
record_value VARCHAR(500) NOT NULL COMMENT '记录值',
|
||||
ttl INT DEFAULT 600 COMMENT 'TTL(秒)',
|
||||
status TINYINT DEFAULT 1 COMMENT '0-已删除, 1-正常',
|
||||
created_by VARCHAR(100) DEFAULT NULL COMMENT '创建人',
|
||||
updated_by VARCHAR(100) DEFAULT NULL COMMENT '更新人',
|
||||
created_at DATETIME DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
|
||||
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
|
||||
UNIQUE KEY uk_record_id (record_id),
|
||||
INDEX idx_domain_zone (domain_zone),
|
||||
INDEX idx_status (status)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
|
||||
COMMENT='DNS解析记录本地审计表'
|
||||
""")
|
||||
print('dns_records 表已创建')
|
||||
else:
|
||||
print('dns_records 表已存在,跳过')
|
||||
|
||||
# 验证
|
||||
print()
|
||||
print('=== 验证结果 ===')
|
||||
cur.execute("""SELECT TABLE_NAME, COLUMN_NAME, COLUMN_TYPE, COLUMN_COMMENT
|
||||
FROM information_schema.COLUMNS
|
||||
WHERE TABLE_SCHEMA='nginxserver'
|
||||
AND TABLE_NAME IN ('forwarding_rules', 'dns_zone_config', 'certificates')
|
||||
AND COLUMN_NAME IN ('created_by', 'updated_by')
|
||||
ORDER BY TABLE_NAME, COLUMN_NAME""")
|
||||
for row in cur.fetchall():
|
||||
print(row)
|
||||
|
||||
print()
|
||||
cur.execute('SHOW CREATE TABLE dns_records')
|
||||
row = cur.fetchone()
|
||||
if row:
|
||||
print('dns_records 表已就绪')
|
||||
|
||||
cur.close()
|
||||
conn.close()
|
||||
print('\n数据库迁移完成!')
|
||||
32
scripts/set_timeout_12h.sh
Normal file
32
scripts/set_timeout_12h.sh
Normal file
@@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
# 修改所有代理超时为 12 小时
|
||||
|
||||
# 1. nginx.conf http 块加全局默认
|
||||
if ! grep -q 'proxy_connect_timeout 43200s' /etc/nginx/nginx.conf; then
|
||||
sed -i '/gzip_types text\/plain/i\ proxy_connect_timeout 43200s;\n proxy_send_timeout 43200s;\n proxy_read_timeout 43200s;\n' /etc/nginx/nginx.conf
|
||||
echo "[OK] nginx.conf: global timeout 43200s"
|
||||
else
|
||||
echo "[SKIP] nginx.conf already has 43200s"
|
||||
fi
|
||||
|
||||
# 2. 修改所有 conf.d 中的超时
|
||||
for f in /etc/nginx/conf.d/*.conf; do
|
||||
sed -i 's/proxy_connect_timeout 60s;/proxy_connect_timeout 43200s;/g' "$f"
|
||||
sed -i 's/proxy_send_timeout 60s;/proxy_send_timeout 43200s;/g' "$f"
|
||||
sed -i 's/proxy_read_timeout 60s;/proxy_read_timeout 43200s;/g' "$f"
|
||||
echo "[OK] $(basename $f)"
|
||||
done
|
||||
|
||||
# 3. 更新 Python 模板
|
||||
TEMPLATE="/opt/nginx-api/services/nginx_service.py"
|
||||
if [ -f "$TEMPLATE" ]; then
|
||||
sed -i 's/proxy_connect_timeout 60s;/proxy_connect_timeout 43200s;/g' "$TEMPLATE"
|
||||
sed -i 's/proxy_send_timeout 60s;/proxy_send_timeout 43200s;/g' "$TEMPLATE"
|
||||
sed -i 's/proxy_read_timeout 60s;/proxy_read_timeout 43200s;/g' "$TEMPLATE"
|
||||
systemctl restart nginx-api
|
||||
echo "[OK] Python template updated + API restarted"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "=== nginx -t ==="
|
||||
nginx -t && systemctl reload nginx && echo "=== DONE ==="
|
||||
Reference in New Issue
Block a user