添加portainer，优化部署

base/setup.sh

@@ -24,6 +24,15 @@ warn()  { echo -e "${YELLOW}[WARN]${NC} $*"; }
 error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
 step()  { echo -e "\n${CYAN}========== $* ==========${NC}"; }
 
+# ===== 修复 Windows CRLF 行尾 =====
+# 从 Windows scp 上传的文件可能包含 \r，source 时会导致错误
+# 用法: fix_crlf file1 [file2 ...]
+fix_crlf() {
+    for f in "$@"; do
+        [ -f "$f" ] && sed -i 's/\r$//' "$f"
+    done
+}
+
 # ===== 检查 root =====
 check_root() {
     if [ "$(id -u)" -ne 0 ]; then
@@ -164,7 +173,7 @@ EOF
     fi
 }
 
-# ===== 安装 Nginx =====
+# ===== 安装 Nginx（官方稳定版仓库）=====
 install_nginx() {
     step "安装 Nginx"
     detect_pkg_mgr
@@ -172,10 +181,46 @@ install_nginx() {
     if command -v nginx &> /dev/null; then
         log "Nginx 已安装: $(nginx -v 2>&1)"
     else
-        log "正在安装 Nginx..."
+        log "正在安装 Nginx（官方 stable 仓库）..."
         case "$PKG_MGR" in
-            apt) apt-get install -y -qq nginx ;;
-            dnf|yum) $PKG_MGR install -y -q nginx ;;
+            apt)
+                # 添加 Nginx 官方 GPG 密钥
+                curl -fsSL https://nginx.org/keys/nginx_signing.key \
+                    | gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
+                # 添加官方 stable 仓库
+                echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+                    http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" \
+                    > /etc/apt/sources.list.d/nginx.list
+                # 优先使用官方仓库
+                printf "Package: *\nPin: origin nginx.org\nPin-Priority: 900\n" \
+                    > /etc/apt/preferences.d/99nginx
+                apt-get update -qq
+                apt-get install -y -qq nginx
+                ;;
+            dnf)
+                cat > /etc/yum.repos.d/nginx.repo <<'REPO'
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+REPO
+                dnf install -y -q nginx
+                ;;
+            yum)
+                cat > /etc/yum.repos.d/nginx.repo <<'REPO'
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+REPO
+                yum install -y -q nginx
+                ;;
         esac
         log "Nginx 安装完成"
     fi
@@ -184,8 +229,13 @@ install_nginx() {
 
     mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /var/www/certbot
 
+    # Nginx 官方包使用 conf.d/ 而非 sites-enabled/，添加 include
     if ! grep -q "sites-enabled" /etc/nginx/nginx.conf; then
-        sed -i '/^http {/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        if grep -q "^http {" /etc/nginx/nginx.conf; then
+            sed -i '/^http {/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        else
+            sed -i '/include.*conf\.d/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        fi
     fi
 
     log "Nginx 配置就绪"
@@ -278,7 +328,9 @@ server {
 NGINX_TEMP
 
     ln -sf "/etc/nginx/sites-available/${site_name}" "/etc/nginx/sites-enabled/${site_name}"
+    # 移除默认站点避免冲突（Ubuntu 包和官方包路径不同）
     rm -f /etc/nginx/sites-enabled/default
+    rm -f /etc/nginx/conf.d/default.conf
     nginx -t && systemctl reload nginx
 
     # 申请证书
@@ -336,6 +388,7 @@ deploy_nginx_conf() {
 load_base_env() {
     local base_dir="${1:-$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)}"
     if [ -f "$base_dir/.env" ]; then
+        fix_crlf "$base_dir/.env"
         set -a
         source "$base_dir/.env"
         set +a