添加portainer，优化部署

2026-04-08 09:58:40 +08:00
parent 14584aed3d
commit e5f841c624
31 changed files with 1882 additions and 1261 deletions
--- a/gitea/deploy.sh
+++ b/gitea/deploy.sh
@@ -147,19 +147,39 @@ install_docker() {
    log "Docker Compose 已就绪: $(docker compose version --short)"
 }

-# ===== 3. 安装 Nginx =====
+# ===== 3. 安装 Nginx（官方稳定版仓库）=====
 install_nginx() {
    step "3/8 安装 Nginx"

    if command -v nginx &> /dev/null; then
        log "Nginx 已安装: $(nginx -v 2>&1)"
    else
-        log "正在安装 Nginx..."
+        log "正在安装 Nginx（官方 stable 仓库）..."
        case "$PKG_MGR" in
            apt)
+                # 添加 Nginx 官方 GPG 密钥
+                curl -fsSL https://nginx.org/keys/nginx_signing.key \
+                    | gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
+                # 添加官方 stable 仓库
+                echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
+                    http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" \
+                    > /etc/apt/sources.list.d/nginx.list
+                # 优先使用官方仓库
+                printf "Package: *\nPin: origin nginx.org\nPin-Priority: 900\n" \
+                    > /etc/apt/preferences.d/99nginx
+                apt-get update -qq
                apt-get install -y -qq nginx
                ;;
            dnf|yum)
+                cat > /etc/yum.repos.d/nginx.repo <<'REPO'
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+REPO
                $PKG_MGR install -y -q nginx
                ;;
        esac
@@ -171,10 +191,13 @@ install_nginx() {
    # 确保 Nginx 配置目录结构存在
    mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /var/www/certbot

-    # 确保 nginx.conf 包含 sites-enabled
+    # Nginx 官方包使用 conf.d/ 而非 sites-enabled/，添加 include
    if ! grep -q "sites-enabled" /etc/nginx/nginx.conf; then
-        # 在 http { } 块内添加 include
-        sed -i '/^http {/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        if grep -q "^http {" /etc/nginx/nginx.conf; then
+            sed -i '/^http {/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        else
+            sed -i '/include.*conf\.d/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
+        fi
    fi

    log "Nginx 配置就绪"
@@ -213,6 +236,7 @@ init_env() {
    fi

    # 加载并验证配置
+    sed -i 's/\r$//' .env
    set -a
    source .env
    set +a
@@ -331,8 +355,9 @@ server {
 NGINX_TEMP

    ln -sf /etc/nginx/sites-available/gitea /etc/nginx/sites-enabled/gitea
-    # 移除默认站点避免冲突
+    # 移除默认站点避免冲突（Ubuntu 包和官方包路径不同）
    rm -f /etc/nginx/sites-enabled/default
+    rm -f /etc/nginx/conf.d/default.conf
    nginx -t && systemctl reload nginx

    # 申请 SSL 证书