添加portainer，优化部署

2026-04-08 09:58:40 +08:00
parent 14584aed3d
commit e5f841c624
31 changed files with 1882 additions and 1261 deletions
--- a/siyuan/README.md
+++ b/siyuan/README.md
@@ -42,6 +42,7 @@ siyuan/
 ├── .env.example          # 配置模板
 ├── deploy.sh             # 一键部署脚本
 ├── backup.sh             # 备份脚本
+├── uninstall.sh          # 完全卸载脚本
 ├── nginx/
 │   └── siyuan.conf       # Nginx 反向代理配置
 └── README.md             # 本文件
@@ -260,6 +261,65 @@ docker compose up -d     # 启动
 docker compose restart   # 重启
 ```

+## 完全卸载
+
+如果需要从服务器上完全移除 SiYuan，使用卸载脚本：
+
+```bash
+cd /opt/siyuan
+bash uninstall.sh
+```
+
+脚本会**交互式确认**每个危险操作，按顺序执行：
+
+| 步骤 | 操作 | 确认方式 |
+|------|------|----------|
+| 0 | 卸载前备份（可选） | y/N |
+| 1 | 停止并删除 SiYuan 容器 | 输入 YES |
+| 2 | 删除 Docker 镜像 | 自动 |
+| 3 | 删除 Nginx 站点配置并重载 | 自动 |
+| 4 | 删除 Let's Encrypt SSL 证书 | 自动 |
+| 5 | 清理 Certbot 定时任务（仅当无其他证书时） | 自动 |
+| 6 | 删除数据目录 | 输入 DELETE |
+| 7 | 删除部署目录 `/opt/siyuan` | y/N |
+
+**备份目录 `/var/backups/siyuan/` 始终保留**，不会被删除。
+
+> 卸载后如需恢复，参考上方「恢复备份」章节。
+
+<details>
+<summary>手动卸载步骤（不使用脚本）</summary>
+
+```bash
+cd /opt/siyuan
+
+# 1. 建议先备份
+bash backup.sh
+
+# 2. 停止并删除容器
+docker compose down -v
+
+# 3. 删除 Docker 镜像（可选）
+docker image rm b3log/siyuan:latest
+
+# 4. 删除 Nginx 配置
+rm -f /etc/nginx/sites-enabled/siyuan /etc/nginx/sites-available/siyuan
+nginx -t && systemctl reload nginx
+
+# 5. 删除 SSL 证书
+certbot delete --cert-name 你的域名
+
+# 6. 删除数据目录（⚠ 不可恢复）
+rm -rf /data/siyuan/workspace
+
+# 7. 删除部署目录（可选）
+rm -rf /opt/siyuan
+
+# 备份目录保留在 /var/backups/siyuan/
+```
+
+</details>
+
 ## 数据存储结构

 SiYuan 的数据存储在工作空间目录下：
--- a/siyuan/backup.sh
+++ b/siyuan/backup.sh
@@ -11,6 +11,7 @@ cd "$SCRIPT_DIR"

 # 加载配置
 if [ -f .env ]; then
+    sed -i 's/\r$//' .env
    set -a; source .env; set +a
 else
    echo "[ERROR] .env 文件不存在，请先运行 deploy.sh" >&2
--- a/siyuan/deploy.sh
+++ b/siyuan/deploy.sh
@@ -48,6 +48,7 @@ init_env() {
        exit 0
    fi

+    fix_crlf .env
    set -a; source .env; set +a

    local has_error=0
--- a/siyuan/nginx/siyuan.conf
+++ b/siyuan/nginx/siyuan.conf
@@ -13,8 +13,9 @@ server {
 }

 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
    server_name __DOMAIN__;

    # SSL 证书
@@ -23,16 +24,15 @@ server {

    # SSL 参数
    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers HIGH:!aNULL:!MD5;
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;

    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+    add_header Referrer-Policy strict-origin-when-cross-origin always;

    # 上传大小限制（资源文件、图片等上传）
    client_max_body_size 128M;
--- a/siyuan/uninstall.sh
+++ b/siyuan/uninstall.sh
@@ -0,0 +1,154 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# ============================================
+# SiYuan 卸载脚本
+# 停止容器 → 备份数据 → 清理容器/镜像/配置/数据
+# ============================================
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+log()   { echo -e "${GREEN}[INFO]${NC} $*"; }
+warn()  { echo -e "${YELLOW}[WARN]${NC} $*"; }
+error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
+
+# ===== 检查 root =====
+if [ "$(id -u)" -ne 0 ]; then
+    error "请使用 root 用户运行: sudo bash uninstall.sh"
+    exit 1
+fi
+
+# ===== 加载配置 =====
+if [ -f .env ]; then
+    sed -i 's/\r$//' .env
+    set -a
+    source .env
+    set +a
+fi
+
+SIYUAN_DATA_DIR="${SIYUAN_DATA_DIR:-/data/siyuan/workspace}"
+BACKUP_DIR="${BACKUP_DIR:-/var/backups/siyuan}"
+SIYUAN_DOMAIN="${SIYUAN_DOMAIN:-}"
+
+# ===== 确认操作 =====
+echo ""
+echo -e "${RED}╔══════════════════════════════════════════════════╗${NC}"
+echo -e "${RED}║         ⚠  即将卸载 SiYuan 及所有数据  ⚠         ║${NC}"
+echo -e "${RED}╚══════════════════════════════════════════════════╝${NC}"
+echo ""
+echo "将执行以下操作："
+echo "  1. 停止并删除 SiYuan 容器"
+echo "  2. 删除 Docker 镜像"
+echo "  3. 删除 Nginx 站点配置"
+echo "  4. 删除 SSL 证书"
+echo "  5. 删除 Certbot 自动续期定时任务"
+echo ""
+echo "涉及的数据目录："
+echo "  SiYuan 数据: ${SIYUAN_DATA_DIR}"
+echo "  备份目录:    ${BACKUP_DIR}"
+echo "  部署目录:    ${SCRIPT_DIR}"
+echo ""
+echo -e "${YELLOW}备份目录将保留，不会被删除。${NC}"
+echo ""
+read -r -p "确定要继续卸载吗？输入 YES 确认: " confirm
+if [ "$confirm" != "YES" ]; then
+    log "已取消卸载"
+    exit 0
+fi
+
+# ===== 卸载前备份 =====
+echo ""
+read -r -p "是否在卸载前执行一次备份？(y/N): " do_backup
+if [[ "$do_backup" =~ ^[Yy]$ ]]; then
+    if [ -f backup.sh ]; then
+        log "正在执行备份..."
+        bash backup.sh
+        log "备份完成"
+    else
+        warn "backup.sh 不存在，跳过备份"
+    fi
+fi
+
+# ===== 1. 停止并删除容器 =====
+echo ""
+log "正在停止并删除容器..."
+if docker compose ps --quiet 2>/dev/null | grep -q .; then
+    docker compose down -v
+    log "容器已停止并删除"
+else
+    log "没有运行中的容器"
+fi
+
+# ===== 2. 删除 Docker 镜像 =====
+log "正在删除 Docker 镜像..."
+SIYUAN_IMAGE="${SIYUAN_IMAGE:-b3log/siyuan:latest}"
+docker image rm "$SIYUAN_IMAGE" 2>/dev/null && log "已删除镜像: $SIYUAN_IMAGE" || true
+
+# ===== 3. 删除 Nginx 配置 =====
+log "正在清理 Nginx 配置..."
+rm -f /etc/nginx/sites-enabled/siyuan
+rm -f /etc/nginx/sites-available/siyuan
+if command -v nginx &>/dev/null && nginx -t 2>/dev/null; then
+    systemctl reload nginx 2>/dev/null || true
+    log "Nginx 已重载"
+fi
+
+# ===== 4. 删除 SSL 证书 =====
+if [ -n "$SIYUAN_DOMAIN" ] && [ -d "/etc/letsencrypt/live/${SIYUAN_DOMAIN}" ]; then
+    log "正在删除 SSL 证书: ${SIYUAN_DOMAIN}..."
+    certbot delete --cert-name "${SIYUAN_DOMAIN}" --non-interactive 2>/dev/null || true
+    log "SSL 证书已删除"
+fi
+
+# ===== 5. 清理 Certbot 定时任务 =====
+remaining_certs=$(certbot certificates 2>/dev/null | grep -c "Certificate Name" || true)
+if [ "$remaining_certs" -eq 0 ]; then
+    crontab -l 2>/dev/null | grep -v "certbot renew" | crontab - 2>/dev/null || true
+    log "已移除 Certbot 自动续期定时任务（无剩余证书）"
+else
+    log "保留 Certbot 定时任务（还有 ${remaining_certs} 个其他证书）"
+fi
+
+# ===== 6. 删除数据目录 =====
+echo ""
+echo -e "${RED}以下目录将被永久删除：${NC}"
+echo "  ${SIYUAN_DATA_DIR}"
+echo ""
+echo -e "${YELLOW}备份目录 ${BACKUP_DIR} 不会被删除。${NC}"
+echo ""
+read -r -p "确认删除数据目录？输入 DELETE 确认: " confirm_delete
+if [ "$confirm_delete" = "DELETE" ]; then
+    rm -rf "$SIYUAN_DATA_DIR"
+    log "已删除: ${SIYUAN_DATA_DIR}"
+else
+    warn "跳过数据目录删除"
+fi
+
+# ===== 7. 删除部署目录 =====
+echo ""
+read -r -p "是否删除部署目录 ${SCRIPT_DIR}？(y/N): " del_deploy
+if [[ "$del_deploy" =~ ^[Yy]$ ]]; then
+    cd /opt
+    rm -rf "$SCRIPT_DIR"
+    log "已删除部署目录"
+else
+    warn "保留部署目录: ${SCRIPT_DIR}"
+fi
+
+# ===== 完成 =====
+echo ""
+log "SiYuan 卸载完成"
+echo ""
+echo "保留的内容："
+echo "  备份目录: ${BACKUP_DIR}"
+[ "$confirm_delete" != "DELETE" ] && echo "  数据目录: ${SIYUAN_DATA_DIR}"
+[[ ! "$del_deploy" =~ ^[Yy]$ ]] && echo "  部署目录: ${SCRIPT_DIR}"
+echo ""
+echo "如需恢复，请参考 README.md 中的「恢复备份」章节。"