Initial commit: 浼佷笟寰俊 AI 鏈哄櫒浜哄姪鐞?MVP

Co-authored-by: Cursor <cursoragent@cursor.com>

deploy/scripts/setup-ssl.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# SSL 证书配置脚本（Let's Encrypt）
+# 用途：为备案域名配置 HTTPS 证书
+
+set -e
+
+if [ -z "$DOMAIN" ]; then
+    echo "错误: 未设置 DOMAIN 环境变量"
+    echo "请设置: export DOMAIN=your-domain.com"
+    exit 1
+fi
+
+if [ -z "$SSL_EMAIL" ]; then
+    echo "错误: 未设置 SSL_EMAIL 环境变量"
+    echo "请设置: export SSL_EMAIL=your-email@example.com"
+    exit 1
+fi
+
+echo "=== SSL 证书配置（Let's Encrypt）==="
+echo "域名: $DOMAIN"
+echo "邮箱: $SSL_EMAIL"
+echo ""
+
+# 检查 Certbot
+if ! command -v certbot &> /dev/null; then
+    echo "安装 Certbot..."
+    if [ -f /etc/debian_version ]; then
+        sudo apt-get update
+        sudo apt-get install -y certbot python3-certbot-nginx
+    elif [ -f /etc/redhat-release ]; then
+        sudo yum install -y certbot python3-certbot-nginx
+    else
+        echo "错误: 未检测到支持的 Linux 发行版"
+        exit 1
+    fi
+fi
+
+echo "[1/3] 确保 HTTP 服务运行（用于验证）..."
+docker-compose up -d backend nginx
+sleep 3
+
+echo "[2/3] 获取 SSL 证书..."
+sudo certbot certonly --nginx \
+    -d "$DOMAIN" \
+    -d "www.$DOMAIN" \
+    --email "$SSL_EMAIL" \
+    --agree-tos \
+    --non-interactive \
+    --preferred-challenges http
+
+echo "[3/3] 更新 Nginx 配置..."
+# 更新 nginx-ssl.conf，使用实际证书路径
+sed -i "s|ssl_certificate.*|ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;|" deploy/nginx-ssl.conf
+sed -i "s|ssl_certificate_key.*|ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;|" deploy/nginx-ssl.conf
+
+# 更新 docker-compose.yml，挂载证书目录
+# 注意：需要手动更新 docker-compose.yml 的 volumes
+
+echo "✓ SSL 证书配置完成"
+echo ""
+echo "证书路径: /etc/letsencrypt/live/$DOMAIN/"
+echo ""
+echo "请更新 docker-compose.yml，添加证书挂载："
+echo "  volumes:"
+echo "    - /etc/letsencrypt:/etc/letsencrypt:ro"
+echo ""
+echo "然后重启 Nginx: docker-compose restart nginx"