fix: 代码审查修复 · certbot --redirect移除 · IP检测超时 · 路径触发优化

- setup-ssl.sh: 移除certonly模式下无效的--redirect参数
- setup-ssl.sh: IP检测添加--max-time 5超时
- setup-ssl.sh: 修复here-string兼容性(<<<改为echo|grep)
- staging-auto-deploy.yml: 移除scripts/**路径触发(避免监控脚本变更触发部署)

Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/e77d1d37-c3b4-4567-96d1-f0616e1836b9

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-03-31 07:06:50 +00:00 committed by GitHub
parent ddaec6b547
commit ae1db6ae34
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 6 deletions

View File

@ -26,7 +26,6 @@ on:
- 'server/app/**'
- 'server/nginx/**'
- 'server/ecosystem.config.js'
- 'scripts/**'
# 手动触发 (调试/重试)
workflow_dispatch:

View File

@ -93,7 +93,7 @@ verify_domain() {
# 获取本机公网IP
local server_ip
server_ip=$(curl -sf https://api.ipify.org 2>/dev/null || curl -sf https://ifconfig.me 2>/dev/null || echo "unknown")
server_ip=$(curl -sf --max-time 5 https://api.ipify.org 2>/dev/null || curl -sf --max-time 5 https://ifconfig.me 2>/dev/null || echo "unknown")
log_info "本机公网IP: $server_ip"
# 解析域名
@ -151,15 +151,14 @@ obtain_certificate() {
systemctl start nginx
fi
# 使用 certonly 模式 + webroot 或 nginx 插件
# --nginx 插件更方便,自动处理验证
# 使用 certonly 模式 + nginx 插件进行验证
# certonly 只获取证书不修改Nginx配置铸渊自己管理Nginx SSL配置
certbot certonly \
--nginx \
--non-interactive \
--agree-tos \
--email "$email" \
--domain "$domain" \
--redirect \
2>&1
if [ $? -eq 0 ]; then
@ -213,7 +212,7 @@ configure_nginx_ssl() {
# 确定这是哪个域名(主站还是预览站)
local site_mode="preview"
local api_port="3801"
if grep -q "ZY_DOMAIN_MAIN\|hololake" <<< "$domain"; then
if echo "$domain" | grep -q "hololake"; then
site_mode="production"
api_port="3800"
fi