Add initial setup for local HTTPS debugging and Nginx configuration
- Introduce `setup-certs.sh` script for generating trusted local TLS certificates using mkcert. - Add Nginx configuration files for local and Docker environments to handle HTTPS requests and proxy to backend services. - Update `docker-compose.yaml` to include Nginx service for unified TLS entry and adjust frontend service ports for local development. - Create `AGENTS.md` and `README.md` files to document the local HTTPS setup process and usage instructions. - Modify backend startup commands in `README.md` for consistency with new requirements. - Add `.gitignore` to exclude generated certificates from version control.
This commit is contained in:
53
deploy/setup-certs.sh
Executable file
53
deploy/setup-certs.sh
Executable file
@@ -0,0 +1,53 @@
|
||||
#!/usr/bin/env bash
|
||||
# 用 mkcert 生成本地受信任 TLS 证书,供 deploy/nginx/ai-video.dev.conf 使用。
|
||||
#
|
||||
# mkcert 会建一个"本地 CA"并装进系统/浏览器信任库,之后它签的证书在本机零警告。
|
||||
# 局域网里其它设备(手机/别的电脑)要免警告,需把这个 CA 根证书也装到那台设备上
|
||||
# (见末尾提示)。
|
||||
#
|
||||
# 用法: ./deploy/setup-certs.sh
|
||||
set -euo pipefail
|
||||
|
||||
CERT_DIR="$(cd "$(dirname "$0")" && pwd)/certs"
|
||||
mkdir -p "$CERT_DIR"
|
||||
|
||||
# 1) 确认 mkcert 已安装
|
||||
if ! command -v mkcert >/dev/null 2>&1; then
|
||||
echo "✗ 未找到 mkcert。先安装:"
|
||||
echo " brew install mkcert nss # nss 是给 Firefox 用的"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 2) 安装本地 CA(幂等,已装过会跳过)
|
||||
echo "▶ 安装/确认本地 CA(mkcert -install)…"
|
||||
mkcert -install
|
||||
|
||||
# 3) 探测本机局域网 IP(其它设备靠这个 IP 访问)
|
||||
LAN_IP="$(ipconfig getifaddr en0 2>/dev/null || ipconfig getifaddr en1 2>/dev/null || true)"
|
||||
if [ -z "$LAN_IP" ]; then
|
||||
echo "⚠ 没探测到局域网 IP(en0/en1),证书将只覆盖 localhost。"
|
||||
echo " 如需 LAN 访问,手动重跑:mkcert ... <你的IP>"
|
||||
fi
|
||||
|
||||
# 4) 签证书:覆盖 localhost / 回环 / 局域网 IP / 一个好记的本地域名
|
||||
HOSTS=(localhost 127.0.0.1 ::1 ai-video.local)
|
||||
[ -n "$LAN_IP" ] && HOSTS+=("$LAN_IP")
|
||||
|
||||
echo "▶ 为以下名字签发证书:${HOSTS[*]}"
|
||||
mkcert -cert-file "$CERT_DIR/ai-video.pem" \
|
||||
-key-file "$CERT_DIR/ai-video-key.pem" \
|
||||
"${HOSTS[@]}"
|
||||
|
||||
echo
|
||||
echo "✓ 证书已生成:"
|
||||
echo " $CERT_DIR/ai-video.pem"
|
||||
echo " $CERT_DIR/ai-video-key.pem"
|
||||
echo
|
||||
echo "下一步:"
|
||||
echo " • 本机访问: https://localhost 或 https://ai-video.local"
|
||||
[ -n "$LAN_IP" ] && echo " • 局域网访问:https://$LAN_IP"
|
||||
echo " • 别的设备要免警告,把本地 CA 根证书装到那台设备:"
|
||||
echo " 根证书位置:\$(mkcert -CAROOT)/rootCA.pem → 拷到设备并信任"
|
||||
echo
|
||||
echo " ai-video.local 解析:在 /etc/hosts 加一行(可选)"
|
||||
[ -n "$LAN_IP" ] && echo " $LAN_IP ai-video.local"
|
||||
Reference in New Issue
Block a user