wx44wx/ai-video-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0adb3ed8a1a431b6e8e7210a9632ded7dc532942
ai-video-fullstack/deploy/setup-certs.sh
Xin Wang 0adb3ed8a1 Add initial setup for local HTTPS debugging and Nginx configuration 
- Introduce `setup-certs.sh` script for generating trusted local TLS certificates using mkcert.
- Add Nginx configuration files for local and Docker environments to handle HTTPS requests and proxy to backend services.
- Update `docker-compose.yaml` to include Nginx service for unified TLS entry and adjust frontend service ports for local development.
- Create `AGENTS.md` and `README.md` files to document the local HTTPS setup process and usage instructions.
- Modify backend startup commands in `README.md` for consistency with new requirements.
- Add `.gitignore` to exclude generated certificates from version control.
2026-06-10 13:37:24 +08:00

54 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# 用 mkcert 生成本地受信任 TLS 证书,供 deploy/nginx/ai-video.dev.conf 使用。
#
# mkcert 会建一个"本地 CA"并装进系统/浏览器信任库,之后它签的证书在本机零警告。
# 局域网里其它设备(手机/别的电脑)要免警告,需把这个 CA 根证书也装到那台设备上
# (见末尾提示)。
#
# 用法: ./deploy/setup-certs.sh
set -euo pipefail
CERT_DIR="$(cd "$(dirname "$0")" && pwd)/certs"
mkdir -p "$CERT_DIR"
# 1) 确认 mkcert 已安装
if ! command -v mkcert >/dev/null 2>&1; then
echo "✗ 未找到 mkcert。先安装:"
echo " brew install mkcert nss # nss 是给 Firefox 用的"
exit 1
fi
# 2) 安装本地 CA(幂等,已装过会跳过)
echo "▶ 安装/确认本地 CA(mkcert -install)…"
mkcert -install
# 3) 探测本机局域网 IP(其它设备靠这个 IP 访问)
LAN_IP="$(ipconfig getifaddr en0 2>/dev/null || ipconfig getifaddr en1 2>/dev/null || true)"
if [ -z "$LAN_IP" ]; then
echo "⚠ 没探测到局域网 IP(en0/en1),证书将只覆盖 localhost。"
echo " 如需 LAN 访问,手动重跑:mkcert ... <你的IP>"
fi
# 4) 签证书:覆盖 localhost / 回环 / 局域网 IP / 一个好记的本地域名
HOSTS=(localhost 127.0.0.1 ::1 ai-video.local)
[ -n "$LAN_IP" ] && HOSTS+=("$LAN_IP")
echo "▶ 为以下名字签发证书:${HOSTS[*]}"
mkcert -cert-file "$CERT_DIR/ai-video.pem" \
-key-file "$CERT_DIR/ai-video-key.pem" \
"${HOSTS[@]}"
echo
echo "✓ 证书已生成:"
echo " $CERT_DIR/ai-video.pem"
echo " $CERT_DIR/ai-video-key.pem"
echo
echo "下一步:"
echo " • 本机访问: https://localhost 或 https://ai-video.local"
[ -n "$LAN_IP" ] && echo " • 局域网访问:https://$LAN_IP"
echo " • 别的设备要免警告,把本地 CA 根证书装到那台设备:"
echo " 根证书位置:\$(mkcert -CAROOT)/rootCA.pem → 拷到设备并信任"
echo
echo " ai-video.local 解析:在 /etc/hosts 加一行(可选)"
[ -n "$LAN_IP" ] && echo " $LAN_IP ai-video.local"
Reference in New Issue View Git Blame Copy Permalink