- Introduce a new `nginx-remote-dev` service in `docker-compose.yaml` for remote development environments, allowing Nginx to proxy requests to the host machine's frontend and backend services. - Create a new Nginx configuration file `ai-video.remote-dev.conf` tailored for remote setups, ensuring proper handling of WebSocket and API requests. - Update `README.md` to include detailed instructions for setting up remote development with Nginx, including certificate generation and service initialization. - Enhance the `setup-certs.sh` script to support additional hostnames for certificate signing, improving flexibility for remote access. - Revise documentation to clarify the development paths and requirements for local and remote environments.
64 lines
2.2 KiB
Bash
Executable File
64 lines
2.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# 用 mkcert 生成本地受信任 TLS 证书,供开发 nginx 配置使用。
|
|
#
|
|
# mkcert 会建一个"本地 CA"并装进系统/浏览器信任库,之后它签的证书在本机零警告。
|
|
# 局域网里其它设备(手机/别的电脑)要免警告,需把这个 CA 根证书也装到那台设备上
|
|
# (见末尾提示)。
|
|
#
|
|
# 用法:
|
|
# ./deploy/setup-certs.sh
|
|
# ./deploy/setup-certs.sh 192.168.1.20 dev.example.com
|
|
set -euo pipefail
|
|
|
|
CERT_DIR="$(cd "$(dirname "$0")" && pwd)/certs"
|
|
mkdir -p "$CERT_DIR"
|
|
|
|
# 1) 确认 mkcert 已安装
|
|
if ! command -v mkcert >/dev/null 2>&1; then
|
|
echo "✗ 未找到 mkcert。先安装:"
|
|
echo " brew install mkcert nss # nss 是给 Firefox 用的"
|
|
exit 1
|
|
fi
|
|
|
|
# 2) 安装本地 CA(幂等,已装过会跳过)
|
|
echo "▶ 安装/确认本地 CA(mkcert -install)…"
|
|
mkcert -install
|
|
|
|
# 3) 探测本机局域网 IP(其它设备靠这个 IP 访问)
|
|
LAN_IP="$(
|
|
ipconfig getifaddr en0 2>/dev/null \
|
|
|| ipconfig getifaddr en1 2>/dev/null \
|
|
|| hostname -I 2>/dev/null | awk '{print $1}' \
|
|
|| true
|
|
)"
|
|
if [ -z "$LAN_IP" ]; then
|
|
echo "⚠ 没探测到局域网 IP(en0/en1),证书将只覆盖 localhost。"
|
|
echo " 如需 LAN 访问,手动重跑:mkcert ... <你的IP>"
|
|
fi
|
|
|
|
# 4) 签证书:覆盖 localhost / 回环 / 局域网 IP / 一个好记的本地域名
|
|
HOSTS=(localhost 127.0.0.1 ::1 ai-video.local)
|
|
[ -n "$LAN_IP" ] && HOSTS+=("$LAN_IP")
|
|
for extra_host in "$@"; do
|
|
[ -n "$extra_host" ] && HOSTS+=("$extra_host")
|
|
done
|
|
|
|
echo "▶ 为以下名字签发证书:${HOSTS[*]}"
|
|
mkcert -cert-file "$CERT_DIR/ai-video.pem" \
|
|
-key-file "$CERT_DIR/ai-video-key.pem" \
|
|
"${HOSTS[@]}"
|
|
|
|
echo
|
|
echo "✓ 证书已生成:"
|
|
echo " $CERT_DIR/ai-video.pem"
|
|
echo " $CERT_DIR/ai-video-key.pem"
|
|
echo
|
|
echo "下一步:"
|
|
echo " • 本机访问: https://localhost 或 https://ai-video.local"
|
|
[ -n "$LAN_IP" ] && echo " • 局域网访问:https://$LAN_IP"
|
|
echo " • 别的设备要免警告,把本地 CA 根证书装到那台设备:"
|
|
echo " 根证书位置:\$(mkcert -CAROOT)/rootCA.pem → 拷到设备并信任"
|
|
echo
|
|
echo " ai-video.local 解析:在 /etc/hosts 加一行(可选)"
|
|
[ -n "$LAN_IP" ] && echo " $LAN_IP ai-video.local"
|