user-system/simple_deploy.sh

#!/bin/bash
# 极简一键部署脚本 - Ubuntu 24.04
# 服务器: 43.155.133.187 | 域名: tksea.top
set -e
[ "$EUID" -ne 0 ] && echo "请用 sudo 运行" && exit 1
export DEBIAN_FRONTEND=noninteractive
echo "[1/8] 更新..." && apt update -y && apt upgrade -y
echo "[2/8] Docker..." && curl -fsSL https://get.docker.com | sh && systemctl enable docker
echo "[3/8] Nginx/Certbot..." && apt install -y nginx certbot python3-certbot-nginx
echo "[4/8] 目录..." && mkdir -p /opt/gitea /opt/sub2api/deploy /var/www/html
echo "[5/8] Nginx配置..." && cat > /etc/nginx/sites-available/tksea << 'N'
server { listen 80; server_name tksea.top www.tksea.top api.tksea.top; root /var/www/html; location /.well-known/acme-challenge/ { root /var/www/html; } location / { return 200 "Init..."; } }
N
ln -sf /etc/nginx/sites-available/tksea /etc/nginx/sites-enabled/ && nginx -t && systemctl reload nginx
echo "[6/8] SSL证书..." && certbot --nginx -d tksea.top -d www.tksea.top -d api.tksea.top --non-interactive --agree-tos --email admin@tksea.top || true
echo "[7/8] Nginx反向代理..." && cat > /etc/nginx/sites-available/tksea << 'N'
server { listen 80; server_name tksea.top www.tksea.top api.tksea.top; location /.well-known/acme-challenge/ { root /var/www/html; } location / { return 301 https://$host$request_uri; } }
server { listen 443 ssl http2; server_name tksea.top; ssl_certificate /etc/letsencrypt/live/tksea.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tksea.top/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_protocols TLSv1.2 TLSv1.3; add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
server { listen 443 ssl http2; server_name api.tksea.top; ssl_certificate /etc/letsencrypt/live/tksea.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/tksea.top/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_protocols TLSv1.2 TLSv1.3; add_header Strict-Transport-Security "max-age=63072000" always; underscores_in_headers on; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
N
nginx -t && systemctl reload nginx
echo "[8/8] Gitea..." && cat > /opt/gitea/docker-compose.yml << 'G'
version: "3.8"
services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    ports:
      - "127.0.0.1:3000:3000"
      - "127.0.0.1:2222:22"
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=sqlite3
      - GITEA__server__DOMAIN=tksea.top
      - GITEA__server__ROOT_URL=https://tksea.top/
volumes:
  gitea-data:
G
cd /opt/gitea && docker compose up -d
echo "部署完成! 继续执行 Sub2API 部署..." && cd /opt/sub2api/deploy && curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/docker-deploy.sh | bash
echo "========================================" && echo "完成! 请添加 DNS: api.tksea.top -> 43.155.133.187" && echo "访问: https://tksea.top 和 https://api.tksea.top" && echo "========================================"