add-sub-domian.sh

#!/bin/bash

# 脚本用于自动化配置 Nginx 以支持 HTTPS 和 WebSocket (WSS)

# 新子域名
new_domain=$1

# 检查参数
if [ -z "$new_domain" ]; then
    echo "Usage: $0 <newdomain.xindamate.com>"
    exit 1
fi

# Nginx 配置文件路径
nginx_config="/etc/nginx/sites-available/xindamate.com"
nginx_link="/etc/nginx/sites-enabled/xindamate.com"

# 检查 Nginx 配置文件是否存在
if [ ! -f "$nginx_config" ]; then
    echo "Nginx configuration file does not exist: $nginx_config"
    exit 1
fi

# 更新 Nginx 配置
echo "Adding $new_domain to Nginx configuration."

cat << EOF >> $nginx_config

server {
    listen 443 ssl;
    server_name $new_domain;

    ssl_certificate /etc/letsencrypt/live/xindamate.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xindamate.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8080; # 根据实际后端服务进行调整
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}

# 这个也很重要，避免自己各种查找后发现是这个问题，即实际访问的是 http 非 https
server {
    listen 80;
    server_name $new_domain;

    # 重定向所有 HTTP 流量到 HTTPS
    return 301 https://$server_name$request_uri;
}

EOF

# 确保配置文件链接正确
if [ ! -L "$nginx_link" ]; then
    ln -s $nginx_config $nginx_link
fi

# 测试 Nginx 配置
echo "Testing Nginx configuration."
nginx -t

if [ $? -ne 0 ]; then
    echo "Nginx configuration test failed."
    exit 1
fi

# 重新加载 Nginx
echo "Reloading Nginx."
nginx -s reload

# 使用 Certbot 更新 SSL 证书
echo "Updating SSL certificate for $new_domain."
certbot certonly --expand --cert-name xindamate.com -d xindamate.com,$new_domain --nginx

# 再次检查并重新加载 Nginx
nginx -t && nginx -s reload

echo "$new_domain has been configured successfully."

climate-change.conf

# this is important. 
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;
        server_name climate-change.xindam8.win;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name climate-change.xindam8.win;

        ssl_certificate /etc/letsencrypt/live/climate-change.xindam8.win/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/climate-change.xindam8.win/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


        # Combined WebSocket location block
        location ~* /(create_demo_session|live|auto_advance|wait_page|create_session|delete_sessions|export) {
            proxy_pass http://127.0.0.1:8003;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;  # Use the mapped variable!
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
        }

        location / {
            proxy_pass http://127.0.0.1:8003;
            include proxy_params;
        }
    }