#!/usr/bin/env bash # OpenWrt:uhttpd 改回 80/443(IPv4+IPv6),HAProxy 部署到 18080/18443 # 用法:./scripts/01-08-deploy-openwrt-haproxy.sh [haproxy-cfg-name] # cfg-name 默认 haproxy-tls(可选 haproxy-no-check, haproxy-http, haproxy-tls, haproxy-proxy-http-tls) set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" CFG_DIR="${ROOT_DIR}/ansible/files/01-08-haproxy" SSH_OPENWRT="${SSH_OPENWRT:-openwrt}" HAPROXY_CFG_NAME="${1:-haproxy-tls}" HAPROXY_CFG_PATH="${HAPROXY_CFG_PATH:-/etc/haproxy.cfg}" echo "=== OpenWrt 部署:uhttpd 80/443 + HAProxy 18080/18443(${HAPROXY_CFG_NAME})===" # 1. uhttpd 恢复 80/443(IPv4 + IPv6) echo "[1/4] 配置 uhttpd 监听 0.0.0.0:80、[::]:80、0.0.0.0:443、[::]:443..." ssh "$SSH_OPENWRT" "bash -s" <<'UHTTPD' set -e # 清除旧 listen 并设置新的 uci delete uhttpd.main.listen_http 2>/dev/null || true uci delete uhttpd.main.listen_https 2>/dev/null || true uci add_list uhttpd.main.listen_http='0.0.0.0:80' uci add_list uhttpd.main.listen_http='[::]:80' uci add_list uhttpd.main.listen_https='0.0.0.0:443' uci add_list uhttpd.main.listen_https='[::]:443' uci commit uhttpd /etc/init.d/uhttpd restart echo " uhttpd 已重启" UHTTPD # 2. 停止 HAProxy(释放 80/443,避免与 uhttpd 冲突) echo "[2/4] 停止 HAProxy..." ssh "$SSH_OPENWRT" "/etc/init.d/haproxy stop 2>/dev/null || true" # 3. 拷贝 HAProxy cfg 并校验 SRC_CFG="${CFG_DIR}/${HAPROXY_CFG_NAME}.cfg" if [[ ! -f "$SRC_CFG" ]]; then echo "[ERR] 配置文件不存在: $SRC_CFG" >&2 exit 1 fi echo "[3/4] 拷贝 ${HAPROXY_CFG_NAME}.cfg 到 ${SSH_OPENWRT}:${HAPROXY_CFG_PATH}..." scp -q -O "$SRC_CFG" "${SSH_OPENWRT}:/tmp/haproxy-new.cfg" 2>/dev/null || { scp -q "$SRC_CFG" "${SSH_OPENWRT}:/tmp/haproxy-new.cfg" } ssh "$SSH_OPENWRT" "haproxy -c -f /tmp/haproxy-new.cfg" || { echo "[ERR] HAProxy 配置语法校验失败" >&2 exit 1 } ssh "$SSH_OPENWRT" "mv /tmp/haproxy-new.cfg ${HAPROXY_CFG_PATH}" # 4. 启动 HAProxy echo "[4/4] 启动 HAProxy..." ssh "$SSH_OPENWRT" "/etc/init.d/haproxy start" ssh "$SSH_OPENWRT" "/etc/init.d/haproxy enable" echo "" echo "[OK] 部署完成。验证:./scripts/01-08-verify-haproxy-openwrt.sh" echo " - uhttpd: 80/443(IPv4+IPv6)" echo " - HAProxy: 18080/18443"