jack
8a54cac61f
- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4,避免 ACME 解析失败 - 01-01/01-07: 文档增加 CoreDNS 设置说明 - 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute - traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明 - HAProxy: 健康检查与 PROXY 配置拆分,18080/18443 部署与验证脚本 Made-with: Cursor
62 lines
2.2 KiB
Bash
62 lines
2.2 KiB
Bash
#!/usr/bin/env bash
|
||
# OpenWrt:uhttpd 改回 80/443(IPv4+IPv6),HAProxy 部署到 18080/18443
|
||
# 用法:./scripts/01-08-deploy-openwrt-haproxy.sh [haproxy-cfg-name]
|
||
# cfg-name 默认 haproxy-tls(可选 haproxy-no-check, haproxy-http, haproxy-tls, haproxy-proxy-http-tls)
|
||
set -euo pipefail
|
||
|
||
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||
CFG_DIR="${ROOT_DIR}/ansible/files/01-08-haproxy"
|
||
SSH_OPENWRT="${SSH_OPENWRT:-openwrt}"
|
||
HAPROXY_CFG_NAME="${1:-haproxy-tls}"
|
||
HAPROXY_CFG_PATH="${HAPROXY_CFG_PATH:-/etc/haproxy.cfg}"
|
||
|
||
echo "=== OpenWrt 部署:uhttpd 80/443 + HAProxy 18080/18443(${HAPROXY_CFG_NAME})==="
|
||
|
||
# 1. uhttpd 恢复 80/443(IPv4 + IPv6)
|
||
echo "[1/4] 配置 uhttpd 监听 0.0.0.0:80、[::]:80、0.0.0.0:443、[::]:443..."
|
||
ssh "$SSH_OPENWRT" "bash -s" <<'UHTTPD'
|
||
set -e
|
||
# 清除旧 listen 并设置新的
|
||
uci delete uhttpd.main.listen_http 2>/dev/null || true
|
||
uci delete uhttpd.main.listen_https 2>/dev/null || true
|
||
uci add_list uhttpd.main.listen_http='0.0.0.0:80'
|
||
uci add_list uhttpd.main.listen_http='[::]:80'
|
||
uci add_list uhttpd.main.listen_https='0.0.0.0:443'
|
||
uci add_list uhttpd.main.listen_https='[::]:443'
|
||
uci commit uhttpd
|
||
/etc/init.d/uhttpd restart
|
||
echo " uhttpd 已重启"
|
||
UHTTPD
|
||
|
||
# 2. 停止 HAProxy(释放 80/443,避免与 uhttpd 冲突)
|
||
echo "[2/4] 停止 HAProxy..."
|
||
ssh "$SSH_OPENWRT" "/etc/init.d/haproxy stop 2>/dev/null || true"
|
||
|
||
# 3. 拷贝 HAProxy cfg 并校验
|
||
SRC_CFG="${CFG_DIR}/${HAPROXY_CFG_NAME}.cfg"
|
||
if [[ ! -f "$SRC_CFG" ]]; then
|
||
echo "[ERR] 配置文件不存在: $SRC_CFG" >&2
|
||
exit 1
|
||
fi
|
||
|
||
echo "[3/4] 拷贝 ${HAPROXY_CFG_NAME}.cfg 到 ${SSH_OPENWRT}:${HAPROXY_CFG_PATH}..."
|
||
scp -q -O "$SRC_CFG" "${SSH_OPENWRT}:/tmp/haproxy-new.cfg" 2>/dev/null || {
|
||
scp -q "$SRC_CFG" "${SSH_OPENWRT}:/tmp/haproxy-new.cfg"
|
||
}
|
||
|
||
ssh "$SSH_OPENWRT" "haproxy -c -f /tmp/haproxy-new.cfg" || {
|
||
echo "[ERR] HAProxy 配置语法校验失败" >&2
|
||
exit 1
|
||
}
|
||
ssh "$SSH_OPENWRT" "mv /tmp/haproxy-new.cfg ${HAPROXY_CFG_PATH}"
|
||
|
||
# 4. 启动 HAProxy
|
||
echo "[4/4] 启动 HAProxy..."
|
||
ssh "$SSH_OPENWRT" "/etc/init.d/haproxy start"
|
||
ssh "$SSH_OPENWRT" "/etc/init.d/haproxy enable"
|
||
|
||
echo ""
|
||
echo "[OK] 部署完成。验证:./scripts/01-08-verify-haproxy-openwrt.sh"
|
||
echo " - uhttpd: 80/443(IPv4+IPv6)"
|
||
echo " - HAProxy: 18080/18443"
|