我的系统是debian12,我自己的域名是yuebin.uk，我

好的，这是根据你的脚本和我的建议整理的完整改进版安装脚本：

#!/bin/bash

# SSPanel 安装脚本 for Debian 12
# 域名: yuebin.uk

set -e

# 配置变量
DOMAIN="yuebin.uk"
DB_NAME="sspanel"
DB_USER="sspanel_user"
DB_PASSWORD=$(openssl rand -base64 16 | tr -d '/+' | cut -c1-16)
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 16 | tr -d '/+' | cut -c1-16)
PANEL_VERSION="25.1.0"
APP_KEY=$(openssl rand -base64 32)
MU_KEY=$(openssl rand -base64 16)

# 日志记录
LOG_FILE="/var/log/sspanel_install.log"
exec > >(tee -a "$LOG_FILE") 2>&1

echo "=========================================="
echo "SSPanel 安装脚本"
echo "域名: $DOMAIN"
echo "安装日志: $LOG_FILE"
echo "=========================================="

# 错误检查函数
check_command() {
    if [ $? -ne 0 ]; then
        echo "错误: $1 执行失败"
        exit 1
    fi
}

# 更新系统
echo "更新系统包..."
apt update && apt upgrade -y
check_command "系统更新"

# 安装必要软件
echo "安装必要软件..."
apt install -y curl wget git unzip nginx mariadb-server redis-server php8.2-fpm \
php8.2-common php8.2-mysql php8.2-gd php8.2-mbstring php8.2-xml php8.2-curl \
php8.2-bcmath php8.2-zip php8.2-intl php8.2-redis certbot python3-certbot-nginx
check_command "软件安装"

# 配置MySQL
echo "配置MySQL..."
systemctl start mysql
systemctl enable mysql

# 安全设置MySQL
mysql -u root <<EOF
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
EOF
check_command "MySQL安全配置"

# 创建SSPanel数据库
mysql -u root -p$MYSQL_ROOT_PASSWORD <<EOF
CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;
EOF
check_command "数据库创建"

# 安装Composer
echo "安装Composer..."
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
check_command "Composer安装"

# 创建网站目录
echo "创建网站目录..."
mkdir -p /www/wwwroot/$DOMAIN
cd /www/wwwroot/$DOMAIN

# 下载SSPanel
echo "下载SSPanel..."
wget https://github.com/Anankke/SSPanel-UIM/archive/refs/tags/$PANEL_VERSION.zip -O sspanel.zip
check_command "SSPanel下载"

unzip sspanel.zip
mv SSPanel-UIM-$PANEL_VERSION/* .
mv SSPanel-UIM-$PANEL_VERSION/.* . 2>/dev/null || true
rm -rf SSPanel-UIM-$PANEL_VERSION sspanel.zip

# 验证下载
if [ ! -f "version.md" ]; then
    echo "错误: SSPanel下载可能失败，请检查版本号"
    exit 1
fi

# 安装PHP依赖
echo "安装PHP依赖..."
composer install --no-dev --optimize-autoloader --ignore-platform-reqs
check_command "Composer依赖安装"

# 配置PHP
echo "配置PHP..."
sed -i 's/^;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/8.2/fpm/php.ini
sed -i 's/^max_execution_time = .*/max_execution_time = 300/' /etc/php/8.2/fpm/php.ini
sed -i 's/^memory_limit = .*/memory_limit = 512M/' /etc/php/8.2/fpm/php.ini
sed -i 's/^upload_max_filesize = .*/upload_max_filesize = 100M/' /etc/php/8.2/fpm/php.ini
sed -i 's/^post_max_size = .*/post_max_size = 100M/' /etc/php/8.2/fpm/php.ini

systemctl restart php8.2-fpm
check_command "PHP配置"

# 创建环境配置文件
cp config/.config.example.php config/.config.php
cp config/appprofile.example.php config/appprofile.php

# 配置环境文件
echo "配置环境文件..."
sed -i "s|'ChangeMe'|'$APP_KEY'|g" config/.config.php
sed -i "s|'ChangeMe'|'$MU_KEY'|g" config/.config.php
sed -i "s|https://example.com|https://$DOMAIN|g" config/.config.php
sed -i "s|db_database.*=.*'sspanel'|db_database = '$DB_NAME'|g" config/.config.php
sed -i "s|db_username.*=.*'root'|db_username = '$DB_USER'|g" config/.config.php
sed -i "s|db_password.*=.*'sspanel'|db_password = '$DB_PASSWORD'|g" config/.config.php
sed -i "s|redis_host.*=.*'127.0.0.1'|redis_host = 'localhost'|g" config/.config.php

# 设置文件权限
echo "设置文件权限..."
chown -R www-data:www-data /www/wwwroot/$DOMAIN
find /www/wwwroot/$DOMAIN -type d -exec chmod 755 {} \;
find /www/wwwroot/$DOMAIN -type f -exec chmod 644 {} \;

# 设置需要写权限的目录
chmod -R 777 /www/wwwroot/$DOMAIN/storage
chmod 775 /www/wwwroot/$DOMAIN/public/clients

# 确保 storage 子目录存在且可写
mkdir -p /www/wwwroot/$DOMAIN/storage/framework/smarty/{cache,compile}
mkdir -p /www/wwwroot/$DOMAIN/storage/framework/twig/cache
chmod -R 777 /www/wwwroot/$DOMAIN/storage/framework

# 配置文件权限
chmod 664 /www/wwwroot/$DOMAIN/config/.config.php
chmod 664 /www/wwwroot/$DOMAIN/config/appprofile.php

# 配置Nginx
echo "配置Nginx..."
cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;
    root /www/wwwroot/$DOMAIN/public;
    index index.php index.html;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Access-Control-Allow-Origin "*";
    }
}
EOF

ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default

# 测试Nginx配置
nginx -t
check_command "Nginx配置测试"

systemctl reload nginx
check_command "Nginx重载"

# 获取SSL证书
echo "获取SSL证书..."
certbot --nginx -d $DOMAIN -d www.$DOMAIN --non-interactive --agree-tos -m admin@$DOMAIN || echo "SSL证书获取失败，请手动获取"

# 更新Nginx配置为HTTPS
cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $DOMAIN www.$DOMAIN;
    
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    
    root /www/wwwroot/$DOMAIN/public;
    index index.php index.html;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Access-Control-Allow-Origin "*";
    }
    
    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
}
EOF

# 重新加载Nginx
nginx -t
systemctl reload nginx

# 设置定时任务
echo "设置定时任务..."
(crontab -u www-data -l 2>/dev/null; echo "* * * * * php /www/wwwroot/$DOMAIN/xcat Job CheckJob") | crontab -u www-data -
(crontab -u www-data -l 2>/dev/null; echo "0 * * * * php /www/wwwroot/$DOMAIN/xcat Job UserJob") | crontab -u www-data -
(crontab -u www-data -l 2>/dev/null; echo "0 0 * * * php /www/wwwroot/$DOMAIN/xcat Job DailyJob") | crontab -u www-data -

echo "=========================================="
echo "SSPanel 安装完成！"
echo "=========================================="

# 输出重要信息
echo "================= 重要信息 ================="
echo "网站地址: https://$DOMAIN"
echo "MySQL root 密码: $MYSQL_ROOT_PASSWORD"
echo "SSPanel 数据库名: $DB_NAME"
echo "SSPanel 数据库用户: $DB_USER"
echo "SSPanel 数据库密码: $DB_PASSWORD"
echo "应用密钥: $APP_KEY"
echo "WebAPI 密钥: $MU_KEY"
echo "网站根目录: /www/wwwroot/$DOMAIN"
echo "=========================================="

echo ""
echo "后续步骤："
echo "1. 运行数据库迁移："
echo "   cd /www/wwwroot/$DOMAIN && php xcat Migration latest"
echo "2. 创建管理员账户："
echo "   cd /www/wwwroot/$DOMAIN && php xcat User createAdmin"
echo "3. 导入默认设置："
echo "   cd /www/wwwroot/$DOMAIN && php xcat ImportSettings config/settings.sql"
echo "4. 访问: https://$DOMAIN"
echo ""
echo "如果SSL证书获取失败，请手动运行："
echo "   certbot --nginx -d $DOMAIN -d www.$DOMAIN"
echo "=========================================="

# 创建安装信息备份
cat > /www/wwwroot/$DOMAIN/install_info.txt <<EOF
安装时间: $(date)
域名: $DOMAIN
MySQL root 密码: $MYSQL_ROOT_PASSWORD
数据库名: $DB_NAME
数据库用户: $DB_USER
数据库密码: $DB_PASSWORD
应用密钥: $APP_KEY
WebAPI 密钥: $MU_KEY
EOF

chmod 600 /www/wwwroot/$DOMAIN/install_info.txt

echo "安装信息已保存到: /www/wwwroot/$DOMAIN/install_info.txt"
echo "请妥善保管这些信息！"

主要改进内容：

1. 完整的错误处理和日志记录
2. 自动SSL证书配置（使用Let’s Encrypt）
3. 更安全的随机密钥生成
4. 完整的Nginx安全配置（包含安全头和缓存设置）
5. 安装信息备份文件
6. 更好的权限管理
7. Redis配置集成
8. 版本验证检查

使用方法：

# 给予执行权限
chmod +x install_sspanel.sh

# 运行脚本
./install_sspanel.sh

# 或者直接运行
bash install_sspanel.sh

这个脚本现在包含了完整的生产环境配置，包括SSL证书、安全头、错误处理等。安装完成后记得按照提示完成数据库迁移和管理员账户创建。

时间: 2025-09-17T22:25:39

---

👤 用户

我的系统是debian12,我自己的域名是yuebin.uk，我看了下面的官方文档后自己写了个安装脚本,帮我看看有没有说明地方需要改进，.config.example.php是官方下载文件的示例。
官方文档：https://docs.sspanel.io/docs/installation/manual-install/
我的脚本地址：https://github.com/yuebinliu/install_sspanel/raw/refs/heads/main/install_sspanel.sh

时间: 2025-09-17T22:18:35

---

🤖 DeepSeek (deepseek-chat)

你的

时间: 2025-09-17T22:18:35

---

👤 用户

我的系统是debian12,我自己的域名是yuebin.uk，我看了下面的官方文档后自己写了个安装脚本,帮我看看有没有说明地方需要改进，.config.example.php是官方下载文件的示例。
官方安装文档：https://docs.sspanel.io/docs/installation/manual-install/
官方源文件下载链接：https://github.com/Anankke/SSPanel-UIM/archive/refs/tags/25.1.0.zip
我的脚本地址：ttps://github.com/yuebinliu/install_sspanel/raw/refs/heads/main/install_sspanel.sh

时间: 2025-09-17T22:20:00

---

🤖 DeepSeek (deepseek-chat)

根据你提供的.config.example.php配置文件和官方文档，我来分析你的安装脚本并提供改进建议。首先我需要查看你的脚本内容，但由于你只提供了脚本地址，我将基于常见的最佳实践和SSPanel安装需求给出建议。

以下是针对SSPanel-UIM安装脚本的改进建议：

主要改进点：

1. 安全性增强：

# 生成更安全的随机密钥（建议使用openssl）
APP_KEY=$(openssl rand -base64 32)
MU_KEY=$(openssl rand -base64 16)

2. 配置文件处理：

# 使用sed动态替换配置值，而不是手动编辑
sed -i "s|'ChangeMe'|'${APP_KEY}'|g" /var/www/sspanel/.config.php
sed -i "s|https://example.com|https://yuebin.uk|g" /var/www/sspanel/.config.php
sed -i "s|'sspanel'|'${DB_PASSWORD}'|g" /var/www/sspanel/.config.php

3. 数据库安全设置：

# 建议在MySQL安装后运行安全脚本
mysql_secure_installation

4. PHP优化：

# 增加PHP内存限制和执行时间（SSPanel需要）
sed -i 's/memory_limit = .*/memory_limit = 512M/' /etc/php/8.2/fpm/php.ini
sed -i 's/max_execution_time = .*/max_execution_time = 300/' /etc/php/8.2/fpm/php.ini

5. Nginx配置优化：

# 添加适当的缓存头和安全头
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
}

6. 备份机制：

# 添加配置文件备份
cp /var/www/sspanel/.config.php /var/www/sspanel/.config.php.backup

7. SSL证书自动化：

# 使用Certbot自动获取SSL证书（如果使用Let's Encrypt）
certbot --nginx -d yuebin.uk -d www.yuebin.uk --non-interactive --agree-tos

8. 安装后验证：

# 添加安装成功验证步骤
curl -I https://yuebin.uk | head -n 1

完整改进版脚本示例：

#!/bin/bash

# SSPanel-UIM 安装脚本 for Debian 12
# 域名: yuebin.uk

set -e

# 颜色输出
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${GREEN}开始安装 SSPanel-UIM...${NC}"

# 生成随机密钥
APP_KEY=$(openssl rand -base64 32)
MU_KEY=$(openssl rand -base64 16)
DB_PASSWORD=$(openssl rand -base64 16)

# 更新系统
apt update
apt upgrade -y

# 安装必要软件
apt install -y nginx mysql-server php8.2-fpm php8.2-curl php8.2-mysql php8.2-gd php8.2-mbstring php8.2-xml unzip curl certbot python3-certbot-nginx redis-server php8.2-redis

# 配置MySQL
mysql -e "CREATE DATABASE sspanel;"
mysql -e "CREATE USER 'sspanel'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';"
mysql -e "GRANT ALL PRIVILEGES ON sspanel.* TO 'sspanel'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"

# 下载SSPanel
cd /var/www
wget https://github.com/Anankke/SSPanel-UIM/archive/refs/tags/25.1.0.zip
unzip 25.1.0.zip
mv SSPanel-UIM-25.1.0 sspanel
rm 25.1.0.zip

# 设置权限
chown -R www-data:www-data /var/www/sspanel
chmod -R 755 /var/www/sspanel

# 复制配置文件
cp /var/www/sspanel/config/.config.example.php /var/www/sspanel/.config.php

# 使用sed动态更新配置
sed -i "s/'ChangeMe'/'${APP_KEY}'/g" /var/www/sspanel/.config.php
sed -i "s|https://example.com|https://yuebin.uk|g" /var/www/sspanel/.config.php
sed -i "s/'sspanel'/'${DB_PASSWORD}'/g" /var/www/sspanel/.config.php
sed -i "s/'ChangeMe'/'${MU_KEY}'/g" /var/www/sspanel/.config.php

# 配置Nginx
cat > /etc/nginx/sites-available/sspanel << EOF
server {
    listen 80;
    server_name yuebin.uk www.yuebin.uk;
    root /var/www/sspanel/public;
    index index.php index.html;

    location / {
        try_files \$uri \$uri/ /index.php\$is_args\$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}
EOF

ln -s /etc/nginx/sites-available/sspanel /etc/nginx/sites-enabled/
rm /etc/nginx/sites-enabled/default

# 测试Nginx配置
nginx -t

# 重启服务
systemctl restart nginx
systemctl restart php8.2-fpm

# 获取SSL证书
certbot --nginx -d yuebin.uk -d www.yuebin.uk --non-interactive --agree-tos -m [email protected]

# 设置定时任务
(crontab -l 2>/dev/null; echo "* * * * * php /var/www/sspanel/xcat Job CheckJob") | crontab -
(crontab -l 2>/dev/null; echo "0 * * * * php /var/www/sspanel/xcat Job UserJob") | crontab -
(crontab -l 2>/dev/null; echo "0 0 * * * php /var/www/sspanel/xcat Job DailyJob") | crontab -

# 初始化数据库
cd /var/www/sspanel
php xcat Migration new
php xcat ImportSettings settings.sql

echo -e "${GREEN}SSPanel-UIM 安装完成!${NC}"
echo -e "${YELLOW}请访问: https://yuebin.uk${NC}"
echo -e "${YELLOW}默认管理员账号: [email protected] 密码: 123456${NC}"
echo -e "${YELLOW}请及时修改默认管理员密码!${NC}"

建议添加的功能：

1. 输入验证：检查域名是否有效
2. 错误处理：添加更详细的错误处理和回滚机制
3. 日志记录：记录安装过程中的关键步骤
4. 依赖检查：在开始前检查所有必要的依赖项
5. 版本检查：验证下载的SSPanel版本是否正确

这些改进将使你的脚本更加健壮、安全且易于维护。记得在实际运行前测试脚本，并根据你的具体需求进行调整。

时间: 2025-09-17T22:20:00

---

👤 用户

这是我的脚本

时间: 2025-09-17T22:23:52

---

🤖 DeepSeek (deepseek-chat)

你的脚本写得相当不错，结构清晰且涵盖了SSPanel安装的主要步骤。不过我还是发现了一些可以改进的地方，主要涉及安全性、配置完整性和错误处理。

主要改进建议：

1. 安全性增强

# 在脚本开头添加这些变量
APP_KEY=$(openssl rand -base64 32)
MU_KEY=$(openssl rand -base64 16)

# 替换现有的密钥生成部分
# 删除这行：APP_KEY=$(php -r "echo 'base64:' . base64_encode(random_bytes(32));")

2. 配置文件处理改进

# 替换现有的sed命令，使用更精确的匹配
sed -i "s|'ChangeMe'|'$APP_KEY'|g" config/.config.php
sed -i "s|'ChangeMe'|'$MU_KEY'|g" config/.config.php
sed -i "s|https://example.com|https://$DOMAIN|g" config/.config.php
sed -i "s|db_database.*=.*'sspanel'|db_database = '$DB_NAME'|g" config/.config.php
sed -i "s|db_username.*=.*'root'|db_username = '$DB_USER'|g" config/.config.php
sed -i "s|db_password.*=.*'sspanel'|db_password = '$DB_PASSWORD'|g" config/.config.php

3. Redis配置

# 在MySQL配置后添加Redis配置
sed -i "s|redis_host.*=.*'127.0.0.1'|redis_host = 'localhost'|g" config/.config.php

4. 错误处理增强

# 在关键步骤添加错误检查
check_command() {
    if [ $? -ne 0 ]; then
        echo "错误: $1 执行失败"
        exit 1
    fi
}

# 使用示例
apt update && apt upgrade -y
check_command "系统更新"

5. SSL证书配置（重要）

# 在Nginx配置后添加SSL证书获取
echo "安装Certbot获取SSL证书..."
apt install -y certbot python3-certbot-nginx

echo "获取SSL证书..."
certbot --nginx -d $DOMAIN -d www.$DOMAIN --non-interactive --agree-tos -m admin@$DOMAIN

# 修改Nginx配置以包含SSL
cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $DOMAIN www.$DOMAIN;
    
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    
    root /www/wwwroot/$DOMAIN/public;
    index index.php index.html;

    # 其余配置保持不变...
}
EOF

6. 完整的安装后步骤

# 替换现有的后续步骤提示
echo "后续步骤："
echo "1. 运行数据库迁移："
echo "   cd /www/wwwroot/$DOMAIN && php xcat Migration latest"
echo "2. 创建管理员账户："
echo "   cd /www/wwwroot/$DOMAIN && php xcat User createAdmin"
echo "3. 导入默认设置："
echo "   cd /www/wwwroot/$DOMAIN && php xcat ImportSettings config/settings.sql"
echo "4. 设置定时任务："
echo "   crontab -u www-data -e"
echo "   添加以下内容："
echo "   * * * * * php /www/wwwroot/$DOMAIN/xcat Job CheckJob"
echo "   0 * * * * php /www/wwwroot/$DOMAIN/xcat Job UserJob"
echo "   0 0 * * * php /www/wwwroot/$DOMAIN/xcat Job DailyJob"
echo "5. 访问: https://$DOMAIN"

7. 添加日志记录

# 在脚本开头添加
LOG_FILE="/var/log/sspanel_install.log"
exec > >(tee -a "$LOG_FILE") 2>&1

echo "安装日志保存在: $LOG_FILE"

8. 版本验证

# 在下载后添加版本验证
if [ ! -f "/www/wwwroot/$DOMAIN/version.md" ]; then
    echo "错误: SSPanel下载可能失败，请检查版本号"
    exit 1
fi

完整改进版脚本要点：

1. 使用更安全的随机密钥生成
2. 完整的SSL证书配置
3. 更好的错误处理和日志记录
4. 更精确的配置文件修改
5. 添加Redis配置
6. 完整的安装后指引

这些改进将使你的脚本更加健壮和安全，特别是SSL证书的自动配置对于生产环境非常重要。记得在实际运行前测试所有更改。

时间: 2025-09-17T22:23:52

---

👤 用户

好的，多谢，能把完整版的给出吗？

时间: 2025-09-17T22:25:39

---

🤖 DeepSeek (deepseek-chat)

好的，这是根据你的脚本和我的建议整理的完整改进版安装脚本：

#!/bin/bash

# SSPanel 安装脚本 for Debian 12
# 域名: yuebin.uk

set -e

# 配置变量
DOMAIN="yuebin.uk"
DB_NAME="sspanel"
DB_USER="sspanel_user"
DB_PASSWORD=$(openssl rand -base64 16 | tr -d '/+' | cut -c1-16)
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 16 | tr -d '/+' | cut -c1-16)
PANEL_VERSION="25.1.0"
APP_KEY=$(openssl rand -base64 32)
MU_KEY=$(openssl rand -base64 16)

# 日志记录
LOG_FILE="/var/log/sspanel_install.log"
exec > >(tee -a "$LOG_FILE") 2>&1

echo "=========================================="
echo "SSPanel 安装脚本"
echo "域名: $DOMAIN"
echo "安装日志: $LOG_FILE"
echo "=========================================="

# 错误检查函数
check_command() {
    if [ $? -ne 0 ]; then
        echo "错误: $1 执行失败"
        exit 1
    fi
}

# 更新系统
echo "更新系统包..."
apt update && apt upgrade -y
check_command "系统更新"

# 安装必要软件
echo "安装必要软件..."
apt install -y curl wget git unzip nginx mariadb-server redis-server php8.2-fpm \
php8.2-common php8.2-mysql php8.2-gd php8.2-mbstring php8.2-xml php8.2-curl \
php8.2-bcmath php8.2-zip php8.2-intl php8.2-redis certbot python3-certbot-nginx
check_command "软件安装"

# 配置MySQL
echo "配置MySQL..."
systemctl start mysql
systemctl enable mysql

# 安全设置MySQL
mysql -u root <<EOF
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
EOF
check_command "MySQL安全配置"

# 创建SSPanel数据库
mysql -u root -p$MYSQL_ROOT_PASSWORD <<EOF
CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;
EOF
check_command "数据库创建"

# 安装Composer
echo "安装Composer..."
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
check_command "Composer安装"

# 创建网站目录
echo "创建网站目录..."
mkdir -p /www/wwwroot/$DOMAIN
cd /www/wwwroot/$DOMAIN

# 下载SSPanel
echo "下载SSPanel..."
wget https://github.com/Anankke/SSPanel-UIM/archive/refs/tags/$PANEL_VERSION.zip -O sspanel.zip
check_command "SSPanel下载"

unzip sspanel.zip
mv SSPanel-UIM-$PANEL_VERSION/* .
mv SSPanel-UIM-$PANEL_VERSION/.* . 2>/dev/null || true
rm -rf SSPanel-UIM-$PANEL_VERSION sspanel.zip

# 验证下载
if [ ! -f "version.md" ]; then
    echo "错误: SSPanel下载可能失败，请检查版本号"
    exit 1
fi

# 安装PHP依赖
echo "安装PHP依赖..."
composer install --no-dev --optimize-autoloader --ignore-platform-reqs
check_command "Composer依赖安装"

# 配置PHP
echo "配置PHP..."
sed -i 's/^;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/8.2/fpm/php.ini
sed -i 's/^max_execution_time = .*/max_execution_time = 300/' /etc/php/8.2/fpm/php.ini
sed -i 's/^memory_limit = .*/memory_limit = 512M/' /etc/php/8.2/fpm/php.ini
sed -i 's/^upload_max_filesize = .*/upload_max_filesize = 100M/' /etc/php/8.2/fpm/php.ini
sed -i 's/^post_max_size = .*/post_max_size = 100M/' /etc/php/8.2/fpm/php.ini

systemctl restart php8.2-fpm
check_command "PHP配置"

# 创建环境配置文件
cp config/.config.example.php config/.config.php
cp config/appprofile.example.php config/appprofile.php

# 配置环境文件
echo "配置环境文件..."
sed -i "s|'ChangeMe'|'$APP_KEY'|g" config/.config.php
sed -i "s|'ChangeMe'|'$MU_KEY'|g" config/.config.php
sed -i "s|https://example.com|https://$DOMAIN|g" config/.config.php
sed -i "s|db_database.*=.*'sspanel'|db_database = '$DB_NAME'|g" config/.config.php
sed -i "s|db_username.*=.*'root'|db_username = '$DB_USER'|g" config/.config.php
sed -i "s|db_password.*=.*'sspanel'|db_password = '$DB_PASSWORD'|g" config/.config.php
sed -i "s|redis_host.*=.*'127.0.0.1'|redis_host = 'localhost'|g" config/.config.php

# 设置文件权限
echo "设置文件权限..."
chown -R www-data:www-data /www/wwwroot/$DOMAIN
find /www/wwwroot/$DOMAIN -type d -exec chmod 755 {} \;
find /www/wwwroot/$DOMAIN -type f -exec chmod 644 {} \;

# 设置需要写权限的目录
chmod -R 777 /www/wwwroot/$DOMAIN/storage
chmod 775 /www/wwwroot/$DOMAIN/public/clients

# 确保 storage 子目录存在且可写
mkdir -p /www/wwwroot/$DOMAIN/storage/framework/smarty/{cache,compile}
mkdir -p /www/wwwroot/$DOMAIN/storage/framework/twig/cache
chmod -R 777 /www/wwwroot/$DOMAIN/storage/framework

# 配置文件权限
chmod 664 /www/wwwroot/$DOMAIN/config/.config.php
chmod 664 /www/wwwroot/$DOMAIN/config/appprofile.php

# 配置Nginx
echo "配置Nginx..."
cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;
    root /www/wwwroot/$DOMAIN/public;
    index index.php index.html;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Access-Control-Allow-Origin "*";
    }
}
EOF

ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default

# 测试Nginx配置
nginx -t
check_command "Nginx配置测试"

systemctl reload nginx
check_command "Nginx重载"

# 获取SSL证书
echo "获取SSL证书..."
certbot --nginx -d $DOMAIN -d www.$DOMAIN --non-interactive --agree-tos -m admin@$DOMAIN || echo "SSL证书获取失败，请手动获取"

# 更新Nginx配置为HTTPS
cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $DOMAIN www.$DOMAIN;
    
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    
    root /www/wwwroot/$DOMAIN/public;
    index index.php index.html;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Access-Control-Allow-Origin "*";
    }
    
    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
}
EOF

# 重新加载Nginx
nginx -t
systemctl reload nginx

# 设置定时任务
echo "设置定时任务..."
(crontab -u www-data -l 2>/dev/null; echo "* * * * * php /www/wwwroot/$DOMAIN/xcat Job CheckJob") | crontab -u www-data -
(crontab -u www-data -l 2>/dev/null; echo "0 * * * * php /www/wwwroot/$DOMAIN/xcat Job UserJob") | crontab -u www-data -
(crontab -u www-data -l 2>/dev/null; echo "0 0 * * * php /www/wwwroot/$DOMAIN/xcat Job DailyJob") | crontab -u www-data -

echo "=========================================="
echo "SSPanel 安装完成！"
echo "=========================================="

# 输出重要信息
echo "================= 重要信息 ================="
echo "网站地址: https://$DOMAIN"
echo "MySQL root 密码: $MYSQL_ROOT_PASSWORD"
echo "SSPanel 数据库名: $DB_NAME"
echo "SSPanel 数据库用户: $DB_USER"
echo "SSPanel 数据库密码: $DB_PASSWORD"
echo "应用密钥: $APP_KEY"
echo "WebAPI 密钥: $MU_KEY"
echo "网站根目录: /www/wwwroot/$DOMAIN"
echo "=========================================="

echo ""
echo "后续步骤："
echo "1. 运行数据库迁移："
echo "   cd /www/wwwroot/$DOMAIN && php xcat Migration latest"
echo "2. 创建管理员账户："
echo "   cd /www/wwwroot/$DOMAIN && php xcat User createAdmin"
echo "3. 导入默认设置："
echo "   cd /www/wwwroot/$DOMAIN && php xcat ImportSettings config/settings.sql"
echo "4. 访问: https://$DOMAIN"
echo ""
echo "如果SSL证书获取失败，请手动运行："
echo "   certbot --nginx -d $DOMAIN -d www.$DOMAIN"
echo "=========================================="

# 创建安装信息备份
cat > /www/wwwroot/$DOMAIN/install_info.txt <<EOF
安装时间: $(date)
域名: $DOMAIN
MySQL root 密码: $MYSQL_ROOT_PASSWORD
数据库名: $DB_NAME
数据库用户: $DB_USER
数据库密码: $DB_PASSWORD
应用密钥: $APP_KEY
WebAPI 密钥: $MU_KEY
EOF

chmod 600 /www/wwwroot/$DOMAIN/install_info.txt

echo "安装信息已保存到: /www/wwwroot/$DOMAIN/install_info.txt"
echo "请妥善保管这些信息！"

主要改进内容：

1. 完整的错误处理和日志记录
2. 自动SSL证书配置（使用Let’s Encrypt）
3. 更安全的随机密钥生成
4. 完整的Nginx安全配置（包含安全头和缓存设置）
5. 安装信息备份文件
6. 更好的权限管理
7. Redis配置集成
8. 版本验证检查

使用方法：

# 给予执行权限
chmod +x install_sspanel.sh

# 运行脚本
./install_sspanel.sh

# 或者直接运行
bash install_sspanel.sh

这个脚本现在包含了完整的生产环境配置，包括SSL证书、安全头、错误处理等。安装完成后记得按照提示完成数据库迁移和管理员账户创建。

时间: 2025-09-17T22:25:39

---

---

对话统计

• 消息总数: 8 条
• 处理状态: 成功转换