chore: 直接监听 80 端口，移除 Nginx 反代；授予绑定权限

2025-11-22 21:36:55 +08:00
parent 02d0df4cdf
commit f4dc959bbe
1 changed files with 7 additions and 25 deletions
--- a/setup.sh
+++ b/setup.sh
@@ -10,7 +10,7 @@ VERSION=${VERSION_ID:-}
 echo "更新系统软件源..."
 apt-get update -y
 echo "安装基础依赖..."
-apt-get install -y python3 python3-venv python3-pip nginx git ffmpeg rsync curl gnupg
+apt-get install -y python3 python3-venv python3-pip git ffmpeg rsync curl gnupg libcap2-bin
 echo "安装并启动 MongoDB..."
 if ! command -v mongod >/dev/null 2>&1; then
@@ -47,6 +47,9 @@ fi
 chown -R www-data:www-data /srv/taiko-web
 echo "为 Python 进程授予 80 端口绑定权限..."
 setcap 'cap_net_bind_service=+ep' /srv/taiko-web/.venv/bin/python3 || true
 echo "创建 systemd 服务..."
 cat >/etc/systemd/system/taiko-web.service <<'EOF'
 [Unit]
@@ -57,7 +60,7 @@ After=network.target mongod.service redis-server.service
 Type=simple
 WorkingDirectory=/srv/taiko-web
 Environment=PYTHONUNBUFFERED=1
-ExecStart=/srv/taiko-web/.venv/bin/gunicorn -b 127.0.0.1:8000 app:app
+ExecStart=/srv/taiko-web/.venv/bin/gunicorn -b 0.0.0.0:80 app:app
 Restart=always
 User=www-data
 Group=www-data
@@ -70,29 +73,8 @@ systemctl daemon-reload
 systemctl enable taiko-web
 systemctl restart taiko-web
 echo "配置 Nginx 站点..."
 cat >/etc/nginx/sites-available/taiko-web <<'EOF'
 server {
    listen 80 default_server;
    server_name _;
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:8000;
    }
 }
 EOF
 ln -sf /etc/nginx/sites-available/taiko-web /etc/nginx/sites-enabled/taiko-web
 rm -f /etc/nginx/sites-enabled/default || true
 nginx -t
 systemctl restart nginx
 if command -v ufw >/dev/null 2>&1; then
-  ufw allow 'Nginx Full' || true
+  ufw allow 80/tcp || true
 fi
-echo "部署完成"
+echo "部署完成（直接监听 80 端口）"