chore: restore initial vtuber source snapshot
This commit is contained in:
138
scripts/check-vtuber-offline-110.sh
Executable file
138
scripts/check-vtuber-offline-110.sh
Executable file
@@ -0,0 +1,138 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
DOMAIN="${1:-vtuber.wooo.work}"
|
||||
TARGET_IP="${2:-114.32.151.246}"
|
||||
DNS_RESOLVER="${3:-8.8.8.8}"
|
||||
STRICT_MODE="${4:-1}"
|
||||
|
||||
strict_mode="${CHECK_STRICT_MODE:-${STRICT_MODE}}"
|
||||
|
||||
fail_count=0
|
||||
resolved_count=0
|
||||
|
||||
need_cmd() {
|
||||
if ! command -v "$1" >/dev/null 2>&1; then
|
||||
echo "❌ 缺少指令:$1"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
need_cmd dig
|
||||
need_cmd openssl
|
||||
need_cmd curl
|
||||
|
||||
echo "===== DNS 解析檢查 ====="
|
||||
echo "網域:${DOMAIN}"
|
||||
echo "預期 A 紀錄指向:${TARGET_IP}"
|
||||
echo "採用解析器:${DNS_RESOLVER}"
|
||||
echo "嚴格檢查:${strict_mode}"
|
||||
|
||||
a_records="$(dig +short A "${DOMAIN}" @"${DNS_RESOLVER}" | awk 'NF {print $1}' | sort -u)"
|
||||
aaaa_records="$(dig +short AAAA "${DOMAIN}" @"${DNS_RESOLVER}" | awk 'NF {print $1}' | sort -u)"
|
||||
|
||||
if [ -z "${a_records}" ] && [ -z "${aaaa_records}" ]; then
|
||||
echo "⚠️ 無法解析到 A/AAAA;請檢查 DNS zone 是否有建立 ${DOMAIN} 的 A/AAAA 紀錄。"
|
||||
fail_count=$((fail_count + 1))
|
||||
else
|
||||
echo "A 紀錄:${a_records:-(未設定)}"
|
||||
echo "AAAA 紀錄:${aaaa_records:-(未設定)}"
|
||||
if printf '%s\n' "${a_records}" | grep -Fxq "${TARGET_IP}"; then
|
||||
echo "✅ A 紀錄包含 ${TARGET_IP}"
|
||||
resolved_count=$((resolved_count + 1))
|
||||
else
|
||||
echo "⚠️ ${DOMAIN} 的 A 紀錄未看到 ${TARGET_IP}"
|
||||
echo " 請檢查 DNS:A Record (${DOMAIN}) = ${TARGET_IP}"
|
||||
echo " 修正指引:在 DNS 面板把 vtuber.wooo.work 的 A Record 指到 ${TARGET_IP}"
|
||||
fail_count=$((fail_count + 1))
|
||||
fi
|
||||
fi
|
||||
|
||||
if command -v host >/dev/null 2>&1; then
|
||||
host "${DOMAIN}" | sed -n '1,4p' || true
|
||||
else
|
||||
echo "(已略過 host 查詢,未安裝 host 指令)"
|
||||
fi
|
||||
echo
|
||||
|
||||
echo "===== HTTPS 憑證檢查 ====="
|
||||
cert_pem="$(echo | openssl s_client -connect "${DOMAIN}:443" -servername "${DOMAIN}" 2>/dev/null | openssl x509 2>/dev/null || true)"
|
||||
if [ -z "${cert_pem}" ]; then
|
||||
echo "❌ 無法抓到 TLS 憑證(連線或憑證有問題)"
|
||||
fail_count=$((fail_count + 1))
|
||||
else
|
||||
subject="$(printf '%s\n' "${cert_pem}" | openssl x509 -noout -subject)"
|
||||
issuer="$(printf '%s\n' "${cert_pem}" | openssl x509 -noout -issuer)"
|
||||
start_date="$(printf '%s\n' "${cert_pem}" | openssl x509 -noout -startdate)"
|
||||
end_date="$(printf '%s\n' "${cert_pem}" | openssl x509 -noout -enddate)"
|
||||
san="$(printf '%s\n' "${cert_pem}" | openssl x509 -noout -ext subjectAltName 2>/dev/null || true)"
|
||||
|
||||
echo "Subject: ${subject}"
|
||||
echo "Issuer: ${issuer}"
|
||||
echo "起始: ${start_date}"
|
||||
echo "到期: ${end_date}"
|
||||
echo "SAN: ${san:-(未提供)}"
|
||||
|
||||
if printf '%s\n' "${san}" | grep -q "DNS:${DOMAIN}"; then
|
||||
echo "✅ 憑證 SAN 包含 ${DOMAIN}"
|
||||
else
|
||||
echo "⚠️ 憑證 SAN 未明確列出 ${DOMAIN}"
|
||||
fail_count=$((fail_count + 1))
|
||||
fi
|
||||
|
||||
if printf '%s\n' "${cert_pem}" | openssl x509 -checkend $((7*24*60*60)) >/dev/null 2>&1; then
|
||||
echo "✅ 憑證未於 7 日內到期"
|
||||
else
|
||||
echo "⚠️ 憑證疑似 7 日內到期"
|
||||
fail_count=$((fail_count + 1))
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
|
||||
echo "===== 路徑可達性檢查 ====="
|
||||
check_url() {
|
||||
local label="$1"
|
||||
local url="$2"
|
||||
local expect_http="${3:-200}"
|
||||
local output
|
||||
shift 3
|
||||
output="$(curl -ksS -m 12 -o /dev/null -w 'HTTP %{http_code} | total=%{time_total}s | remote=%{remote_ip}' "$@" "$url" || true)"
|
||||
local http_code
|
||||
http_code="$(printf '%s\n' "${output}" | awk '{print $2}')"
|
||||
|
||||
if [ -z "${output}" ] || [ "${http_code}" = "000" ] || [ -z "${http_code}" ]; then
|
||||
echo "❌ ${label}:連線失敗"
|
||||
fail_count=$((fail_count + 1))
|
||||
elif [ "${http_code}" != "${expect_http}" ]; then
|
||||
echo "❌ ${label}:HTTP ${http_code}(預期 ${expect_http})"
|
||||
fail_count=$((fail_count + 1))
|
||||
else
|
||||
echo "✅ ${label}:${output}"
|
||||
fi
|
||||
}
|
||||
|
||||
check_url "域名直連" "https://${DOMAIN}/live/demo" 200
|
||||
check_url "域名繁中直連" "https://${DOMAIN}/zh-TW/live/demo" 200
|
||||
check_url "SNI 直定向到 ${TARGET_IP}" "https://${DOMAIN}/live/demo" \
|
||||
--resolve "${DOMAIN}:443:${TARGET_IP}" 200
|
||||
check_url "IP + Host 直走 (防止 host 漏配)" "http://${TARGET_IP}/live/demo" \
|
||||
-H "Host: ${DOMAIN}" 200
|
||||
check_url "純 IP 訪問(不帶 Host)" "http://${TARGET_IP}/live/demo" 200
|
||||
|
||||
echo
|
||||
if [ "${fail_count}" -eq 0 ]; then
|
||||
echo "總結:✅ 全部檢查通過。"
|
||||
else
|
||||
echo "總結:⚠️ ${fail_count} 項提醒,需先補上對應修正。"
|
||||
fi
|
||||
|
||||
if [ "${strict_mode}" != "0" ] && [ "${fail_count}" -gt 0 ]; then
|
||||
echo "部署門檻:❌ 因嚴格模式,非 0 值結果將阻止後續流程。"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${fail_count}" -gt 0 ] && [ "${resolved_count}" -eq 0 ]; then
|
||||
echo "DNS 門檻:❌ 外網無法直接導向目標主機,這通常代表流量仍在舊站。"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
44
scripts/deploy-and-verify-vtuber110.sh
Executable file
44
scripts/deploy-and-verify-vtuber110.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
|
||||
ENV_FILE="${ROOT_DIR}/deploy/.env.prod"
|
||||
DEFAULT_ENV_FILE="${ROOT_DIR}/deploy/.env.prod.example"
|
||||
|
||||
if [ ! -f "${ENV_FILE}" ]; then
|
||||
if [ -f "${DEFAULT_ENV_FILE}" ]; then
|
||||
echo "⚠️ 找不到 deploy/.env.prod,先複製並填寫預設值:"
|
||||
echo "cp deploy/.env.prod.example deploy/.env.prod"
|
||||
else
|
||||
echo "❌ 找不到 deploy/.env.prod"
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source "${ENV_FILE}"
|
||||
|
||||
TARGET_DOMAIN="${APP_DOMAIN:-vtuber.wooo.work}"
|
||||
TARGET_HOST="${DEPLOY_HOST:-114.32.151.246}"
|
||||
|
||||
cd "${ROOT_DIR}"
|
||||
|
||||
echo "=== Step 1: 正式版推版到 ${DEPLOY_USER}@${TARGET_HOST} ==="
|
||||
./deploy/deploy-prod.sh
|
||||
|
||||
echo
|
||||
|
||||
echo "=== Step 2: 內網服務健康檢查 ==="
|
||||
curl -ksS -o /dev/null -w "[內網] /live/demo => HTTP %{http_code} | 花費 %{time_total}s\n" "http://${TARGET_HOST}:3200/live/demo"
|
||||
|
||||
if [ -n "${TARGET_DOMAIN}" ]; then
|
||||
echo
|
||||
echo "=== Step 3: 外網導向一致性檢查 ==="
|
||||
./scripts/check-vtuber-offline-110.sh "${TARGET_DOMAIN}" "${TARGET_HOST}" 8.8.8.8 1
|
||||
else
|
||||
echo
|
||||
echo "=== Step 3: 外網導向檢查已略過(缺少 APP_DOMAIN) ==="
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "✅ 推版+驗證流程完成。"
|
||||
33
scripts/verify-live-domain-110.sh
Executable file
33
scripts/verify-live-domain-110.sh
Executable file
@@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
DOMAIN="${1:-vtuber.wooo.work}"
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
|
||||
|
||||
cd "${ROOT_DIR}"
|
||||
|
||||
echo "=== Step 1: 執行正式站推版+外網可用性基礎檢查 ==="
|
||||
./scripts/deploy-and-verify-vtuber110.sh
|
||||
|
||||
echo
|
||||
echo "=== Step 2: 正式網域直播頁路由逐一驗證 ==="
|
||||
|
||||
for path in "/live/demo" "/zh-TW/live/demo"; do
|
||||
url="https://${DOMAIN}${path}"
|
||||
http_code="$(curl -ksS -m 12 -o /dev/null -w '%{http_code}' "$url" || true)"
|
||||
|
||||
if [ -z "${http_code}" ] || [ "${http_code}" = "000" ]; then
|
||||
echo "❌ ${url}:連線失敗"
|
||||
exit 1
|
||||
elif [ "${http_code}" != "200" ]; then
|
||||
echo "❌ ${url}:HTTP ${http_code}(預期 200)"
|
||||
exit 1
|
||||
else
|
||||
echo "✅ ${url}:HTTP ${http_code}"
|
||||
fi
|
||||
done
|
||||
|
||||
echo
|
||||
echo "✅ 所有正式網域直播路由驗證通過。"
|
||||
Reference in New Issue
Block a user