@aaricchen1991/n2-cli 1.0.0

package/assets/deploy/ssl/setup-ssl.sh

@@ -0,0 +1,474 @@
+#!/bin/bash
+# SSL 证书申请和安装脚本
+# 使用 acme.sh 和阿里云 DNS API 自动申请 Let's Encrypt 证书
+# 使用方法: setup-ssl.sh --domains <域名> [--ali-key ... --ali-secret ...]
+
+set -e
+
+# 颜色输出
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+log() {
+    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# 检查是否以 root 权限运行
+if [ "$EUID" -ne 0 ]; then 
+    error "请使用 sudo 运行此脚本"
+    exit 1
+fi
+
+# 确保在有效目录下执行，避免 getcwd 报错
+cd /
+
+# 要申请证书的域名（通过 --domains 传入，如 --domains n2-admin.cdqxtech.com）
+TARGET_DOMAIN=""
+
+# 阿里云 API 凭证
+ALI_KEY=""
+ALI_SECRET=""
+
+# Email 地址（用于 ZeroSSL 账户注册，可选）
+ACME_EMAIL=""
+
+# 调试模式
+DEBUG_MODE=false
+
+# 解析命令行参数
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --domains)
+            if [ -n "$2" ]; then
+                IFS=',' read -ra DOMAIN_ARRAY <<< "$2"
+                if [ ${#DOMAIN_ARRAY[@]} -ge 1 ]; then
+                    TARGET_DOMAIN="${DOMAIN_ARRAY[0]}"
+                fi
+                shift 2
+            else
+                shift
+            fi
+            ;;
+        --ali-key)
+            if [ -n "$2" ]; then
+                ALI_KEY="$2"
+                shift 2
+            else
+                shift
+            fi
+            ;;
+        --ali-secret)
+            if [ -n "$2" ]; then
+                ALI_SECRET="$2"
+                shift 2
+            else
+                shift
+            fi
+            ;;
+        --email)
+            if [ -n "$2" ]; then
+                ACME_EMAIL="$2"
+                shift 2
+            else
+                shift
+            fi
+            ;;
+        --debug)
+            DEBUG_MODE=true
+            set -x  # 启用 bash 调试模式，显示所有执行的命令
+            shift
+            ;;
+        *)
+            shift
+            ;;
+    esac
+done
+
+log "开始配置 SSL 证书..."
+if [ -z "$TARGET_DOMAIN" ]; then
+    error "请通过 --domains 指定要申请证书的域名，例如: --domains n2-admin.cdqxtech.com"
+    exit 1
+fi
+log "申请域名: $TARGET_DOMAIN"
+
+# 检查阿里云 API 凭证（优先使用参数，其次使用环境变量）
+if [ -z "$ALI_KEY" ]; then
+    ALI_KEY="$Ali_Key"
+fi
+if [ -z "$ALI_SECRET" ]; then
+    ALI_SECRET="$Ali_Secret"
+fi
+
+if [ -z "$ALI_KEY" ] || [ -z "$ALI_SECRET" ]; then
+    error "未设置阿里云 API 凭证"
+    error "请通过参数传递:"
+    error "  --ali-key \"your_access_key_id\" --ali-secret \"your_access_key_secret\""
+    error "或者设置环境变量:"
+    error "  export Ali_Key=\"your_access_key_id\""
+    error "  export Ali_Secret=\"your_access_key_secret\""
+    exit 1
+fi
+
+# 设置环境变量供 acme.sh 使用
+export Ali_Key="$ALI_KEY"
+export Ali_Secret="$ALI_SECRET"
+
+# 验证阿里云 API 凭证的函数
+verify_ali_api_credentials() {
+    log "验证阿里云 API 凭证..."
+    
+    # 检查凭证是否为空
+    if [ -z "$ALI_KEY" ] || [ -z "$ALI_SECRET" ]; then
+        error "API 凭证为空"
+        return 1
+    fi
+    
+    # 检查凭证格式（AccessKey ID 通常以 LTAI 开头，长度约 16-32 字符）
+    if [ ${#ALI_KEY} -lt 10 ] || [ ${#ALI_KEY} -gt 64 ]; then
+        warning "AccessKey ID 长度异常，请检查是否正确"
+    fi
+    
+    if [ ${#ALI_SECRET} -lt 20 ] || [ ${#ALI_SECRET} -gt 64 ]; then
+        warning "AccessKey Secret 长度异常，请检查是否正确"
+    fi
+    
+    log "API 凭证格式检查通过（实际有效性将在证书申请时验证）"
+    return 0
+}
+
+# 检查域名是否在阿里云 DNS 管理的函数
+check_domain_in_aliyun() {
+    local domain=$1
+    log "检查域名 $domain 是否在阿里云 DNS 管理..."
+    
+    # 提取主域名（例如 tools.qxtool.vip -> qxtool.vip）
+    local main_domain=$(echo "$domain" | sed -E 's/^[^.]*\.(.+)$/\1/')
+    if [ "$main_domain" = "$domain" ]; then
+        main_domain="$domain"
+    fi
+    
+    log "主域名: $main_domain"
+    log "注意：如果域名不在阿里云 DNS 管理，证书申请将失败"
+    log "请确保域名已在阿里云 DNS 控制台添加"
+}
+
+# 检查并处理 Let's Encrypt 速率限制错误
+check_rate_limit_error() {
+    local error_output="$1"
+    local domain="$2"
+    
+    # 检查是否包含速率限制错误
+    if echo "$error_output" | grep -qi "rateLimited\|429\|too many failed authorizations"; then
+        error ""
+        error "⚠️  检测到 Let's Encrypt 速率限制错误"
+        error ""
+        error "原因：在过去的1小时内，域名 $domain 有太多失败的授权尝试（最多5次）"
+        error ""
+        
+        # 尝试提取重试时间
+        local retry_after=$(echo "$error_output" | grep -i "retry after" | sed -n 's/.*retry after \([^:]*\):.*/\1/p' | head -1)
+        if [ -n "$retry_after" ]; then
+            error "下次可重试时间："
+            error "  UTC: $retry_after UTC"
+            
+            # 尝试转换为本地时间
+            local local_time=""
+            local wait_info=""
+            
+            # 方法1: 使用 GNU date (Linux)
+            if local_time=$(TZ=Asia/Shanghai date -d "$retry_after UTC" +"%Y-%m-%d %H:%M:%S %Z" 2>/dev/null); then
+                error "  本地 (CST): $local_time"
+                
+                # 计算剩余等待时间
+                local current_timestamp=$(date +%s 2>/dev/null)
+                local retry_timestamp=$(date -d "$retry_after UTC" +%s 2>/dev/null)
+                if [ -n "$current_timestamp" ] && [ -n "$retry_timestamp" ] && [ $retry_timestamp -gt $current_timestamp ]; then
+                    local wait_seconds=$((retry_timestamp - current_timestamp))
+                    local wait_hours=$((wait_seconds / 3600))
+                    local wait_mins=$(((wait_seconds % 3600) / 60))
+                    wait_info="${wait_hours}小时${wait_mins}分钟"
+                fi
+            # 方法2: 使用 BSD date (macOS) - 先转换为时间戳，再加8小时
+            elif retry_timestamp=$(date -j -f "%Y-%m-%d %H:%M:%S" "$retry_after" +%s 2>/dev/null); then
+                # 加8小时（28800秒）
+                local local_timestamp=$((retry_timestamp + 28800))
+                if local_time=$(TZ=Asia/Shanghai date -j -f "%s" "$local_timestamp" +"%Y-%m-%d %H:%M:%S %Z" 2>/dev/null); then
+                    error "  本地 (CST): $local_time"
+                    
+                    # 计算剩余等待时间
+                    local current_timestamp=$(date +%s 2>/dev/null)
+                    if [ -n "$current_timestamp" ] && [ $retry_timestamp -gt $current_timestamp ]; then
+                        local wait_seconds=$((retry_timestamp - current_timestamp))
+                        local wait_hours=$((wait_seconds / 3600))
+                        local wait_mins=$(((wait_seconds % 3600) / 60))
+                        wait_info="${wait_hours}小时${wait_mins}分钟"
+                    fi
+                fi
+            # 方法3: 手动计算（UTC+8）
+            else
+                local retry_date=$(echo "$retry_after" | awk '{print $1}')
+                local retry_time=$(echo "$retry_after" | awk '{print $2}')
+                if [ -n "$retry_date" ] && [ -n "$retry_time" ]; then
+                    local utc_hour=$(echo "$retry_time" | cut -d: -f1 | sed 's/^0//')
+                    [ -z "$utc_hour" ] && utc_hour=0
+                    local utc_min=$(echo "$retry_time" | cut -d: -f2)
+                    local utc_sec=$(echo "$retry_time" | cut -d: -f3)
+                    
+                    local local_hour=$((utc_hour + 8))
+                    local local_date="$retry_date"
+                    if [ $local_hour -ge 24 ]; then
+                        local_hour=$((local_hour - 24))
+                        # 简单跨天处理（假设月份不超过31天）
+                        local year=$(echo "$retry_date" | cut -d- -f1)
+                        local month=$(echo "$retry_date" | cut -d- -f2)
+                        local day=$(echo "$retry_date" | cut -d- -f3 | sed 's/^0//')
+                        [ -z "$day" ] && day=0
+                        day=$((day + 1))
+                        local_date=$(printf "%04d-%02d-%02d" $year $month $day)
+                    fi
+                    
+                    local local_time_str=$(printf "%02d:%s:%s" $local_hour "$utc_min" "$utc_sec")
+                    error "  本地 (CST): $local_date $local_time_str CST"
+                fi
+            fi
+            
+            if [ -n "$wait_info" ]; then
+                error "  还需等待: $wait_info"
+            fi
+            error ""
+        fi
+        
+        error "解决方案："
+        error "1. 等待速率限制解除（通常需要等待1小时）"
+        error "2. 检查 DNS 配置是否正确，避免重复失败"
+        error "3. 如果急需证书，可以考虑："
+        error "   - 使用 Let's Encrypt Staging 环境进行测试（不会触发速率限制）"
+        error "   - 使用其他 CA（如 ZeroSSL）"
+        error ""
+        error "使用 Staging 环境测试（不会触发速率限制）："
+        error "  $0 --domains \"$domain\" --ali-key \"\$Ali_Key\" --ali-secret \"\$Ali_Secret\" --staging"
+        error ""
+        error "查看详细错误信息："
+        error "  tail -100 ~/.acme.sh/acme.sh.log"
+        error ""
+        return 1
+    fi
+    
+    return 0
+}
+
+# 创建 SSL 证书目录
+log "创建 SSL 证书目录..."
+mkdir -p /etc/nginx/ssl
+chmod 755 /etc/nginx/ssl
+
+# 检查并安装 acme.sh
+log "检查 acme.sh 安装..."
+ACME_SH_HOME="$HOME/.acme.sh"
+if [ ! -f "$ACME_SH_HOME/acme.sh" ]; then
+    log "安装 acme.sh..."
+    curl https://get.acme.sh | sh
+    if [ $? -ne 0 ]; then
+        error "acme.sh 安装失败"
+        exit 1
+    fi
+    # 重新加载环境变量
+    source "$HOME/.bashrc" 2>/dev/null || true
+    source "$HOME/.profile" 2>/dev/null || true
+else
+    log "acme.sh 已安装"
+fi
+
+# 确保 acme.sh 在 PATH 中
+export PATH="$HOME/.acme.sh:$PATH"
+
+# 检查 acme.sh 是否可用
+if ! command -v acme.sh >/dev/null 2>&1; then
+    # 尝试直接使用完整路径
+    if [ -f "$ACME_SH_HOME/acme.sh" ]; then
+        alias acme.sh="$ACME_SH_HOME/acme.sh"
+        ACME_CMD="$ACME_SH_HOME/acme.sh"
+    else
+        error "无法找到 acme.sh，请检查安装"
+        exit 1
+    fi
+else
+    ACME_CMD="acme.sh"
+fi
+
+# 注册 acme.sh 账户（如果需要）
+# 如果提供了 email，注册账户；否则使用 Let's Encrypt（不需要注册）
+USE_ZEROSSL=false
+if [ -n "$ACME_EMAIL" ]; then
+    log "注册 acme.sh 账户（使用 ZeroSSL）..."
+    if [ -f "$ACME_SH_HOME/acme.sh" ]; then
+        if "$ACME_SH_HOME/acme.sh" --register-account -m "$ACME_EMAIL"; then
+            USE_ZEROSSL=true
+            log "ZeroSSL 账户注册成功"
+        else
+            warning "账户注册失败，将使用 Let's Encrypt"
+            USE_ZEROSSL=false
+        fi
+    else
+        if $ACME_CMD --register-account -m "$ACME_EMAIL"; then
+            USE_ZEROSSL=true
+            log "ZeroSSL 账户注册成功"
+        else
+            warning "账户注册失败，将使用 Let's Encrypt"
+            USE_ZEROSSL=false
+        fi
+    fi
+fi
+
+# 如果没有使用 ZeroSSL，明确设置使用 Let's Encrypt CA
+if [ "$USE_ZEROSSL" = false ]; then
+    log "使用 Let's Encrypt CA（不需要账户注册）..."
+    # 明确设置使用 Let's Encrypt CA
+    if [ -f "$ACME_SH_HOME/acme.sh" ]; then
+        "$ACME_SH_HOME/acme.sh" --set-default-ca --server letsencrypt || true
+    else
+        $ACME_CMD --set-default-ca --server letsencrypt || true
+    fi
+fi
+
+# 验证 API 凭证
+verify_ali_api_credentials || {
+    error "API 凭证验证失败"
+    exit 1
+}
+
+# 检查域名
+check_domain_in_aliyun "$TARGET_DOMAIN"
+
+# 申请 Tools 域名证书
+log "申请 $TARGET_DOMAIN 证书..."
+ISSUE_CMD_ARGS="--dns dns_ali -d $TARGET_DOMAIN"
+if [ "$USE_ZEROSSL" = false ]; then
+    ISSUE_CMD_ARGS="$ISSUE_CMD_ARGS --server letsencrypt"
+fi
+
+# 添加调试选项
+if [ "$DEBUG_MODE" = true ]; then
+    ISSUE_CMD_ARGS="$ISSUE_CMD_ARGS --debug"
+    log "启用调试模式"
+fi
+
+# 添加日志选项以便查看详细错误
+ISSUE_CMD_ARGS="$ISSUE_CMD_ARGS --log"
+
+log "执行命令: $ACME_CMD --issue $ISSUE_CMD_ARGS"
+log "如果失败，请查看日志: tail -f ~/.acme.sh/acme.sh.log"
+
+# 捕获错误输出
+ERROR_OUTPUT=""
+if [ -f "$ACME_SH_HOME/acme.sh" ]; then
+    if ! ERROR_OUTPUT=$("$ACME_SH_HOME/acme.sh" --issue $ISSUE_CMD_ARGS 2>&1); then
+        # 检查是否是速率限制错误
+        if ! check_rate_limit_error "$ERROR_OUTPUT" "$TARGET_DOMAIN"; then
+            exit 1
+        fi
+        
+        error "$TARGET_DOMAIN 证书申请失败"
+        error ""
+        error "可能的原因："
+        error "1. 阿里云 API 凭证无效或权限不足"
+        error "2. 域名 $TARGET_DOMAIN 不在阿里云 DNS 管理"
+        error "3. RAM 用户缺少 DNS 管理权限（需要 AliyunDNSFullAccess 或自定义权限）"
+        error "4. 网络连接问题"
+        error ""
+        error "排查步骤："
+        error "1. 检查 API 凭证是否正确: echo \$Ali_Key"
+        error "2. 确认域名在阿里云 DNS 控制台已添加"
+        error "3. 检查 RAM 用户权限是否包含 alidns:AddDomainRecord"
+        error "4. 查看详细日志: tail -100 ~/.acme.sh/acme.sh.log"
+        error "5. 使用调试模式重新运行: $0 --debug --ali-key \"\$Ali_Key\" --ali-secret \"\$Ali_Secret\""
+        exit 1
+    fi
+else
+    if ! ERROR_OUTPUT=$($ACME_CMD --issue $ISSUE_CMD_ARGS 2>&1); then
+        # 检查是否是速率限制错误
+        if ! check_rate_limit_error "$ERROR_OUTPUT" "$TARGET_DOMAIN"; then
+            exit 1
+        fi
+        
+        error "$TARGET_DOMAIN 证书申请失败"
+        error ""
+        error "可能的原因："
+        error "1. 阿里云 API 凭证无效或权限不足"
+        error "2. 域名 $TARGET_DOMAIN 不在阿里云 DNS 管理"
+        error "3. RAM 用户缺少 DNS 管理权限（需要 AliyunDNSFullAccess 或自定义权限）"
+        error "4. 网络连接问题"
+        error ""
+        error "排查步骤："
+        error "1. 检查 API 凭证是否正确: echo \$Ali_Key"
+        error "2. 确认域名在阿里云 DNS 控制台已添加"
+        error "3. 检查 RAM 用户权限是否包含 alidns:AddDomainRecord"
+        error "4. 查看详细日志: tail -100 ~/.acme.sh/acme.sh.log"
+        error "5. 使用调试模式重新运行: $0 --debug --ali-key \"\$Ali_Key\" --ali-secret \"\$Ali_Secret\""
+        exit 1
+    fi
+fi
+
+log "$TARGET_DOMAIN 证书申请成功"
+
+# 安装 Tools 域名证书到 nginx
+log "安装 $TARGET_DOMAIN 证书到 nginx..."
+if [ -f "$ACME_SH_HOME/acme.sh" ]; then
+    "$ACME_SH_HOME/acme.sh" --install-cert \
+        -d "$TARGET_DOMAIN" \
+        --key-file /etc/nginx/ssl/${TARGET_DOMAIN}.key \
+        --fullchain-file /etc/nginx/ssl/${TARGET_DOMAIN}.crt \
+        --reloadcmd "systemctl reload nginx || true"
+else
+    $ACME_CMD --install-cert \
+        -d "$TARGET_DOMAIN" \
+        --key-file /etc/nginx/ssl/${TARGET_DOMAIN}.key \
+        --fullchain-file /etc/nginx/ssl/${TARGET_DOMAIN}.crt \
+        --reloadcmd "systemctl reload nginx || true"
+fi
+
+# 设置证书文件权限
+chmod 600 /etc/nginx/ssl/${TARGET_DOMAIN}.key
+chmod 644 /etc/nginx/ssl/${TARGET_DOMAIN}.crt
+chown root:root /etc/nginx/ssl/${TARGET_DOMAIN}.key
+chown root:root /etc/nginx/ssl/${TARGET_DOMAIN}.crt
+
+log "$TARGET_DOMAIN 证书安装完成"
+
+# 测试 nginx 配置
+log "测试 nginx 配置..."
+if nginx -t; then
+    log "Nginx 配置验证成功"
+    # 重新加载 nginx
+    if systemctl is-active --quiet nginx 2>/dev/null; then
+        log "重新加载 Nginx..."
+        systemctl reload nginx || warning "Nginx 重新加载失败，请手动检查"
+    else
+        warning "Nginx 未运行，请手动启动: sudo systemctl start nginx"
+    fi
+else
+    error "Nginx 配置验证失败，请检查配置文件"
+    exit 1
+fi
+
+log ""
+log "SSL 证书配置完成！"
+log ""
+log "证书文件位置："
+log "  - $TARGET_DOMAIN: /etc/nginx/ssl/${TARGET_DOMAIN}.crt"
+log ""
+log "注意："
+log "  - acme.sh 已自动配置 cron 任务，证书将自动续期"
+log "  - 证书续期后会自动重新加载 nginx"
+log "  - 可以通过 'crontab -l' 查看续期任务"
+

package/dist/cli.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+/**
+ * n2-deploy CLI: server init, nginx config, SSL management.
+ * Config: default ~/.deploy/config.yaml (ALIYUN keys + domains).
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;GAGG"}

package/dist/cli.js

@@ -0,0 +1,186 @@
+#!/usr/bin/env node
+/**
+ * n2-deploy CLI: server init, nginx config, SSL management.
+ * Config: default ~/.deploy/config.yaml (ALIYUN keys + domains).
+ */
+import { Command } from "commander";
+import consola from "consola";
+import { runConfigDelete, runConfigGet, runConfigInit, runConfigList, runConfigSet, } from "./commands/config.js";
+import { runInit } from "./commands/init.js";
+import { runNginx } from "./commands/nginx.js";
+import { runSslLogs } from "./commands/ssl-logs.js";
+import { runSsl } from "./commands/ssl.js";
+import { getDefaultConfigPath } from "./lib/paths.js";
+const defaultConfig = getDefaultConfigPath();
+const program = new Command();
+program
+    .name("n2-deploy")
+    .description("Server init, nginx config generation, and SSL certificate management")
+    .version("0.1.0");
+const configCmd = program
+    .command("config")
+    .description("配置管理：初始化、查看、设置、删除配置项")
+    .option("-c, --config <path>", "配置文件路径（默认 ~/.deploy/config.yaml）", defaultConfig);
+function configPathFromCmd(cmd) {
+    const selfOpts = cmd.opts?.() ?? {};
+    const parentOpts = cmd.parent?.opts?.() ?? {};
+    return (selfOpts.config ??
+        parentOpts.config ??
+        defaultConfig);
+}
+configCmd
+    .command("init")
+    .description("初始化配置文件（创建 ~/.deploy/config.yaml 默认模板）")
+    .option("-c, --config <path>", "配置文件路径", defaultConfig)
+    .option("-f, --force", "已存在时覆盖")
+    .action(async (opts, cmd) => {
+    const configPath = opts.config ?? configPathFromCmd(cmd);
+    try {
+        await runConfigInit({ config: configPath, force: opts.force });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+configCmd
+    .command("list")
+    .description("列出所有配置项")
+    .option("-c, --config <path>", "配置文件路径", defaultConfig)
+    .action(async (opts, cmd) => {
+    const configPath = opts?.config ?? configPathFromCmd(cmd);
+    try {
+        await runConfigList({ config: configPath });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+configCmd
+    .command("get [key]")
+    .description("查看配置项（不传 key 则列出全部）。key: aliyun_access_key_id, api.backend_port, admin.domains 等")
+    .option("-c, --config <path>", "配置文件路径", defaultConfig)
+    .action(async (key, opts, cmd) => {
+    const configPath = opts?.config ?? configPathFromCmd(cmd);
+    try {
+        await runConfigGet({ config: configPath, key });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+configCmd
+    .command("set <key> [values...]")
+    .description("设置配置项。domains 类可传多个值，如: config set admin.domains a.com b.com")
+    .option("-c, --config <path>", "配置文件路径", defaultConfig)
+    .action(async (key, values, opts, cmd) => {
+    const configPath = opts?.config ?? configPathFromCmd(cmd);
+    try {
+        await runConfigSet({
+            config: configPath,
+            key,
+            values: Array.isArray(values) ? values : values ? [values] : [],
+        });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+configCmd
+    .command("delete <key>")
+    .description("删除/清空配置项（domains 清空列表，密钥置空）")
+    .option("-c, --config <path>", "配置文件路径", defaultConfig)
+    .action(async (key, opts, cmd) => {
+    const configPath = opts?.config ?? configPathFromCmd(cmd);
+    try {
+        await runConfigDelete({ config: configPath, key });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+program
+    .command("init")
+    .description("初始化服务器（幂等）：nginx、目录、deploy.sh、占位证书")
+    .option("-c, --config <path>", "配置文件路径（默认 ~/.deploy/config.yaml）", defaultConfig)
+    .option("--scripts-dir <path>", "部署脚本目录（默认 N2_DEPLOY_SCRIPTS_DIR 或包内 assets/deploy）")
+    .action(async (opts) => {
+    try {
+        await runInit({ config: opts.config, scriptsDir: opts.scriptsDir });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+program
+    .command("nginx")
+    .description("Generate nginx config from domains config; optionally install and reload")
+    .option("-c, --config <path>", "Path to deploy config (default: ~/.deploy/config.yaml)", defaultConfig)
+    .option("-o, --output <path>", "Output path for nginx config", "nginx/n2.conf")
+    .option("-i, --install", "Install to system nginx dir and reload")
+    .action(async (opts) => {
+    try {
+        await runNginx({
+            config: opts.config,
+            output: opts.output,
+            install: opts.install,
+        });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+program
+    .command("ssl")
+    .description("Setup/renew SSL certificates for all domains (acme.sh + Aliyun DNS)")
+    .option("-c, --config <path>", "Path to deploy config (default: ~/.deploy/config.yaml)", defaultConfig)
+    .option("--ali-key <key>", "Aliyun Access Key ID (or set ALIYUN_ACCESS_KEY_ID)")
+    .option("--ali-secret <secret>", "Aliyun Access Key Secret (or set ALIYUN_ACCESS_KEY_SECRET)")
+    .option("--log-file <path>", "SSL log file path", "/opt/deploy/logs/ssl.log")
+    .option("--scripts-dir <path>", "Path to deploy scripts")
+    .action(async (opts) => {
+    try {
+        await runSsl({
+            config: opts.config,
+            aliKey: opts.aliKey,
+            aliSecret: opts.aliSecret,
+            logFile: opts.logFile,
+            scriptsDir: opts.scriptsDir,
+        });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+program
+    .command("ssl-logs")
+    .description("View SSL log (create, renew, success, failure)")
+    .option("--log-file <path>", "SSL log file path", "/opt/deploy/logs/ssl.log")
+    .option("-n, --lines <n>", "Number of lines to show", "50")
+    .option("-f, --follow", "Follow log (tail -f)")
+    .option("--action <action>", "Filter by action: create | renew | success | failure | run")
+    .option("--result <result>", "Filter by result: ok | fail")
+    .action(async (opts) => {
+    try {
+        await runSslLogs({
+            logFile: opts.logFile,
+            lines: parseInt(opts.lines, 10) || 50,
+            follow: opts.follow,
+            action: opts.action,
+            result: opts.result,
+        });
+    }
+    catch (e) {
+        consola.error(e);
+        process.exit(1);
+    }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EACL,eAAe,EACf,YAAY,EACZ,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAEtD,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;AAC7C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CACV,sEAAsE,CACvE;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,sBAAsB,CAAC;KACnC,MAAM,CACL,qBAAqB,EACrB,kCAAkC,EAClC,aAAa,CACd,CAAC;AAEJ,SAAS,iBAAiB,CAAC,GAG1B;IACC,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC;IAC9C,OAAO,CACJ,QAAgC,CAAC,MAAM;QACvC,UAAkC,CAAC,MAAM;QAC1C,aAAa,CACd,CAAC;AACJ,CAAC;AAED,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wCAAwC,CAAC;KACrD,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC;KACtD,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC;KAC/B,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACzD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,SAAS,CAAC;KACtB,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC;KACtD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IAC1B,MAAM,UAAU,GAAG,IAAI,EAAE,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CACV,kFAAkF,CACnF;KACA,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC;KACtD,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,IAAI,EAAE,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,uBAAuB,CAAC;KAChC,WAAW,CACV,8DAA8D,CAC/D;KACA,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC;KACtD,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,EAAE,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,YAAY,CAAC;YACjB,MAAM,EAAE,UAAU;YAClB,GAAG;YACH,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;SAChE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,cAAc,CAAC;KACvB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE,aAAa,CAAC;KACtD,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAG,IAAI,EAAE,MAAM,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,oCAAoC,CAAC;KACjD,MAAM,CACL,qBAAqB,EACrB,kCAAkC,EAClC,aAAa,CACd;KACA,MAAM,CACL,sBAAsB,EACtB,oDAAoD,CACrD;KACA,MAAM,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;IACnB,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CACV,0EAA0E,CAC3E;KACA,MAAM,CACL,qBAAqB,EACrB,wDAAwD,EACxD,aAAa,CACd;KACA,MAAM,CACL,qBAAqB,EACrB,8BAA8B,EAC9B,eAAe,CAChB;KACA,MAAM,CAAC,eAAe,EAAE,wCAAwC,CAAC;KACjE,MAAM,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;IACnB,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CACV,qEAAqE,CACtE;KACA,MAAM,CACL,qBAAqB,EACrB,wDAAwD,EACxD,aAAa,CACd;KACA,MAAM,CACL,iBAAiB,EACjB,oDAAoD,CACrD;KACA,MAAM,CACL,uBAAuB,EACvB,4DAA4D,CAC7D;KACA,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,0BAA0B,CAAC;KAC5E,MAAM,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;KACxD,MAAM,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC;YACX,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,0BAA0B,CAAC;KAC5E,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC1D,MAAM,CAAC,cAAc,EAAE,sBAAsB,CAAC;KAC9C,MAAM,CACL,mBAAmB,EACnB,4DAA4D,CAC7D;KACA,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;IACnB,IAAI,CAAC;QACH,MAAM,UAAU,CAAC;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,EAAE;YACrC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}