fix: 兼容旧版本证书安装，兼容旧版本docker compose

2026-01-31 11:46:16 +08:00 · 2025-12-18 17:44:02 +08:00
parent 6e23824a45
commit 68fc7cee3b
3 changed files with 36 additions and 9 deletions
--- a/docker/scripts/common.sh
+++ b/docker/scripts/common.sh
@@ -27,10 +27,10 @@ check_docker() {

 # ==================== Docker Compose 命令检测 ====================
 detect_compose_cmd() {
-    if command -v docker-compose >/dev/null 2>&1; then
-        COMPOSE_CMD="docker-compose"
-    elif docker compose version >/dev/null 2>&1; then
+    if docker compose version >/dev/null 2>&1; then
        COMPOSE_CMD="docker compose"
+    elif command -v docker-compose >/dev/null 2>&1; then
+        COMPOSE_CMD="docker-compose"
    else
        log_error "未检测到 docker-compose 或 docker compose。"
        exit 1
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -42,10 +42,10 @@ if ! docker info >/dev/null 2>&1; then
    exit 1
 fi

-if command -v docker-compose >/dev/null 2>&1; then
-    COMPOSE_CMD="docker-compose"
-elif docker compose version >/dev/null 2>&1; then
+if docker compose version >/dev/null 2>&1; then
    COMPOSE_CMD="docker compose"
+elif command -v docker-compose >/dev/null 2>&1; then
+    COMPOSE_CMD="docker-compose"
 else
    echo -e "${RED}[ERROR]${NC} 未检测到 docker compose，请先安装"
    exit 1
--- a/install.sh
+++ b/install.sh
@@ -126,7 +126,7 @@ update_env_var() {
 GENERATED_DB_PASSWORD=""
 GENERATED_DJANGO_KEY=""

-# 生成自签 HTTPS 证书（无域名场景）
+# 生成自签 HTTPS 证书（无域名场景）——兼容旧版 OpenSSL
 generate_self_signed_cert() {
    local ssl_dir="$DOCKER_DIR/nginx/ssl"
    local fullchain="$ssl_dir/fullchain.pem"
@@ -139,15 +139,42 @@ generate_self_signed_cert() {

    info "未检测到 HTTPS 证书，正在生成自签证书（localhost）..."
    mkdir -p "$ssl_dir"
+
+    # 创建临时配置文件（兼容 OpenSSL 1.0.2）
+    local config_file="/tmp/openssl-selfsigned.cnf"
+    cat > "$config_file" << EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = CN
+ST = NA
+L = NA
+O = XingRin
+CN = localhost
+
+[v3_req]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = DNS:localhost,IP:127.0.0.1
+EOF
+
    if openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
        -keyout "$privkey" \
        -out "$fullchain" \
        -subj "/C=CN/ST=NA/L=NA/O=XingRin/CN=localhost" \
-        -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" >/dev/null 2>&1; then
+        -config "$config_file" \
+        -extensions v3_req >/dev/null 2>&1; then
        success "自签证书已生成: $ssl_dir"
    else
-        warn "自签证书生成失败，请检查 openssl 是否可用，或手动放置证书到 $ssl_dir"
+        warn "自签证书生成失败（可能是 OpenSSL 版本过旧），请手动放置证书到 $ssl_dir"
+        warn "或者升级系统 OpenSSL，或使用 Let's Encrypt 证书"
    fi
+
+    # 清理临时配置文件
+    rm -f "$config_file"
 }

 # 自动为 docker/.env 填充敏感变量