fnvtk/karuo-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔄 卡若AI 同步 2026-02-22 06:08 | 更新:金仓、运营中枢工作台 | 排除 >20MB: 5 个

Browse Source
This commit is contained in:
karuo
2026-02-22 06:08:27 +08:00
parent bf88406274
commit 729e01c896
5 changed files with 157 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
01_卡资(金)/金仓_存储备份/服务器管理/references/宝塔_域名无法访问_lkdie_lytiao_诊断与修复.md
View File

@@ -108,7 +108,14 @@ openssl x509 -in /www/server/panel/vhost/cert/www.lkdie.com/fullchain.pem -noout
| 脚本/文档 | 用途 |
|-----------|------|
| `scripts/kr宝塔_SSH登录.sh` | 远程执行命令SSH 可用时 |
| **`scripts/腾讯云_TAT_修复lkdie_lytiao.py`** | **免 SSH 一键修复**(腾讯云 TAT推荐 |
| `scripts/宝塔_修复lkdie_lytiao_终端执行.sh` | 宝塔面板 → 终端 复制粘贴执行 |
| `scripts/kr宝塔_宝塔API_修复502.py` | 通过宝塔 API 重启 Nginx需 API 白名单) |
| `references/SSH登录方式与故障排查.md` | SSH 登录与 fail2ban 解封 |
| `references/kr宝塔_网络与服务器卡顿_检查与处理.md` | 502 修复、带宽排查 |
**一键修复命令**(本机执行):
```bash
cd "/Users/karuo/Documents/个人/卡若AI"
./01_卡资/金仓_存储备份/服务器管理/scripts/.venv_tx/bin/python \
"01_卡资/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py"
```

43
01_卡资(金)/金仓_存储备份/服务器管理/scripts/宝塔_修复lkdie_lytiao_终端执行.sh Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
# 在 kr宝塔 宝塔面板 → 终端 全文复制粘贴执行
# 修复lkdie.com 502 + lytiao.com ERR_CONNECTION_CLOSED
set -e
echo "=== 1. 重载 Nginx + 重启 PHP-FPM修复 lkdie 502==="
nginx -t && nginx -s reload
for svc in php-fpm-56 php-fpm-74 php-fpm-80 php-fpm-82 php-fpm php-fpm7.4 php-fpm8.0; do
systemctl restart $svc 2>/dev/null && echo " 已重启 $svc" && break
done
echo " Nginx 已重载"
echo ""
echo "=== 2. 添加 lytiao.com / www.lytiao.com 跳转配置(修复 ERR_CONNECTION_CLOSED==="
CONF="/www/server/panel/vhost/nginx/lytiao_root.conf"
if [ -f "$CONF" ]; then
echo " 配置已存在,跳过"
else
cat > "$CONF" << 'NGX'
server {
listen 80;
listen [::]:80;
server_name lytiao.com www.lytiao.com;
return 301 https://zhijipro.lytiao.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name lytiao.com www.lytiao.com;
ssl_certificate /www/server/panel/vhost/cert/zhijipro.lytiao.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/zhijipro.lytiao.com/privkey.pem;
return 301 https://zhijipro.lytiao.com$request_uri;
}
NGX
echo " 已创建 $CONF"
fi
echo ""
echo "=== 3. 再次重载 Nginx ==="
nginx -t && nginx -s reload
echo ""
echo "✅ 完成。请刷新 lkdie.com、lytiao.com 测试。"

103
01_卡资(金)/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复lkdie_lytiao.py Normal file
View File

@@ -0,0 +1,103 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
腾讯云 TAT在 kr宝塔 上修复 lkdie 502 + lytiao ERR_CONNECTION_CLOSED免 SSH
凭证00_账号与API索引.md依赖tencentcloud-sdk-python-tat
"""
import base64
import os
import re
import sys
import time
KR_INSTANCE_ID = "ins-aw0tnqjo"
REGION = "ap-guangzhou"
def _read_creds():
d = os.path.dirname(os.path.abspath(__file__))
for _ in range(6):
root = d
if os.path.isfile(os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")):
path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
with open(path, "r", encoding="utf-8") as f:
text = f.read()
sid = skey = None
in_tx = False
for line in text.splitlines():
if "### 腾讯云" in line:
in_tx = True
continue
if in_tx and line.strip().startswith("###"):
break
if not in_tx:
continue
m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
if m and m.group(1).strip().startswith("AKID"):
sid = m.group(1).strip()
m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
if m:
skey = m.group(1).strip()
return sid or None, skey or None
d = os.path.dirname(d)
return None, None
SHELL = r'''#!/bin/bash
set -e
echo "=== 1. 重载 Nginx + 重启 PHP-FPM ==="
nginx -t && nginx -s reload
for svc in php-fpm-56 php-fpm-74 php-fpm-80 php-fpm-82 php-fpm php-fpm7.4; do
systemctl restart $svc 2>/dev/null && echo " 已重启 $svc" && break
done
echo "=== 2. 添加 lytiao redirect 配置 ==="
C=/www/server/panel/vhost/nginx/lytiao_root.conf
if [ ! -f "$C" ]; then
printf '%s\n' 'server { listen 80; listen [::]:80; server_name lytiao.com www.lytiao.com; return 301 https://zhijipro.lytiao.com$request_uri; }' 'server { listen 443 ssl; listen [::]:443 ssl; server_name lytiao.com www.lytiao.com; ssl_certificate /www/server/panel/vhost/cert/zhijipro.lytiao.com/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/zhijipro.lytiao.com/privkey.pem; return 301 https://zhijipro.lytiao.com$request_uri; }' > "$C"
echo " 已创建 $C"
fi
nginx -t && nginx -s reload
echo "=== 完成 ==="
'''
def main():
sid = os.environ.get("TENCENTCLOUD_SECRET_ID")
skey = os.environ.get("TENCENTCLOUD_SECRET_KEY")
if not sid or not skey:
sid, skey = _read_creds()
if not sid or not skey:
print("❌ 未配置腾讯云 SecretId/SecretKey")
return 1
try:
from tencentcloud.common import credential
from tencentcloud.tat.v20201028 import tat_client, models
except ImportError:
print("pip install tencentcloud-sdk-python-tat")
return 1
cred = credential.Credential(sid, skey)
client = tat_client.TatClient(cred, REGION)
req = models.RunCommandRequest()
req.Content = base64.b64encode(SHELL.encode()).decode()
req.InstanceIds = [KR_INSTANCE_ID]
req.CommandType = "SHELL"
req.Timeout = 60
req.CommandName = "FixLkdieLytiao"
resp = client.RunCommand(req)
print("✅ TAT 已下发 InvocationId:", resp.InvocationId)
print(" 等待 45s...")
time.sleep(45)
try:
req2 = models.DescribeInvocationTasksRequest()
f = models.Filter()
f.Name = "invocation-id"
f.Values = [resp.InvocationId]
req2.Filters = [f]
r2 = client.DescribeInvocationTasks(req2)
for t in (r2.InvocationTaskSet or []):
print(" 状态:", getattr(t, "TaskStatus", ""))
if hasattr(t, "Output") and t.Output:
print(" 输出:", t.Output[:500] if len(t.Output or "") > 500 else t.Output)
except Exception as e:
print(" 查询:", e)
return 0
if __name__ == "__main__":
sys.exit(main())