🔄 卡若AI 同步 2026-02-22 07:20 | 更新：总索引与入口、金仓、卡木、运营中枢工作台 | 排除 >20MB: 9 个

01_卡资（金）/金仓_存储备份/服务器管理/references/存客宝_宝塔管理SKILL.md

@@ -25,6 +25,12 @@
 
 ---
 
+## 站点无法访问（ERR_CONNECTION_CLOSED）
+
+若 kr-kf.quwanzhi.com、lytiao.com 等无法打开：先查 **443 端口**。常见为腾讯云安全组未放行 443，或 Nginx 未监听 443。详见 `references/存客宝_站点无法访问_ERR_CONNECTION_CLOSED修复.md`。
+
+---
+
 ## 快速操作
 
 - **Node 项目**：若有 Node 项目，可参考 `references/宝塔Node项目管理_SKILL.md` 编写存客宝版批量修复脚本（PANEL、API_KEY 改为存客宝）

01_卡资（金）/金仓_存储备份/服务器管理/references/存客宝_站点无法访问_ERR_CONNECTION_CLOSED修复.md

@@ -0,0 +1,55 @@
+# 存客宝 kr-kf.quwanzhi.com、lytiao.com 无法访问 修复指南
+
+> 现象：ERR_CONNECTION_CLOSED，面板显示 运行中  
+> 诊断结果：**443 端口 Connection refused**（80 正常）
+
+---
+
+## 一、根因
+
+- 80 端口可达
+- **443 端口被拒绝** → 访问 https:// 会失败
+- 域名已正确解析到 42.194.245.239
+
+---
+
+## 二、处理步骤（按顺序）
+
+### 1. 腾讯云安全组放行 443
+
+1. 打开 [腾讯云控制台](https://console.cloud.tencent.com/cvm/instance) → 找到存客宝实例 (42.194.245.239)
+2. 点击实例 → **安全组** → **编辑规则** → **入站规则**
+3. 确认有 **443/TCP** 入站，来源 `0.0.0.0/0`
+4. 若无，点击 **添加规则**：协议端口 443，来源 0.0.0.0/0，策略 允许
+
+### 2. 宝塔面板终端执行（Nginx 重载）
+
+在 https://42.194.245.239:9988 → 终端 执行：
+
+```bash
+nginx -t && nginx -s reload
+```
+
+### 3. 检查 SSL 证书
+
+宝塔 → **网站** → 找到 kr-kf.quwanzhi.com、www.lytiao.com → **设置** → **SSL**
+
+- 若未部署证书，部署 Let's Encrypt 或自有证书
+- 若已过期，续签或重新部署
+
+### 4. 确认 Nginx 监听 443
+
+终端执行：
+
+```bash
+ss -tlnp | grep 443
+```
+
+若无输出，说明 Nginx 未监听 443，需在对应站点启用 SSL 并保存配置。
+
+---
+
+## 三、快速验证
+
+- **http://kr-kf.quwanzhi.com**（80）若可访问，说明应用正常，问题在 443/SSL
+- **https://kr-kf.quwanzhi.com** 需 443 和 SSL 均正常才能访问

01_卡资（金）/金仓_存储备份/服务器管理/scripts/存客宝_ERR_CONNECTION_CLOSED修复_宝塔终端执行.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# 存客宝 kr-kf.quwanzhi.com、lytiao.com 无法访问（ERR_CONNECTION_CLOSED）修复
+# 在存客宝宝塔面板【终端】复制整段粘贴执行
+
+echo "========== 存客宝 站点无法访问 修复 =========="
+
+echo "[1] 端口监听"
+ss -tlnp | grep -E ':80 |:443 ' || true
+
+echo ""
+echo "[2] Nginx 配置测试"
+nginx -t 2>&1
+
+echo ""
+echo "[3] 重启 Nginx"
+nginx -s reload 2>&1 || systemctl restart nginx 2>&1
+
+echo ""
+echo "[4] 宝塔防火墙 80/443（若启用）"
+bt 14 2>/dev/null | grep -E "80|443" | head -5 || echo "  (bt 14 未输出)"
+
+echo ""
+echo "[5] 腾讯云安全组"
+echo "  请到 腾讯云控制台 → 云服务器 → 存客宝实例 → 安全组 → 入站规则"
+echo "  确认 80、443 已放行（0.0.0.0/0 或 来源 0.0.0.0/0）"
+
+echo ""
+echo "========== 完成 =========="
+echo "若 443 仍未监听，检查各站点 SSL 证书是否已部署；"
+echo "若腾讯云安全组未放行 443，需在控制台添加 443 入站规则。"

01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_修复502_Node项目.py

@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+腾讯云 TAT：在 kr宝塔 上重启 Nginx + 指定 Node 项目（修复 502，免 SSH）
+适用：wzdj、word 等 Node 项目 502。凭证：00_账号与API索引.md
+"""
+import base64
+import os
+import re
+import sys
+import time
+
+KR_INSTANCE_ID = "ins-aw0tnqjo"
+REGION = "ap-guangzhou"
+
+# 默认重启的项目名（502 常见）
+RESTART_NAMES = ["wzdj", "word", "soul", "zhiji", "dlm"]
+
+def _read_creds():
+    d = os.path.dirname(os.path.abspath(__file__))
+    for _ in range(6):
+        root = d
+        if os.path.isfile(os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")):
+            path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
+            with open(path, "r", encoding="utf-8") as f:
+                text = f.read()
+            sid = skey = None
+            in_tx = False
+            for line in text.splitlines():
+                if "### 腾讯云" in line:
+                    in_tx = True
+                    continue
+                if in_tx and line.strip().startswith("###"):
+                    break
+                if not in_tx:
+                    continue
+                m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
+                if m and m.group(1).strip().startswith("AKID"):
+                    sid = m.group(1).strip()
+                m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
+                if m:
+                    skey = m.group(1).strip()
+            return sid or None, skey or None
+        d = os.path.dirname(d)
+    return None, None
+
+def build_shell(names):
+    want_csv = ",".join(n.lower() for n in names)
+    names_str = " ".join(names)
+    return f'''#!/bin/bash
+set -e
+echo "=== 1. 重载 Nginx ==="
+nginx -t && nginx -s reload
+echo "=== 2. 重启 Node 项目: {names_str} ==="
+python3 -c "
+import hashlib, json, urllib.request, urllib.parse, ssl, time
+ssl._create_default_https_context = ssl._create_unverified_context
+P, K = 'https://127.0.0.1:9988', 'qcWubCdlfFjS2b2DMT1lzPFaDfmv1cBT'
+def sign():
+    t = int(time.time())
+    s = str(t) + hashlib.md5(K.encode()).hexdigest()
+    return {{'request_time': t, 'request_token': hashlib.md5(s.encode()).hexdigest()}}
+def post(path, d=None):
+    pl = sign()
+    if d: pl.update(d)
+    r = urllib.request.Request(P+path, data=urllib.parse.urlencode(pl).encode())
+    with urllib.request.urlopen(r, timeout=25) as resp:
+        return json.loads(resp.read().decode())
+items = post('/project/nodejs/get_project_list').get('data') or post('/project/nodejs/get_project_list').get('list') or []
+want = set('{want_csv}'.split(','))
+for it in items:
+    nm = (it.get('name') or '').lower()
+    if nm in want:
+        post('/project/nodejs/restart_project', {{'project_name': it.get('name') or it.get('project_name')}})
+        print('  已重启:', nm)
+        time.sleep(2)
+"
+echo "=== 完成 ==="
+'''
+
+def main():
+    names = (sys.argv[1:] or RESTART_NAMES)[:10]
+    sid = os.environ.get("TENCENTCLOUD_SECRET_ID")
+    skey = os.environ.get("TENCENTCLOUD_SECRET_KEY")
+    if not sid or not skey:
+        sid, skey = _read_creds()
+    if not sid or not skey:
+        print("❌ 未配置腾讯云 SecretId/SecretKey")
+        return 1
+    try:
+        from tencentcloud.common import credential
+        from tencentcloud.tat.v20201028 import tat_client, models
+    except ImportError:
+        print("pip install tencentcloud-sdk-python-tat")
+        return 1
+    shell = build_shell(names)
+    cred = credential.Credential(sid, skey)
+    client = tat_client.TatClient(cred, REGION)
+    req = models.RunCommandRequest()
+    req.Content = base64.b64encode(shell.encode()).decode()
+    req.InstanceIds = [KR_INSTANCE_ID]
+    req.CommandType = "SHELL"
+    req.Timeout = 90
+    req.CommandName = "Fix502_NodeRestart"
+    resp = client.RunCommand(req)
+    print("✅ TAT 已下发 InvocationId:", resp.InvocationId)
+    print("  重启项目:", ", ".join(names))
+    print("  等待 50s...")
+    time.sleep(50)
+    try:
+        req2 = models.DescribeInvocationTasksRequest()
+        f = models.Filter()
+        f.Name = "invocation-id"
+        f.Values = [resp.InvocationId]
+        req2.Filters = [f]
+        r2 = client.DescribeInvocationTasks(req2)
+        for t in (r2.InvocationTaskSet or []):
+            print("  状态:", getattr(t, "TaskStatus", ""))
+            if hasattr(t, "Output") and t.Output:
+                print("  输出:", (t.Output or "")[:600])
+    except Exception as e:
+        print("  查询:", e)
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())

01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_存客宝站点修复.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+腾讯云 TAT 在存客宝 CVM 上执行 Nginx 重启与站点诊断（修复 kr-kf.quwanzhi.com、lytiao.com 无法访问）
+凭证：00_账号与API索引.md 或环境变量
+"""
+import base64
+import os
+import re
+import sys
+import time
+
+CKB_INSTANCE_ID = "ins-ciyv2mxa"
+REGION = "ap-guangzhou"
+
+def _find_karuo_ai_root():
+    d = os.path.dirname(os.path.abspath(__file__))
+    for _ in range(6):
+        if os.path.basename(d) == "卡若AI" or (os.path.isdir(os.path.join(d, "运营中枢")) and os.path.isdir(os.path.join(d, "01_卡资（金）"))):
+            return d
+        d = os.path.dirname(d)
+    return None
+
+def _read_creds():
+    root = _find_karuo_ai_root()
+    if not root:
+        return None, None
+    path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
+    if not os.path.isfile(path):
+        return None, None
+    with open(path, "r", encoding="utf-8") as f:
+        text = f.read()
+    secret_id = secret_key = None
+    in_tencent = False
+    for line in text.splitlines():
+        if "### 腾讯云" in line:
+            in_tencent = True
+            continue
+        if in_tencent and line.strip().startswith("###"):
+            break
+        if not in_tencent:
+            continue
+        m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
+        if m:
+            val = m.group(1).strip()
+            if val.startswith("AKID"):
+                secret_id = val
+        m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
+        if m:
+            secret_key = m.group(1).strip()
+    return secret_id or None, secret_key or None
+
+# 在存客宝上执行：Nginx 配置检查、重载、端口监听检查
+CMD = """echo "=== 端口监听 ===" && ss -tlnp | grep -E ':80 |:443 ' || true
+echo "=== Nginx 测试 ===" && nginx -t 2>&1
+echo "=== Nginx 重载 ===" && nginx -s reload 2>&1
+echo "=== kr-kf lytiao 配置存在 ===" && grep -l -E 'kr-kf|lytiao' /www/server/panel/vhost/nginx/*.conf 2>/dev/null | head -5
+echo "=== 完成 ==="
+"""
+
+def main():
+    secret_id = os.environ.get("TENCENTCLOUD_SECRET_ID")
+    secret_key = os.environ.get("TENCENTCLOUD_SECRET_KEY")
+    if not secret_id or not secret_key:
+        sid, skey = _read_creds()
+        secret_id = secret_id or sid
+        secret_key = secret_key or skey
+    if not secret_id or not secret_key:
+        print("❌ 未配置腾讯云 SecretId/SecretKey")
+        return 1
+    try:
+        from tencentcloud.common import credential
+        from tencentcloud.tat.v20201028 import tat_client, models
+    except ImportError:
+        print("请安装: pip install tencentcloud-sdk-python-common tencentcloud-sdk-python-tat")
+        return 1
+
+    cred = credential.Credential(secret_id, secret_key)
+    client = tat_client.TatClient(cred, REGION)
+    req = models.RunCommandRequest()
+    req.Content = base64.b64encode(CMD.encode()).decode()
+    req.InstanceIds = [CKB_INSTANCE_ID]
+    req.CommandType = "SHELL"
+    req.Timeout = 30
+    req.CommandName = "CKB_NginxReload"
+    resp = client.RunCommand(req)
+    inv_id = resp.InvocationId
+    print("✅ 存客宝 Nginx 重载指令已下发 InvocationId:", inv_id)
+    print("  预计 10s 内生效，请刷新 kr-kf.quwanzhi.com 与 lytiao.com 测试")
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())

01_卡资（金）/金仓_存储备份/服务器管理/scripts/腾讯云_存客宝安全组放行443.py

@@ -0,0 +1,124 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+腾讯云 API 为存客宝 42.194.245.239 安全组放行 443（修复 kr-kf、lytiao 无法访问）
+凭证：00_账号与API索引.md 或环境变量
+依赖：pip install tencentcloud-sdk-python-common tencentcloud-sdk-python-cvm tencentcloud-sdk-python-vpc
+"""
+import os
+import re
+import sys
+
+CKB_IP = "42.194.245.239"
+REGIONS = ["ap-guangzhou", "ap-beijing", "ap-shanghai"]
+
+def _find_karuo_ai_root():
+    d = os.path.dirname(os.path.abspath(__file__))
+    for _ in range(6):
+        if os.path.basename(d) == "卡若AI" or (os.path.isdir(os.path.join(d, "运营中枢")) and os.path.isdir(os.path.join(d, "01_卡资（金）"))):
+            return d
+        d = os.path.dirname(d)
+    return None
+
+def _read_creds():
+    root = _find_karuo_ai_root()
+    if not root:
+        return None, None
+    path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
+    if not os.path.isfile(path):
+        return None, None
+    with open(path, "r", encoding="utf-8") as f:
+        text = f.read()
+    sid = skey = None
+    in_t = False
+    for line in text.splitlines():
+        if "### 腾讯云" in line:
+            in_t = True
+            continue
+        if in_t and line.strip().startswith("###"):
+            break
+        if not in_t:
+            continue
+        m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
+        if m and m.group(1).strip().startswith("AKID"):
+            sid = m.group(1).strip()
+        m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
+        if m:
+            skey = m.group(1).strip()
+    return sid or os.environ.get("TENCENTCLOUD_SECRET_ID"), skey or os.environ.get("TENCENTCLOUD_SECRET_KEY")
+
+def main():
+    secret_id, secret_key = _read_creds()
+    if not secret_id or not secret_key:
+        print("❌ 未配置腾讯云 SecretId/SecretKey")
+        return 1
+    try:
+        from tencentcloud.common import credential
+        from tencentcloud.cvm.v20170312 import cvm_client, models as cvm_models
+        from tencentcloud.vpc.v20170312 import vpc_client, models as vpc_models
+    except ImportError:
+        print("请安装: pip install tencentcloud-sdk-python-common tencentcloud-sdk-python-cvm tencentcloud-sdk-python-vpc")
+        return 1
+
+    cred = credential.Credential(secret_id, secret_key)
+    sg_ids = []
+    region = None
+    for r in REGIONS:
+        try:
+            c = cvm_client.CvmClient(cred, r)
+            req = cvm_models.DescribeInstancesRequest()
+            req.Limit = 100
+            resp = c.DescribeInstances(req)
+            for ins in (getattr(resp, "InstanceSet", None) or []):
+                if CKB_IP in list(getattr(ins, "PublicIpAddresses", None) or []):
+                    sg_ids = list(getattr(ins, "SecurityGroupIds", None) or [])
+                    region = r
+                    break
+        except Exception:
+            continue
+        if sg_ids:
+            break
+
+    if not sg_ids or not region:
+        print("❌ 存客宝 %s 未在腾讯云 CVM 中找到" % CKB_IP)
+        return 1
+
+    print("=" * 56)
+    print("  存客宝安全组放行 443")
+    print("=" * 56)
+    print("  实例 IP: %s  地域: %s" % (CKB_IP, region))
+    print("  安全组: %s" % ", ".join(sg_ids))
+
+    vc = vpc_client.VpcClient(cred, region)
+    added = 0
+    for sg_id in sg_ids:
+        try:
+            req = vpc_models.CreateSecurityGroupPoliciesRequest()
+            req.SecurityGroupId = sg_id
+            policy_set = vpc_models.SecurityGroupPolicySet()
+            ing = vpc_models.SecurityGroupPolicy()
+            ing.Protocol = "TCP"
+            ing.Port = "443"
+            ing.CidrBlock = "0.0.0.0/0"
+            ing.Action = "ACCEPT"
+            ing.PolicyDescription = "HTTPS"
+            policy_set.Ingress = [ing]
+            req.SecurityGroupPolicySet = policy_set
+            vc.CreateSecurityGroupPolicies(req)
+            print("  ✅ %s 已添加 443/TCP 入站" % sg_id)
+            added += 1
+        except Exception as e:
+            if "RuleAlreadyExists" in str(e) or "已存在" in str(e):
+                print("  ⏭ %s 443 规则已存在" % sg_id)
+            else:
+                print("  ❌ %s: %s" % (sg_id, e))
+
+    print("")
+    print("=" * 56)
+    if added > 0:
+        print("  请稍等 10 秒后刷新 kr-kf.quwanzhi.com、lytiao.com 测试")
+    print("=" * 56)
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())