fnvtk/karuo-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔄 卡若AI 同步 2026-02-22 09:27 | 更新:金仓、卡木、运营中枢工作台 | 排除 >20MB: 8 个

Browse Source
This commit is contained in:
karuo
2026-02-22 09:27:07 +08:00
parent 2b5556f456
commit b850b1880d
13 changed files with 407 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
01_卡资(金)/金仓_存储备份/服务器管理/SKILL.md
View File

@@ -139,6 +139,21 @@ sshpass -p 'zhiqun1984' ssh -p 22022 -o StrictHostKeyChecking=no ckb@43.139.27.9
SSH 风控时,在 **kr宝塔 宝塔面板 → 终端** 上传脚本后执行。详见 `references/宝塔Node项目管理_SKILL.md`
### 4a. www.lytiao.com Docker 化(存客宝 · 可多服务器复用)
```bash
# 方式 1腾讯云 TAT 免 SSH推荐
./01_卡资/金仓_存储备份/服务器管理/scripts/.venv_tx/bin/python \
"01_卡资/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_存客宝_lytiao_Docker部署.py"
# 方式 2SSH 部署SSH 可用时)
bash "01_卡资/金仓_存储备份/服务器管理/scripts/存客宝_lytiao_Docker部署.sh"
# 方式 3宝塔面板 → 终端,粘贴 scripts/存客宝_lytiao_Docker部署_宝塔终端执行.sh 内容
```
部署后访问 `http://42.194.245.239:8080`,或配置 Nginx 反向代理 80/443 → 127.0.0.1:8080。多服务器复用复制 `lytiao_docker/` 到目标服务器执行 `docker compose up -d`。详见 `lytiao_docker/README.md`
### 5. kr宝塔 网络卡/服务器卡 · 检查与处理
- **文档**`references/kr宝塔_网络与服务器卡顿_检查与处理.md`

35
01_卡资(金)/金仓_存储备份/服务器管理/lytiao_docker/README.md Normal file
View File

@@ -0,0 +1,35 @@
# www.lytiao.com Docker 部署
> 将 www.lytiao.com 全部文件容器化,可在任意服务器上 `docker compose up -d` 部署。
## 一、在存客宝上首次部署
```bash
# 本机执行(需 sshpass
cd "/Users/karuo/Documents/个人/卡若AI"
bash 01_卡资/金仓_存储备份/服务器管理/scripts/存客宝_lytiao_Docker部署.sh
```
或在 **存客宝宝塔面板 → 终端** 执行 `scripts/存客宝_lytiao_Docker部署_宝塔终端执行.sh` 内容。
## 二、多服务器复用
1.`lytiao_docker/` 目录(含 `www/`)打包
2. 上传到目标服务器
3. 执行 `docker compose up -d`
4. 访问 `http://IP:8080` 或配置 Nginx 反向代理到 8080
## 三、目录结构
```
lytiao_docker/
├── Dockerfile
├── docker-compose.yml
├── www/ # 从 /www/wwwroot/www.lytiao.com 复制
└── README.md
```
## 四、环境
- PHP 7.1 + Apache
- 扩展gd, mysqli, pdo_mysql, zip

1
01_卡资(金)/金仓_存储备份/服务器管理/references/存客宝_宝塔管理SKILL.md
View File

@@ -36,6 +36,7 @@
- **Node 项目**:若有 Node 项目,可参考 `references/宝塔Node项目管理_SKILL.md` 编写存客宝版批量修复脚本PANEL、API_KEY 改为存客宝)
- **站点/域名**:一律用宝塔 API 处理,见主 SKILL 一键操作
- **卡若AI 网关站点**`python3 scripts/存客宝_宝塔API_卡若AI网关站点.py`
- **www.lytiao.com Docker 化**`python3 scripts/腾讯云_TAT_存客宝_lytiao_Docker部署.py`TAT 免 SSH或宝塔终端粘贴 `scripts/存客宝_lytiao_Docker部署_宝塔终端执行.sh`。部署后访问 http://42.194.245.239:8080
---

22
01_卡资(金)/金仓_存储备份/服务器管理/references/存客宝_站点无法访问_ERR_CONNECTION_CLOSED修复.md
View File

@@ -30,13 +30,15 @@
### 已执行操作
1. **腾讯云 API**:为存客宝 5 个安全组均添加 443/TCP 入站(`scripts/腾讯云_存客宝安全组放行443.py`
2. **存客宝类型**:确认为 CVM非轻量安全组生效
3. **443 外网**:多次验证仍不可达
2. **TAT 本地防火墙**:在服务器 iptables 中已添加 443`scripts/腾讯云_TAT_存客宝放行443本地防火墙.py`
3. **存客宝类型**:确认为 CVM非轻量
4. **443 外网**:多次验证仍不可达
### 结论与待办
- **根因**443 在腾讯云侧被阻断(安全组已通过 API 添加,若控制台未见 443 或仍不通,需控制台手动核查)
- **手动必做**腾讯云控制台确认存客宝实例的**每个**关联安全组入站规则中均有 443/TCP来源 0.0.0.0/0
- **根因**443 在腾讯云安全组层被阻断,需控制台**手动**添加并确认
- **必做 1**:腾讯云控制台 → 云服务器 → 42.194.245.239 → 安全组 → 入站规则 → 添加 443/TCP 来源 0.0.0.0/0
- **必做 2**:宝塔面板 → 安全 → 防火墙 → 放行 443 端口
---
@@ -63,7 +65,13 @@ python3 scripts/腾讯云_存客宝安全组放行443.py
3. 逐个检查该实例绑定的**所有安全组**,确认均有 **443/TCP** 入站,来源 `0.0.0.0/0`
4. 若无,点击 **添加规则**:协议端口 443来源 0.0.0.0/0策略 允许
### 2. 宝塔面板终端执行Nginx 重载)
### 2. 宝塔面板「安全」→「防火墙」放行 443
1. 打开 https://42.194.245.239:9988 → 登录
2. 左侧 **安全****防火墙**
3. 在端口列表中找到或添加 **443**,策略为 **放行**
### 3. 宝塔面板终端执行Nginx 重载)
在 https://42.194.245.239:9988 → 终端 执行:
@@ -71,14 +79,14 @@ python3 scripts/腾讯云_存客宝安全组放行443.py
nginx -t && nginx -s reload
```
### 3. 检查 SSL 证书
### 4. 检查 SSL 证书
宝塔 → **网站** → 找到 kr-kf.quwanzhi.com、www.lytiao.com → **设置****SSL**
- 若未部署证书,部署 Let's Encrypt 或自有证书
- 若已过期,续签或重新部署
### 4. 确认 Nginx 监听 443
### 5. 确认 Nginx 监听 443
终端执行:

59
01_卡资(金)/金仓_存储备份/服务器管理/scripts/存客宝_lytiao_Docker部署.sh Normal file
View File

@@ -0,0 +1,59 @@
#!/bin/bash
# www.lytiao.com 在存客宝上 Docker 化部署
# 本机执行bash scripts/存客宝_lytiao_Docker部署.sh
# 需sshpass、本机可 SSH 至 42.194.245.239
set -e
CKB_IP="42.194.245.239"
CKB_PORT="22022"
CKB_USER="root"
CKB_PASS="Zhiqun1984"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LYTIAO_DOCKER="$SCRIPT_DIR/../lytiao_docker"
REMOTE_DIR="/opt/lytiao_docker"
SRC_WEB="/www/wwwroot/www.lytiao.com"
echo "========== www.lytiao.com Docker 部署(存客宝) =========="
echo " 目标: $CKB_IP"
echo " 网站源: $SRC_WEB"
echo " 远程目录: $REMOTE_DIR"
echo ""
# 1. 上传 Dockerfile、docker-compose.yml
echo ">>> 1. 上传 Docker 配置..."
sshpass -p "$CKB_PASS" ssh -p "$CKB_PORT" -o StrictHostKeyChecking=no \
"$CKB_USER@$CKB_IP" "mkdir -p /tmp/lytiao_docker"
sshpass -p "$CKB_PASS" scp -P "$CKB_PORT" -o StrictHostKeyChecking=no \
"$LYTIAO_DOCKER/Dockerfile" \
"$LYTIAO_DOCKER/docker-compose.yml" \
"$CKB_USER@$CKB_IP:/tmp/lytiao_docker/"
# 2. 在服务器上执行部署
echo ">>> 2. 在服务器上执行部署..."
sshpass -p "$CKB_PASS" ssh -p "$CKB_PORT" -o StrictHostKeyChecking=no \
"$CKB_USER@$CKB_IP" bash -s << 'REMOTE'
set -e
REMOTE_DIR="/opt/lytiao_docker"
SRC_WEB="/www/wwwroot/www.lytiao.com"
mkdir -p "$REMOTE_DIR"
mv /tmp/lytiao_docker/Dockerfile /tmp/lytiao_docker/docker-compose.yml "$REMOTE_DIR/" 2>/dev/null || true
echo ">>> 复制网站文件 $SRC_WEB -> $REMOTE_DIR/www"
rm -rf "$REMOTE_DIR/www"
cp -a "$SRC_WEB" "$REMOTE_DIR/www"
echo ">>> 构建并启动容器..."
cd "$REMOTE_DIR"
docker compose up -d --build
echo ">>> 容器状态:"
docker compose ps
echo ""
echo "✅ 部署完成。访问: http://42.194.245.239:8080"
echo " 或配置 Nginx 反向代理 80/443 -> 127.0.0.1:8080"
REMOTE
echo ""
echo "========== 完成 =========="

55
01_卡资(金)/金仓_存储备份/服务器管理/scripts/存客宝_lytiao_Docker部署_宝塔终端执行.sh Normal file
View File

@@ -0,0 +1,55 @@
#!/bin/bash
# www.lytiao.com 在存客宝上 Docker 化部署
# 在存客宝宝塔面板【终端】复制整段粘贴执行
# 使用前需将 Dockerfile、docker-compose.yml 放入 /opt/lytiao_docker/
set -e
REMOTE_DIR="/opt/lytiao_docker"
SRC_WEB="/www/wwwroot/www.lytiao.com"
echo "========== www.lytiao.com Docker 部署 =========="
# 若 /opt/lytiao_docker 无 Dockerfile则创建
if [ ! -f "$REMOTE_DIR/Dockerfile" ]; then
echo ">>> 创建 Docker 配置..."
mkdir -p "$REMOTE_DIR"
cat > "$REMOTE_DIR/Dockerfile" << 'DOCKERFILE'
FROM php:7.1-apache
RUN a2enmod rewrite
RUN apt-get update && apt-get install -y libpng-dev libjpeg-dev libzip-dev zip unzip \
&& docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr \
&& docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
EXPOSE 80
DOCKERFILE
cat > "$REMOTE_DIR/docker-compose.yml" << 'COMPOSE'
version: "3.8"
services:
lytiao-web:
build: .
container_name: lytiao-www
ports:
- "8080:80"
volumes:
- ./www:/var/www/html:ro
restart: unless-stopped
environment:
- TZ=Asia/Shanghai
COMPOSE
fi
echo ">>> 复制网站文件 $SRC_WEB -> $REMOTE_DIR/www"
rm -rf "$REMOTE_DIR/www"
cp -a "$SRC_WEB" "$REMOTE_DIR/www"
echo ">>> 构建并启动容器..."
cd "$REMOTE_DIR"
docker compose up -d --build
echo ">>> 容器状态:"
docker compose ps
echo ""
echo "✅ 部署完成。访问: http://42.194.245.239:8080"
echo " 或配置 Nginx 反向代理 80/443 -> 127.0.0.1:8080"

125
01_卡资(金)/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_存客宝_lytiao_Docker部署.py Normal file
View File

@@ -0,0 +1,125 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
腾讯云 TAT 在存客宝上执行 www.lytiao.com Docker 化部署(免 SSH
凭证00_账号与API索引.md 或环境变量 TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY
"""
import base64
import os
import re
import sys
CKB_INSTANCE_ID = "ins-ciyv2mxa"
REGION = "ap-guangzhou"
def _find_karuo_ai_root():
d = os.path.dirname(os.path.abspath(__file__))
for _ in range(6):
if os.path.basename(d) == "卡若AI" or (
os.path.isdir(os.path.join(d, "运营中枢")) and os.path.isdir(os.path.join(d, "01_卡资"))
):
return d
d = os.path.dirname(d)
return None
def _read_creds():
root = _find_karuo_ai_root()
if not root:
return None, None
path = os.path.join(root, "运营中枢", "工作台", "00_账号与API索引.md")
if not os.path.isfile(path):
return None, None
with open(path, "r", encoding="utf-8") as f:
text = f.read()
secret_id = secret_key = None
in_tencent = False
for line in text.splitlines():
if "### 腾讯云" in line:
in_tencent = True
continue
if in_tencent and line.strip().startswith("###"):
break
if not in_tencent:
continue
m = re.search(r"\|\s*[^|]*(?:SecretId|密钥)[^|]*\|\s*`([^`]+)`", line, re.I)
if m:
val = m.group(1).strip()
if val.startswith("AKID"):
secret_id = val
m = re.search(r"\|\s*SecretKey\s*\|\s*`([^`]+)`", line, re.I)
if m:
secret_key = m.group(1).strip()
return secret_id or None, secret_key or None
# 存客宝上执行的 Docker 部署脚本
CMD = """#!/bin/bash
set -e
REMOTE_DIR="/opt/lytiao_docker"
SRC_WEB="/www/wwwroot/www.lytiao.com"
mkdir -p "$REMOTE_DIR"
cat > "$REMOTE_DIR/Dockerfile" << 'DFEND'
FROM php:7.1-apache
RUN a2enmod rewrite
RUN apt-get update && apt-get install -y libpng-dev libjpeg-dev libzip-dev zip unzip \\
&& docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr \\
&& docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip \\
&& apt-get clean && rm -rf /var/lib/apt/lists/*
WORKDIR /var/www/html
EXPOSE 80
DFEND
cat > "$REMOTE_DIR/docker-compose.yml" << 'DCEND'
version: "3.8"
services:
lytiao-web:
build: .
container_name: lytiao-www
ports:
- "8080:80"
volumes:
- ./www:/var/www/html:ro
restart: unless-stopped
environment:
- TZ=Asia/Shanghai
DCEND
rm -rf "$REMOTE_DIR/www"
cp -a "$SRC_WEB" "$REMOTE_DIR/www"
cd "$REMOTE_DIR"
docker compose up -d --build
docker compose ps
echo "DONE"
"""
def main():
secret_id = os.environ.get("TENCENTCLOUD_SECRET_ID")
secret_key = os.environ.get("TENCENTCLOUD_SECRET_KEY")
if not secret_id or not secret_key:
sid, skey = _read_creds()
secret_id = secret_id or sid
secret_key = secret_key or skey
if not secret_id or not secret_key:
print("❌ 未配置腾讯云 SecretId/SecretKey请检查 00_账号与API索引.md 或环境变量")
return 1
try:
from tencentcloud.common import credential
from tencentcloud.tat.v20201028 import tat_client, models
except ImportError:
print("请安装: pip install tencentcloud-sdk-python-common tencentcloud-sdk-python-tat")
return 1
cred = credential.Credential(secret_id, secret_key)
client = tat_client.TatClient(cred, REGION)
req = models.RunCommandRequest()
req.Content = base64.b64encode(CMD.encode()).decode()
req.InstanceIds = [CKB_INSTANCE_ID]
req.CommandType = "SHELL"
req.Timeout = 600 # 10 分钟Docker 构建可能较慢
req.CommandName = "CKB_lytiao_DockerDeploy"
resp = client.RunCommand(req)
inv_id = resp.InvocationId
print("✅ 存客宝 lytiao Docker 部署指令已下发 InvocationId:", inv_id)
print(" 构建约 38 分钟,完成后访问: http://42.194.245.239:8080")
print(" 或配置 Nginx 反向代理 80/443 -> 127.0.0.1:8080")
return 0
if __name__ == "__main__":
sys.exit(main())

40
01_卡资(金)/金仓_存储备份/服务器管理/scripts/腾讯云_TAT_存客宝诊断443.py
View File

@@ -13,10 +13,23 @@ import time
CKB_INSTANCE_ID = "ins-ciyv2mxa"
REGION = "ap-guangzhou"
CMD = """echo "=== iptables INPUT 80/443 ===" && iptables -L INPUT -n -v 2>/dev/null | head -30 || true
echo "=== firewalld 80/443 ===" && firewall-cmd --list-all 2>/dev/null || true
echo "=== 安全组/防火墙摘要 ===" && echo "服务器内 80/443 均应由 Nginx 监听,若外网 80 通 443 不通,多为腾讯云安全组/轻量防火墙未放行 443"
echo "=== DONE ==="
CMD = """
echo "=== 1. iptables INPUT 链 ==="
iptables -L INPUT -n -v 2>/dev/null | head -40 || true
echo ""
echo "=== 2. 80/443 监听 ==="
ss -tlnp | grep -E ':80 |:443 ' || true
echo ""
echo "=== 3. 宝塔 firewall.json ==="
cat /www/server/panel/data/firewall.json 2>/dev/null || echo "(无)"
echo ""
echo "=== 4. Nginx 443 配置 ==="
grep -l 'listen.*443' /www/server/panel/vhost/nginx/*.conf 2>/dev/null | head -3
echo ""
echo "=== 5. 本机 curl 127.0.0.1:443 ==="
curl -sI -o /dev/null -w '%{http_code}' --connect-timeout 3 https://127.0.0.1 -k 2>/dev/null || echo "fail"
echo ""
echo "DONE"
"""
def _find_root():
@@ -89,10 +102,21 @@ def main():
for t in (resp2.InvocationTaskSet or []):
status = getattr(t, "TaskStatus", "N/A")
print(" 任务状态:", status)
for attr in ("Output", "OutputUrl", "TaskResult", "ErrorInfo"):
v = getattr(t, attr, None)
if v:
print(" %s:" % attr, str(v)[:2500])
tr = getattr(t, "TaskResult", None)
if tr:
try:
import json
import base64 as b64
j = json.loads(tr) if isinstance(tr, str) else tr
out = j.get("Output", "")
if out:
try:
out = b64.b64decode(out).decode("utf-8", errors="replace")
except Exception:
pass
print("\n--- 服务器输出 ---\n", out[:3500])
except Exception:
print(" TaskResult:", str(tr)[:800])
except Exception as e:
print(" 查询异常:", e)
return 0

39
01_卡资(金)/金仓_存储备份/服务器管理/scripts/腾讯云_存客宝安全组放行443.py
View File

@@ -120,5 +120,44 @@ def main():
print("=" * 56)
return 0
def check_rules():
"""查看当前安全组入站规则"""
secret_id, secret_key = _read_creds()
if not secret_id or not secret_key:
print("❌ 未配置凭证"); return 1
from tencentcloud.common import credential
from tencentcloud.cvm.v20170312 import cvm_client, models as cvm_models
from tencentcloud.vpc.v20170312 import vpc_client, models as vpc_models
cred = credential.Credential(secret_id, secret_key)
sg_ids, region = [], None
for r in REGIONS:
try:
c = cvm_client.CvmClient(cred, r)
req = cvm_models.DescribeInstancesRequest()
req.Limit = 100
resp = c.DescribeInstances(req)
for ins in (getattr(resp, "InstanceSet", None) or []):
if CKB_IP in list(getattr(ins, "PublicIpAddresses", None) or []):
sg_ids = list(getattr(ins, "SecurityGroupIds", None) or [])
region = r; break
except Exception:
continue
if sg_ids: break
if not sg_ids: print("❌ 未找到实例"); return 1
vc = vpc_client.VpcClient(cred, region)
for sg_id in sg_ids:
try:
req = vpc_models.DescribeSecurityGroupPoliciesRequest()
req.SecurityGroupId = sg_id
resp = vc.DescribeSecurityGroupPolicies(req)
s = resp.SecurityGroupPolicySet
ing = (s.Ingress or []) if hasattr(s, "Ingress") else []
print(" %s 入站: %s" % (sg_id, [(getattr(x,"Port",""), getattr(x,"Protocol","")) for x in ing[:8]]))
except Exception as e:
print(" %s: %s" % (sg_id, e))
return 0
if __name__ == "__main__":
if len(sys.argv) > 1 and sys.argv[1] == "--check":
sys.exit(check_rules())
sys.exit(main())