docs(bash): 更新 Note网站的部署脚本和 Nginx 配置

- 新增 Git 仓库的 Nginx 配置文件和 README指南
- 更新 Note网站的 README，增加部署脚本和定时任务说明
- 新增 Note 网站的 Nginx 配置文件

www/git/README.md

@@ -0,0 +1,29 @@
+# Git 仓库
+
+## Nginx 配置
+
+> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.pem` 和 `privkey.pem` 证书文件文件。
+
+下载配置
+
+```bash
+curl -fsSL https://git.sugarscat.cn/me/bash/-/raw/main/www/git/nginx.conf > /etc/nginx/sites-available/git.sugarscat.cn
+```
+
+启用配置
+
+```bash
+ln -s /etc/nginx/sites-available/git.sugarscat.cn /etc/nginx/sites-enabled/git.sugarscat.cn
+```
+
+测试配置
+
+```bash
+nginx -t
+```
+
+重启 nginx
+
+```bash
+systemctl restart nginx
+```

www/git/nginx.conf

@@ -0,0 +1,51 @@
+server {
+    listen 80 ;
+    listen 443 ssl http2 ;
+    server_name git.sugarscat.cn;
+    index index.php index.html index.htm default.php default.htm default.html;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $server_name;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    # acme.sh
+    location ^~ /.well-known/acme-challenge {
+        allow all;
+        root /var/www/html;
+    }
+    # 重定向
+    if ($scheme = http) {
+        return 301 https://$host$request_uri;
+    }
+    # ssl 设置
+    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    proxy_set_header X-Forwarded-Proto https;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ^~ / {
+        proxy_pass https://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        add_header X-Cache $upstream_cache_status;
+        add_header Strict-Transport-Security "max-age=31536000";
+        add_header Cache-Control no-cache;
+    }
+}

www/note/README.md

@@ -1,2 +1,55 @@
 # Note 网站
 
+## 下载部署脚本
+
+```bash
+mkdir -p /opt/www/note
+cd /opt/www/note
+curl -fsSL https://git.sugarscat.cn/me/bash/-/raw/main/www/note/deploy.sh | sh
+```
+
+## 定时执行脚本
+
+```bash
+crontab -e
+```
+
+每天天 0 点 执行一次：
+
+```bash
+0 0 * * * /opt/www/note/deploy.sh >> /opt/www/note/deploy.log 2>&1
+```
+
+查看定时器列表
+
+```bash
+crontab -l
+```
+
+## Nginx 配置
+
+> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.pem` 和 `privkey.pem` 证书文件文件。
+
+下载配置
+
+```bash
+curl -fsSL https://git.sugarscat.cn/me/bash/-/raw/main/www/note/nginx.conf > /etc/nginx/sites-available/note.sugarscat.cn
+```
+
+启用配置
+
+```bash
+ln -s /etc/nginx/sites-available/note.sugarscat.cn /etc/nginx/sites-enabled/note.sugarscat.cn
+```
+
+测试配置
+
+```bash
+nginx -t
+```
+
+重启 nginx
+
+```bash
+systemctl restart nginx
+```

www/note/nginx.conf

@@ -0,0 +1,43 @@
+server {
+    listen 80 ;
+    listen 443 ssl http2 ;
+    server_name note.sugarscat.cn;
+
+    # acme.sh
+    location ^~ /.well-known/acme-challenge {
+        allow all;
+        root /var/www/html;
+    }
+    # 重定向
+    if ($scheme = http) {
+        return 301 https://$host$request_uri;
+    }
+
+    # ssl 设置
+    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    proxy_set_header X-Forwarded-Proto https;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    root /var/www/note;
+    index index.html;
+    
+    try_files $uri $uri.html $uri/ =404;
+
+    error_page 404 /404.html;
+    error_page 403 /404.html;
+
+    location ~* ^/assets/ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+}