feat: 添加独立的SSL证书管理模式

新增功能:
- 新增 --ssl/--cert/ssl 命令行参数
- 交互式菜单添加 [5] SSL证书管理 选项
- 可单独配置/更换/续签SSL证书，无需重新部署整个项目

使用场景:
1. 初次部署时选择了"暂不配置HTTPS"，现在想添加证书
2. 现有证书即将过期，需要续签（虽然有自动续期，但也可手动）
3. 想更换SSL方案（例如从Certbot换到acme.sh）
4. 想更换域名的SSL证书
5. 想移除HTTPS配置，改回HTTP模式

核心功能:
- ssl_main() - SSL证书管理主流程
- ssl_check_project() - 检查项目是否已安装
- ssl_load_existing_config() - 读取现有配置（域名、端口等）
- ssl_configure_domain() - 配置或更改域名
- ssl_choose_method() - 选择SSL方案（1-8，含移除HTTPS）
- ssl_deploy_certificate() - 部署证书
- ssl_update_nginx_config() - 更新Nginx配置
- ssl_reload_services() - 重载Nginx和后端服务
- ssl_verify_deployment() - 验证部署结果
- print_ssl_completion() - 显示完成信息和使用提示

使用方法:
# 方法1: 命令行参数
bash install.sh --ssl

# 方法2: 交互式菜单
bash install.sh
> 选择 [5] SSL证书管理

# 方法3: 别名
bash install.sh --cert

工作流程:
1. 检查项目是否已安装
2. 读取现有Nginx配置（HTTP/HTTPS端口、域名）
3. 确认或修改域名配置
4. 选择SSL证书方案（支持所有8种方案）
5. 先配置HTTP模式（Let's Encrypt验证需要）
6. 申请/部署SSL证书
7. 更新Nginx为HTTPS配置（或保持HTTP，如果选择8）
8. 重载Nginx和后端服务
9. 验证部署并显示证书信息

特殊选项:
- [8] 移除HTTPS配置 - 将HTTPS站点改回HTTP模式
- [0] 取消操作 - 不做任何修改

技术特点:
- 智能读取现有配置，自动填充域名和端口
- 支持宝塔面板和标准Nginx环境
- 兼容所有SSL方案（Certbot、acme.sh系列、手动证书）
- 自动处理证书路径和Nginx配置
- 显示证书有效期信息

影响范围:
- install.sh 新增 ~450 行代码
- 添加 9 个新函数
- 更新交互式菜单和命令行帮助

install.sh

@@ -16,6 +16,8 @@ elif [[ "$1" == "--update" ]] || [[ "$1" == "--upgrade" ]] || [[ "$1" == "update
     MODE="update"
 elif [[ "$1" == "--repair" ]] || [[ "$1" == "--fix" ]] || [[ "$1" == "repair" ]]; then
     MODE="repair"
+elif [[ "$1" == "--ssl" ]] || [[ "$1" == "--cert" ]] || [[ "$1" == "ssl" ]]; then
+    MODE="ssl"
 fi
 
 # 颜色定义
@@ -3381,12 +3383,13 @@ main() {
             echo -e "${GREEN}[1]${NC} 安装/部署 玩玩云"
             echo -e "${BLUE}[2]${NC} 更新/升级 玩玩云"
             echo -e "${YELLOW}[3]${NC} 修复/重新配置 玩玩云"
+            echo -e "${PURPLE}[5]${NC} SSL证书管理（安装/续签/更换证书）"
             echo -e "${RED}[4]${NC} 卸载 玩玩云"
             echo -e "${GRAY}[0]${NC} 退出脚本"
             echo ""
 
             while true; do
-                read -p "请输入选项 [0-4]: " mode_choice < /dev/tty
+                read -p "请输入选项 [0-5]: " mode_choice < /dev/tty
                 case $mode_choice in
                     1)
                         print_success "已选择: 安装模式"
@@ -3405,6 +3408,12 @@ main() {
                         repair_main
                         exit 0
                         ;;
+                    5)
+                        print_info "切换到SSL证书管理模式..."
+                        echo ""
+                        ssl_main
+                        exit 0
+                        ;;
                     4)
                         print_info "切换到卸载模式..."
                         echo ""
@@ -3430,8 +3439,9 @@ main() {
             echo -e "${YELLOW}提示:${NC}"
             echo "  安装: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh"
             echo "  更新: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh --update"
-            echo "  卸载: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh --uninstall"
             echo "  修复: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh --repair"
+            echo "  SSL管理: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh --ssl"
+            echo "  卸载: wget https://gitee.com/yu-yon/vue-driven-cloud-storage/raw/master/install.sh && bash install.sh --uninstall"
             echo ""
             sleep 2
         fi
@@ -3817,6 +3827,463 @@ repair_main() {
     # 完成提示
     print_repair_completion
 }
+
+################################################################################
+# SSL证书管理功能
+################################################################################
+
+print_ssl_banner() {
+    clear
+    echo -e "${GREEN}"
+    echo "╔═══════════════════════════════════════════════════════════════╗"
+    echo "║                                                               ║"
+    echo "║                  🔐 SSL证书管理模式                            ║"
+    echo "║                                                               ║"
+    echo "║              SSL Certificate Manager                         ║"
+    echo "║                                                               ║"
+    echo "╚═══════════════════════════════════════════════════════════════╝"
+    echo -e "${NC}"
+}
+
+confirm_ssl_operation() {
+    print_ssl_banner
+
+    echo -e "${YELLOW}"
+    echo "本脚本将执行以下操作:"
+    echo ""
+    echo "【SSL证书管理】"
+    echo "  ✓ 检测现有域名配置"
+    echo "  ✓ 选择SSL证书部署方案"
+    echo "  ✓ 申请/更换/续签证书"
+    echo "  ✓ 更新Nginx HTTPS配置"
+    echo "  ✓ 重载服务"
+    echo ""
+    echo "【将会保留】"
+    echo "  ✓ 数据库文件（用户数据）"
+    echo "  ✓ 用户上传的文件"
+    echo "  ✓ 后端配置文件（.env）"
+    echo "  ✓ 现有HTTP配置"
+    echo -e "${NC}"
+    echo ""
+
+    print_info "适用场景: 初次配置HTTPS、更换证书方案、证书续签"
+    echo ""
+
+    read -p "确定要继续吗？ (y/n): " confirm < /dev/tty
+
+    if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
+        print_info "已取消操作"
+        exit 0
+    fi
+
+    echo ""
+}
+
+ssl_check_project() {
+    print_step "检查项目是否已安装..."
+
+    if [[ ! -d "$PROJECT_DIR" ]]; then
+        print_error "项目未安装: $PROJECT_DIR"
+        print_info "请先运行安装命令: bash install.sh"
+        exit 1
+    fi
+
+    if [[ ! -f "${PROJECT_DIR}/backend/server.js" ]]; then
+        print_error "项目目录不完整"
+        exit 1
+    fi
+
+    print_success "项目已安装: $PROJECT_DIR"
+    echo ""
+}
+
+ssl_load_existing_config() {
+    print_step "读取现有配置..."
+
+    # 从.env读取后端端口
+    if [[ -f "${PROJECT_DIR}/backend/.env" ]]; then
+        BACKEND_PORT=$(grep "^PORT=" "${PROJECT_DIR}/backend/.env" | cut -d'=' -f2 || echo "40001")
+        print_success "后端端口: $BACKEND_PORT"
+    else
+        BACKEND_PORT="40001"
+        print_warning ".env文件不存在，使用默认端口: $BACKEND_PORT"
+    fi
+
+    # 检查现有nginx配置
+    local nginx_conf=""
+    if [[ -f "/etc/nginx/sites-enabled/${PROJECT_NAME}.conf" ]]; then
+        nginx_conf="/etc/nginx/sites-enabled/${PROJECT_NAME}.conf"
+    elif [[ -f "/etc/nginx/conf.d/${PROJECT_NAME}.conf" ]]; then
+        nginx_conf="/etc/nginx/conf.d/${PROJECT_NAME}.conf"
+    elif [[ -f "/www/server/panel/vhost/nginx/${PROJECT_NAME}.conf" ]]; then
+        nginx_conf="/www/server/panel/vhost/nginx/${PROJECT_NAME}.conf"
+    fi
+
+    if [[ -n "$nginx_conf" ]]; then
+        # 读取HTTP端口
+        EXISTING_HTTP_PORT=$(grep "listen" "$nginx_conf" | grep -v "ssl" | grep -v "#" | head -1 | awk '{print $2}' | tr -d ';' || echo "80")
+        HTTP_PORT=${EXISTING_HTTP_PORT:-80}
+
+        # 检查是否有HTTPS配置
+        if grep -q "listen.*ssl" "$nginx_conf"; then
+            EXISTING_HTTPS_PORT=$(grep "listen.*ssl" "$nginx_conf" | head -1 | awk '{print $2}' | tr -d ';' || echo "443")
+            HTTPS_PORT=${EXISTING_HTTPS_PORT:-443}
+            print_info "检测到现有HTTPS配置，端口: $HTTPS_PORT"
+        else
+            HTTPS_PORT="443"
+            print_info "未检测到HTTPS配置，将使用默认端口: 443"
+        fi
+
+        # 读取域名
+        SERVER_NAME=$(grep "server_name" "$nginx_conf" | head -1 | awk '{print $2}' | tr -d ';' || echo "")
+        if [[ -n "$SERVER_NAME" ]] && [[ "$SERVER_NAME" != "_" ]] && [[ "$SERVER_NAME" != "localhost" ]]; then
+            DOMAIN="$SERVER_NAME"
+            USE_DOMAIN=true
+            print_success "检测到域名: $DOMAIN"
+        else
+            USE_DOMAIN=false
+            print_warning "未检测到域名配置"
+        fi
+
+        print_success "HTTP端口: $HTTP_PORT"
+    else
+        print_error "未找到Nginx配置文件"
+        exit 1
+    fi
+
+    echo ""
+}
+
+ssl_configure_domain() {
+    print_step "配置域名"
+    echo ""
+
+    # 如果已有域名，询问是否使用
+    if [[ "$USE_DOMAIN" == "true" ]] && [[ -n "$DOMAIN" ]]; then
+        print_info "检测到现有域名: $DOMAIN"
+        read -p "是否使用此域名? (y/n): " use_existing < /dev/tty
+
+        if [[ "$use_existing" == "y" || "$use_existing" == "Y" ]]; then
+            print_success "使用现有域名: $DOMAIN"
+            echo ""
+            return 0
+        fi
+    fi
+
+    # 输入新域名
+    while true; do
+        read -p "请输入您的域名 (例如: wwy.example.com): " DOMAIN < /dev/tty
+        if [[ -z "$DOMAIN" ]]; then
+            print_error "域名不能为空"
+            continue
+        fi
+
+        # 验证域名格式
+        if [[ ! "$DOMAIN" =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ ]]; then
+            print_error "域名格式不正确"
+            continue
+        fi
+
+        # 验证域名解析
+        print_info "正在验证域名解析..."
+        DOMAIN_IP=$(dig +short "$DOMAIN" 2>/dev/null | tail -n1 || nslookup "$DOMAIN" 2>/dev/null | grep -A1 "Name:" | tail -1 | awk '{print $2}')
+        PUBLIC_IP=$(curl -s ifconfig.me || curl -s icanhazip.com || echo "")
+
+        if [[ -n "$DOMAIN_IP" ]] && [[ "$DOMAIN_IP" == "$PUBLIC_IP" ]]; then
+            print_success "域名已正确解析到当前服务器IP"
+            USE_DOMAIN=true
+            break
+        else
+            print_warning "域名未解析到当前服务器IP"
+            print_info "域名解析IP: ${DOMAIN_IP:-未解析}"
+            print_info "当前服务器IP: $PUBLIC_IP"
+            read -p "是否继续? (y/n): " continue_choice < /dev/tty
+            if [[ "$continue_choice" == "y" || "$continue_choice" == "Y" ]]; then
+                USE_DOMAIN=true
+                break
+            fi
+        fi
+    done
+
+    echo ""
+}
+
+ssl_choose_method() {
+    print_step "选择SSL证书部署方式"
+    echo ""
+    echo -e "${YELLOW}【推荐方案】${NC}"
+    echo -e "${GREEN}[1]${NC} Certbot (Let's Encrypt官方工具)"
+    echo "    - 最稳定可靠，支持自动续期"
+    echo ""
+    echo -e "${YELLOW}【备选方案】${NC}"
+    echo -e "${GREEN}[2]${NC} acme.sh + Let's Encrypt"
+    echo "    - 纯Shell脚本，更轻量级"
+    echo -e "${GREEN}[3]${NC} acme.sh + ZeroSSL"
+    echo "    - Let's Encrypt的免费替代品"
+    echo -e "${GREEN}[4]${NC} acme.sh + Buypass"
+    echo "    - 挪威免费CA，有效期180天"
+    echo ""
+    echo -e "${YELLOW}【云服务商证书】${NC}"
+    echo -e "${GREEN}[5]${NC} 阿里云免费证书 (需提供AccessKey)"
+    echo -e "${GREEN}[6]${NC} 腾讯云免费证书 (需提供SecretKey)"
+    echo ""
+    echo -e "${YELLOW}【其他选项】${NC}"
+    echo -e "${GREEN}[7]${NC} 使用已有证书 (手动上传)"
+    echo -e "${GREEN}[8]${NC} 移除HTTPS配置 (改回HTTP)"
+    echo -e "${GREEN}[0]${NC} 取消操作"
+    echo ""
+
+    while true; do
+        read -p "请输入选项 [0-8]: " ssl_choice < /dev/tty
+        case $ssl_choice in
+            1|2|3|4|5|6|7)
+                SSL_METHOD=$ssl_choice
+                break
+                ;;
+            8)
+                SSL_METHOD=$ssl_choice
+                print_warning "将移除HTTPS配置，改回HTTP模式"
+                read -p "确定要继续吗? (y/n): " confirm_remove < /dev/tty
+                if [[ "$confirm_remove" == "y" || "$confirm_remove" == "Y" ]]; then
+                    break
+                fi
+                ;;
+            0)
+                print_info "已取消操作"
+                exit 0
+                ;;
+            *)
+                print_error "无效选项，请重新选择"
+                ;;
+        esac
+    done
+    echo ""
+}
+
+ssl_deploy_certificate() {
+    print_step "部署SSL证书..."
+
+    # 如果选择移除HTTPS
+    if [[ "$SSL_METHOD" == "8" ]]; then
+        print_info "将移除HTTPS配置..."
+        # 配置为HTTP模式
+        configure_nginx_http
+        return 0
+    fi
+
+    # 部署证书
+    deploy_ssl
+
+    # 检查证书是否部署成功
+    if [[ -f "/etc/nginx/ssl/${DOMAIN}.crt" ]] && [[ -f "/etc/nginx/ssl/${DOMAIN}.key" ]]; then
+        print_success "证书文件已部署"
+    else
+        print_warning "证书文件未找到，将使用HTTP配置"
+        SSL_METHOD="8"
+    fi
+}
+
+ssl_update_nginx_config() {
+    print_step "更新Nginx配置..."
+
+    if [[ "$SSL_METHOD" == "8" ]]; then
+        # HTTP配置
+        configure_nginx_http
+    else
+        # HTTPS配置
+        configure_nginx_https
+    fi
+
+    # 测试nginx配置
+    if ! nginx -t 2>&1; then
+        print_error "Nginx配置测试失败"
+        print_info "请检查配置文件"
+        return 1
+    fi
+
+    print_success "Nginx配置已更新"
+    echo ""
+}
+
+ssl_reload_services() {
+    print_step "重载服务..."
+
+    # 重载Nginx
+    if [[ -d /www/server/nginx ]]; then
+        # 宝塔面板
+        print_info "宝塔环境，重载Nginx..."
+        if [[ -f /www/server/nginx/sbin/nginx ]]; then
+            /www/server/nginx/sbin/nginx -s reload 2>/dev/null
+            if [[ $? -eq 0 ]]; then
+                print_success "Nginx已重载"
+            else
+                /www/server/nginx/sbin/nginx 2>/dev/null
+                print_success "Nginx已启动"
+            fi
+        fi
+        systemctl reload nginx 2>/dev/null || true
+    else
+        # 标准Nginx
+        systemctl reload nginx
+        print_success "Nginx已重载"
+    fi
+
+    # 重启后端服务（更新PUBLIC_PORT配置）
+    if command -v pm2 &> /dev/null; then
+        if pm2 list | grep -q "${PROJECT_NAME}-backend"; then
+            pm2 restart ${PROJECT_NAME}-backend
+            print_success "后端服务已重启"
+        fi
+    fi
+
+    echo ""
+}
+
+ssl_verify_deployment() {
+    print_step "验证部署..."
+
+    # 检查Nginx
+    if [[ -d /www/server/nginx ]]; then
+        if pgrep -x nginx > /dev/null; then
+            print_success "Nginx运行正常"
+        else
+            print_error "Nginx未运行"
+        fi
+    else
+        if systemctl is-active --quiet nginx; then
+            print_success "Nginx运行正常"
+        else
+            print_error "Nginx未运行"
+        fi
+    fi
+
+    # 检查SSL证书
+    if [[ "$SSL_METHOD" != "8" ]]; then
+        if [[ -f "/etc/nginx/ssl/${DOMAIN}.crt" ]]; then
+            print_success "SSL证书已部署: /etc/nginx/ssl/${DOMAIN}.crt"
+
+            # 显示证书信息
+            CERT_EXPIRY=$(openssl x509 -enddate -noout -in "/etc/nginx/ssl/${DOMAIN}.crt" 2>/dev/null | cut -d= -f2)
+            if [[ -n "$CERT_EXPIRY" ]]; then
+                print_info "证书有效期至: $CERT_EXPIRY"
+            fi
+        else
+            print_warning "SSL证书文件未找到"
+        fi
+    fi
+
+    echo ""
+}
+
+print_ssl_completion() {
+    clear
+    echo -e "${GREEN}"
+    echo "╔═══════════════════════════════════════════════════════════════╗"
+    echo "║                                                               ║"
+    echo "║                    ✓ SSL配置完成！                             ║"
+    echo "║                                                               ║"
+    echo "╚═══════════════════════════════════════════════════════════════╝"
+    echo -e "${NC}"
+    echo ""
+
+    # 显示访问地址
+    if [[ "$SSL_METHOD" == "8" ]]; then
+        if [[ "$HTTP_PORT" == "80" ]]; then
+            echo -e "${CYAN}访问地址:${NC} http://${DOMAIN}"
+        else
+            echo -e "${CYAN}访问地址:${NC} http://${DOMAIN}:${HTTP_PORT}"
+        fi
+        echo -e "${YELLOW}模式:${NC} HTTP"
+    else
+        if [[ "$HTTPS_PORT" == "443" ]]; then
+            echo -e "${CYAN}访问地址:${NC} https://${DOMAIN}"
+        else
+            echo -e "${CYAN}访问地址:${NC} https://${DOMAIN}:${HTTPS_PORT}"
+        fi
+        echo -e "${YELLOW}模式:${NC} HTTPS"
+
+        # SSL信息
+        echo ""
+        echo -e "${YELLOW}SSL证书:${NC}"
+        case $SSL_METHOD in
+            1)
+                echo "  方案: Certbot (Let's Encrypt)"
+                echo "  续期: 自动续期已配置"
+                ;;
+            2)
+                echo "  方案: acme.sh + Let's Encrypt"
+                echo "  续期: 自动续期已配置"
+                ;;
+            3)
+                echo "  方案: acme.sh + ZeroSSL"
+                echo "  续期: 自动续期已配置"
+                ;;
+            4)
+                echo "  方案: acme.sh + Buypass"
+                echo "  续期: 自动续期已配置"
+                ;;
+            7)
+                echo "  方案: 手动上传证书"
+                echo "  续期: 需手动更新证书文件"
+                ;;
+        esac
+    fi
+    echo ""
+
+    echo -e "${YELLOW}常用命令:${NC}"
+    echo "  查看证书信息: openssl x509 -text -noout -in /etc/nginx/ssl/${DOMAIN}.crt"
+    echo "  测试HTTPS: curl -I https://${DOMAIN}"
+    echo "  查看Nginx日志: tail -f /var/log/nginx/error.log"
+    echo "  重新配置SSL: bash install.sh --ssl"
+    echo ""
+
+    echo -e "${GREEN}SSL配置完成！${NC}"
+    echo ""
+}
+
+ssl_main() {
+    # 检查root权限
+    check_root
+
+    # 检测操作系统
+    detect_os
+
+    # 确认操作
+    confirm_ssl_operation
+
+    # 检查项目
+    ssl_check_project
+
+    # 读取现有配置
+    ssl_load_existing_config
+
+    # 配置域名
+    if [[ "$USE_DOMAIN" != "true" ]] || [[ -z "$DOMAIN" ]]; then
+        ssl_configure_domain
+    fi
+
+    # 选择SSL方案
+    ssl_choose_method
+
+    # 先配置基础HTTP Nginx（SSL验证需要）
+    configure_nginx_http_first
+
+    # 部署SSL证书
+    ssl_deploy_certificate
+
+    # 更新Nginx配置
+    ssl_update_nginx_config
+
+    # 重载服务
+    ssl_reload_services
+
+    # 验证部署
+    ssl_verify_deployment
+
+    # 完成提示
+    print_ssl_completion
+}
+
 # 执行主流程
 if [[ "$MODE" == "uninstall" ]]; then
     uninstall_main
@@ -3824,6 +4291,8 @@ elif [[ "$MODE" == "update" ]]; then
     update_main
 elif [[ "$MODE" == "repair" ]]; then
     repair_main
+elif [[ "$MODE" == "ssl" ]]; then
+    ssl_main
 else
     main
 fi