sunpeng
/
docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

添加nginx动态配置

This commit is contained in:
孙小云 2025-05-15 13:40:19 +08:00
parent e073113eb3
commit 48f65edffc
16 changed files with 181 additions and 499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nginx/Dockerfile.nginx Normal file
View File

@ -0,0 +1,16 @@
FROM nginx:latest
# 删除默认的nginx配置
RUN rm -rf /etc/nginx/conf.d/vhosts
# 复制vhosts配置到nginx配置目录
COPY vhosts/ /etc/nginx/conf.d/
# 设置时区
ENV TZ=Asia/Shanghai
# 暴露端口
EXPOSE 80 443
# 启动nginx
CMD ["nginx", "-g", "daemon off;"]

71
nginx/build_image.sh Executable file
View File

@ -0,0 +1,71 @@
#!/bin/bash
# 加载环境变量
source ../environment.sh
# 设置Nginx镜像名称如果环境变量中未定义
if [ -z "${NGINX_IMAGE}" ]; then
export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
fi
echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
# 检查临时目录是否存在
TEMP_DIR="temp_vhosts"
if [ ! -d "$TEMP_DIR" ]; then
echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
exit 1
fi
# 检查临时目录中是否有配置文件
if [ -z "$(ls -A $TEMP_DIR)" ]; then
echo "警告: $TEMP_DIR 目录为空,将使用空配置构建镜像"
fi
# 修改Dockerfile以使用临时目录
cat > Dockerfile.nginx.temp << EOF
FROM nginx:latest
# 删除默认的nginx配置
RUN rm -rf /etc/nginx/conf.d/*
# 复制处理后的vhosts配置到nginx配置目录
COPY ${TEMP_DIR}/ /etc/nginx/conf.d/
# 设置时区
ENV TZ=Asia/Shanghai
# 暴露端口
EXPOSE 80 443
# 启动nginx
CMD ["nginx", "-g", "daemon off;"]
EOF
# 构建Docker镜像
docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx.temp .
# 检查构建结果
if [ $? -eq 0 ]; then
echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
# 推送到镜像仓库(如果需要)
echo "推送镜像到仓库: ${NGINX_IMAGE}"
docker push ${NGINX_IMAGE}
if [ $? -eq 0 ]; then
echo "镜像推送成功!"
else
echo "警告: 镜像推送失败!"
fi
else
echo "错误: Nginx镜像构建失败!"
exit 1
fi
# 清理临时文件
rm -f Dockerfile.nginx.temp
# 注意:不删除临时目录,以便用户可以继续检查替换结果
# 如果需要清理,可以手动运行: rm -rf $TEMP_DIR
echo "Nginx镜像构建和推送完成!"

21
nginx/nginxbuilder.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# 这个脚本现在只是一个包装器,调用两个新脚本
echo "步骤1: 替换配置文件中的环境变量..."
./replace_vars.sh
# 检查替换结果是否成功
if [ $? -ne 0 ]; then
echo "错误: 变量替换失败,中止构建"
exit 1
fi
echo ""
echo "变量替换已完成,请检查 temp_vhosts/ 目录中的文件"
echo "确认替换结果无误后按回车键继续构建镜像或按Ctrl+C取消"
read -p ""
echo ""
echo "步骤2: 构建Nginx镜像..."
./build_image.sh

50
nginx/replace_vars.sh Executable file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# 加载环境变量
source ../environment.sh
echo "开始替换配置文件中的环境变量..."
# 检查vhosts目录是否存在
if [ ! -d "vhosts" ]; then
echo "错误: vhosts目录不存在!"
exit 1
fi
# 检查vhosts目录中是否有配置文件
if [ -z "$(ls -A vhosts)" ]; then
echo "警告: vhosts目录为空没有配置文件需要处理"
fi
# 创建临时目录
TEMP_DIR="temp_vhosts"
rm -rf $TEMP_DIR
mkdir -p $TEMP_DIR
# 处理所有.conf文件替换环境变量
for conf_file in vhosts/*.conf; do
filename=$(basename "$conf_file")
echo "处理文件: $filename"
# 复制原始文件到临时目录
cp "$conf_file" "$TEMP_DIR/$filename"
# 获取environment.sh中所有环境变量
env_vars=$(grep -E "^export [A-Z_]+" ../environment.sh | sed 's/export //')
# 使用envsubst命令替换变量(同时兼容Linux和Mac)
# 创建环境变量列表用于envsubst
env_list=""
for var in $env_vars; do
var_name=$(echo $var | cut -d= -f1)
env_list="$env_list \${$var_name}"
done
# 使用envsubst进行替换
cat "$conf_file" | envsubst "$env_list" > "$TEMP_DIR/$filename"
echo " 文件处理完成: $filename"
done
echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
echo "请检查替换结果,确认无误后运行 build_image.sh 构建镜像"

21
nginx/temp_vhosts/sky.conf Normal file
View File

@ -0,0 +1,21 @@
server {
listen 80;
listen 443 ssl;
server_name sky-bazhong.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://SKYWALKING_UI_bazhong:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

0
nginx/temp_vhosts/upstream.conf Normal file
View File

50
nginx/vhosts/airport.conf
View File

@ -1,50 +0,0 @@
server
{
listen 80;
listen 7009;
listen 443 ssl;
server_name airport-prod-software.t-aaron.com airport.t-aaron.com;
root /data/tuoheng_airport_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /airport {
proxy_pass http://gatewayService/airport;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /permission {
proxy_pass http://tuoheng_airport/permission;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

53
nginx/vhosts/business.conf
View File

@ -1,53 +0,0 @@
server
{
listen 80;
listen 443 ssl;
server_name business.t-aaron.com;
root /data/tuoheng_business_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location / {
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ /index.html last;
}
location /permission {
proxy_pass http://tuoheng_business_admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /business-mini {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /business {
proxy_pass http://gatewayService/business;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

24
nginx/vhosts/consul.conf
View File

@ -1,24 +0,0 @@
upstream consulService{
server 127.0.0.1:8500;
}
server {
listen 80;
listen 443 ssl;
server_name consul-prod-software.t-aaron.com;
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://consulService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

171
nginx/vhosts/dsp.conf
View File

@ -1,171 +0,0 @@
server
{
listen 80;
listen 443 ssl;
server_name dsp-admin.t-aaron.com;
root /data/dsp_admin_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /api {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
listen 443 ssl;
server_name dsp-portal.t-aaron.com;
root /data/dsp_portal_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /api {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
listen 443 ssl;
server_name dsp-miniprogram.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /api {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server
{
listen 80;
listen 443 ssl;
server_name dsp-inspection.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /api {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

65
nginx/vhosts/hhz.conf
View File

@ -1,65 +0,0 @@
server
{
listen 80;
listen 443 ssl;
server_name hhz.t-aaron.com hhztest.t-aaron.com;
root /data/tuoheng_hhz_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml application/octet-stream application/msword;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
charset UTF-8;
proxy_send_timeout 150s; # 设置发送超时时间,
proxy_read_timeout 150s; # 设置读取超时时间。
location / {
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ /index.html last;
}
#location /api {
# proxy_pass http://127.0.0.1:9055/api;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#}
location /permission {
proxy_pass http://tuoheng_hhz_admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /wxapp {
proxy_pass http://tuoheng_hhz_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /hhz {
proxy_pass http://gatewayService/hhz;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

40
nginx/vhosts/oidc-web.conf
View File

@ -1,40 +0,0 @@
server
{
listen 80;
listen 443 ssl;
server_name oidc-web.t-aaron.com;
root /data/tuoheng_oidc_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /oidc {
proxy_pass http://gatewayService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

24
nginx/vhosts/oidc.conf
View File

@ -1,24 +0,0 @@
server {
listen 80;
listen 9988;
listen 443 ssl;
server_name oidc.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8595;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

4
nginx/vhosts/sky.conf
View File

@ -1,7 +1,7 @@
server { server {
listen 80; listen 80;
listen 443 ssl; listen 443 ssl;
server_name sky-prod-software.t-aaron.com; server_name ${SKY_DOMAIN};
# SSL证书配置 # SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem; ssl_certificate /etc/nginx/t-aaron.com.pem;
@ -12,7 +12,7 @@
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
location / { location / {
proxy_pass http://127.0.0.1:8093; proxy_pass http://${SKYWALKING_UI_NAME}:8080;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

46
nginx/vhosts/upstream.conf
View File

@ -1,46 +0,0 @@
upstream gatewayService {
server 172.16.1.42:7011;
}
upstream tuoheng_oidc{
server 172.16.1.42:8090;
}
upstream tuoheng_airport {
server 172.16.1.42:9060;
}
upstream tuoheng_business_admin {
server 172.16.1.42:9260;
}
upstream tuoheng_hhz_admin {
server 172.16.1.42:9055;
}
upstream tuoheng_freeway_admin {
server 172.16.1.42:9117;
}
upstream tuoheng_hhz_api {
server 172.16.1.42:9056;
}
upstream tuoheng_telecomumale_admin {
server 172.16.1.42:9150;
}
upstream tuoheng_qmhh_api {
server 172.16.1.42:9061;
}
upstream tuoheng_airmonitor_admin {
server 172.16.1.41:9130;
}
upstream tuoheng_weptsp_admin {
server 172.16.1.41:9140;
}
upstream tuoheng_alert_admin {
server 172.16.1.41:9160;
}
upstream tuoheng_waterway_admin {
server 172.16.1.41:9120;
}
upstream tuoheng_spacetime_admin {
server 172.16.1.41:9170;
}

24
nginx/vhosts/xxljob.conf
View File

@ -1,24 +0,0 @@
upstream xxljobService{
server 127.0.0.1:8181;
}
server {
listen 80;
listen 443 ssl;
server_name xxljob-prod-software.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://xxljobService;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}