diff --git a/builder/Dockerfile b/builder/Dockerfile new file mode 100644 index 0000000..08a7663 --- /dev/null +++ b/builder/Dockerfile @@ -0,0 +1,22 @@ +# 使用一个基础镜像 +#FROM openjdk:11-jre-slim +FROM tuoheng/centos:base +USER th +# 定义构建参数 +ARG SW_APP_NAME +ARG SW_SKY_AOP +# 设置工作目录 +WORKDIR /data/java/tuoheng +COPY apache-skywalking-java-agent-9.0.0.tgz . +RUN tar -zxvf apache-skywalking-java-agent-9.0.0.tgz +#复制应用程序到容器中 +COPY tuoheng.jar . +# 设置环境变量 +ENV PATH="/usr/java/jdk/bin:${PATH}" +ENV SW_AGENT_COLLECTOR_BACKEND_SERVICES="${SW_SKY_AOP}" \ + SW_AGENT_NAME="${SW_APP_NAME}" +#暴露应用程序的端口 +#EXPOSE 8090 +# 运行应用程序 +ENTRYPOINT ["java", "-Dfile.encoding=UTF-8","-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar","-jar","tuoheng.jar"] + \ No newline at end of file diff --git a/builder/builder.sh b/builder/builder.sh new file mode 100755 index 0000000..2c5cfee --- /dev/null +++ b/builder/builder.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# This script builds the Docker image +# 读取第一个参数 +if [ $# -ne 3 ]; then + echo "错误:调用该脚本时必须传入 3 个参数 分别为服务名 镜像名 包名" + exit 1 +fi +echo "服务名: $1 Image $2 Java包: $3" +rm tuoheng.jar +cp $3 tuoheng.jar +source ../environment.sh +#docker service rm $APP_NAME +sleep 5 +docker container prune -f +sleep 5 +cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agent-9.0.0.tgz +docker image rm $2 +docker build --no-cache \ + --build-arg SW_APP_NAME=$1 \ + --build-arg SW_SKY_AOP=$SKY_AOP \ + -t $2 . # 注意末尾的 `.` 表示当前路径 +docker push $2 \ No newline at end of file diff --git a/builder/gateway.sh b/builder/gateway.sh new file mode 100755 index 0000000..5b96ff7 --- /dev/null +++ b/builder/gateway.sh @@ -0,0 +1,4 @@ +source ../environment.sh +rm $GATEWAY_JAR +cp $GATEWAY_REMOTE_JAR $GATEWAY_JAR +./builder.sh $GATEWAY_NAME $GATEWAY_IMAGE $GATEWAY_JAR \ No newline at end of file diff --git a/builder/oidcadmin.sh b/builder/oidcadmin.sh new file mode 100755 index 0000000..b688c13 --- /dev/null +++ b/builder/oidcadmin.sh @@ -0,0 +1,4 @@ +source ../environment.sh +rm $OIDC_ADMIN_JAR +cp $OIDC_ADMIN_REMOTE_JAR $OIDC_ADMIN_JAR +./builder.sh $OIDC_ADMIN_NAME $OIDC_ADMIN_IMAGE $OIDC_ADMIN_JAR \ No newline at end of file diff --git a/builder/oidcservice.sh b/builder/oidcservice.sh new file mode 100755 index 0000000..3cc012a --- /dev/null +++ b/builder/oidcservice.sh @@ -0,0 +1,4 @@ +source ../environment.sh +rm $OIDC_SERVER_JAR +cp $OIDC_SERVER_REMOTE_JAR $OIDC_SERVER_JAR +./builder.sh $OIDC_SERVER_NAME $OIDC_SERVER_IMAGE $OIDC_SERVER_JAR \ No newline at end of file diff --git a/nginx/temp_vhosts/consul.conf b/nginx/temp_vhosts/consul.conf new file mode 100644 index 0000000..c948825 --- /dev/null +++ b/nginx/temp_vhosts/consul.conf @@ -0,0 +1,21 @@ + +server { + listen 80; + listen 443 ssl; + server_name consul-bazhong.t-aaron.com; + + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + location / { + proxy_pass http://CONSUL_bazhong:8500; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/nginx/temp_vhosts/oidcservice.conf b/nginx/temp_vhosts/oidcservice.conf new file mode 100644 index 0000000..fd755de --- /dev/null +++ b/nginx/temp_vhosts/oidcservice.conf @@ -0,0 +1,23 @@ + server { + listen 80; + listen 443 ssl; + + server_name oidc-bazhong.t-aaron.com; + + # SSL证书配置 + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + + location / { + proxy_pass http://OIDC_SERVER_bazhong:8090; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } diff --git a/nginx/temp_vhosts/xxljob.conf b/nginx/temp_vhosts/xxljob.conf new file mode 100644 index 0000000..a8fc8df --- /dev/null +++ b/nginx/temp_vhosts/xxljob.conf @@ -0,0 +1,21 @@ +server { + listen 80; + listen 443 ssl; + server_name xxljob-bazhong.t-aaron.com; + + # SSL证书配置 + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + location / { + proxy_pass http://XXL_JOB_bazhong:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + diff --git a/nginx/vhosts/consul.conf b/nginx/vhosts/consul.conf index c948825..de3b93c 100644 --- a/nginx/vhosts/consul.conf +++ b/nginx/vhosts/consul.conf @@ -2,7 +2,7 @@ server { listen 80; listen 443 ssl; - server_name consul-bazhong.t-aaron.com; + server_name ${CONSUL_DOMAIN}; ssl_certificate /etc/nginx/t-aaron.com.pem; ssl_certificate_key /etc/nginx/t-aaron.com.key; @@ -12,7 +12,7 @@ server { ssl_prefer_server_ciphers on; location / { - proxy_pass http://CONSUL_bazhong:8500; + proxy_pass http://${CONSUL_NAME}:8500; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/vhosts/oidcservice.conf b/nginx/vhosts/oidcservice.conf index fd755de..a432143 100644 --- a/nginx/vhosts/oidcservice.conf +++ b/nginx/vhosts/oidcservice.conf @@ -2,7 +2,7 @@ listen 80; listen 443 ssl; - server_name oidc-bazhong.t-aaron.com; + server_name ${OIDC_DOMAIN}; # SSL证书配置 ssl_certificate /etc/nginx/t-aaron.com.pem; @@ -14,7 +14,7 @@ location / { - proxy_pass http://OIDC_SERVER_bazhong:8090; + proxy_pass http://${OIDC_SERVER_NAME}:8090; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/vhosts/sky.conf b/nginx/vhosts/sky.conf index 1c3171e..d285800 100644 --- a/nginx/vhosts/sky.conf +++ b/nginx/vhosts/sky.conf @@ -1,7 +1,7 @@ server { listen 80; listen 443 ssl; - server_name sky-bazhong.t-aaron.com; + server_name ${SKYWALKING_UI_DOMAIN}; # SSL证书配置 ssl_certificate /etc/nginx/t-aaron.com.pem; @@ -12,7 +12,7 @@ ssl_prefer_server_ciphers on; location / { - proxy_pass http://SKYWALKING_UI_bazhong:8080; + proxy_pass http://${SKYWALKING_UI_NAME}:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/vhosts/xxljob.conf b/nginx/vhosts/xxljob.conf index a8fc8df..755bcd5 100644 --- a/nginx/vhosts/xxljob.conf +++ b/nginx/vhosts/xxljob.conf @@ -1,7 +1,7 @@ server { listen 80; listen 443 ssl; - server_name xxljob-bazhong.t-aaron.com; + server_name ${XXL_JOB_DOMAIN}; # SSL证书配置 ssl_certificate /etc/nginx/t-aaron.com.pem; @@ -11,7 +11,7 @@ server { ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location / { - proxy_pass http://XXL_JOB_bazhong:8080; + proxy_pass http://${XXL_JOB_NAME}:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/start/gateway/application.yml b/start/gateway/application.yml new file mode 100644 index 0000000..dbe1c49 --- /dev/null +++ b/start/gateway/application.yml @@ -0,0 +1,156 @@ +server: + port: 7011 + main: + allow-bean-definition-overriding: true + web-application-typpse: reactive + +management: + endpoints: + web: + exposure: + include: prometheus,health + metrics: + tags: + application: tuoheng-gateway + +spring: + application: + name: tuoheng-gateway + security: + oauth2: + resource-server: + jwt: + issuer-uri: https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT} + cloud: + consul: + host: ${CONSUL_NAME} # consul 所在服务地址 + port: 8500 # consul 服务端口 + discovery: + enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false,就不需要起consul服务。 + register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false,应用才不会注册注册中心,才可以不起consul服务! + deregister: true #默认true,服务停止时注销服务,即从服务列表中删除。设置成false的话,??? + ## consul ip地址 + hostname: ${CONSUL_NAME} + # 注册到consul的服务名称 + service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字,在consul的调用中,是通过此名字调用的。默认服务名,不要改 + instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID + heartbeat: + enabled: true + prefer-ip-address: true #表示注册时使用IP而不是hostname + health-check-path: /actuator/health #健康检查 + health-check-interval: 10s #配置 Consul 健康检查频率,也就是心跳频率。 + health-check-timeout: 10s #健康检查超时 + gateway: + httpclient: + websocket: + max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB + discovery: + locator: + lowerCaseServiceId: true + enabled: true + # 跨域设置 + globalcors: + add-to-simple-url-handler-mapping: true + cors-configurations: + '[/**]': + allowedOrigins: + - "http://localhost:8001" + allowedMethods: + - "GET" + - "POST" + - "DELETE" + - "PUT" + - "OPTIONS" + allowedHeaders: "*" + allowCredentials: true + maxAge: 360000 + routes: + # 后台管理 + - id: tuoheng-dsp-admin + uri: http://dsp-admin:9014 + predicates: + - Path=/api/admin/** + filters: + - StripPrefix=2 + # 网站服务 + - id: tuoheng-dsp-portal + uri: http://dsp-portal:9017 + predicates: + - Path=/api/portal/** + filters: + - StripPrefix=2 + # DSP小程序服务 + - id: tuoheng-dsp-miniprogram + uri: http://dsp-mini:9016 + predicates: + - Path=/api/miniprogram/** + filters: + - StripPrefix=2 + # DSP api服务 + - id: tuoheng-dsp-api + uri: http://dsp-api:9015 + predicates: + - Path=/api/web/** + filters: + - StripPrefix=2 + # DSP 巡检云 + - id: tuoheng-dsp-inspection + uri: http://dsp-inspection:9018 + predicates: + - Path=/api/inspection/** + filters: + - StripPrefix=2 + # hhz admin服务 + - id: tuoheng-hhz-admin + uri: http://hhz-admin:9055 + predicates: + - Path=/hhz/admin/** + filters: + - StripPrefix=2 + # hhz 小程序服务 + - id: tuoheng-hhz-api + uri: http://hhz-api:9056 + predicates: + - Path=/hhz/api/** + filters: + - StripPrefix=2 + # Redis数据源 + redis: + # 缓存库默认索引0 + database: 0 + # Redis服务器地址 + host: ${REDIS_NAME} + # Redis服务器连接端口 + port: 6379 + # Redis服务器连接密码(默认为空) + password: + # 连接超时时间(毫秒) + timeout: 6000 + # 默认的数据过期时间,主要用于shiro权限管理 + expire: 2592000 + jedis: + pool: + max-active: 1000 # 连接池最大连接数(使用负值表示没有限制) + max-wait: -1 # 连接池最大阻塞等待时间(使用负值表示没有限制) + max-idle: 10 # 连接池中的最大空闲连接 + min-idle: 1 # 连接池中的最小空闲连接 +#security放行白名单配置 +security: + ignore: + permitUrls: /api/system/demo/msg + oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList + +# 获取 apiUrl 可访问的 roleIdList +tuoheng: + hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList + airport-admin-perUrl: http://airport:9060/permission/getRoleIdList + freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList + waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList + airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList + weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList + telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList + alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList + spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList + digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList + dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList + lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList \ No newline at end of file diff --git a/start/gateway/replace_vars.sh b/start/gateway/replace_vars.sh new file mode 100755 index 0000000..54a9f87 --- /dev/null +++ b/start/gateway/replace_vars.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# 确保在脚本所在目录执行 +cd "$(dirname "$0")" +SCRIPT_DIR="$(pwd)" +echo "当前工作目录: $SCRIPT_DIR" + +# 获取项目根目录 +ROOT_DIR="$(cd ../.. && pwd)" +echo "项目根目录: $ROOT_DIR" + +# 加载环境变量 +source "$ROOT_DIR/environment.sh" + +echo "开始替换Gateway配置文件中的环境变量..." + +# 定义源配置文件和目标目录 +SOURCE_FILE="$SCRIPT_DIR/application.yml" +TEMP_DIR="$SCRIPT_DIR/temp" +TARGET_FILE="$TEMP_DIR/application.yml" + +# 检查源配置文件是否存在 +if [ ! -f "$SOURCE_FILE" ]; then + echo "错误: 配置文件 $SOURCE_FILE 不存在!" + exit 1 +fi + +# 创建临时目录 +rm -rf "$TEMP_DIR" +mkdir -p "$TEMP_DIR" + +echo "处理文件: application.yml" + +# 读取原始文件内容 +content=$(cat "$SOURCE_FILE") + +# 获取environment.sh中所有环境变量 +env_vars=$(grep -E "^export [A-Z_]+" "$ROOT_DIR/environment.sh" | sed 's/export //') + +# 逐个替换环境变量 +for var in $env_vars; do + var_name=$(echo $var | cut -d= -f1) + var_value=${!var_name} + if [ ! -z "$var_value" ]; then + # 使用简单的变量替换方法 + pattern="\\\${$var_name}" + echo " 替换变量: ${pattern} -> $var_value" + content=$(echo "$content" | sed "s|${pattern}|$var_value|g") + fi +done + +# 写入处理后的内容到目标文件 +echo "$content" > "$TARGET_FILE" + +echo "环境变量替换完成! 替换后的文件位于 $TARGET_FILE" +echo "此文件将在启动Gateway容器时使用" diff --git a/start/gateway/start.sh b/start/gateway/start.sh new file mode 100755 index 0000000..7e5e587 --- /dev/null +++ b/start/gateway/start.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +# 确保在脚本所在目录执行 +cd "$(dirname "$0")" +SCRIPT_DIR="$(pwd)" +echo "当前工作目录: $SCRIPT_DIR" + +# 获取项目根目录 +ROOT_DIR="$(cd ../.. && pwd)" +echo "项目根目录: $ROOT_DIR" + +# 加载环境变量 +source "$ROOT_DIR/environment.sh" +echo "已加载环境变量" + +# 执行变量替换脚本 +echo "开始替换环境变量..." +bash "$SCRIPT_DIR/replace_vars.sh" + +# 检查替换是否成功 +if [ ! -f "$SCRIPT_DIR/temp/application.yml" ]; then + echo "错误: 替换后的配置文件不存在: $SCRIPT_DIR/temp/application.yml" + exit 1 +fi + +echo "配置文件替换成功,准备启动Gateway容器..." + +# 先停止和删除现有容器 +if docker ps -a | grep -q ${GATEWAY_NAME}; then + echo "停止并删除已存在的 ${GATEWAY_NAME} 容器..." + docker stop ${GATEWAY_NAME} >/dev/null 2>&1 + docker rm ${GATEWAY_NAME} >/dev/null 2>&1 +fi + +# 启动Gateway容器 +echo "正在启动 ${GATEWAY_NAME} 容器..." +docker run --pull always -d \ + --name ${GATEWAY_NAME} \ + --network ${NETWORK} \ + --env TZ=Asia/Shanghai \ + --env SPRING_CONFIG_LOCATION=file:/data/java/tuoheng/application.yml \ + --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \ + --mount type=bind,source="$SCRIPT_DIR/temp/application.yml",target=/data/java/tuoheng/application.yml,readonly \ + --memory ${GATEWAY_MEMORY} \ + --restart unless-stopped \ + ${GATEWAY_IMAGE} + +# 检查启动结果 +if [ $? -eq 0 ]; then + echo "Gateway服务已成功启动" + docker ps | grep ${GATEWAY_NAME} +else + echo "Gateway服务启动失败,请检查日志" + docker logs ${GATEWAY_NAME} +fi \ No newline at end of file diff --git a/start/gateway/temp/application.yml b/start/gateway/temp/application.yml new file mode 100644 index 0000000..b295268 --- /dev/null +++ b/start/gateway/temp/application.yml @@ -0,0 +1,156 @@ +server: + port: 7011 + main: + allow-bean-definition-overriding: true + web-application-typpse: reactive + +management: + endpoints: + web: + exposure: + include: prometheus,health + metrics: + tags: + application: tuoheng-gateway + +spring: + application: + name: tuoheng-gateway + security: + oauth2: + resource-server: + jwt: + issuer-uri: https://oidc-bazhong.t-aaron.com:2443 + cloud: + consul: + host: CONSUL_bazhong # consul 所在服务地址 + port: 8500 # consul 服务端口 + discovery: + enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false,就不需要起consul服务。 + register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false,应用才不会注册注册中心,才可以不起consul服务! + deregister: true #默认true,服务停止时注销服务,即从服务列表中删除。设置成false的话,??? + ## consul ip地址 + hostname: CONSUL_bazhong + # 注册到consul的服务名称 + service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字,在consul的调用中,是通过此名字调用的。默认服务名,不要改 + instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID + heartbeat: + enabled: true + prefer-ip-address: true #表示注册时使用IP而不是hostname + health-check-path: /actuator/health #健康检查 + health-check-interval: 10s #配置 Consul 健康检查频率,也就是心跳频率。 + health-check-timeout: 10s #健康检查超时 + gateway: + httpclient: + websocket: + max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB + discovery: + locator: + lowerCaseServiceId: true + enabled: true + # 跨域设置 + globalcors: + add-to-simple-url-handler-mapping: true + cors-configurations: + '[/**]': + allowedOrigins: + - "http://localhost:8001" + allowedMethods: + - "GET" + - "POST" + - "DELETE" + - "PUT" + - "OPTIONS" + allowedHeaders: "*" + allowCredentials: true + maxAge: 360000 + routes: + # 后台管理 + - id: tuoheng-dsp-admin + uri: http://dsp-admin:9014 + predicates: + - Path=/api/admin/** + filters: + - StripPrefix=2 + # 网站服务 + - id: tuoheng-dsp-portal + uri: http://dsp-portal:9017 + predicates: + - Path=/api/portal/** + filters: + - StripPrefix=2 + # DSP小程序服务 + - id: tuoheng-dsp-miniprogram + uri: http://dsp-mini:9016 + predicates: + - Path=/api/miniprogram/** + filters: + - StripPrefix=2 + # DSP api服务 + - id: tuoheng-dsp-api + uri: http://dsp-api:9015 + predicates: + - Path=/api/web/** + filters: + - StripPrefix=2 + # DSP 巡检云 + - id: tuoheng-dsp-inspection + uri: http://dsp-inspection:9018 + predicates: + - Path=/api/inspection/** + filters: + - StripPrefix=2 + # hhz admin服务 + - id: tuoheng-hhz-admin + uri: http://hhz-admin:9055 + predicates: + - Path=/hhz/admin/** + filters: + - StripPrefix=2 + # hhz 小程序服务 + - id: tuoheng-hhz-api + uri: http://hhz-api:9056 + predicates: + - Path=/hhz/api/** + filters: + - StripPrefix=2 + # Redis数据源 + redis: + # 缓存库默认索引0 + database: 0 + # Redis服务器地址 + host: REDIS_bazhong + # Redis服务器连接端口 + port: 6379 + # Redis服务器连接密码(默认为空) + password: + # 连接超时时间(毫秒) + timeout: 6000 + # 默认的数据过期时间,主要用于shiro权限管理 + expire: 2592000 + jedis: + pool: + max-active: 1000 # 连接池最大连接数(使用负值表示没有限制) + max-wait: -1 # 连接池最大阻塞等待时间(使用负值表示没有限制) + max-idle: 10 # 连接池中的最大空闲连接 + min-idle: 1 # 连接池中的最小空闲连接 +#security放行白名单配置 +security: + ignore: + permitUrls: /api/system/demo/msg + oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList + +# 获取 apiUrl 可访问的 roleIdList +tuoheng: + hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList + airport-admin-perUrl: http://airport:9060/permission/getRoleIdList + freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList + waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList + airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList + weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList + telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList + alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList + spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList + digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList + dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList + lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList diff --git a/start/nginx.sh b/start/nginx.sh new file mode 100755 index 0000000..2dcf8d7 --- /dev/null +++ b/start/nginx.sh @@ -0,0 +1,23 @@ +#!/bin/bash +source ../environment.sh + +# 检查并停止/删除已存在的容器 +if docker ps -a | grep -q ${NGINX_NAME}; then + echo "停止并删除已存在的 ${NGINX_NAME} 容器..." + docker stop ${NGINX_NAME} >/dev/null 2>&1 + docker rm ${NGINX_NAME} >/dev/null 2>&1 +fi + +# 启动Nginx容器 +docker run --pull always -d \ +--name ${NGINX_NAME} \ +--network ${NETWORK} \ +-p ${NGINX_HTTP_PORT}:80 \ +-p ${NGINX_HTTPS_PORT}:443 \ +--env TZ=Asia/Shanghai \ +--memory ${NGINX_MEMORY} \ +--restart unless-stopped \ +${NGINX_IMAGE} + +# 显示运行中的容器 +docker ps \ No newline at end of file diff --git a/start/oidcadmin.sh b/start/oidcadmin.sh new file mode 100755 index 0000000..2e7a8c0 --- /dev/null +++ b/start/oidcadmin.sh @@ -0,0 +1,29 @@ +source ../environment.sh + + +if docker ps -a | grep -q ${OIDC_ADMIN_NAME}; then + echo "停止并删除已存在的 OIDC_ADMIN_NAME 容器..." + docker stop ${OIDC_ADMIN_NAME} >/dev/null 2>&1 + docker rm ${OIDC_ADMIN_NAME} >/dev/null 2>&1 +fi + + +docker run --pull always -d \ +--name ${OIDC_ADMIN_NAME} \ +--network ${NETWORK} \ +--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \ +--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \ +--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_ADMIN_NAME} \ +--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \ +--env XXL_ENABLE=false \ +--env SPRING_REDIS_HOST=${REDIS_NAME} \ +--env SPRING_REDIS_PORT=6379 \ +--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \ +--env SPRING_DATASOURCE_USERNAME=root \ +--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \ +--env TZ=Asia/Shanghai \ +--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \ +--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \ +--memory ${OIDC_ADMIN_MEMORY} \ +--restart unless-stopped \ +${OIDC_ADMIN_IMAGE} \ No newline at end of file diff --git a/start/oidcservice.sh b/start/oidcservice.sh new file mode 100755 index 0000000..2962158 --- /dev/null +++ b/start/oidcservice.sh @@ -0,0 +1,29 @@ +source ../environment.sh + + +if docker ps -a | grep -q ${OIDC_SERVER_NAME}; then + echo "停止并删除已存在的 OIDC_SERVER_NAME 容器..." + docker stop ${OIDC_SERVER_NAME} >/dev/null 2>&1 + docker rm ${OIDC_SERVER_NAME} >/dev/null 2>&1 +fi + + +docker run --pull always -d \ +--name ${OIDC_SERVER_NAME} \ +--network ${NETWORK} \ +--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \ +--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \ +--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_SERVER_NAME} \ +--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \ +--env XXL_ENABLE=false \ +--env SPRING_REDIS_HOST=${REDIS_NAME} \ +--env SPRING_REDIS_PORT=6379 \ +--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \ +--env SPRING_DATASOURCE_USERNAME=root \ +--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \ +--env TZ=Asia/Shanghai \ +--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \ +--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \ +--memory ${OIDC_SERVER_MEMORY} \ +--restart unless-stopped \ +${OIDC_SERVER_IMAGE} \ No newline at end of file