skywalking接口爆露出去
This commit is contained in:
孙小云
parent
25e0d5e1d7
commit
b17cf0d3d4
|
|
@ -4,7 +4,6 @@
|
|||
export DOMAIN=bazhong
|
||||
export NETWORK="swarm_network_$DOMAIN"
|
||||
export HOST_IP=127.0.0.1
|
||||
export NGINX_PORT=9988
|
||||
export REGISTRY=registry.t-aaron.com
|
||||
export SKY_DOMAIN=sky-${DOMAIN}.t-aaron.com
|
||||
|
||||
|
|
@ -16,8 +15,8 @@ export REGISTRY_HOST=${REGISTRY}/tuoheng/
|
|||
#Nginx 配置
|
||||
export NGINX_NAME=NGINX_${DOMAIN}
|
||||
export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}
|
||||
export NGINX_HTTP_PORT=80
|
||||
export NGINX_HTTPS_PORT=443
|
||||
export NGINX_HTTP_PORT=8899
|
||||
export NGINX_HTTPS_PORT=2443
|
||||
export NGINX_MEMORY=256m
|
||||
|
||||
#MySql 配置
|
||||
|
|
|
|||
|
|
@ -1,11 +1,18 @@
|
|||
FROM nginx:latest
|
||||
|
||||
# 删除默认的nginx配置
|
||||
RUN rm -rf /etc/nginx/conf.d/vhosts
|
||||
RUN rm -rf /etc/nginx/conf.d/*
|
||||
|
||||
# 复制vhosts配置到nginx配置目录
|
||||
COPY vhosts/ /etc/nginx/conf.d/
|
||||
|
||||
# 复制SSL证书文件到nginx目录
|
||||
COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
|
||||
COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
|
||||
|
||||
# 设置正确的权限
|
||||
RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key
|
||||
|
||||
# 设置时区
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
FROM nginx:latest
|
||||
|
||||
# 删除默认的nginx配置
|
||||
RUN rm -rf /etc/nginx/conf.d/*
|
||||
|
||||
# 复制处理后的vhosts配置到nginx配置目录
|
||||
COPY temp_vhosts/ /etc/nginx/conf.d/
|
||||
|
||||
# 设置时区
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
# 暴露端口
|
||||
EXPOSE 80 443
|
||||
|
||||
# 启动nginx
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
|
|
@ -22,28 +22,19 @@ if [ -z "$(ls -A $TEMP_DIR)" ]; then
|
|||
echo "警告: $TEMP_DIR 目录为空,将使用空配置构建镜像"
|
||||
fi
|
||||
|
||||
# 修改Dockerfile以使用临时目录
|
||||
cat > Dockerfile.nginx.temp << EOF
|
||||
FROM nginx:latest
|
||||
# 检查SSL证书文件是否存在
|
||||
if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
|
||||
echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
|
||||
echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
|
||||
echo "Nginx容器的SSL功能可能无法正常工作"
|
||||
fi
|
||||
|
||||
# 删除默认的nginx配置
|
||||
RUN rm -rf /etc/nginx/conf.d/*
|
||||
|
||||
# 复制处理后的vhosts配置到nginx配置目录
|
||||
COPY ${TEMP_DIR}/ /etc/nginx/conf.d/
|
||||
|
||||
# 设置时区
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
# 暴露端口
|
||||
EXPOSE 80 443
|
||||
|
||||
# 启动nginx
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
EOF
|
||||
# 将替换后的配置文件复制到vhosts目录
|
||||
cp -r $TEMP_DIR/* vhosts/
|
||||
|
||||
# 构建Docker镜像
|
||||
docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx.temp .
|
||||
echo "使用Dockerfile.nginx构建镜像..."
|
||||
docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
|
||||
|
||||
# 检查构建结果
|
||||
if [ $? -eq 0 ]; then
|
||||
|
|
@ -63,9 +54,5 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# 清理临时文件
|
||||
rm -f Dockerfile.nginx.temp
|
||||
# 注意:不删除临时目录,以便用户可以继续检查替换结果
|
||||
# 如果需要清理,可以手动运行: rm -rf $TEMP_DIR
|
||||
|
||||
echo "Nginx镜像构建和推送完成!"
|
||||
echo "Nginx镜像构建和推送完成!"
|
||||
echo "SSL证书已被包含在镜像中,位于/etc/nginx/目录下"
|
||||
|
|
@ -18,4 +18,5 @@ read -p ""
|
|||
|
||||
echo ""
|
||||
echo "步骤2: 构建Nginx镜像..."
|
||||
echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
|
||||
./build_image.sh
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ if [ ! -d "vhosts" ]; then
|
|||
fi
|
||||
|
||||
# 检查vhosts目录中是否有配置文件
|
||||
if [ -z "$(ls -A vhosts)" ]; then
|
||||
echo "警告: vhosts目录为空,没有配置文件需要处理"
|
||||
if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
|
||||
echo "警告: vhosts目录中没有.conf文件,没有配置文件需要处理"
|
||||
fi
|
||||
|
||||
# 创建临时目录
|
||||
|
|
@ -21,8 +21,18 @@ TEMP_DIR="temp_vhosts"
|
|||
rm -rf $TEMP_DIR
|
||||
mkdir -p $TEMP_DIR
|
||||
|
||||
# 处理所有.conf文件,替换环境变量
|
||||
# 处理所有.conf文件,替换环境变量,跳过cert目录
|
||||
for conf_file in vhosts/*.conf; do
|
||||
# 检查文件是否存在(处理无匹配文件的情况)
|
||||
if [ ! -f "$conf_file" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# 跳过cert目录中的文件
|
||||
if [[ "$conf_file" == *"/cert/"* ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
filename=$(basename "$conf_file")
|
||||
echo "处理文件: $filename"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
server_name ${SKY_DOMAIN};
|
||||
server_name sky-bazhong.t-aaron.com;
|
||||
|
||||
# SSL证书配置
|
||||
ssl_certificate /etc/nginx/t-aaron.com.pem;
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://${SKYWALKING_UI_NAME}:8080;
|
||||
proxy_pass http://SKYWALKING_UI_bazhong:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# SSL证书目录
|
||||
|
||||
此目录用于存放Nginx所需的SSL证书文件。
|
||||
|
||||
## 所需文件
|
||||
|
||||
1. `t-aaron.com.pem` - SSL证书文件
|
||||
2. `t-aaron.com.key` - SSL私钥文件
|
||||
|
||||
## 使用方法
|
||||
|
||||
1. 将您的SSL证书文件命名为`t-aaron.com.pem`并放置在此目录下
|
||||
2. 将您的SSL私钥文件命名为`t-aaron.com.key`并放置在此目录下
|
||||
3. 确保文件权限正确设置(建议644权限)
|
||||
|
||||
## 注意事项
|
||||
|
||||
- 这些文件会被挂载到Nginx容器的`/etc/nginx/`目录下
|
||||
- 如果您使用不同的证书名称,请修改`environment.sh`中的`SSL_CERT_FILE`和`SSL_KEY_FILE`变量
|
||||
- 容器将以只读方式挂载这些文件
|
||||
- 如果您没有提供这些文件,脚本会创建空文件以防止挂载错误,但SSL将无法正常工作
|
||||
Loading…
Reference in New Issue