From b17cf0d3d409c0d37035fde95618152ca52add56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= Date: Thu, 15 May 2025 14:21:50 +0800 Subject: [PATCH] =?UTF-8?q?skywalking=E6=8E=A5=E5=8F=A3=E7=88=86=E9=9C=B2?= =?UTF-8?q?=E5=87=BA=E5=8E=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- environment.sh | 5 ++--- nginx/Dockerfile.nginx | 9 ++++++++- nginx/Dockerfile.nginx.temp | 16 ---------------- nginx/build_image.sh | 37 ++++++++++++------------------------- nginx/nginxbuilder.sh | 1 + nginx/replace_vars.sh | 16 +++++++++++++--- nginx/vhosts/sky.conf | 4 ++-- nginx/vhosts/upstream.conf | 1 + server/certs/README.md | 21 --------------------- 9 files changed, 39 insertions(+), 71 deletions(-) delete mode 100644 nginx/Dockerfile.nginx.temp delete mode 100644 server/certs/README.md diff --git a/environment.sh b/environment.sh index 028438d..f0d0cdb 100644 --- a/environment.sh +++ b/environment.sh @@ -4,7 +4,6 @@ export DOMAIN=bazhong export NETWORK="swarm_network_$DOMAIN" export HOST_IP=127.0.0.1 -export NGINX_PORT=9988 export REGISTRY=registry.t-aaron.com export SKY_DOMAIN=sky-${DOMAIN}.t-aaron.com @@ -16,8 +15,8 @@ export REGISTRY_HOST=${REGISTRY}/tuoheng/ #Nginx 配置 export NGINX_NAME=NGINX_${DOMAIN} export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN} -export NGINX_HTTP_PORT=80 -export NGINX_HTTPS_PORT=443 +export NGINX_HTTP_PORT=8899 +export NGINX_HTTPS_PORT=2443 export NGINX_MEMORY=256m #MySql 配置 diff --git a/nginx/Dockerfile.nginx b/nginx/Dockerfile.nginx index e17a375..27971e5 100644 --- a/nginx/Dockerfile.nginx +++ b/nginx/Dockerfile.nginx @@ -1,11 +1,18 @@ FROM nginx:latest # 删除默认的nginx配置 -RUN rm -rf /etc/nginx/conf.d/vhosts +RUN rm -rf /etc/nginx/conf.d/* # 复制vhosts配置到nginx配置目录 COPY vhosts/ /etc/nginx/conf.d/ +# 复制SSL证书文件到nginx目录 +COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem +COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key + +# 设置正确的权限 +RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key + # 设置时区 ENV TZ=Asia/Shanghai diff --git a/nginx/Dockerfile.nginx.temp b/nginx/Dockerfile.nginx.temp deleted file mode 100644 index fe77843..0000000 --- a/nginx/Dockerfile.nginx.temp +++ /dev/null @@ -1,16 +0,0 @@ -FROM nginx:latest - -# 删除默认的nginx配置 -RUN rm -rf /etc/nginx/conf.d/* - -# 复制处理后的vhosts配置到nginx配置目录 -COPY temp_vhosts/ /etc/nginx/conf.d/ - -# 设置时区 -ENV TZ=Asia/Shanghai - -# 暴露端口 -EXPOSE 80 443 - -# 启动nginx -CMD ["nginx", "-g", "daemon off;"] diff --git a/nginx/build_image.sh b/nginx/build_image.sh index 299afc2..75c652b 100755 --- a/nginx/build_image.sh +++ b/nginx/build_image.sh @@ -22,28 +22,19 @@ if [ -z "$(ls -A $TEMP_DIR)" ]; then echo "警告: $TEMP_DIR 目录为空,将使用空配置构建镜像" fi -# 修改Dockerfile以使用临时目录 -cat > Dockerfile.nginx.temp << EOF -FROM nginx:latest +# 检查SSL证书文件是否存在 +if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then + echo "警告: SSL证书文件不存在于vhosts/cert/目录中" + echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key" + echo "Nginx容器的SSL功能可能无法正常工作" +fi -# 删除默认的nginx配置 -RUN rm -rf /etc/nginx/conf.d/* - -# 复制处理后的vhosts配置到nginx配置目录 -COPY ${TEMP_DIR}/ /etc/nginx/conf.d/ - -# 设置时区 -ENV TZ=Asia/Shanghai - -# 暴露端口 -EXPOSE 80 443 - -# 启动nginx -CMD ["nginx", "-g", "daemon off;"] -EOF +# 将替换后的配置文件复制到vhosts目录 +cp -r $TEMP_DIR/* vhosts/ # 构建Docker镜像 -docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx.temp . +echo "使用Dockerfile.nginx构建镜像..." +docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx . # 检查构建结果 if [ $? -eq 0 ]; then @@ -63,9 +54,5 @@ else exit 1 fi -# 清理临时文件 -rm -f Dockerfile.nginx.temp -# 注意:不删除临时目录,以便用户可以继续检查替换结果 -# 如果需要清理,可以手动运行: rm -rf $TEMP_DIR - -echo "Nginx镜像构建和推送完成!" \ No newline at end of file +echo "Nginx镜像构建和推送完成!" +echo "SSL证书已被包含在镜像中,位于/etc/nginx/目录下" \ No newline at end of file diff --git a/nginx/nginxbuilder.sh b/nginx/nginxbuilder.sh index 977cd34..d9e5113 100755 --- a/nginx/nginxbuilder.sh +++ b/nginx/nginxbuilder.sh @@ -18,4 +18,5 @@ read -p "" echo "" echo "步骤2: 构建Nginx镜像..." +echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录" ./build_image.sh diff --git a/nginx/replace_vars.sh b/nginx/replace_vars.sh index e08d90f..4f294ef 100755 --- a/nginx/replace_vars.sh +++ b/nginx/replace_vars.sh @@ -12,8 +12,8 @@ if [ ! -d "vhosts" ]; then fi # 检查vhosts目录中是否有配置文件 -if [ -z "$(ls -A vhosts)" ]; then - echo "警告: vhosts目录为空,没有配置文件需要处理" +if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then + echo "警告: vhosts目录中没有.conf文件,没有配置文件需要处理" fi # 创建临时目录 @@ -21,8 +21,18 @@ TEMP_DIR="temp_vhosts" rm -rf $TEMP_DIR mkdir -p $TEMP_DIR -# 处理所有.conf文件,替换环境变量 +# 处理所有.conf文件,替换环境变量,跳过cert目录 for conf_file in vhosts/*.conf; do + # 检查文件是否存在(处理无匹配文件的情况) + if [ ! -f "$conf_file" ]; then + continue + fi + + # 跳过cert目录中的文件 + if [[ "$conf_file" == *"/cert/"* ]]; then + continue + fi + filename=$(basename "$conf_file") echo "处理文件: $filename" diff --git a/nginx/vhosts/sky.conf b/nginx/vhosts/sky.conf index cd19c3d..1c3171e 100644 --- a/nginx/vhosts/sky.conf +++ b/nginx/vhosts/sky.conf @@ -1,7 +1,7 @@ server { listen 80; listen 443 ssl; - server_name ${SKY_DOMAIN}; + server_name sky-bazhong.t-aaron.com; # SSL证书配置 ssl_certificate /etc/nginx/t-aaron.com.pem; @@ -12,7 +12,7 @@ ssl_prefer_server_ciphers on; location / { - proxy_pass http://${SKYWALKING_UI_NAME}:8080; + proxy_pass http://SKYWALKING_UI_bazhong:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/vhosts/upstream.conf b/nginx/vhosts/upstream.conf index e69de29..8b13789 100644 --- a/nginx/vhosts/upstream.conf +++ b/nginx/vhosts/upstream.conf @@ -0,0 +1 @@ + diff --git a/server/certs/README.md b/server/certs/README.md deleted file mode 100644 index d74ea84..0000000 --- a/server/certs/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# SSL证书目录 - -此目录用于存放Nginx所需的SSL证书文件。 - -## 所需文件 - -1. `t-aaron.com.pem` - SSL证书文件 -2. `t-aaron.com.key` - SSL私钥文件 - -## 使用方法 - -1. 将您的SSL证书文件命名为`t-aaron.com.pem`并放置在此目录下 -2. 将您的SSL私钥文件命名为`t-aaron.com.key`并放置在此目录下 -3. 确保文件权限正确设置(建议644权限) - -## 注意事项 - -- 这些文件会被挂载到Nginx容器的`/etc/nginx/`目录下 -- 如果您使用不同的证书名称,请修改`environment.sh`中的`SSL_CERT_FILE`和`SSL_KEY_FILE`变量 -- 容器将以只读方式挂载这些文件 -- 如果您没有提供这些文件,脚本会创建空文件以防止挂载错误,但SSL将无法正常工作 \ No newline at end of file