From bfbced2af2b09358f3ca6dd5ec4e6b4437ba8dbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= <sunpengchina85@gmail.com>
Date: Mon, 19 May 2025 09:54:30 +0800
Subject: [PATCH] xxx

---
 environment.sh                |  4 ++--
 nginx/vhosts/oidcservice.conf | 30 ++++++++++++++++--------------
 start/oidcservice.sh          |  3 +++
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/environment.sh b/environment.sh
index 8bf2f73..7f65e29 100644
--- a/environment.sh
+++ b/environment.sh
@@ -149,8 +149,8 @@ export AIRPORT_IMAGE=${REGISTRY_HOST}airport:${DOMAIN}
 export AIRPORT_JAR=tuoheng_airport_admin.jar
 export AIRPORT_REMOTE_JAR=/home/th/workspace/jndsj/jar/airport/${AIRPORT_JAR}
 export AIRPORT_MEMORY=512m
-export AIRPORT_WEB_DIST=/home/th/workspace/jndsj/web/tuoheng_airport_web/dist
-
+#export AIRPORT_WEB_DIST=/home/th/workspace/jndsj/web/tuoheng_airport_web/dist
+export AIRPORT_WEB_DIST=/Users/sunpeng/workspace/remote/docker/tuoheng_airport_web/dist
 
 export BUSINESS_NAME=BUSINESS${DOMAIN}
 export BUSINESS_IMAGE=${REGISTRY_HOST}business:${DOMAIN}
diff --git a/nginx/vhosts/oidcservice.conf b/nginx/vhosts/oidcservice.conf
index fc1d80b..e2fb45c 100644
--- a/nginx/vhosts/oidcservice.conf
+++ b/nginx/vhosts/oidcservice.conf
@@ -1,22 +1,24 @@
- server {
-     listen 80;
-     listen 443 ssl;
-     server_name ${OIDC_SERVER_DOMAIN};
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
 
-     # SSL证书配置
-     ssl_certificate /etc/nginx/t-aaron.com.pem;
-     ssl_certificate_key /etc/nginx/t-aaron.com.key;
-     ssl_session_timeout 5m;
-     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_prefer_server_ciphers on;
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
 
-
-     location / {
+    location / {
         proxy_pass http://${OIDC_SERVER_NAME}:8090;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT};
     }
- }
+}
diff --git a/start/oidcservice.sh b/start/oidcservice.sh
index 2962158..154ea07 100755
--- a/start/oidcservice.sh
+++ b/start/oidcservice.sh
@@ -21,6 +21,9 @@ docker run --pull always -d \
 --env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
 --env SPRING_DATASOURCE_USERNAME=root \
 --env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env THIRD_TOKEN_ISSUER=http://${OIDC_SERVER_NAME}:8090 \
+--env OAUTH2_TOKEN_ISSUER=https://${OIDC_SERVER_DOMAIN}:2443 \
+--env SPRING_SECURITY_OAUTH2_RESOURCE-SERVER_JWT_ISSUER-URI=https://${OIDC_SERVER_DOMAIN}:2443 \
 --env TZ=Asia/Shanghai \
 --env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
 --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \