From e5cde64b78880bca896b36d6babc74a82eb8c5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= Date: Wed, 11 Jun 2025 16:46:43 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E5=BA=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bazhong.sh | 30 ++++++++++++++------- nginxbazhong/vhosts/consul.conf | 5 +--- nginxbazhong/vhosts/dsp.conf | 4 +-- nginxbazhong/vhosts/hhz.conf | 6 ++--- nginxbazhong/vhosts/minio.conf | 4 +-- nginxbazhong/vhosts/minioconsole.conf | 5 +--- nginxbazhong/vhosts/oidcservice.conf | 4 +-- nginxbazhong/vhosts/srs.conf | 4 +-- nginxbazhong/vhosts/xxljob.conf | 5 +--- start/nginx.sh | 38 +++++++++++++++++++++++++++ 10 files changed, 73 insertions(+), 32 deletions(-) diff --git a/bazhong.sh b/bazhong.sh index 4f5a7e9..f67b5c6 100755 --- a/bazhong.sh +++ b/bazhong.sh @@ -1,5 +1,4 @@ #域名前缀 -#域名前缀 export VERSION=default export DOMAIN=bazhong #域名后缀 @@ -22,19 +21,14 @@ export SRS_RTMP_PORT=1938 # Minio控制台对外爆露端口 export MINIO_CONSOLE_PORT=9022 - +#这部分不用管 export HHZ_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_hhz_web/dist export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/dsp-admin/dist export AIRPORT_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_airport_web/dist export BUSINESS_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/business_web/dist -#域名证书位置写在这边 -#域名证书位置写在这边 -export PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.pem -export KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.key - - +#这部分不需要修改 export SKYWALKING_UI_DOMAIN=sky.${DOMAIN_END} export CONSUL_DOMAIN=consul.${DOMAIN_END} export XXLJOB_DOMAIN=xxljob.${DOMAIN_END} @@ -47,4 +41,22 @@ export BUSINESS_DOMAIN=business.${DOMAIN_END} export SRS_DOMAIN=srs.${DOMAIN_END} export HHZ_DOMAIN=hhz.${DOMAIN_END} export DSP_DOMAIN=dsp.${DOMAIN_END} -export KAFKA_DOMAIN=kafka.${DOMAIN_END} \ No newline at end of file +export KAFKA_DOMAIN=kafka.${DOMAIN_END} + + +#域名证书位置写在这边 +#dsp.bazhongfeifu.com hhz.bazhongfeifu.com minio.bazhongfeifu.com oidc.bazhongfeifu.com srs.bazhongfeifu.com +export DSP_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/dsp/ +export DSP_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/dsp/ + +export HHZ_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/hhz/ +export HHZ_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/hhz/ + +export MINIO_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/minio/ +export MINIO_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/minio/ + +export OIDC_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/oidc/ +export OIDC_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/oidc/ + +export SRS_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/srs/ +export SRS_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/vhosts/certs/srs/ diff --git a/nginxbazhong/vhosts/consul.conf b/nginxbazhong/vhosts/consul.conf index de3b93c..f995717 100644 --- a/nginxbazhong/vhosts/consul.conf +++ b/nginxbazhong/vhosts/consul.conf @@ -1,11 +1,8 @@ server { - listen 80; - listen 443 ssl; + listen 443; server_name ${CONSUL_DOMAIN}; - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/dsp.conf b/nginxbazhong/vhosts/dsp.conf index ca8d85a..0db929c 100644 --- a/nginxbazhong/vhosts/dsp.conf +++ b/nginxbazhong/vhosts/dsp.conf @@ -5,8 +5,8 @@ server_name ${DSP_DOMAIN}; # SSL证书配置 - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_certificate /etc/nginx/dsp.pem; + ssl_certificate_key /etc/nginx/dsp.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/hhz.conf b/nginxbazhong/vhosts/hhz.conf index 59e3810..1759d98 100644 --- a/nginxbazhong/vhosts/hhz.conf +++ b/nginxbazhong/vhosts/hhz.conf @@ -4,10 +4,10 @@ listen 443 ssl; server_name ${HHZ_DOMAIN}; root /data/tuoheng_hhz_web/dist; - + client_max_body_size 2g; # SSL证书配置 - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_certificate /etc/nginx/hhz.pem; + ssl_certificate_key /etc/nginx/hhz.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/minio.conf b/nginxbazhong/vhosts/minio.conf index 4186d3a..2e5cf82 100644 --- a/nginxbazhong/vhosts/minio.conf +++ b/nginxbazhong/vhosts/minio.conf @@ -3,8 +3,8 @@ server { listen 443 ssl; server_name ${MINIO_DOMAIN}; client_max_body_size 2g; - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_certificate /etc/nginx/minio.pem; + ssl_certificate_key /etc/nginx/minio.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/minioconsole.conf b/nginxbazhong/vhosts/minioconsole.conf index 5237eaa..24406ee 100644 --- a/nginxbazhong/vhosts/minioconsole.conf +++ b/nginxbazhong/vhosts/minioconsole.conf @@ -1,11 +1,8 @@ server { - listen 80; - listen 443 ssl; + listen 443; server_name ${MINIO_CONSOLE_DOMAIN}; - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/oidcservice.conf b/nginxbazhong/vhosts/oidcservice.conf index d95d46e..d89f802 100644 --- a/nginxbazhong/vhosts/oidcservice.conf +++ b/nginxbazhong/vhosts/oidcservice.conf @@ -5,8 +5,8 @@ server { server_name ${OIDC_SERVER_DOMAIN}; # SSL证书配置 - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_certificate /etc/nginx/oidc.pem; + ssl_certificate_key /etc/nginx/oidc.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/srs.conf b/nginxbazhong/vhosts/srs.conf index d3758da..f8dc658 100644 --- a/nginxbazhong/vhosts/srs.conf +++ b/nginxbazhong/vhosts/srs.conf @@ -3,8 +3,8 @@ server { listen 443 ssl; server_name ${SRS_DOMAIN}; client_max_body_size 2g; - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_certificate /etc/nginx/srs.pem; + ssl_certificate_key /etc/nginx/srs.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/nginxbazhong/vhosts/xxljob.conf b/nginxbazhong/vhosts/xxljob.conf index ac03608..66b14fc 100644 --- a/nginxbazhong/vhosts/xxljob.conf +++ b/nginxbazhong/vhosts/xxljob.conf @@ -1,11 +1,8 @@ server { - listen 80; - listen 443 ssl; + listen 443; server_name ${XXLJOB_DOMAIN}; # SSL证书配置 - ssl_certificate /etc/nginx/t-aaron.com.pem; - ssl_certificate_key /etc/nginx/t-aaron.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; diff --git a/start/nginx.sh b/start/nginx.sh index 0948c81..ce6a465 100755 --- a/start/nginx.sh +++ b/start/nginx.sh @@ -30,6 +30,44 @@ if [ ! -z "${PEM_PATH}" ] && [ ! -z "${KEY_PATH}" ]; then --volume ${PEM_PATH}:/etc/nginx/t-aaron.com.pem \ --volume ${KEY_PATH}:/etc/nginx/t-aaron.com.key" fi + + +# 如果配置了证书,添加证书挂载 +if [ ! -z "${DSP_PEM_PATH}" ] && [ ! -z "${DSP_KEY_PATH}" ]; then + echo "检测到DSP证书配置,将挂载证书文件..." + DOCKER_RUN_CMD="${DOCKER_RUN_CMD} \ +--volume ${DSP_PEM_PATH}:/etc/nginx/dsp.pem \ +--volume ${DSP_KEY_PATH}:/etc/nginx/dsp.key" +fi + +if [ ! -z "${HHZ_PEM_PATH}" ] && [ ! -z "${HHZ_KEY_PATH}" ]; then + echo "检测到HHZ证书配置,将挂载证书文件..." + DOCKER_RUN_CMD="${DOCKER_RUN_CMD} \ +--volume ${HHZ_PEM_PATH}:/etc/nginx/hhz.pem \ +--volume ${HHZ_KEY_PATH}:/etc/nginx/hhz.key" +fi + +if [ ! -z "${MINIO_PEM_PATH}" ] && [ ! -z "${MINIO_KEY_PATH}" ]; then + echo "检测到MINIO证书配置,将挂载证书文件..." + DOCKER_RUN_CMD="${DOCKER_RUN_CMD} \ +--volume ${MINIO_PEM_PATH}:/etc/nginx/minio.pem \ +--volume ${MINIO_KEY_PATH}:/etc/nginx/minio.key" +fi + +if [ ! -z "${OIDC_PEM_PATH}" ] && [ ! -z "${OIDC_KEY_PATH}" ]; then + echo "检测到OIDC证书配置,将挂载证书文件..." + DOCKER_RUN_CMD="${DOCKER_RUN_CMD} \ +--volume ${OIDC_PEM_PATH}:/etc/nginx/oidc.pem \ +--volume ${OIDC_KEY_PATH}:/etc/nginx/oidc.key" +fi + +if [ ! -z "${SRS_PEM_PATH}" ] && [ ! -z "${SRS_KEY_PATH}" ]; then + echo "检测到SRS证书配置,将挂载证书文件..." + DOCKER_RUN_CMD="${DOCKER_RUN_CMD} \ +--volume ${SRS_PEM_PATH}:/etc/nginx/srs.pem \ +--volume ${SRS_KEY_PATH}:/etc/nginx/srs.key" +fi + echo "镜像名字------" echo ${NGINX_IMAGE}