From ff70bee0809ce2a6d8508ac354379a48565eb57b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= Date: Mon, 19 May 2025 09:55:37 +0800 Subject: [PATCH] xxx --- .idea/vcs.xml | 2 + .vscode/settings.json | 3 + nginx/temp_vhosts/airport.conf | 49 ++++++++ nginx/temp_vhosts/consul.conf | 21 ++++ nginx/temp_vhosts/minio.conf | 20 ++++ nginx/temp_vhosts/minioconsole.conf | 20 ++++ nginx/temp_vhosts/oidcservice.conf | 24 ++++ nginx/temp_vhosts/upstream.conf | 7 ++ nginx/temp_vhosts/xxljob.conf | 21 ++++ start/gateway/temp/application.yml | 173 ++++++++++++++++++++++++++++ 10 files changed, 340 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 nginx/temp_vhosts/airport.conf create mode 100644 nginx/temp_vhosts/consul.conf create mode 100644 nginx/temp_vhosts/minio.conf create mode 100644 nginx/temp_vhosts/minioconsole.conf create mode 100644 nginx/temp_vhosts/oidcservice.conf create mode 100644 nginx/temp_vhosts/upstream.conf create mode 100644 nginx/temp_vhosts/xxljob.conf create mode 100644 start/gateway/temp/application.yml diff --git a/.idea/vcs.xml b/.idea/vcs.xml index 35eb1dd..1edb162 100644 --- a/.idea/vcs.xml +++ b/.idea/vcs.xml @@ -2,5 +2,7 @@ + + \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..7b016a8 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "java.compile.nullAnalysis.mode": "automatic" +} \ No newline at end of file diff --git a/nginx/temp_vhosts/airport.conf b/nginx/temp_vhosts/airport.conf new file mode 100644 index 0000000..9b41a40 --- /dev/null +++ b/nginx/temp_vhosts/airport.conf @@ -0,0 +1,49 @@ + server + { + listen 80; + listen 443 ssl; + server_name airport-bazhong.t-aaron.com; + root /data/tuoheng_airport_web/dist; + + # SSL证书配置 + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + # 开启gzip功能 + gzip on; + gzip_min_length 10k; + gzip_comp_level 9; + gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location /{ + try_files $uri $uri/ @router; + index index.html; + } + + location @router{ + rewrite ^.*$ /index.html last; + } + + location /airport { + proxy_pass http://gatewayService/airport; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /permission { + proxy_pass http://airportService/permission; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } diff --git a/nginx/temp_vhosts/consul.conf b/nginx/temp_vhosts/consul.conf new file mode 100644 index 0000000..c948825 --- /dev/null +++ b/nginx/temp_vhosts/consul.conf @@ -0,0 +1,21 @@ + +server { + listen 80; + listen 443 ssl; + server_name consul-bazhong.t-aaron.com; + + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + location / { + proxy_pass http://CONSUL_bazhong:8500; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/nginx/temp_vhosts/minio.conf b/nginx/temp_vhosts/minio.conf new file mode 100644 index 0000000..c3f18bc --- /dev/null +++ b/nginx/temp_vhosts/minio.conf @@ -0,0 +1,20 @@ + +server { + listen 80; + listen 443 ssl; + server_name minio-bazhong.t-aaron.com; + + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://MINIO_bazhong:9000; + } +} diff --git a/nginx/temp_vhosts/minioconsole.conf b/nginx/temp_vhosts/minioconsole.conf new file mode 100644 index 0000000..a57b1cf --- /dev/null +++ b/nginx/temp_vhosts/minioconsole.conf @@ -0,0 +1,20 @@ + +server { + listen 80; + listen 443 ssl; + server_name minioconsole-bazhong.t-aaron.com; + + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://MINIO_bazhong:9001; + } +} diff --git a/nginx/temp_vhosts/oidcservice.conf b/nginx/temp_vhosts/oidcservice.conf new file mode 100644 index 0000000..323a394 --- /dev/null +++ b/nginx/temp_vhosts/oidcservice.conf @@ -0,0 +1,24 @@ +server { + listen 80; + listen 443 ssl; + server_name oidc-bazhong.t-aaron.com; + + # SSL证书配置 + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + location / { + proxy_pass http://OIDC-SERVERbazhong:8090; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # 只添加这一行来修复重定向 + proxy_redirect http://oidc-bazhong.t-aaron.com https://oidc-bazhong.t-aaron.com:2443; + } +} diff --git a/nginx/temp_vhosts/upstream.conf b/nginx/temp_vhosts/upstream.conf new file mode 100644 index 0000000..4d0bb59 --- /dev/null +++ b/nginx/temp_vhosts/upstream.conf @@ -0,0 +1,7 @@ +upstream gatewayService { + server GATEWAYbazhong:9011; +} + +upstream airportService { + server AIRPORTbazhong:9060; +} diff --git a/nginx/temp_vhosts/xxljob.conf b/nginx/temp_vhosts/xxljob.conf new file mode 100644 index 0000000..a8fc8df --- /dev/null +++ b/nginx/temp_vhosts/xxljob.conf @@ -0,0 +1,21 @@ +server { + listen 80; + listen 443 ssl; + server_name xxljob-bazhong.t-aaron.com; + + # SSL证书配置 + ssl_certificate /etc/nginx/t-aaron.com.pem; + ssl_certificate_key /etc/nginx/t-aaron.com.key; + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + location / { + proxy_pass http://XXL_JOB_bazhong:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + diff --git a/start/gateway/temp/application.yml b/start/gateway/temp/application.yml new file mode 100644 index 0000000..bb4f60c --- /dev/null +++ b/start/gateway/temp/application.yml @@ -0,0 +1,173 @@ +server: + port: 7011 + main: + allow-bean-definition-overriding: true + web-application-typpse: reactive + +management: + endpoints: + web: + exposure: + include: prometheus,health + metrics: + tags: + application: tuoheng-gateway + +spring: + application: + name: tuoheng-gateway + security: + oauth2: + resource-server: + jwt: + issuer-uri: https://oidc-bazhong.t-aaron.com:2443 + cloud: + consul: + host: CONSUL_bazhong # consul 所在服务地址 + port: 8500 # consul 服务端口 + discovery: + enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false,就不需要起consul服务。 + register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false,应用才不会注册注册中心,才可以不起consul服务! + deregister: true #默认true,服务停止时注销服务,即从服务列表中删除。设置成false的话,??? + ## consul ip地址 + hostname: CONSUL_bazhong + # 注册到consul的服务名称 + service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字,在consul的调用中,是通过此名字调用的。默认服务名,不要改 + instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID + heartbeat: + enabled: true + prefer-ip-address: true #表示注册时使用IP而不是hostname + health-check-path: /actuator/health #健康检查 + health-check-interval: 10s #配置 Consul 健康检查频率,也就是心跳频率。 + health-check-timeout: 10s #健康检查超时 + gateway: + httpclient: + websocket: + max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB + discovery: + locator: + lowerCaseServiceId: true + enabled: true + # 跨域设置 + globalcors: + add-to-simple-url-handler-mapping: true + cors-configurations: + '[/**]': + allowedOrigins: + - "http://localhost:8001" + allowedMethods: + - "GET" + - "POST" + - "DELETE" + - "PUT" + - "OPTIONS" + allowedHeaders: "*" + allowCredentials: true + maxAge: 360000 + routes: + # 机场平台 platform服务 + - id: tuoheng-airport-admin + uri: http://AIRPORTbazhong:9060 + predicates: + - Path=/airport/admin/** + filters: + - StripPrefix=2 + metadata: + response-timeout: 20000 + connect-timeout: 30000 + # 机场平台 platform服务 webSocket + - id: tuoheng-airport-admin + uri: ws://AIRPORTbazhong:9060 + predicates: + - Path=/airport/socket/** + filters: + - StripPrefix=2 + # 后台管理 + - id: tuoheng-dsp-admin + uri: http://dsp-admin:9014 + predicates: + - Path=/api/admin/** + filters: + - StripPrefix=2 + # 网站服务 + - id: tuoheng-dsp-portal + uri: http://dsp-portal:9017 + predicates: + - Path=/api/portal/** + filters: + - StripPrefix=2 + # DSP小程序服务 + - id: tuoheng-dsp-miniprogram + uri: http://dsp-mini:9016 + predicates: + - Path=/api/miniprogram/** + filters: + - StripPrefix=2 + # DSP api服务 + - id: tuoheng-dsp-api + uri: http://dsp-api:9015 + predicates: + - Path=/api/web/** + filters: + - StripPrefix=2 + # DSP 巡检云 + - id: tuoheng-dsp-inspection + uri: http://dsp-inspection:9018 + predicates: + - Path=/api/inspection/** + filters: + - StripPrefix=2 + # hhz admin服务 + - id: tuoheng-hhz-admin + uri: http://hhz-admin:9055 + predicates: + - Path=/hhz/admin/** + filters: + - StripPrefix=2 + # hhz 小程序服务 + - id: tuoheng-hhz-api + uri: http://hhz-api:9056 + predicates: + - Path=/hhz/api/** + filters: + - StripPrefix=2 + # Redis数据源 + redis: + # 缓存库默认索引0 + database: 0 + # Redis服务器地址 + host: REDIS_bazhong + # Redis服务器连接端口 + port: 6379 + # Redis服务器连接密码(默认为空) + password: + # 连接超时时间(毫秒) + timeout: 6000 + # 默认的数据过期时间,主要用于shiro权限管理 + expire: 2592000 + jedis: + pool: + max-active: 1000 # 连接池最大连接数(使用负值表示没有限制) + max-wait: -1 # 连接池最大阻塞等待时间(使用负值表示没有限制) + max-idle: 10 # 连接池中的最大空闲连接 + min-idle: 1 # 连接池中的最小空闲连接 +#security放行白名单配置 +security: + ignore: + permitUrls: /api/system/demo/msg + oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList + +# 获取 apiUrl 可访问的 roleIdList +tuoheng: + hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList + airport-admin-perUrl: http://airport:9060/permission/getRoleIdList + freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList + waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList + airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList + weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList + telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList + alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList + spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList + digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList + dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList + lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList