sunpeng
/
docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sunpeng:0c22eec9775d16ac4763b78f5fcc6171684104ec
Branches Tags
sunpeng:main
sunpeng:3
sunpeng:2
sunpeng:1
sunpeng:1.2
...
compare: sunpeng:ff70bee0809ce2a6d8508ac354379a48565eb57b
Branches Tags
sunpeng:3
sunpeng:2
sunpeng:1
sunpeng:main
sunpeng:1.2

2 Commits
0c22eec977 ... ff70bee080

Author SHA1 Message Date
孙小云 ff70bee080 xxx 2025-05-19 09:55:37 +08:00
孙小云 bfbced2af2 xxx 2025-05-19 09:54:30 +08:00
13 changed files with 361 additions and 16 deletions
Show Stats Expand all files Collapse all files

2
.idea/vcs.xml
View File

@ -2,5 +2,7 @@
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="" vcs="Git" />
<mapping directory="$PROJECT_DIR$/tuoheng_airport_web" vcs="Git" />
<mapping directory="$PROJECT_DIR$/tuoheng_oidc" vcs="Git" />
</component>
</project>

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"java.compile.nullAnalysis.mode": "automatic"
}

4
environment.sh
View File

@ -149,8 +149,8 @@ export AIRPORT_IMAGE=${REGISTRY_HOST}airport:${DOMAIN}
export AIRPORT_JAR=tuoheng_airport_admin.jar
export AIRPORT_REMOTE_JAR=/home/th/workspace/jndsj/jar/airport/${AIRPORT_JAR}
export AIRPORT_MEMORY=512m
export AIRPORT_WEB_DIST=/home/th/workspace/jndsj/web/tuoheng_airport_web/dist
#export AIRPORT_WEB_DIST=/home/th/workspace/jndsj/web/tuoheng_airport_web/dist
export AIRPORT_WEB_DIST=/Users/sunpeng/workspace/remote/docker/tuoheng_airport_web/dist
export BUSINESS_NAME=BUSINESS${DOMAIN}
export BUSINESS_IMAGE=${REGISTRY_HOST}business:${DOMAIN}

49
nginx/temp_vhosts/airport.conf Normal file
View File

@ -0,0 +1,49 @@
server
{
listen 80;
listen 443 ssl;
server_name airport-bazhong.t-aaron.com;
root /data/tuoheng_airport_web/dist;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ @router;
index index.html;
}
location @router{
rewrite ^.*$ /index.html last;
}
location /airport {
proxy_pass http://gatewayService/airport;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /permission {
proxy_pass http://airportService/permission;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

21
nginx/temp_vhosts/consul.conf Normal file
View File

@ -0,0 +1,21 @@
server {
listen 80;
listen 443 ssl;
server_name consul-bazhong.t-aaron.com;
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://CONSUL_bazhong:8500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

20
nginx/temp_vhosts/minio.conf Normal file
View File

@ -0,0 +1,20 @@
server {
listen 80;
listen 443 ssl;
server_name minio-bazhong.t-aaron.com;
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://MINIO_bazhong:9000;
}
}

20
nginx/temp_vhosts/minioconsole.conf Normal file
View File

@ -0,0 +1,20 @@
server {
listen 80;
listen 443 ssl;
server_name minioconsole-bazhong.t-aaron.com;
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://MINIO_bazhong:9001;
}
}

24
nginx/temp_vhosts/oidcservice.conf Normal file
View File

@ -0,0 +1,24 @@
server {
listen 80;
listen 443 ssl;
server_name oidc-bazhong.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://OIDC-SERVERbazhong:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 只添加这一行来修复重定向
proxy_redirect http://oidc-bazhong.t-aaron.com https://oidc-bazhong.t-aaron.com:2443;
}
}

7
nginx/temp_vhosts/upstream.conf Normal file
View File

@ -0,0 +1,7 @@
upstream gatewayService {
server GATEWAYbazhong:9011;
}
upstream airportService {
server AIRPORTbazhong:9060;
}

21
nginx/temp_vhosts/xxljob.conf Normal file
View File

@ -0,0 +1,21 @@
server {
listen 80;
listen 443 ssl;
server_name xxljob-bazhong.t-aaron.com;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://XXL_JOB_bazhong:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

30
nginx/vhosts/oidcservice.conf
View File

@ -1,22 +1,24 @@
server {
listen 80;
listen 443 ssl;
server_name ${OIDC_SERVER_DOMAIN};
server {
listen 80;
listen 443 ssl;
server_name ${OIDC_SERVER_DOMAIN};
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# SSL证书配置
ssl_certificate /etc/nginx/t-aaron.com.pem;
ssl_certificate_key /etc/nginx/t-aaron.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
location / {
proxy_pass http://${OIDC_SERVER_NAME}:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 只添加这一行来修复重定向
proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT};
}
}
}

173
start/gateway/temp/application.yml Normal file
View File

@ -0,0 +1,173 @@
server:
port: 7011
main:
allow-bean-definition-overriding: true
web-application-typpse: reactive
management:
endpoints:
web:
exposure:
include: prometheus,health
metrics:
tags:
application: tuoheng-gateway
spring:
application:
name: tuoheng-gateway
security:
oauth2:
resource-server:
jwt:
issuer-uri: https://oidc-bazhong.t-aaron.com:2443
cloud:
consul:
host: CONSUL_bazhong # consul 所在服务地址
port: 8500 # consul 服务端口
discovery:
enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false就不需要起consul服务。
register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false应用才不会注册注册中心才可以不起consul服务
deregister: true #默认true服务停止时注销服务即从服务列表中删除。设置成false的话
## consul ip地址
hostname: CONSUL_bazhong
# 注册到consul的服务名称
service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字在consul的调用中是通过此名字调用的。默认服务名,不要改
instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID
heartbeat:
enabled: true
prefer-ip-address: true #表示注册时使用IP而不是hostname
health-check-path: /actuator/health #健康检查
health-check-interval: 10s #配置 Consul 健康检查频率,也就是心跳频率。
health-check-timeout: 10s #健康检查超时
gateway:
httpclient:
websocket:
max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB
discovery:
locator:
lowerCaseServiceId: true
enabled: true
# 跨域设置
globalcors:
add-to-simple-url-handler-mapping: true
cors-configurations:
'[/**]':
allowedOrigins:
- "http://localhost:8001"
allowedMethods:
- "GET"
- "POST"
- "DELETE"
- "PUT"
- "OPTIONS"
allowedHeaders: "*"
allowCredentials: true
maxAge: 360000
routes:
# 机场平台 platform服务
- id: tuoheng-airport-admin
uri: http://AIRPORTbazhong:9060
predicates:
- Path=/airport/admin/**
filters:
- StripPrefix=2
metadata:
response-timeout: 20000
connect-timeout: 30000
# 机场平台 platform服务 webSocket
- id: tuoheng-airport-admin
uri: ws://AIRPORTbazhong:9060
predicates:
- Path=/airport/socket/**
filters:
- StripPrefix=2
# 后台管理
- id: tuoheng-dsp-admin
uri: http://dsp-admin:9014
predicates:
- Path=/api/admin/**
filters:
- StripPrefix=2
# 网站服务
- id: tuoheng-dsp-portal
uri: http://dsp-portal:9017
predicates:
- Path=/api/portal/**
filters:
- StripPrefix=2
# DSP小程序服务
- id: tuoheng-dsp-miniprogram
uri: http://dsp-mini:9016
predicates:
- Path=/api/miniprogram/**
filters:
- StripPrefix=2
# DSP api服务
- id: tuoheng-dsp-api
uri: http://dsp-api:9015
predicates:
- Path=/api/web/**
filters:
- StripPrefix=2
# DSP 巡检云
- id: tuoheng-dsp-inspection
uri: http://dsp-inspection:9018
predicates:
- Path=/api/inspection/**
filters:
- StripPrefix=2
# hhz admin服务
- id: tuoheng-hhz-admin
uri: http://hhz-admin:9055
predicates:
- Path=/hhz/admin/**
filters:
- StripPrefix=2
# hhz 小程序服务
- id: tuoheng-hhz-api
uri: http://hhz-api:9056
predicates:
- Path=/hhz/api/**
filters:
- StripPrefix=2
# Redis数据源
redis:
# 缓存库默认索引0
database: 0
# Redis服务器地址
host: REDIS_bazhong
# Redis服务器连接端口
port: 6379
# Redis服务器连接密码默认为空
password:
# 连接超时时间(毫秒)
timeout: 6000
# 默认的数据过期时间主要用于shiro权限管理
expire: 2592000
jedis:
pool:
max-active: 1000 # 连接池最大连接数(使用负值表示没有限制)
max-wait: -1 # 连接池最大阻塞等待时间(使用负值表示没有限制)
max-idle: 10 # 连接池中的最大空闲连接
min-idle: 1 # 连接池中的最小空闲连接
#security放行白名单配置
security:
ignore:
permitUrls: /api/system/demo/msg
oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList
# 获取 apiUrl 可访问的 roleIdList
tuoheng:
hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList
airport-admin-perUrl: http://airport:9060/permission/getRoleIdList
freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList
waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList
airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList
weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList
telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList
alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList
spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList
digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList
dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList
lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList

3
start/oidcservice.sh
View File

@ -21,6 +21,9 @@ docker run --pull always -d \
--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
--env SPRING_DATASOURCE_USERNAME=root \
--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
--env THIRD_TOKEN_ISSUER=http://${OIDC_SERVER_NAME}:8090 \
--env OAUTH2_TOKEN_ISSUER=https://${OIDC_SERVER_DOMAIN}:2443 \
--env SPRING_SECURITY_OAUTH2_RESOURCE-SERVER_JWT_ISSUER-URI=https://${OIDC_SERVER_DOMAIN}:2443 \
--env TZ=Asia/Shanghai \
--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \