rename

Reviewed-on: #1

builder/Dockerfile

@@ -19,4 +19,4 @@ ENV SW_AGENT_COLLECTOR_BACKEND_SERVICES="${SW_SKY_AOP}" \
 #EXPOSE 8090
 # 运行应用程序
 ENTRYPOINT ["java", "-Dfile.encoding=UTF-8","-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar","-jar","tuoheng.jar"]
-~                        
+                                                                                                                                                                                                                                                                                                                                                                                            

builder/builder.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# This script builds the Docker image
+# 读取第一个参数
+if [ $# -ne 3 ]; then
+  echo "错误：调用该脚本时必须传入 3 个参数 分别为服务名 镜像名 包名"
+  exit 1
+fi
+echo "服务名: $1 Image $2 Java包: $3"
+rm tuoheng.jar
+cp $3 tuoheng.jar
+source ../environment.sh
+#docker service rm $APP_NAME
+sleep 5
+docker container prune -f
+sleep 5
+cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agent-9.0.0.tgz
+docker image rm $2
+docker build --no-cache \
+  --build-arg SW_APP_NAME=$1 \
+  --build-arg SW_SKY_AOP=$SKY_AOP \
+  -t $2 .  # 注意末尾的 `.` 表示当前路径
+docker push $2                                                                                               

builder/gateway.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $GATEWAY_JAR
+cp $GATEWAY_REMOTE_JAR $GATEWAY_JAR
+./builder.sh $GATEWAY_NAME $GATEWAY_IMAGE $GATEWAY_JAR

builder/oidcadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $OIDC_ADMIN_JAR
+cp $OIDC_ADMIN_REMOTE_JAR $OIDC_ADMIN_JAR
+./builder.sh $OIDC_ADMIN_NAME $OIDC_ADMIN_IMAGE $OIDC_ADMIN_JAR

builder/oidcservice.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $OIDC_SERVER_JAR
+cp $OIDC_SERVER_REMOTE_JAR $OIDC_SERVER_JAR
+./builder.sh $OIDC_SERVER_NAME $OIDC_SERVER_IMAGE $OIDC_SERVER_JAR

environment.sh

@@ -4,11 +4,23 @@
 export DOMAIN=bazhong
 export NETWORK="swarm_network_$DOMAIN"
 export HOST_IP=127.0.0.1
-export HOST_NAME=localhost
 export REGISTRY=registry.t-aaron.com
+export SKY_DOMAIN=sky-${DOMAIN}.t-aaron.com
+export CONSUL_DOMAIN=consul-${DOMAIN}.t-aaron.com
+export XXLJOB_DOMAIN=xxljob-${DOMAIN}.t-aaron.com
+export OIDC_SERVER_DOMAIN=oidc-${DOMAIN}.t-aaron.com
+
 
 export REGISTRY_HOST=${REGISTRY}/tuoheng/
 #export REGISTRY_HOST=""
+
+#Nginx 配置
+export NGINX_NAME=NGINX_${DOMAIN}
+export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}
+export NGINX_HTTP_PORT=8899
+export NGINX_HTTPS_PORT=2443
+export NGINX_MEMORY=256m
+
 #MySql 配置
 export MYSQL_PORT=3308
 export MYSQL_ROOT_PASSWORD=tuoheng2024
@@ -91,8 +103,33 @@ export XXLJOB_PORT=8282
 export XXLJOB_MEMORY=512m
 export XXLJOB_ACCESS_TOKEN=default_token
  
+#SKY_AOP 配置
+export SKY_AOP=106.15.229.178:11800
+
+#OIDCServer 配置
+export OIDC_SERVER_NAME=OIDC_SERVER_${DOMAIN} 
+export OIDC_SERVER_IMAGE=${REGISTRY_HOST}oidcserver:${DOMAIN} 
+export OIDC_SERVER_JAR=tuoheng_oidc_server.jar
+export OIDC_SERVER_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcservice/${OIDC_SERVER_JAR}
+export OIDC_SERVER_MEMORY=512m
+
+#OIDCAdmin 配置
+export OIDC_ADMIN_NAME=OIDC_ADMIN_${DOMAIN} 
+export OIDC_ADMIN_IMAGE=${REGISTRY_HOST}oidcadmin:${DOMAIN} 
+export OIDC_ADMIN_JAR=tuoheng_oidc_admin.jar
+export OIDC_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcadmin/${OIDC_ADMIN_JAR}
+export OIDC_ADMIN_MEMORY=512m
+
+
+export GATEWAY_NAME=GATEWAY_${DOMAIN}
+export GATEWAY_IMAGE=${REGISTRY_HOST}gateway:${DOMAIN}
+export GATEWAY_JAR=tuoheng_gateway.jar
+export GATEWAY_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/gateway/${GATEWAY_JAR}
+export GATEWAY_MEMORY=512m
+
+
+
 
-export SKY_AOP="sky-oap:11800"
 #主机INGRESS_PORT 映射到容器80 INGRESS_SSL_PORT 映射到容器 443
 export INGRESS_PORT=80
 #export INGRESS_SSL_PORT=443

imagebuild/build.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-# This script builds the Docker image
-# 读取第一个参数
-if [ $# -ne 2 ]; then
-  echo "错误：调用该脚本时必须传入 2 个参数。"
-  exit 1
-fi
-echo "服务名: $1 Java包: $2"
-rm tuoheng.jar
-cp $2 tuoheng.jar
-source ../environment.sh
-export APP_NAME=$1
-#docker service rm $APP_NAME
-sleep 5
-docker container prune -f
-sleep 5
-cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agent-9.0.0.tgz
-docker image rm $REGISTRY/tuoheng/$APP_NAME:$DOMAIN
-docker build --no-cache \
-  --build-arg SW_APP_NAME=$APP_NAME \
-  --build-arg SW_SKY_AOP=$SKY_AOP \
-  -t $REGISTRY/tuoheng/$APP_NAME:$DOMAIN .  # 注意末尾的 `.` 表示当前路径
-docker push $REGISTRY/tuoheng/$APP_NAME:$DOMAIN
-~                                                       

nginx/Dockerfile.nginx

@@ -0,0 +1,23 @@
+FROM nginx:latest
+
+# 删除默认的nginx配置
+RUN rm -rf /etc/nginx/conf.d/*
+
+# 复制vhosts配置到nginx配置目录
+COPY vhosts/ /etc/nginx/conf.d/
+
+# 复制SSL证书文件到nginx目录
+COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
+COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
+
+# 设置正确的权限
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+
+# 暴露端口
+EXPOSE 80 443
+
+# 启动nginx
+CMD ["nginx", "-g", "daemon off;"] 

nginx/build_image.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+# 设置Nginx镜像名称（如果环境变量中未定义）
+if [ -z "${NGINX_IMAGE}" ]; then
+    export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
+fi
+
+echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
+
+# 检查临时目录是否存在
+TEMP_DIR="temp_vhosts"
+if [ ! -d "$TEMP_DIR" ]; then
+    echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
+    exit 1
+fi
+
+# 检查临时目录中是否有配置文件
+if [ -z "$(ls -A $TEMP_DIR)" ]; then
+    echo "警告: $TEMP_DIR 目录为空，将使用空配置构建镜像"
+fi
+
+# 检查SSL证书文件是否存在
+if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
+    echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
+    echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
+    echo "Nginx容器的SSL功能可能无法正常工作"
+fi
+
+# 将替换后的配置文件复制到vhosts目录
+cp -r $TEMP_DIR/* vhosts/
+
+# 构建Docker镜像
+echo "使用Dockerfile.nginx构建镜像..."
+docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
+
+# 检查构建结果
+if [ $? -eq 0 ]; then
+    echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
+    
+    # 推送到镜像仓库（如果需要）
+    echo "推送镜像到仓库: ${NGINX_IMAGE}"
+    docker push ${NGINX_IMAGE}
+    
+    if [ $? -eq 0 ]; then
+        echo "镜像推送成功!"
+    else
+        echo "警告: 镜像推送失败!"
+    fi
+else
+    echo "错误: Nginx镜像构建失败!"
+    exit 1
+fi
+
+echo "Nginx镜像构建和推送完成!"
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下" 

nginx/nginxbuilder.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# 这个脚本现在只是一个包装器，调用两个新脚本
+
+echo "步骤1: 替换配置文件中的环境变量..."
+./replace_vars.sh
+
+# 检查替换结果是否成功
+if [ $? -ne 0 ]; then
+    echo "错误: 变量替换失败，中止构建"
+    exit 1
+fi
+
+echo ""
+echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
+echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+read -p ""
+
+echo ""
+echo "步骤2: 构建Nginx镜像..."
+echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
+./build_image.sh

nginx/replace_vars.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+echo "开始替换配置文件中的环境变量..."
+
+# 检查vhosts目录是否存在
+if [ ! -d "vhosts" ]; then
+    echo "错误: vhosts目录不存在!"
+    exit 1
+fi
+
+# 检查vhosts目录中是否有配置文件
+if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
+    echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+fi
+
+# 创建临时目录
+TEMP_DIR="temp_vhosts"
+rm -rf $TEMP_DIR
+mkdir -p $TEMP_DIR
+
+# 处理所有.conf文件，替换环境变量，跳过cert目录
+for conf_file in vhosts/*.conf; do
+    # 检查文件是否存在(处理无匹配文件的情况)
+    if [ ! -f "$conf_file" ]; then
+        continue
+    fi
+    
+    # 跳过cert目录中的文件
+    if [[ "$conf_file" == *"/cert/"* ]]; then
+        continue
+    fi
+    
+    filename=$(basename "$conf_file")
+    echo "处理文件: $filename"
+    
+    # 读取原始文件内容
+    content=$(cat "$conf_file")
+    
+    # 获取environment.sh中所有环境变量
+    env_vars=$(grep -E "^export [A-Z_]+" ../environment.sh | sed 's/export //')
+    
+    # 逐个替换环境变量
+    for var in $env_vars; do
+        var_name=$(echo $var | cut -d= -f1)
+        var_value=${!var_name}
+        if [ ! -z "$var_value" ]; then
+            # 使用简单的变量替换方法
+            pattern="\\\${$var_name}"
+            echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|$var_value|g")
+        fi
+    done
+    
+    # 写入处理后的内容到目标文件
+    echo "$content" > "$TEMP_DIR/$filename"
+    
+    echo "  文件处理完成: $filename"
+done
+
+echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
+echo "请检查替换结果，确认无误后运行 build_image.sh 构建镜像" 

nginx/temp_vhosts/consul.conf

@@ -0,0 +1,21 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name consul-bazhong.t-aaron.com;
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://CONSUL_bazhong:8500;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}                                                                                                                                                                                                                                                 

nginx/temp_vhosts/oidcservice.conf

@@ -0,0 +1,23 @@
+ server {
+     listen 80;
+     listen 443 ssl;
+
+     server_name oidc-bazhong.t-aaron.com;
+
+     # SSL证书配置
+     ssl_certificate /etc/nginx/t-aaron.com.pem;
+     ssl_certificate_key /etc/nginx/t-aaron.com.key;
+     ssl_session_timeout 5m;
+     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+     ssl_prefer_server_ciphers on;
+
+
+     location / {
+        proxy_pass http://OIDC_SERVER_bazhong:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+ }

nginx/temp_vhosts/sky.conf

@@ -0,0 +1,21 @@
+    server {
+       listen 80;
+       listen 443 ssl;
+       server_name sky-bazhong.t-aaron.com;
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+       location / {
+          proxy_pass http://SKYWALKING_UI_bazhong:8080;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+       }
+    }

nginx/temp_vhosts/upstream.conf

@@ -0,0 +1 @@
+

nginx/temp_vhosts/xxljob.conf

@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name xxljob-bazhong.t-aaron.com;
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location / {
+        proxy_pass http://XXL_JOB_bazhong:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+                                 

nginx/vhosts/cert/t-aaron.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAl20i2WRVBqF9NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJB
+A4xwkq2vsA5axj4b+CV9zXAsWDqfo0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeK
+vyq6kqkbTkEpG8qK4bJKDewEiF+vBLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r
+4QYm9zo8vZlY2/nkE4JYBrcdrgRO1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mc
+z0U5CcR8wgVTzzywKbv2R+kX7CPHSh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7
++NvlMLgIdqQkMzxKc/JdtkHjdOK84Z+z9mNoPwIDAQABAoIBADOLLqWZBWgwaBKj
+li/MJZtGYE4cNlsBDSf4t8nsod7awfaiXIb8swT6oibne/anBZY+DMh1OmL98YD/
+bzzebPJxE8P6xCtIGYea0qiEKwAzA2PAk3Xm8YMilOzaOUgAda3Fpnd+szxIdabB
+xUuyvxGqXtb4zU9FKV9042oUJCD+YlqMSDhOUyt8agNcE9PpmzAOCQ36/845pCCt
+0H2iXc2qrV0koz7SIK2TksWGav1kVb7KfEOzGg1vhHJRKrP9mODkgIAFNVrBbIYd
+kUGaWCTqfuNGBxWSeV38XX5kKM5aHISB5gL4tjzrlkiMv4yBya7jTOWHHPK8ZTwL
+q9Tb18ECgYEA0amJ/BCQl6HRTOXN0+4jjx1seKnJTlKAwBATGxYbhOHQ1kBUPslh
+FwsG2Wcb46ccBnw8XwjSypDJJVOYCtdxlnDVqiCxQLdx06/JHOdYwb7zrmGpHLGs
+chZ5ccGI10FolW7CC21xErAS+o2d+cc3s1yZZtiYD1xSjR9sblw+aekCgYEAuOSr
+xK6NwbbSCYFWBHJ6257+Z0fzY79KPnhNK3E8q42ygSzn5KRuW4pfH6Kk3rLwcqkO
+3NOJXOK5T8paCkBcvXmVcladuqeamGY17XKRG35XwiwyjQhFUTjQLO4ob6Cm1SA8
+yguL80Imauhkfq9jTvhaEYahrN+smcn+TSuFv+cCgYBV3kLmGn6tq5eGEARZjQnB
+PoLDdH4+9qlGgA7jJA3HQZj/dr9KK7346wo2FfWlKjbfLRior3ttfRj0kaUOo6gg
+vjuz/sm5wKf809zhWprOVv+EZvkVCGuhGjVI8sOxrVdBBGiyt3L8/WH4ffG6b+4P
+JpipN4InoF8q7zjAhkUFqQKBgQCU1G136tJtBk7YG+YzujsvIjLCzGYc+tQ2qPvl
+ZkdiCLORy6X2pG24/g9IFdIE+aEXiwJNu3Gs9UwZ8Fa+PcTpOD+WRCa/Iz8MQepS
+8o/fw7m8sXsXj3rMwKDCKgseoADrOgH02YqUC8GE+QA8Ac48uSk3RlpKH9p+CNzN
+HaWSLQKBgQDE362akbYJdFknNg631VvsUTK+hL953UaY8OvtTBhDKjRqUhuniLr2
+R+CLoCLezhjzzx/11luowbVbcL2hgYxdPwEi4GNKmfGqs/jtkm1PkWej/4jw3Pcj
+Jq9Di+Vb9uTHp0O4ZlSZ3PKdn+ovTzVwrOPHmYXf5pLWIA5Qe0F1Wg==
+-----END RSA PRIVATE KEY-----

nginx/vhosts/cert/t-aaron.com.pem

@@ -0,0 +1,76 @@
+-----BEGIN CERTIFICATE-----
+MIIHljCCBX6gAwIBAgIQD49k2sFPkysTaVxmbXLLPDANBgkqhkiG9w0BAQsFADBc
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
+K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
+MjQwNTI4MDAwMDAwWhcNMjUwNjA4MjM1OTU5WjAYMRYwFAYDVQQDDA0qLnQtYWFy
+b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl20i2WRVBqF9
+NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJBA4xwkq2vsA5axj4b+CV9zXAsWDqf
+o0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeKvyq6kqkbTkEpG8qK4bJKDewEiF+v
+BLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r4QYm9zo8vZlY2/nkE4JYBrcdrgRO
+1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mcz0U5CcR8wgVTzzywKbv2R+kX7CPH
+Sh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7+NvlMLgIdqQkMzxKc/JdtkHjdOK8
+4Z+z9mNoPwIDAQABo4IDljCCA5IwHwYDVR0jBBgwFoAU8JyF/aKffY/JaLvV1IlN
+Hb7TkP8wHQYDVR0OBBYEFHgfehJZw28iIU4o2GOiJ4ZSQQ7aMCUGA1UdEQQeMByC
+DSoudC1hYXJvbi5jb22CC3QtYWFyb24uY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIB
+MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNV
+HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNV
+HR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9SYXBpZFNT
+TEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDBIoEagRIZCaHR0cDov
+L2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1
+NjIwMjJDQTEuY3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6
+Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMu
+ZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJD
+QTEuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1
+AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABj7400tYAAAQDAEYw
+RAIgfnSKqPxcIM1n61Wj7v4Mg6q+okpcU3BF90SdbbhpBi0CIHVeKYRiODN3XLes
+nVf5fyhTGnMOU6GrZfIODrB5gvO3AHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65
+Ay/ZDowuebgAAAGPvjTTFQAABAMASDBGAiEA2yVzWD3eRw/QGQX7jeULxvpFGMNG
+ZvGT7srGeX02ax0CIQDvzHcl6J296wCVqWacf8KQo61uovh7td/PhKnYpyUiVAB2
+AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABj7400ycAAAQDAEcw
+RQIgTkSIS1GXUtPuoTvVmdm57OCm1P2x4uPVQuo8LJN68w4CIQCvaSRtK63o2gUI
+gmi4h2Ch/CzRE48Zr0Eu7TkOBwVsfzANBgkqhkiG9w0BAQsFAAOCAgEAA+ab0S21
+cgtoI2TUfCdPolQVV8no3YY3bQJzDZCpmva4dpYxSoQ7qTrOfIeUI3iyeKkaREGb
+Xu6lAUhOvWZ7q/mp9od9pWJvPjbUmYT5OaWxhe3KiWmyo2TemABcCtOHe7v0qE5Y
+arPmL4HgrhGAqpkWl1eZFQpfGdQ5ry0yCikDZz9umvasdbxuHKfJGPCAsyPqik0r
+LmxnUYWOjCCNoSanDKj4ckdNkv/A9RXvazk/ZT1ElsBo/pK6eemiHmRNj3s6AWGO
+chGlkHkuvkgCgNsXFT3pqK6uVrE4yD8qmxDPOOaT8wC1MB9xYO77SmMOimelacG6
+d3DsUXGvYdUONZF2LzSpUkzFYofhZhULexI6xOCWnp3t7aCzTJQc68F6iwU6JYGW
+7l2AioXUW6Q4AYNlUEo0EG3u6g4H98xAW5YIVX3u9cT8ZerVfTTmO1AQkkMM98nH
+bvFx4/53T9eCTB9OBwiqISFICNXJNKhUuudVKQ6w0AfrI6kMk6dkhO3kkhb0cL/F
+nDAInqJ8BlMtV01owk2CaEica81WP/cjEDItnnjjJ5INUklraYfZFVgN71c78zr5
+rgF2DSQSsC+pPoqoloAC/YdiRw72kqaZlkXOaUgJBk2xJ73H27TriAPDmdtYA+Xd
+vtfjp7o21OOXsORq6LHElFYlcJO+mDYGzz8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFyzCCBLOgAwIBAgIQCgWbJfVLPYeUzGYxR3U4ozANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrUmFwaWRTU0wgR2xv
+YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAKY5PJhwCX2UyBb1nelu9APen53D5+C40T+BOZfSFaB0
+v0WJM3BGMsuiHZX2IHtwnjUhLL25d8tgLASaUNHCBNKKUlUGRXGztuDIeXb48d64
+k7Gk7u7mMRSrj+yuLSWOKnK6OGKe9+s6oaVIjHXY+QX8p2I2S3uew0bW3BFpkeAr
+LBCU25iqeaoLEOGIa09DVojd3qc/RKqr4P11173R+7Ub05YYhuIcSv8e0d7qN1sO
+1+lfoNMVfV9WcqPABmOasNJ+ol0hAC2PTgRLy/VZo1L0HRMr6j8cbR7q0nKwdbn4
+Ar+ZMgCgCcG9zCMFsuXYl/rqobiyV+8U37dDScAebZTIF/xPEvHcmGi3xxH6g+dT
+CjetOjJx8sdXUHKXGXC9ka33q7EzQIYlZISF7EkbT5dZHsO2DOMVLBdP1N1oUp0/
+1f6fc8uTDduELoKBRzTTZ6OOBVHeZyFZMMdi6tA5s/jxmb74lqH1+jQ6nTU2/Mma
+hGNxUuJpyhUHezgBA6sto5lNeyqc+3Cr5ehFQzUuwNsJaWbDdQk1v7lqRaqOlYjn
+iomOl36J5txTs0wL7etCeMRfyPsmc+8HmH77IYVMUOcPJb+0gNuSmAkvf5QXbgPI
+Zursn/UYnP9obhNbHc/9LYdQkB7CXyX9mPexnDNO7pggNA2jpbEarLmZGi4grMmf
+AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTwnIX9
+op99j8lou9XUiU0dvtOQ/zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3R
+VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
+cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
+RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD
+VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC
+AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAfjh/s1f5dDdfm0sNm74/dW
+MbbsxfYV1LoTpFt+3MSUWvSbiPQfUkoV57b5rutRJvnPP9mSlpFwcZ3e1nSUbi2o
+ITGA7RCOj23I1F4zk0YJm42qAwJIqOVenR3XtyQ2VR82qhC6xslxtNf7f2Ndx2G7
+Mem4wpFhyPDT2P6UJ2MnrD+FC//ZKH5/ERo96ghz8VqNlmL5RXo8Ks9rMr/Ad9xw
+Y4hyRvAz5920myUffwdUqc0SvPlFnahsZg15uT5HkK48tHR0TLuLH8aRpzh4KJ/Y
+p0sARNb+9i1R4Fg5zPNvHs2BbIve0vkwxAy+R4727qYzl3027w9jEFC6HMXRaDc=
+-----END CERTIFICATE-----

nginx/vhosts/consul.conf

@@ -0,0 +1,21 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${CONSUL_DOMAIN};
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${CONSUL_NAME}:8500;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}                                                                                                                                                                                                                                                 

nginx/vhosts/oidcservice.conf

@@ -0,0 +1,23 @@
+ server {
+     listen 80;
+     listen 443 ssl;
+
+     server_name ${OIDC_DOMAIN};
+
+     # SSL证书配置
+     ssl_certificate /etc/nginx/t-aaron.com.pem;
+     ssl_certificate_key /etc/nginx/t-aaron.com.key;
+     ssl_session_timeout 5m;
+     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+     ssl_prefer_server_ciphers on;
+
+
+     location / {
+        proxy_pass http://${OIDC_SERVER_NAME}:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+ }

nginx/vhosts/sky.conf

@@ -0,0 +1,21 @@
+    server {
+       listen 80;
+       listen 443 ssl;
+       server_name ${SKYWALKING_UI_DOMAIN};
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+       location / {
+          proxy_pass http://${SKYWALKING_UI_NAME}:8080;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+       }
+    }

nginx/vhosts/upstream.conf

@@ -0,0 +1 @@
+

nginx/vhosts/xxljob.conf

@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${XXL_JOB_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location / {
+        proxy_pass http://${XXL_JOB_NAME}:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+                                 

server/nginx.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+source ../environment.sh
+
+# 检查并停止/删除已存在的容器
+if docker ps -a | grep -q ${NGINX_NAME}; then
+    echo "停止并删除已存在的 ${NGINX_NAME} 容器..."
+    docker stop ${NGINX_NAME} >/dev/null 2>&1
+    docker rm ${NGINX_NAME} >/dev/null 2>&1
+fi
+
+# 启动Nginx容器
+docker run --pull always -d \
+--name ${NGINX_NAME} \
+--network ${NETWORK} \
+-p ${NGINX_HTTP_PORT}:80 \
+-p ${NGINX_HTTPS_PORT}:443 \
+--env TZ=Asia/Shanghai \
+--memory ${NGINX_MEMORY} \
+--restart unless-stopped \
+${NGINX_IMAGE}
+
+# 显示运行中的容器
+docker ps 

server/oidcadmin.sh

@@ -0,0 +1,29 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${OIDC_ADMIN_NAME}; then
+    echo "停止并删除已存在的 OIDC_ADMIN_NAME 容器..."
+    docker stop ${OIDC_ADMIN_NAME} >/dev/null 2>&1
+    docker rm ${OIDC_ADMIN_NAME} >/dev/null 2>&1
+fi
+
+
+docker run --pull always -d \
+--name ${OIDC_ADMIN_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_ADMIN_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_USERNAME=root \
+--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env TZ=Asia/Shanghai \
+--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${OIDC_ADMIN_MEMORY} \
+--restart unless-stopped \
+${OIDC_ADMIN_IMAGE}

server/oidcservice.sh

@@ -0,0 +1,29 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${OIDC_SERVER_NAME}; then
+    echo "停止并删除已存在的 OIDC_SERVER_NAME 容器..."
+    docker stop ${OIDC_SERVER_NAME} >/dev/null 2>&1
+    docker rm ${OIDC_SERVER_NAME} >/dev/null 2>&1
+fi
+
+
+docker run --pull always -d \
+--name ${OIDC_SERVER_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_SERVER_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_USERNAME=root \
+--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env TZ=Asia/Shanghai \
+--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${OIDC_SERVER_MEMORY} \
+--restart unless-stopped \
+${OIDC_SERVER_IMAGE}

serviceImageBuilder/Dockerfile

@@ -0,0 +1,22 @@
+# 使用一个基础镜像
+#FROM openjdk:11-jre-slim
+FROM tuoheng/centos:base
+USER th
+# 定义构建参数
+ARG SW_APP_NAME
+ARG SW_SKY_AOP
+# 设置工作目录
+WORKDIR /data/java/tuoheng
+COPY apache-skywalking-java-agent-9.0.0.tgz  .
+RUN  tar -zxvf apache-skywalking-java-agent-9.0.0.tgz
+#复制应用程序到容器中
+COPY tuoheng.jar .
+# 设置环境变量
+ENV PATH="/usr/java/jdk/bin:${PATH}"
+ENV SW_AGENT_COLLECTOR_BACKEND_SERVICES="${SW_SKY_AOP}" \
+    SW_AGENT_NAME="${SW_APP_NAME}"
+#暴露应用程序的端口
+#EXPOSE 8090
+# 运行应用程序
+ENTRYPOINT ["java", "-Dfile.encoding=UTF-8","-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar","-jar","tuoheng.jar"]
+                                                                                                                                                                                                                                                                                                                                                                                            

serviceImageBuilder/builder.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# This script builds the Docker image
+# 读取第一个参数
+if [ $# -ne 3 ]; then
+  echo "错误：调用该脚本时必须传入 3 个参数 分别为服务名 镜像名 包名"
+  exit 1
+fi
+echo "服务名: $1 Image $2 Java包: $3"
+rm tuoheng.jar
+cp $3 tuoheng.jar
+source ../environment.sh
+#docker service rm $APP_NAME
+sleep 5
+docker container prune -f
+sleep 5
+cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agent-9.0.0.tgz
+docker image rm $2
+docker build --no-cache \
+  --build-arg SW_APP_NAME=$1 \
+  --build-arg SW_SKY_AOP=$SKY_AOP \
+  -t $2 .  # 注意末尾的 `.` 表示当前路径
+docker push $2                                                                                               

serviceImageBuilder/gateway.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $GATEWAY_JAR
+cp $GATEWAY_REMOTE_JAR $GATEWAY_JAR
+./builder.sh $GATEWAY_NAME $GATEWAY_IMAGE $GATEWAY_JAR

serviceImageBuilder/oidcadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $OIDC_ADMIN_JAR
+cp $OIDC_ADMIN_REMOTE_JAR $OIDC_ADMIN_JAR
+./builder.sh $OIDC_ADMIN_NAME $OIDC_ADMIN_IMAGE $OIDC_ADMIN_JAR

serviceImageBuilder/oidcservice.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $OIDC_SERVER_JAR
+cp $OIDC_SERVER_REMOTE_JAR $OIDC_SERVER_JAR
+./builder.sh $OIDC_SERVER_NAME $OIDC_SERVER_IMAGE $OIDC_SERVER_JAR

start/gateway/application.yml

@@ -0,0 +1,156 @@
+server:
+  port: 7011
+  main:
+    allow-bean-definition-overriding: true
+    web-application-typpse: reactive
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: prometheus,health
+  metrics:
+    tags:
+      application: tuoheng-gateway
+
+spring:
+  application:
+    name: tuoheng-gateway
+  security:
+    oauth2:
+      resource-server:
+        jwt:
+          issuer-uri: https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+  cloud:
+    consul:
+      host: ${CONSUL_NAME} # consul 所在服务地址
+      port: 8500 # consul 服务端口
+      discovery:
+        enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false，就不需要起consul服务。
+        register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false，应用才不会注册注册中心，才可以不起consul服务！
+        deregister: true #默认true，服务停止时注销服务，即从服务列表中删除。设置成false的话，？？？
+        ## consul ip地址
+        hostname: ${CONSUL_NAME}
+        # 注册到consul的服务名称
+        service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字，在consul的调用中，是通过此名字调用的。默认服务名,不要改
+        instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID
+        heartbeat:
+          enabled: true
+        prefer-ip-address: true #表示注册时使用IP而不是hostname
+        health-check-path: /actuator/health #健康检查
+        health-check-interval: 10s  #配置 Consul 健康检查频率，也就是心跳频率。
+        health-check-timeout: 10s #健康检查超时
+    gateway:
+      httpclient:
+        websocket:
+          max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB
+      discovery:
+        locator:
+          lowerCaseServiceId: true
+          enabled: true
+      # 跨域设置
+      globalcors:
+        add-to-simple-url-handler-mapping: true
+        cors-configurations:
+          '[/**]':
+            allowedOrigins:
+              - "http://localhost:8001"
+            allowedMethods:
+              - "GET"
+              - "POST"
+              - "DELETE"
+              - "PUT"
+              - "OPTIONS"
+            allowedHeaders: "*"
+            allowCredentials: true
+            maxAge: 360000
+      routes:
+        # 后台管理
+        - id: tuoheng-dsp-admin
+          uri: http://dsp-admin:9014
+          predicates:
+            - Path=/api/admin/**
+          filters:
+            - StripPrefix=2
+        # 网站服务
+        - id: tuoheng-dsp-portal
+          uri: http://dsp-portal:9017
+          predicates:
+            - Path=/api/portal/**
+          filters:
+            - StripPrefix=2
+        # DSP小程序服务
+        - id: tuoheng-dsp-miniprogram
+          uri: http://dsp-mini:9016
+          predicates:
+            - Path=/api/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # DSP api服务
+        - id: tuoheng-dsp-api
+          uri: http://dsp-api:9015
+          predicates:
+            - Path=/api/web/**
+          filters:
+            - StripPrefix=2
+        # DSP 巡检云
+        - id: tuoheng-dsp-inspection
+          uri: http://dsp-inspection:9018
+          predicates:
+            - Path=/api/inspection/**
+          filters:
+            - StripPrefix=2
+      # hhz admin服务
+        - id: tuoheng-hhz-admin
+          uri: http://hhz-admin:9055
+          predicates:
+            - Path=/hhz/admin/**
+          filters:
+            - StripPrefix=2
+        # hhz 小程序服务
+        - id: tuoheng-hhz-api
+          uri: http://hhz-api:9056
+          predicates:
+            - Path=/hhz/api/**
+          filters:
+            - StripPrefix=2
+  # Redis数据源
+  redis:
+    # 缓存库默认索引0
+    database: 0
+    # Redis服务器地址
+    host: ${REDIS_NAME}
+    # Redis服务器连接端口
+    port: 6379
+    # Redis服务器连接密码（默认为空）
+    password:
+    # 连接超时时间（毫秒）
+    timeout: 6000
+    # 默认的数据过期时间，主要用于shiro权限管理
+    expire: 2592000
+    jedis:
+      pool:
+        max-active: 1000  # 连接池最大连接数（使用负值表示没有限制）
+        max-wait: -1      # 连接池最大阻塞等待时间（使用负值表示没有限制）
+        max-idle: 10      # 连接池中的最大空闲连接
+        min-idle: 1       # 连接池中的最小空闲连接
+#security放行白名单配置
+security:
+  ignore:
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList
+
+# 获取 apiUrl 可访问的 roleIdList
+tuoheng:
+  hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList
+  airport-admin-perUrl: http://airport:9060/permission/getRoleIdList
+  freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList
+  waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList
+  airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList
+  weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList
+  telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList
+  alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList
+  spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList
+  digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList
+  dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList
+  lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList

start/gateway/replace_vars.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# 确保在脚本所在目录执行
+cd "$(dirname "$0")"
+SCRIPT_DIR="$(pwd)"
+echo "当前工作目录: $SCRIPT_DIR"
+
+# 获取项目根目录
+ROOT_DIR="$(cd ../.. && pwd)"
+echo "项目根目录: $ROOT_DIR"
+
+# 加载环境变量
+source "$ROOT_DIR/environment.sh"
+
+echo "开始替换Gateway配置文件中的环境变量..."
+
+# 定义源配置文件和目标目录
+SOURCE_FILE="$SCRIPT_DIR/application.yml"
+TEMP_DIR="$SCRIPT_DIR/temp"
+TARGET_FILE="$TEMP_DIR/application.yml"
+
+# 检查源配置文件是否存在
+if [ ! -f "$SOURCE_FILE" ]; then
+    echo "错误: 配置文件 $SOURCE_FILE 不存在!"
+    exit 1
+fi
+
+# 创建临时目录
+rm -rf "$TEMP_DIR"
+mkdir -p "$TEMP_DIR"
+
+echo "处理文件: application.yml"
+
+# 读取原始文件内容
+content=$(cat "$SOURCE_FILE")
+
+# 获取environment.sh中所有环境变量
+env_vars=$(grep -E "^export [A-Z_]+" "$ROOT_DIR/environment.sh" | sed 's/export //')
+
+# 逐个替换环境变量
+for var in $env_vars; do
+    var_name=$(echo $var | cut -d= -f1)
+    var_value=${!var_name}
+    if [ ! -z "$var_value" ]; then
+        # 使用简单的变量替换方法
+        pattern="\\\${$var_name}"
+        echo "  替换变量: ${pattern} -> $var_value"
+        content=$(echo "$content" | sed "s|${pattern}|$var_value|g")
+    fi
+done
+
+# 写入处理后的内容到目标文件
+echo "$content" > "$TARGET_FILE"
+
+echo "环境变量替换完成! 替换后的文件位于 $TARGET_FILE"
+echo "此文件将在启动Gateway容器时使用"

start/gateway/startGateway.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# 确保在脚本所在目录执行
+cd "$(dirname "$0")"
+SCRIPT_DIR="$(pwd)"
+echo "当前工作目录: $SCRIPT_DIR"
+
+# 获取项目根目录
+ROOT_DIR="$(cd ../.. && pwd)"
+echo "项目根目录: $ROOT_DIR"
+
+# 加载环境变量
+source "$ROOT_DIR/environment.sh"
+echo "已加载环境变量"
+
+# 执行变量替换脚本
+echo "开始替换环境变量..."
+bash "$SCRIPT_DIR/replace_vars.sh"
+
+# 检查替换是否成功
+if [ ! -f "$SCRIPT_DIR/temp/application.yml" ]; then
+    echo "错误: 替换后的配置文件不存在: $SCRIPT_DIR/temp/application.yml"
+    exit 1
+fi
+
+echo "配置文件替换成功，准备启动Gateway容器..."
+
+# 先停止和删除现有容器
+if docker ps -a | grep -q ${GATEWAY_NAME}; then
+    echo "停止并删除已存在的 ${GATEWAY_NAME} 容器..."
+    docker stop ${GATEWAY_NAME} >/dev/null 2>&1
+    docker rm ${GATEWAY_NAME} >/dev/null 2>&1
+fi
+
+# 启动Gateway容器
+echo "正在启动 ${GATEWAY_NAME} 容器..."
+docker run --pull always -d \
+    --name ${GATEWAY_NAME} \
+    --network ${NETWORK} \
+    --env TZ=Asia/Shanghai \
+    --env SPRING_CONFIG_LOCATION=file:/data/java/tuoheng/application.yml \
+    --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+    --mount type=bind,source="$SCRIPT_DIR/temp/application.yml",target=/data/java/tuoheng/application.yml,readonly \
+    --memory ${GATEWAY_MEMORY} \
+    --restart unless-stopped \
+    ${GATEWAY_IMAGE}
+
+# 检查启动结果
+if [ $? -eq 0 ]; then
+    echo "Gateway服务已成功启动"
+    docker ps | grep ${GATEWAY_NAME}
+else
+    echo "Gateway服务启动失败，请检查日志"
+    docker logs ${GATEWAY_NAME}
+fi 

start/gateway/temp/application.yml

@@ -0,0 +1,156 @@
+server:
+  port: 7011
+  main:
+    allow-bean-definition-overriding: true
+    web-application-typpse: reactive
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: prometheus,health
+  metrics:
+    tags:
+      application: tuoheng-gateway
+
+spring:
+  application:
+    name: tuoheng-gateway
+  security:
+    oauth2:
+      resource-server:
+        jwt:
+          issuer-uri: https://oidc-bazhong.t-aaron.com:2443
+  cloud:
+    consul:
+      host: CONSUL_bazhong # consul 所在服务地址
+      port: 8500 # consul 服务端口
+      discovery:
+        enabled: true #默认true。Consul Discovery Client是否注册到注册中心。和register同时设置成false，就不需要起consul服务。
+        register: true #是否将服务注册到Consul集群中心.。这个参数和上面的enabled参数同时设置成false，应用才不会注册注册中心，才可以不起consul服务！
+        deregister: true #默认true，服务停止时注销服务，即从服务列表中删除。设置成false的话，？？？
+        ## consul ip地址
+        hostname: CONSUL_bazhong
+        # 注册到consul的服务名称
+        service-name: ${spring.application.name} # 服务提供者名称,注册在consul上面的名字，在consul的调用中，是通过此名字调用的。默认服务名,不要改
+        instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${server.port} #实例ID
+        heartbeat:
+          enabled: true
+        prefer-ip-address: true #表示注册时使用IP而不是hostname
+        health-check-path: /actuator/health #健康检查
+        health-check-interval: 10s  #配置 Consul 健康检查频率，也就是心跳频率。
+        health-check-timeout: 10s #健康检查超时
+    gateway:
+      httpclient:
+        websocket:
+          max-frame-payload-length: 10485760 # 单次通信提交最大数据库设置成10MB
+      discovery:
+        locator:
+          lowerCaseServiceId: true
+          enabled: true
+      # 跨域设置
+      globalcors:
+        add-to-simple-url-handler-mapping: true
+        cors-configurations:
+          '[/**]':
+            allowedOrigins:
+              - "http://localhost:8001"
+            allowedMethods:
+              - "GET"
+              - "POST"
+              - "DELETE"
+              - "PUT"
+              - "OPTIONS"
+            allowedHeaders: "*"
+            allowCredentials: true
+            maxAge: 360000
+      routes:
+        # 后台管理
+        - id: tuoheng-dsp-admin
+          uri: http://dsp-admin:9014
+          predicates:
+            - Path=/api/admin/**
+          filters:
+            - StripPrefix=2
+        # 网站服务
+        - id: tuoheng-dsp-portal
+          uri: http://dsp-portal:9017
+          predicates:
+            - Path=/api/portal/**
+          filters:
+            - StripPrefix=2
+        # DSP小程序服务
+        - id: tuoheng-dsp-miniprogram
+          uri: http://dsp-mini:9016
+          predicates:
+            - Path=/api/miniprogram/**
+          filters:
+            - StripPrefix=2
+        # DSP api服务
+        - id: tuoheng-dsp-api
+          uri: http://dsp-api:9015
+          predicates:
+            - Path=/api/web/**
+          filters:
+            - StripPrefix=2
+        # DSP 巡检云
+        - id: tuoheng-dsp-inspection
+          uri: http://dsp-inspection:9018
+          predicates:
+            - Path=/api/inspection/**
+          filters:
+            - StripPrefix=2
+      # hhz admin服务
+        - id: tuoheng-hhz-admin
+          uri: http://hhz-admin:9055
+          predicates:
+            - Path=/hhz/admin/**
+          filters:
+            - StripPrefix=2
+        # hhz 小程序服务
+        - id: tuoheng-hhz-api
+          uri: http://hhz-api:9056
+          predicates:
+            - Path=/hhz/api/**
+          filters:
+            - StripPrefix=2
+  # Redis数据源
+  redis:
+    # 缓存库默认索引0
+    database: 0
+    # Redis服务器地址
+    host: REDIS_bazhong
+    # Redis服务器连接端口
+    port: 6379
+    # Redis服务器连接密码（默认为空）
+    password:
+    # 连接超时时间（毫秒）
+    timeout: 6000
+    # 默认的数据过期时间，主要用于shiro权限管理
+    expire: 2592000
+    jedis:
+      pool:
+        max-active: 1000  # 连接池最大连接数（使用负值表示没有限制）
+        max-wait: -1      # 连接池最大阻塞等待时间（使用负值表示没有限制）
+        max-idle: 10      # 连接池中的最大空闲连接
+        min-idle: 1       # 连接池中的最小空闲连接
+#security放行白名单配置
+security:
+  ignore:
+    permitUrls: /api/system/demo/msg
+    oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList
+
+# 获取 apiUrl 可访问的 roleIdList
+tuoheng:
+  hhz-admin-perUrl: http://hhz-admin:9055/permission/getRoleIdList
+  airport-admin-perUrl: http://airport:9060/permission/getRoleIdList
+  freeway-admin-perUrl: http://freeway-admin:9117/permission/getRoleIdList
+  waterway-admin-perUrl: https://waterway.t-aaron.com/permission/getRoleIdList
+  airmonitor-admin-perUrl: http://airmonitor-admin:9130/permission/getRoleIdList
+  weptsp-admin-perUrl: http://weptsp-admin:9140/permission/getRoleIdList
+  telecomumale-admin-perUrl: http://telecomumale-admin:9150/permission/getRoleIdList
+  alert-admin-perUrl: https://alert.t-aaron.com/permission/getRoleIdList
+  spacetime-admin-perUrl: https://spacetime.t-aaron.com/permission/getRoleIdList
+  digitaltwin-admin-perUrl: https://digitaltwin.t-aaron.com/permission/getRoleIdList
+  dmp-admin-perUrl: https://dmp.t-aaron.com/permission/getRoleIdList
+  lacs-admin-perUrl: https://lacs.t-aaron.com/permission/getRoleIdList

start/nginx.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+source ../environment.sh
+
+# 检查并停止/删除已存在的容器
+if docker ps -a | grep -q ${NGINX_NAME}; then
+    echo "停止并删除已存在的 ${NGINX_NAME} 容器..."
+    docker stop ${NGINX_NAME} >/dev/null 2>&1
+    docker rm ${NGINX_NAME} >/dev/null 2>&1
+fi
+
+# 启动Nginx容器
+docker run --pull always -d \
+--name ${NGINX_NAME} \
+--network ${NETWORK} \
+-p ${NGINX_HTTP_PORT}:80 \
+-p ${NGINX_HTTPS_PORT}:443 \
+--env TZ=Asia/Shanghai \
+--memory ${NGINX_MEMORY} \
+--restart unless-stopped \
+${NGINX_IMAGE}
+
+# 显示运行中的容器
+docker ps 

start/oidcadmin.sh

@@ -0,0 +1,29 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${OIDC_ADMIN_NAME}; then
+    echo "停止并删除已存在的 OIDC_ADMIN_NAME 容器..."
+    docker stop ${OIDC_ADMIN_NAME} >/dev/null 2>&1
+    docker rm ${OIDC_ADMIN_NAME} >/dev/null 2>&1
+fi
+
+
+docker run --pull always -d \
+--name ${OIDC_ADMIN_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_ADMIN_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_USERNAME=root \
+--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env TZ=Asia/Shanghai \
+--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${OIDC_ADMIN_MEMORY} \
+--restart unless-stopped \
+${OIDC_ADMIN_IMAGE}

start/oidcservice.sh

@@ -0,0 +1,29 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${OIDC_SERVER_NAME}; then
+    echo "停止并删除已存在的 OIDC_SERVER_NAME 容器..."
+    docker stop ${OIDC_SERVER_NAME} >/dev/null 2>&1
+    docker rm ${OIDC_SERVER_NAME} >/dev/null 2>&1
+fi
+
+
+docker run --pull always -d \
+--name ${OIDC_SERVER_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_SERVER_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_USERNAME=root \
+--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env TZ=Asia/Shanghai \
+--env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${OIDC_SERVER_MEMORY} \
+--restart unless-stopped \
+${OIDC_SERVER_IMAGE}