调度

.cursorrules

@@ -0,0 +1,37 @@
+    # Role
+    你是一名极其优秀具有20年经验的产品经理和精通所有编程语言的工程师。与你交流的用户是不懂代码的初中生，不善于表达产品和代码需求。你的工作对用户来说非常重要，完成后将获得10000美元奖励。
+
+    # Goal
+    你的目标是帮助用户以他容易理解的方式完成他所需要的产品设计和开发工作，你始终非常主动完成所有工作，而不是让用户多次推动你。
+
+    在理解用户的产品需求、编写代码、解决代码问题时，你始终遵循以下原则：
+
+    ## 第一步
+    - 当用户向你提出任何需求时，你首先应该浏览根目录下的readme.md文件，了解当前项目的状态和存在的问题，并根据实际情况调整你的工作计划。
+
+    # 本规则由 AI进化论-花生 创建，版权所有，引用请注明出处
+
+    ## 第二步
+    你需要理解用户正在给你提供的是什么任务
+    ### 当用户直接为你提供需求时，你应当：
+    - 首先，你应当充分理解用户需求，并且可以站在用户的角度思考，如果我是用户，我需要什么？
+    - 其次，你应该作为产品经理理解用户需求是否存在缺漏，你应当和用户探讨和补全需求，直到用户满意为止；
+    - 最后，你应当使用最简单的解决方案来满足用户需求，而不是使用复杂或者高级的解决方案。
+
+    ### 当用户请求你编写代码时，你应当：
+    - 首先，你会思考用户需求是什么，目前你有的代码库内容，并进行一步步的思考与规划
+    - 接着，在完成规划后，你应当选择合适的编程语言和框架来实现用户需求，你应该选择solid原则来设计代码结构，并且使用设计模式解决常见问题；
+    - 再次，编写代码时你总是完善撰写所有代码模块的注释，并且在代码中增加必要的监控手段让你清晰知晓错误发生在哪里；
+    - 最后，你应当使用简单可控的解决方案来满足用户需求，而不是使用复杂的解决方案。
+
+    ### 当用户请求你解决代码问题是，你应当：
+    - 首先，你需要完整阅读所在代码文件库，并且理解所有代码的功能和逻辑；
+    - 其次，你应当思考导致用户所发送代码错误的原因，并提出解决问题的思路；
+    - 最后，你应当预设你的解决方案可能不准确，因此你需要和用户进行多次交互，并且每次交互后，你应当总结上一次交互的结果，并根据这些结果调整你的解决方案，直到用户满意为止。
+    - 特别注意：当一个bug经过两次调整仍未解决时，你将启动系统二思考模式：
+      1. 首先，系统性分析导致bug的可能原因，列出所有假设
+      2. 然后，为每个假设设计验证方法
+      3. 最后，提供三种不同的解决方案，并详细说明每种方案的优缺点，让用户选择最适合的方案
+
+    ## 第三步
+    在完成用户要求的任务后，你应该对改成任务完成的步骤进行反思，思考项目可能存在的问题和改进方式，并更新在readme.md文件中

.gitnore

@@ -0,0 +1,7 @@
+*.jar
+*temp_vhosts*
+*temp*
+.DS_Store
+*.tgz
+readme.md
+.cursorrules

.idea/.gitignore

@@ -0,0 +1,8 @@
+# 默认忽略的文件
+/shelf/
+/workspace.xml
+# 基于编辑器的 HTTP 客户端请求
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/docker.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_23" default="true" project-jdk-name="openjdk-23" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/docker.iml" filepath="$PROJECT_DIR$/.idea/docker.iml" />
+    </modules>
+  </component>
+</project>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

bazhong.sh

@@ -0,0 +1,34 @@
+#域名前缀
+#域名前缀
+export VERSION=default
+export DOMAIN=bazhong
+#域名后缀
+export DOMAIN_END=jouavcloud.com
+# 主机对外爆露的HTTP端口
+export NGINX_HTTP_PORT=9999
+# 主机对外爆露的HTTPS端口
+export NGINX_HTTPS_PORT=3443
+# 对外MYSQL端口
+export MYSQL_PORT=3309
+# 对外Redis端口
+export REDIS_PORT=6381
+# MQTT 配置
+# MQTT对外爆露端口
+export MQTT_PORT=1884
+# 对外KAFKA端口
+export KAFKA_PORT=9292
+# SRS对外爆露端口
+export SRS_RTMP_PORT=1938
+# Minio控制台对外爆露端口
+export MINIO_CONSOLE_PORT=9022
+
+
+export HHZ_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_hhz_web/dist
+export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/dsp-admin/dist
+export AIRPORT_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_airport_web/dist
+export BUSINESS_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/business_web/dist
+
+
+#域名证书位置写在这边
+#export PEM_PATH=/opt/tuoheng/jocloud/jouavcloud.com.pem
+#export KEY_PATH=/opt/tuoheng/jocloud/jouavcloud.com.key

builder/Dockerfile

@@ -1,6 +1,6 @@
 # 使用一个基础镜像
 #FROM openjdk:11-jre-slim
-FROM tuoheng/centos:base
+FROM registry.t-aaron.com/tuoheng/centos:base
 USER th
 # 定义构建参数
 ARG SW_APP_NAME

builder/airport.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $AIRPORT_JAR
+cp $AIRPORT_REMOTE_JAR $AIRPORT_JAR
+./builder.sh $AIRPORT_NAME $AIRPORT_IMAGE $AIRPORT_JAR

builder/business.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $BUSINESS_JAR
+cp $BUSINESS_REMOTE_JAR $BUSINESS_JAR
+./builder.sh $BUSINESS_NAME $BUSINESS_IMAGE $BUSINESS_JAR

builder/dspadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_ADMIN_JAR
+cp $DSP_ADMIN_REMOTE_JAR $DSP_ADMIN_JAR
+./builder.sh $DSP_ADMIN_NAME $DSP_ADMIN_IMAGE $DSP_ADMIN_JAR

builder/dspapi.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_API_JAR
+cp $DSP_API_REMOTE_JAR $DSP_API_JAR
+./builder.sh $DSP_API_NAME $DSP_API_IMAGE $DSP_API_JAR

builder/dspinspection.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_INSPECTION_JAR
+cp $DSP_INSPECTION_REMOTE_JAR $DSP_INSPECTION_JAR
+./builder.sh $DSP_INSPECTION_NAME $DSP_INSPECTION_IMAGE $DSP_INSPECTION_JAR

builder/dspmini.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_MINI_JAR
+cp $DSP_MINI_REMOTE_JAR $DSP_MINI_JAR
+./builder.sh $DSP_MINI_NAME $DSP_MINI_IMAGE $DSP_MINI_JAR

builder/dspportal.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_PORTAL_JAR
+cp $DSP_PORTAL_REMOTE_JAR $DSP_PORTAL_JAR
+./builder.sh $DSP_PORTAL_NAME $DSP_PORTAL_IMAGE $DSP_PORTAL_JAR

builder/ffmpeg/dockerfile

@@ -0,0 +1,21 @@
+FROM alfg/ffmpeg:latest
+
+# 安装OpenJDK 11
+RUN apk add --no-cache openjdk11-jre
+
+# 设置Java环境变量
+ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk
+ENV PATH=$PATH:$JAVA_HOME/bin
+
+# 验证安装
+RUN java -version && \
+    ffmpeg -version && \
+    ffmpeg -codecs && \
+    ffmpeg -formats
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

builder/hhzadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $HHZ_ADMIN_JAR
+cp $HHZ_ADMIN_REMOTE_JAR $HHZ_ADMIN_JAR
+./builder.sh $HHZ_ADMIN_NAME $HHZ_ADMIN_IMAGE $HHZ_ADMIN_JAR

builder/hhzapi.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $HHZ_API_JAR
+cp $HHZ_API_REMOTE_JAR $HHZ_API_JAR
+./builder.sh $HHZ_API_NAME $HHZ_API_IMAGE $HHZ_API_JAR

builder/stream.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+source ../environment.sh
+# 检查必要的环境变量
+if [ -z "$STREAM_REMOTE_JAR" ]; then
+    echo "Error: STREAM_REMOTE_JAR environment variable is not set"
+    exit 1
+fi
+
+if [ -z "$STREAM_IMAGE" ]; then
+    echo "Error: STREAM_IMAGE environment variable is not set"
+    exit 1
+fi
+
+if [ -z "$STREAM_JAR" ]; then
+    echo "Error: STREAM_JAR environment variable is not set"
+    exit 1
+fi
+
+# 创建临时构建目录
+BUILD_DIR=$(mktemp -d)
+trap 'rm -rf "$BUILD_DIR"' EXIT
+
+# 复制JAR文件
+echo "Copying JAR file from $STREAM_REMOTE_JAR"
+cp "$STREAM_REMOTE_JAR" "$BUILD_DIR/${STREAM_JAR}"
+
+# 检查JAR文件是否复制成功
+if [ ! -f "$BUILD_DIR/${STREAM_JAR}" ]; then
+    echo "Error: Failed to copy JAR file"
+    exit 1
+fi
+
+# 创建Dockerfile
+cat > "$BUILD_DIR/Dockerfile" << EOF
+FROM registry.t-aaron.com/tuoheng/ffmpeg:latest
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/\$TZ /etc/localtime && echo \$TZ > /etc/timezone
+
+# 创建数据目录
+RUN mkdir -p /data/temp && chmod 777 /data/temp
+# 创建数据目录
+RUN mkdir -p /data/recording && chmod 777 /data/recording
+# 创建数据目录
+RUN mkdir -p /data/record && chmod 777 /data/record
+
+# 复制JAR文件
+COPY ${STREAM_JAR} /app/
+
+# 设置启动命令
+ENTRYPOINT ["java", "-jar", "/app/${STREAM_JAR}"]
+EOF
+
+# 构建Docker镜像
+echo "Building Docker image: $STREAM_IMAGE"
+docker build -t "$STREAM_IMAGE" "$BUILD_DIR"
+
+# 清理
+# rm -rf "$BUILD_DIR"
+
+echo "Docker image $STREAM_IMAGE has been built successfully"
+
+docker push $STREAM_IMAGE

dashuju.sh

@@ -0,0 +1,55 @@
+echo "开始执行 dashuju.sh"
+export VERSION=default
+export DOMAIN=dashuju
+export DOMAIN_END=t-aaron.com
+# 主机对外爆露的HTTP端口
+export NGINX_HTTP_PORT=9999
+# 主机对外爆露的HTTPS端口--------- 
+export NGINX_HTTPS_PORT=3443
+# MYSQL对外地址 ----
+export MYSQL_PORT=3009
+export REDIS_PORT=6381
+#MQTT 配置
+# MQTT对外爆露端口 -- OK
+export MQTT_PORT=8000
+export MQTT_WS_PORT=9004
+export KAFKA_PORT=9292
+# SRS对外爆露端口---- OK
+export SRS_RTMP_PORT=1935
+# Minio对外爆露端口
+export MINIO_API_PORT=9700
+# Minio控制台对外爆露端口
+export MINIO_CONSOLE_PORT=9022
+
+
+export MINIO_ACCESS_KEY=5x2X7FkeyxEYQPAFOUet
+export MINIO_SECRET_KEY=WOH5bzWr3OdrdzrPdN3hXFlxsSWJuRW2kQeRUbJI
+
+# Consul 配置
+export CONSUL_PORT=8600
+# XXL-Job 配置
+export XXLJOB_PORT=8383
+
+export HHZ_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/tuoheng_hhz_web/dist
+export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/dsp-admin/dist
+export AIRPORT_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/tuoheng_airport_web/dist
+export BUSINESS_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/business_web/dist
+
+echo $HHZ_ADMIN_WEB_DIST
+echo $DSP_ADMIN_WEB_DIST
+echo $AIRPORT_WEB_DIST
+echo $BUSINESS_WEB_DIST
+
+#域名证书位置写在这边
+#export PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.pem
+#export KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.key
+
+#前端配置
+#export VUE_APP_API_BASE_URL = https://${HHZ_DOMAIN}:${NGINX_HTTPS_PORT}/
+#export VUE_APP_AUTHORITY = https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+#export VUE_APP_OUT_AUTHORITY = https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+#VUE_APP_API_BASE_URL=https://${AIRPORT_DOMAIN}:${NGINX_HTTPS_PORT}/airport
+#https://airport-develop.t-aaron.com:3443
+#https://hhz-develop.t-aaron.com:3443
+
+#https://oidc-develop.t-aaron.com:3443

environment.sh

@@ -1,28 +1,93 @@
 #!/bin/bash
 # 定基本环境变量并导出
-# 所有端口都为主机对外爆露的端口
-export DOMAIN=bazhong
+# 不同的环境采用不同的DOMAIN
+if [ -z "${VERSION}" ]; then
+    export VERSION=""
+    echo "环境变量 VERSION 未设置"
+else
+    echo "环境变量 VERSION 已设置，设置为 ${VERSION}"
+fi
+
+if [ -z "${DOMAIN}" ]; then
+    export DOMAIN=bazhong
+    echo "环境变量 DOMAIN 未设置，设置为默认值 ${DOMAIN}"
+else
+    echo "环境变量 DOMAIN 已设置，设置为 ${DOMAIN}"
+fi
+
+if [[ "$(uname)" == "Darwin" ]]; then
+  echo "当前是 Mac 系统"
+  export PLATFORM=""
+  # 这里写 Mac 下要执行的命令
+else
+  echo "当前不是 Mac 系统"
+  export PLATFORM="linux"
+  echo "环境变量 PLATFORM 已设置，设置为 ${PLATFORM}"
+  # 这里写 Linux 或其他系统下要执行的命令
+fi
+
+
 export NETWORK="swarm_network_$DOMAIN"
-export HOST_IP=127.0.0.1
+# 镜像仓库地址
 export REGISTRY=registry.t-aaron.com
-export SKY_DOMAIN=sky-${DOMAIN}.t-aaron.com
-export CONSUL_DOMAIN=consul-${DOMAIN}.t-aaron.com
-export XXLJOB_DOMAIN=xxljob-${DOMAIN}.t-aaron.com
-export OIDC_SERVER_DOMAIN=oidc-${DOMAIN}.t-aaron.com
+# 主机的域名后缀
+if [ -z "${DOMAIN_END}" ]; then
+    export DOMAIN_END=t-aaron.com
+    echo "环境变量 DOMAIN_END 未设置，设置为默认值 ${DOMAIN_END}"
+else
+    echo "环境变量 DOMAIN_END 已设置，设置为 ${DOMAIN_END}"
+fi
 
+# 主机对外爆露的HTTP端口
+if [ -z "$NGINX_HTTP_PORT" ]; then
+    export NGINX_HTTP_PORT=8899
+else
+    echo "环境变量 NGINX_HTTP_PORT 已设置，设置为 ${NGINX_HTTP_PORT}"
+fi
+# 主机对外爆露的HTTPS端口
+if [ -z "$NGINX_HTTPS_PORT" ]; then
+    export NGINX_HTTPS_PORT=2443
+else
+    echo "环境变量 NGINX_HTTPS_PORT 已设置，设置为 ${NGINX_HTTPS_PORT}"
+fi
 
+export SKYWALKING_UI_DOMAIN=sky-${DOMAIN}.${DOMAIN_END}
+export CONSUL_DOMAIN=consul-${DOMAIN}.${DOMAIN_END}
+export XXLJOB_DOMAIN=xxljob-${DOMAIN}.${DOMAIN_END}
+export OIDC_SERVER_DOMAIN=oidc-${DOMAIN}.${DOMAIN_END}
+export OIDC_DOMAIN_FULL=${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+export OIDC_ADMIN_DOMAIN=oidcadmin-${DOMAIN}.${DOMAIN_END}
+export OIDC_ADMIN_DOMAIN_FULL=${OIDC_ADMIN_DOMAIN}:${NGINX_HTTPS_PORT}
+export MINIO_DOMAIN=minio-${DOMAIN}.${DOMAIN_END}
+export MINIO_CONSOLE_DOMAIN=minioconsole-${DOMAIN}.${DOMAIN_END}
+export AIRPORT_DOMAIN=airport-${DOMAIN}.${DOMAIN_END}
+export AIRPORT_DOMAIN_FULL=${AIRPORT_DOMAIN}:${NGINX_HTTPS_PORT}
+export BUSINESS_DOMAIN=business-${DOMAIN}.${DOMAIN_END}
+export BUSINESS_DOMAIN_FULL=${BUSINESS_DOMAIN}:${NGINX_HTTPS_PORT}
+export SRS_DOMAIN=srs-${DOMAIN}.${DOMAIN_END}
+export SRS_DOMAIN_FULL=${SRS_DOMAIN}:${NGINX_HTTPS_PORT}
+export HHZ_DOMAIN=hhz-${DOMAIN}.${DOMAIN_END}
+export HHZ_DOMAIN_FULL=${HHZ_DOMAIN}:${NGINX_HTTPS_PORT}
+export DSP_DOMAIN=dsp-${DOMAIN}.${DOMAIN_END}
+export DSP_DOMAIN_FULL=${DSP_DOMAIN}:${NGINX_HTTPS_PORT}
 export REGISTRY_HOST=${REGISTRY}/tuoheng/
-#export REGISTRY_HOST=""
+export KAFKA_DOMAIN=kafka-${DOMAIN}.${DOMAIN_END}
+
 
 #Nginx 配置
 export NGINX_NAME=NGINX_${DOMAIN}
-export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}
-export NGINX_HTTP_PORT=8899
-export NGINX_HTTPS_PORT=2443
+export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}${VERSION}
 export NGINX_MEMORY=256m
 
 #MySql 配置 
-export MYSQL_PORT=3308
+# 数据库对外爆露端口 
+
+# 主机对外爆露的HTTPS端口
+if [ -z "$MYSQL_PORT" ]; then
+    export MYSQL_PORT=3308
+else
+    echo "环境变量 MYSQL_PORT 已设置，设置为 ${MYSQL_PORT}"
+fi
 export MYSQL_ROOT_PASSWORD=tuoheng2024
 export MYSQL_IMAGE=${REGISTRY_HOST}mysql:8.0.25
 export MYSQL_DATA=${NETWORK}_mysql_data
@@ -30,50 +95,114 @@ export MYSQL_NAME=MYSQL_${DOMAIN}
 export MYSQL_MEMORY=1g    
 
 #Redis 配置
-export REDIS_PORT=6380
+if [ -z "$REDIS_PORT" ]; then
+   export REDIS_PORT=6380
+else
+    echo "环境变量 REDIS_PORT 已设置，设置为 ${REDIS_PORT}"
+fi
+ 
 export REDIS_IMAGE=${REGISTRY_HOST}redis:latest
 export REDIS_DATA=${NETWORK}_redis_data
 export REDIS_NAME=REDIS_${DOMAIN}
 export REDIS_MEMORY=512m    
 
+
 #MQTT 配置
-export MQTT_PORT=1883
-export MQTT_WS_PORT=9001
+# MQTT对外爆露端口
+if [ -z "$MQTT_PORT" ]; then
+   export MQTT_PORT=1883
+else
+    echo "环境变量 MQTT_PORT 已设置，设置为 ${MQTT_PORT}"
+fi
+if [ -z "$MQTT_WS_PORT" ]; then
+   export MQTT_WS_PORT=9001
+else
+    echo "环境变量 MQTT_WS_PORT 已设置，设置为 ${MQTT_WS_PORT}"
+fi
+ 
+ 
 export MQTT_IMAGE=${REGISTRY_HOST}eclipse-mosquitto:latest
 export MQTT_NAME=MQTT_${DOMAIN}
 export MQTT_MEMORY=512m    
 
 #Kafka 配置
-export KAFKA_PORT=9092
-export KAFKA_IMAGE=${REGISTRY_HOST}confluentinc/cp-kafka:latest
+# Kafka对外爆露端口
+if [ -z "$KAFKA_PORT" ]; then
+   export KAFKA_PORT=9292
+else
+    echo "环境变量 KAFKA_PORT 已设置，设置为 ${KAFKA_PORT}"
+fi
+if [[ "$(uname)" == "Darwin" ]]; then
+  echo "当前是 Mac 系统"
+  export KAFKA_IMAGE=${REGISTRY_HOST}bitnami/kafka:latest
+  # 这里写 Mac 下要执行的命令
+else
+  echo "当前不是 Mac 系统"
+  export KAFKA_IMAGE=${REGISTRY_HOST}bitnami/kafka:${PLATFORM}
+  echo "环境变量 KAFKA_IMAGE 已设置，设置为 ${KAFKA_IMAGE}"
+  # 这里写 Linux 或其他系统下要执行的命令
+fi
 export KAFKA_NAME=KAFKA_${DOMAIN}
-export KAFKA_MEMORY=512m   
+export KAFKA_MEMORY=2g
+export KAFKA_DATA=${NETWORK}_kafka_data  
+export KAFKA_DOMAIN_FULL=${KAFKA_DOMAIN}:${KAFKA_PORT}
  
 
 #SRS 配置
-export SRS_NAME=SRS_${DOMAIN}
-export SRS_HTTP_PORT=8080
-export SRS_RTMP_PORT=1935
-export SRS_RTC_PORT=8000
+# SRS对外爆露端口 Name比较特别,没有DOAMIN后缀
+export SRS_NAME=SRS
+if [ -z "$SRS_RTMP_PORT" ]; then
+  export SRS_RTMP_PORT=1935
+else
+    echo "环境变量 SRS_RTMP_PORT 已设置，设置为 ${SRS_RTMP_PORT}"
+fi
+if [ -z "$SRS_RTC_PORT" ]; then
+  export SRS_RTC_PORT=8000
+else
+    echo "环境变量 SRS_RTC_PORT 已设置，设置为 ${SRS_RTC_PORT}"
+fi
+export SRS_RTMP_DOMAIN_FULL=${SRS_DOMAIN}:${SRS_RTMP_PORT}
 export SRS_MEMORY=512m
-export SRS_IMAGE=registry.cn-hangzhou.aliyuncs.com/ossrs/srs:5
+export SRS_IMAGE=${REGISTRY_HOST}srs:6
 export SRS_DATA=${NETWORK}_srs_data
 
-
-#Minio 配置
-export MINIO_NAME=MINIO_${DOMAIN}
+#Minio 配置 Name比较特别,没有DOAMIN后缀
+export MINIO_NAME=MINIO
 export MINIO_MEMORY=512m
-export MINIO_IMAGE=quay.io/minio/minio
+export MINIO_IMAGE=${REGISTRY_HOST}quay.io/minio:latest${PLATFORM}
 export MINIO_DATA=${NETWORK}_minio_data 
-export MINIO_API_PORT=9000
-export MINIO_CONSOLE_PORT=9002
+# Minio对外爆露端口
+if [ -z "$MINIO_API_PORT" ]; then
+   export MINIO_API_PORT=9000
+else
+    echo "环境变量 MINIO_API_PORT 已设置，设置为 ${MINIO_API_PORT}"
+fi
+# Minio控制台对外爆露端口
+if [ -z "$MINIO_CONSOLE_PORT" ]; then
+   export MINIO_CONSOLE_PORT=9002
+else
+    echo "环境变量 MINIO_CONSOLE_PORT 已设置，设置为 ${MINIO_CONSOLE_PORT}"
+fi
 export MINIO_ROOT_USER=miniopassword
 export MINIO_ROOT_PASSWORD=miniopassword   
 
+if [ -z "$MINIO_ACCESS_KEY" ]; then
+    export MINIO_ACCESS_KEY=shvngIfksXjTqlQHKSxt
+else
+    echo "环境变量 MINIO_ACCESS_KEY 已设置，设置为 ${MINIO_ACCESS_KEY}"
+fi
+
+if [ -z "$MINIO_SECRET_KEY" ]; then
+    export MINIO_SECRET_KEY=Xed4RsGAF1iX7bzEsNEXydnEYsWMUHzU4cA4IPGl
+else
+    echo "环境变量 MINIO_SECRET_KEY 已设置，设置为 ${MINIO_SECRET_KEY}"
+fi
+
 # Elasticsearch 配置
 export ES_NAME=ES_${DOMAIN}
-export ES_IMAGE=elasticsearch:7.8.0
+export ES_IMAGE=${REGISTRY_HOST}elasticsearch:7.8.0
 export ES_MEMORY=1g
+# Elasticsearch对外爆露端口
 export ES_PORT=9200
 export ES_DATA=${NETWORK}_es_data
 
@@ -84,6 +213,7 @@ export SKYWALKING_OAP_IMAGE=apache/skywalking-oap-server:8.6.0-es7
 export SKYWALKING_UI_IMAGE=apache/skywalking-ui:8.6.0
 export SKYWALKING_OAP_MEMORY=512m
 export SKYWALKING_UI_MEMORY=512m
+# SkyWalking UI对外爆露端口
 export SKYWALKING_UI_PORT=8181
 export SW_AGENT_COLLECTOR_BACKEND_SERVICES=${SKYWALKING_OAP_NAME}:11800
 export SKYWALKING_USERNAME=skywalking
@@ -93,57 +223,192 @@ export SKYWALKING_PASSWORD=skywalking
 # Consul 配置
 export CONSUL_NAME=CONSUL_${DOMAIN}
 export CONSUL_IMAGE=${REGISTRY_HOST}consul:latest
-export CONSUL_PORT="8500"
+if [ -z "$CONSUL_PORT" ]; then
+   export CONSUL_PORT=8500
+else
+    echo "环境变量 CONSUL_PORT 已设置，设置为 ${CONSUL_PORT}"
+fi
 export CONSUL_MEMORY="512m"
 
 # XXL-Job 配置
-export XXLJOB_NAME=XXL_JOB_${DOMAIN}
+export XXLJOB_NAME=XXL-JOB-${DOMAIN}
 export XXLJOB_IMAGE=${REGISTRY_HOST}xuxueli/xxl-job-admin:2.4.0
-export XXLJOB_PORT=8282
-export XXLJOB_MEMORY=512m
+if [ -z "$XXLJOB_PORT" ]; then
+   export XXLJOB_PORT=8282 
+else
+    echo "环境变量 XXLJOB_PORT 已设置，设置为 ${XXLJOB_PORT}"
+fi
+export XXLJOB_MEMORY=1g
 export XXLJOB_ACCESS_TOKEN=default_token
  
 #SKY_AOP 配置
 export SKY_AOP=106.15.229.178:11800
 
 #OIDCServer 配置
-export OIDC_SERVER_NAME=OIDC_SERVER_${DOMAIN} 
-export OIDC_SERVER_IMAGE=${REGISTRY_HOST}oidcserver:${DOMAIN} 
+export OIDC_SERVER_NAME=OIDC-SERVER${DOMAIN} 
+export OIDC_SERVER_IMAGE=${REGISTRY_HOST}oidcserver:${DOMAIN}${VERSION} 
 export OIDC_SERVER_JAR=tuoheng_oidc_server.jar
-export OIDC_SERVER_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcservice/${OIDC_SERVER_JAR}
-export OIDC_SERVER_MEMORY=512m
+if [ -z "$OIDC_SERVER_REMOTE_JAR" ]; then
+   export OIDC_SERVER_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcservice/${OIDC_SERVER_JAR}
+else
+    echo "环境变量 OIDC_SERVER_REMOTE_JAR 已设置，设置为 ${OIDC_SERVER_REMOTE_JAR}"
+fi
+export OIDC_SERVER_MEMORY=1g
 
 #OIDCAdmin 配置
-export OIDC_ADMIN_NAME=OIDC_ADMIN_${DOMAIN} 
-export OIDC_ADMIN_IMAGE=${REGISTRY_HOST}oidcadmin:${DOMAIN} 
+export OIDC_ADMIN_NAME=OIDC-ADMIN${DOMAIN} 
+export OIDC_ADMIN_IMAGE=${REGISTRY_HOST}oidcadmin:${DOMAIN}${VERSION} 
 export OIDC_ADMIN_JAR=tuoheng_oidc_admin.jar
-export OIDC_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcadmin/${OIDC_ADMIN_JAR}
-export OIDC_ADMIN_MEMORY=512m
+if [ -z "$OIDC_ADMIN_REMOTE_JAR" ]; then
+   export OIDC_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcadmin/${OIDC_ADMIN_JAR}
+else
+    echo "环境变量 OIDC_ADMIN_REMOTE_JAR 已设置，设置为 ${OIDC_ADMIN_REMOTE_JAR}"
+fi
+export OIDC_ADMIN_MEMORY=1g
 
-
-export GATEWAY_NAME=GATEWAY_${DOMAIN}
-export GATEWAY_IMAGE=${REGISTRY_HOST}gateway:${DOMAIN}
+#网关配置
+export GATEWAY_NAME=GATEWAY${DOMAIN}
+export GATEWAY_IMAGE=${REGISTRY_HOST}gateway:${DOMAIN}${VERSION}
 export GATEWAY_JAR=tuoheng_gateway.jar
-export GATEWAY_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/gateway/${GATEWAY_JAR}
-export GATEWAY_MEMORY=512m
+if [ -z "$GATEWAY_REMOTE_JAR" ]; then
+  export GATEWAY_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/gateway/${GATEWAY_JAR}
+else
+    echo "环境变量 GATEWAY_REMOTE_JAR 已设置，设置为 ${GATEWAY_REMOTE_JAR}"
+fi
+export GATEWAY_MEMORY=1g
+
+#流媒体录制配置
+export STREAM_NAME=STREAM
+export STREAM_IMAGE=${REGISTRY_HOST}stream:${DOMAIN}${VERSION}
+if [ -z "$STREAM_REMOTE_JAR" ]; then
+  export STREAM_REMOTE_JAR=/Users/sunpeng/workspace/ideaproject/stream_server/target/stream_server-0.0.1-SNAPSHOT.jar
+else
+    echo "环境变量 STREAM_REMOTE_JAR 已设置，设置为 ${STREAM_REMOTE_JAR}"
+fi
+export STREAM_MEMORY=1g
+export STREAM_JAR=stream_server-0.0.1-SNAPSHOT.jar
+export STREAM_DATA=${NETWORK}_stream_data
+export STREAM_DEBUG_PORT=7878
+
+#河湖长
+export HHZ_API_NAME=HHZ-API${DOMAIN}
+export HHZ_API_IMAGE=${REGISTRY_HOST}hhzapi:${DOMAIN}${VERSION}
+export HHZ_API_JAR=tuoheng_hhz_api.jar
+if [ -z "$HHZ_API_REMOTE_JAR" ]; then
+  export HHZ_API_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/hhz-api/${HHZ_API_JAR}
+else
+    echo "环境变量 HHZ_API_REMOTE_JAR 已设置，设置为 ${HHZ_API_REMOTE_JAR}"
+fi
+export HHZ_API_MEMORY=1g
+
+#河湖长
+export HHZ_ADMIN_NAME=HHZ-ADMIN${DOMAIN}
+export HHZ_ADMIN_IMAGE=${REGISTRY_HOST}hhzadmin:${DOMAIN}${VERSION}
+export HHZ_ADMIN_JAR=tuoheng_hhz_admin.jar
+if [ -z "${HHZ_ADMIN_REMOTE_JAR}" ]; then
+    export HHZ_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/hhz-admin/${HHZ_ADMIN_JAR}
+else
+    echo "环境变量 HHZ_ADMIN_REMOTE_JAR 已设置，设置为 ${HHZ_ADMIN_REMOTE_JAR}"
+fi
+export HHZ_ADMIN_MEMORY=1g
+if [ -z "${HHZ_ADMIN_WEB_DIST}" ]; then
+    export HHZ_ADMIN_WEB_DIST=/Users/sunpeng/workspace/remote/tuoheng_hhz_web/dist
+else
+    echo "环境变量 HHZ_ADMIN_WEB_DIST 已设置，设置为 ${HHZ_ADMIN_WEB_DIST}"
+fi
 
 
+#机场平台
+export AIRPORT_NAME=AIRPORT${DOMAIN}
+export AIRPORT_IMAGE=${REGISTRY_HOST}airport:${DOMAIN}${VERSION}
+export AIRPORT_JAR=tuoheng_airport_admin.jar
+if [ -z "${AIRPORT_REMOTE_JAR}" ]; then
+    export AIRPORT_REMOTE_JAR=/Users/sunpeng/workspace/remote/tuoheng_airport/tuoheng-admin/target/${AIRPORT_JAR}
+else
+    echo "环境变量 AIRPORT_REMOTE_JAR 已设置，设置为 ${AIRPORT_REMOTE_JAR}"
+fi
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    export AIRPORT_WEB_DIST=/Users/sunpeng/workspace/remote/docker/tuoheng_airport_web/dist
+else
+    echo "环境变量 AIRPORT_WEB_DIST 已设置，设置为 ${AIRPORT_WEB_DIST}"
+fi
+export AIRPORT_MEMORY=1g
 
 
-#主机INGRESS_PORT 映射到容器80 INGRESS_SSL_PORT 映射到容器 443
-export INGRESS_PORT=80
-#export INGRESS_SSL_PORT=443
- 
-export OIDC_URL=https://oidc-$DOMAIN-software.t-aaron.com
-export OIDC_PORT=8090
-export XXL_JOB=http://xxljob:8080/xxl-job-admin
-#固定基本配置
-export TZ=Asia/Shanghai
-export SPRING_CLOUD_CONSUL_HOST=consul
-export SPRING_CLOUD_CONSUL_PORT=8500
+export BUSINESS_NAME=BUSINESS${DOMAIN}
+export BUSINESS_IMAGE=${REGISTRY_HOST}business:${DOMAIN}${VERSION}
+export BUSINESS_JAR=tuoheng_business_admin.jar
+if [ -z "${BUSINESS_REMOTE_JAR}" ]; then
+   export BUSINESS_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/business/${BUSINESS_JAR}
+else
+    echo "环境变量 BUSINESS_REMOTE_JAR 已设置，设置为 ${BUSINESS_REMOTE_JAR}"
+fi
+export BUSINESS_MEMORY=512m
+if [ -z "${BUSINESS_WEB_DIST}" ]; then
+    export BUSINESS_WEB_DIST=/Users/sunpeng/workspace/remote/tuoheng_hhz_web/dist
+else
+    echo "环境变量 BUSINESS_WEB_DIST 已设置，设置为 ${BUSINESS_WEB_DIST}"
+fi
 
  
+export DSP_API_NAME=DSP-API${DOMAIN}
+export DSP_API_IMAGE=${REGISTRY_HOST}dspapi:${DOMAIN}${VERSION}
+export DSP_API_JAR=tuoheng_dsp_api.jar
+if [ -z "${DSP_API_REMOTE_JAR}" ]; then
+   export DSP_API_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-api/${DSP_API_JAR}
+else
+    echo "环境变量 DSP_API_REMOTE_JAR 已设置，设置为 ${DSP_API_REMOTE_JAR}"
+fi
+export DSP_API_MEMORY=1g
+
+export DSP_ADMIN_NAME=DSP-ADMIN${DOMAIN}
+export DSP_ADMIN_IMAGE=${REGISTRY_HOST}dspadmin:${DOMAIN}${VERSION}
+export DSP_ADMIN_JAR=tuoheng_dsp_admin.jar
+if [ -z "${DSP_ADMIN_REMOTE_JAR}" ]; then
+    export DSP_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-admin/${DSP_ADMIN_JAR}
+else
+    echo "环境变量 DSP_ADMIN_REMOTE_JAR 已设置，设置为 ${DSP_ADMIN_REMOTE_JAR}"
+fi
+export DSP_ADMIN_MEMORY=512m
+if [ -z "${DSP_ADMIN_WEB_DIST}" ]; then
+    export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dsp-admin/dist
+else
+    echo "环境变量 DSP_ADMIN_WEB_DIST 已设置，设置为 ${DSP_ADMIN_WEB_DIST}"
+fi
 
 
+export DSP_INSPECTION_NAME=DSP-INSPECTION${DOMAIN}
+export DSP_INSPECTION_IMAGE=${REGISTRY_HOST}dspinspection:${DOMAIN}${VERSION}
+export DSP_INSPECTION_JAR=tuoheng_dsp_inspection.jar
+if [ -z "${DSP_INSPECTION_REMOTE_JAR}" ]; then
+    export DSP_INSPECTION_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-inspection/${DSP_INSPECTION_JAR}
+else
+    echo "环境变量 DSP_INSPECTION_REMOTE_JAR 已设置，设置为 ${DSP_INSPECTION_REMOTE_JAR}"
+fi
+export DSP_INSPECTION_MEMORY=512m
 
+export DSP_MINI_NAME=DSP-MINI${DOMAIN}
+export DSP_MINI_IMAGE=${REGISTRY_HOST}dspmini:${DOMAIN}${VERSION}
+export DSP_MINI_JAR=tuoheng_dsp_miniprogram.jar
+if [ -z "${DSP_MINI_REMOTE_JAR}" ]; then
+    export DSP_MINI_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-mini/${DSP_MINI_JAR}
+else
+    echo "环境变量 DSP_MINI_REMOTE_JAR 已设置，设置为 ${DSP_MINI_REMOTE_JAR}"
+fi
+export DSP_MINI_MEMORY=512m
 
+export DSP_PORTAL_NAME=DSP-PORTAL${DOMAIN}
+export DSP_PORTAL_IMAGE=${REGISTRY_HOST}dspportal:${DOMAIN}${VERSION}
+export DSP_PORTAL_JAR=tuoheng_dsp_portal.jar
+if [ -z "${DSP_PORTAL_REMOTE_JAR}" ]; then
+    export DSP_PORTAL_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-portal/${DSP_PORTAL_JAR}
+else
+    echo "环境变量 DSP_PORTAL_REMOTE_JAR 已设置，设置为 ${DSP_PORTAL_REMOTE_JAR}"
+fi
+export DSP_PORTAL_MEMORY=512m
+
+# Kafka UI 配置
+export KAFKA_UI_PORT=8080
+export KAFKA_UI_NAME=KAFKA_UI_${DOMAIN}
+export KAFKA_UI_IMAGE=registry.t-aaron.com/tuoheng/provectuslabs/kafka-ui:latest
+export KAFKA_UI_MEMORY=512m

init/1.network.sh

@@ -1,7 +1,10 @@
 source ../environment.sh
 if ! docker network inspect ${NETWORK} >/dev/null 2>&1; then
-  docker network create --driver bridge ${NETWORK}
-  echo "创建 ${NETWORK} bridge 网络成功"
+  docker network create --driver bridge \
+    --subnet=172.20.0.0/16 \
+    --gateway=172.20.0.1 \
+    ${NETWORK}
+  echo "创建 ${NETWORK} bridge 网络成功，子网: 172.20.0.0/16，网关: 172.20.0.1"
 else
   echo "${NETWORK} 网络已存在"
 fi

init/2.volumn.sh

@@ -43,4 +43,18 @@ else
 fi
 
 
+source ../environment.sh
+if ! docker volume inspect ${KAFKA_DATA} >/dev/null 2>&1; then
+   docker volume create ${KAFKA_DATA}
+   echo "创建 ${KAFKA_DATA} 卷成功"
+else
+   echo "${KAFKA_DATA} 卷已存在"    
+fi
 
+source ../environment.sh
+if ! docker volume inspect ${STREAM_DATA} >/dev/null 2>&1; then
+   docker volume create ${STREAM_DATA}
+   echo "创建 ${STREAM_DATA} 卷成功"
+else
+   echo "${STREAM_DATA} 卷已存在"    
+fi

init/3.mysql.sh

@@ -27,6 +27,8 @@ docker run -d \
 -e MYSQL_CHARACTER_SET_SERVER=utf8mb4 \
 -e MYSQL_COLLATION_SERVER=utf8mb4_unicode_ci \
 -v ${MYSQL_DATA}:/var/lib/mysql \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
 --memory ${MYSQL_MEMORY} \
 --restart unless-stopped \
 ${MYSQL_IMAGE}

init/5.mqtt.sh

@@ -26,6 +26,7 @@ docker run -d \
 -p ${MQTT_WS_PORT}:9001 \
 --memory ${MQTT_MEMORY} \
 --restart unless-stopped \
+-v $(pwd)/volumes/mqtt/mosquitto.conf:/mosquitto/config/mosquitto.conf \
 ${MQTT_IMAGE}
 
 docker ps

init/6.kafka.sh

@@ -4,10 +4,7 @@ echo "错误: 未找到 NETWORK 环境变量"
 exit 1
 fi
 
-if [ -z "$HOST_IP" ]; then
-echo "错误: 未找到 HOST_IP 环境变量"
-exit 1
-fi
+ 
 
 if [ -z "$KAFKA_PORT" ]; then
 echo "错误: 未找到 KAFKA_PORT 环境变量"
@@ -35,28 +32,72 @@ if docker ps -a | grep -q ${KAFKA_NAME}; then
     docker rm ${KAFKA_NAME} >/dev/null 2>&1
 fi
 
+echo "开始创建 KAFKA 容器..."
+echo ${KAFKA_DOMAIN_FULL}
+echo ${KAFKA_NAME}
 
 docker run -d \
 --name ${KAFKA_NAME} \
 --network $NETWORK \
--p ${KAFKA_PORT}:9092 \
--e KAFKA_NODE_ID=1 \
--e KAFKA_PROCESS_ROLES=broker,controller \
--e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:29093 \
--e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${HOST_IP}:${KAFKA_PORT} \
--e KAFKA_CONTROLLER_QUORUM_VOTERS=1@${KAFKA_NAME}:29093 \
--e KAFKA_CONTROLLER_LISTENER_NAMES=CONTROLLER \
--e CLUSTER_ID=b8f3a0c1-1234-5678-9abc-def012345678 \
--e KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT \
--e KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT \
--e KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
--e KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1 \
--e KAFKA_TRANSACTION_STATE_LOG_MIN_ISR=1 \
--e KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS=0 \
--e KAFKA_NUM_PARTITIONS=3 \
--e KAFKA_AUTO_CREATE_TOPICS_ENABLE=true \
---memory ${KAFKA_MEMORY} --restart unless-stopped ${KAFKA_IMAGE}
-
-
+-p ${KAFKA_PORT}:${KAFKA_PORT} \
+-e KAFKA_CFG_NODE_ID=1 \
+-e KAFKA_CFG_PROCESS_ROLES=broker,controller \
+-e KAFKA_CFG_LISTENERS=PLAINTEXT://:${KAFKA_PORT},CONTROLLER://:29093 \
+-e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://${KAFKA_DOMAIN_FULL} \
+-e KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@${KAFKA_NAME}:29093 \
+-e KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER \
+-e KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT \
+-e KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT \
+-e KAFKA_CFG_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
+-e KAFKA_CFG_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1 \
+-e KAFKA_CFG_TRANSACTION_STATE_LOG_MIN_ISR=1 \
+-e KAFKA_CFG_GROUP_INITIAL_REBALANCE_DELAY_MS=0 \
+-e KAFKA_CFG_NUM_PARTITIONS=3 \
+-e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true \
+-e KAFKA_CFG_LOG_RETENTION_HOURS=168 \
+-e KAFKA_CFG_LOG_RETENTION_BYTES=-1 \
+-e KAFKA_CFG_DELETE_TOPIC_ENABLE=true \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--mount type=volume,source=${KAFKA_DATA},target=/bitnami/kafka \
+--memory ${KAFKA_MEMORY} \
+--restart unless-stopped \
+${KAFKA_IMAGE}
+
+docker ps
+
+# 等待 Kafka 服务就绪
+echo "等待 Kafka 服务就绪..."
+sleep 30
+
+# 创建所需的 topics
+echo "开始创建 Kafka topics..."
+
+# 创建机场相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-imitateFly
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-test
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic business-update-dataPermissions-task
+
+# 创建 DSP 算法相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-online-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-offline-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-image-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-task-results
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-local
+
+# 创建 DSP 录制相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-result
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-local
+
+# 创建 DSP 推流相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-result
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-local
+
+# 列出所有创建的 topics
+echo "已创建的 topics 列表："
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server 127.0.0.1:${KAFKA_PORT} --list
 
  

init/7.kafka-ui.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+source ../environment.sh
+
+# 检查必要的环境变量
+if [ -z "$NETWORK" ] || [ -z "$KAFKA_UI_PORT" ] || [ -z "$KAFKA_UI_NAME" ] || [ -z "$KAFKA_UI_IMAGE" ] || [ -z "$KAFKA_UI_MEMORY" ]; then
+    echo "Error: Required environment variables are not set"
+    exit 1
+fi
+
+# 停止并删除已存在的容器
+docker stop ${KAFKA_UI_NAME} 2>/dev/null
+docker rm ${KAFKA_UI_NAME} 2>/dev/null
+
+# 启动 Kafka UI
+docker run -d \
+    --name ${KAFKA_UI_NAME} \
+    --network ${NETWORK} \
+    -p ${KAFKA_UI_PORT}:8080 \
+    -e KAFKA_CLUSTERS_0_NAME=local \
+    -e KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=${KAFKA_NAME}:${KAFKA_PORT} \
+    -e JAVA_TOOL_OPTIONS="-Xmx${KAFKA_UI_MEMORY}" \
+    ${KAFKA_UI_IMAGE}
+
+echo "Kafka UI started at http://localhost:${KAFKA_UI_PORT}" 

init/7.srs.sh

@@ -20,10 +20,7 @@ if [ -z "$SRS_RTMP_PORT" ]; then
 echo "错误: 未找到 SRS_RTMP_PORT 环境变量"
 exit 1
 fi
-if [ -z "$SRS_HTTP_PORT" ]; then
-echo "错误: 未找到 SRS_HTTP_PORT 环境变量"
-exit 1  
-fi
+
 if [ -z "$SRS_RTC_PORT" ]; then
 echo "错误: 未找到 SRS_RTC_PORT 环境变量"
 exit 1
@@ -39,16 +36,30 @@ if docker ps -a | grep -q ${SRS_NAME}; then
     docker rm ${SRS_NAME} >/dev/null 2>&1
 fi
 
+# 在容器内检查并创建必要的目录结构
+echo "检查SRS目录结构..."
+docker run --rm \
+    -v "${SRS_DATA}:/usr/local/srs/objs/nginx/html" \
+    $SRS_IMAGE \
+    /bin/sh -c '
+        if [ -d "/usr/local/srs/objs/nginx/html/record" ]; then
+            echo "record目录已存在，跳过创建"
+        else
+            echo "创建record目录..."
+            mkdir -p /usr/local/srs/objs/nginx/html/record
+        fi
+    '
+
 # 启动SRS容器
-# 启动SRS容器
+# 启动SRS容器 默认也有8080端口
 docker run -d \
     --name ${SRS_NAME} \
     --network $NETWORK \
     --memory $SRS_MEMORY \
     --restart unless-stopped \
     -p ${SRS_RTMP_PORT}:1935 \
-    -p ${SRS_HTTP_PORT}:8080 \
     -p ${SRS_RTC_PORT}:8000/udp \
-    -v "$(pwd)/volumes/srs/conf/srs.conf:/usr/local/srs/conf/srs.conf" \
-    -v "${SRS_DATA}:/usr/local/srs/objs" \
+    -v "$(pwd)/volumes/srs/conf/srs.conf:/usr/local/srs/conf/docker.conf" \
+    -v "${SRS_DATA}:/usr/local/srs/objs/nginx/html" \
+    --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
     $SRS_IMAGE

init/8.minio.sh

@@ -36,6 +36,14 @@ if [ -z "$MINIO_ROOT_PASSWORD" ]; then
 echo "错误: 未找到 MINIO_ROOT_PASSWORD 环境变量"
 exit 1
 fi
+if [ -z "$MINIO_ACCESS_KEY" ]; then
+echo "错误: 未找到 MINIO_ACCESS_KEY 环境变量"
+exit 1
+fi
+if [ -z "$MINIO_SECRET_KEY" ]; then
+echo "错误: 未找到 MINIO_SECRET_KEY 环境变量"
+exit 1
+fi
 
 if docker ps -a | grep -q ${MINIO_NAME}; then
     echo "停止并删除已存在的 MinIO 容器..."
@@ -55,3 +63,73 @@ docker run -d \
     -e MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} \
     -v "${MINIO_DATA}:/data" \
     $MINIO_IMAGE server /data --console-address ":9001"
+
+# 等待 MinIO 服务启动
+echo "等待 MinIO 服务启动..."
+sleep 10
+
+# 创建 MinIO 服务账号配置目录
+mkdir -p $(pwd)/volumes/minio/policies
+
+# 创建 MinIO 服务账号配置文件
+cat > $(pwd)/volumes/minio/policies/mqtt-policy.json << EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "admin:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
+EOF
+
+# 创建 MinIO 服务账号
+echo "创建 MinIO 服务账号..."
+docker exec ${MINIO_NAME} mc alias set myminio http://localhost:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
+docker exec ${MINIO_NAME} mc admin user add myminio ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY}
+
+# 将策略文件复制到容器内
+docker cp $(pwd)/volumes/minio/policies/mqtt-policy.json ${MINIO_NAME}:/tmp/mqtt-policy.json
+
+# 创建和附加策略
+docker exec ${MINIO_NAME} mc admin policy create myminio mqtt-policy /tmp/mqtt-policy.json
+docker exec ${MINIO_NAME} mc admin policy attach myminio mqtt-policy --user ${MINIO_ACCESS_KEY}
+
+# 清理临时文件
+docker exec ${MINIO_NAME} rm /tmp/mqtt-policy.json
+
+# 创建所需的 bucket
+echo "创建所需的 bucket..."
+for bucket in default image ta-tech-image th-airport th-dsp video; do
+    echo "处理 bucket: $bucket"
+    # 检查 bucket 是否存在
+    if ! docker exec ${MINIO_NAME} mc ls myminio/$bucket >/dev/null 2>&1; then
+        echo "创建 bucket: $bucket"
+        docker exec ${MINIO_NAME} mc mb myminio/$bucket
+    else
+        echo "bucket $bucket 已存在"
+    fi
+    # 设置 bucket 为 public
+    echo "设置 bucket $bucket 为 public"
+    docker exec ${MINIO_NAME} mc anonymous set public myminio/$bucket
+done
+
+echo "MinIO 服务账号和 bucket 创建完成"

init/migratevolumes/minio/back.sh

@@ -0,0 +1,2 @@
+source ../../../environment.sh 
+docker run --rm -v ${MINIO_DATA}:/data registry.t-aaron.com/tuoheng/alpine tar czf - -C /data . > minio_backup.tar.gz

init/migratevolumes/minio/recovey.sh

@@ -0,0 +1,3 @@
+source ../../../environment.sh 
+docker volume create ${MINIO_DATA}
+docker run --rm -i -v ${MINIO_DATA}:/data alpine sh -c "tar xzf - -C /data" < minio_backup.tar.gz

init/volumes/minio/policies/mqtt-policy.json

@@ -0,0 +1,26 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "admin:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}

init/volumes/mqtt/mosquitto.conf

@@ -0,0 +1,6 @@
+listener 1883
+allow_anonymous true
+persistence false
+log_dest stdout
+log_type all
+connection_messages true

init/volumes/srs/conf/srs.conf

@@ -1,7 +1,7 @@
 listen              1935;
 max_connections     1000;
-srs_log_tank        file;
-srs_log_file        ./objs/srs.log;
+srs_log_tank        console;
+daemon              off;
 
 http_server {
     enabled         on;
@@ -15,13 +15,39 @@ rtc_server {
 }
 
 vhost __defaultVhost__ {
+
+    dvr {
+        enabled         on;
+        #all表示录制所有视频流，也可以按频道录制
+        #规则为<app>/<stream>，例：live/stream1 live/stream2
+        #规则为<app>/<stream>，例：live/stream1 live/stream2
+        dvr_apply       all;
+        #dvr计划
+        dvr_plan        segment;
+        #录制的路径，详细配置规则见附录三
+        dvr_path        ./objs/nginx/html/record/[2006][01][02]/[app][stream]/[timestamp].flv;
+        #segment方式录制时间设置，单位: s
+        dvr_duration    900;
+        #开启按关键帧且flv 
+        dvr_wait_keyframe       on;
+        #时间戳抖动算法。full使用完全的时间戳矫正；
+        #zero只是保证从0开始；off不矫正时间戳。
+        time_jitter             full;
+    }
+
+
     rtc {
         enabled     on;
+        # 开启rtc录制
+        rtmp_to_rtc on;
+        rtc_to_rtmp on;
     }
+
     http_remux {
         enabled     on;
         mount       [vhost]/[app]/[stream].flv;
     }
+    
     hls {
         enabled     on;
         hls_path    ./objs/nginx/html;

nginx/Dockerfile.nginx

@@ -3,15 +3,32 @@ FROM nginx:latest
 # 删除默认的nginx配置
 RUN rm -rf /etc/nginx/conf.d/*
 
-# 复制vhosts配置到nginx配置目录
-COPY vhosts/ /etc/nginx/conf.d/
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
 
 # 复制SSL证书文件到nginx目录
 COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
 COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
 
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+
 # 设置正确的权限
-RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
 
 # 设置时区
 ENV TZ=Asia/Shanghai

nginx/build.sh

@@ -11,10 +11,10 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-echo ""
+#echo ""
 echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
-echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
-read -p ""
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
 
 echo ""
 echo "步骤2: 构建Nginx镜像..."

nginx/build_image.sh

@@ -29,13 +29,46 @@ if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key
     echo "Nginx容器的SSL功能可能无法正常工作"
 fi
 
-# 将替换后的配置文件复制到vhosts目录
-cp -r $TEMP_DIR/* vhosts/
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+
 
 # 构建Docker镜像
 echo "使用Dockerfile.nginx构建镜像..."
 docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
 
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
 # 检查构建结果
 if [ $? -eq 0 ]; then
     echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
@@ -56,3 +89,4 @@ fi
 
 echo "Nginx镜像构建和推送完成!"
 echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginx/replace_vars.sh

@@ -14,6 +14,7 @@ fi
 # 检查vhosts目录中是否有配置文件
 if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
     echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
 fi
 
 # 创建临时目录
@@ -47,14 +48,17 @@ for conf_file in vhosts/*.conf; do
         var_name=$(echo $var | cut -d= -f1)
         var_value=${!var_name}
         if [ ! -z "$var_value" ]; then
-            # 使用简单的变量替换方法
+            # 使用更安全的变量替换方法
             pattern="\\\${$var_name}"
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
             echo "  替换变量: ${pattern} -> $var_value"
-            content=$(echo "$content" | sed "s|${pattern}|$var_value|g")
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
         fi
     done
     
-    # 写入处理后的内容到目标文件
+    # 写入处理后的内容到临时文件
     echo "$content" > "$TEMP_DIR/$filename"
     
     echo "  文件处理完成: $filename"

nginx/temp_vhosts/oidcservice.conf

@@ -1,23 +0,0 @@
- server {
-     listen 80;
-     listen 443 ssl;
-
-     server_name oidc-bazhong.t-aaron.com;
-
-     # SSL证书配置
-     ssl_certificate /etc/nginx/t-aaron.com.pem;
-     ssl_certificate_key /etc/nginx/t-aaron.com.key;
-     ssl_session_timeout 5m;
-     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_prefer_server_ciphers on;
-
-
-     location / {
-        proxy_pass http://OIDC_SERVER_bazhong:8090;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
- }

nginx/temp_vhosts/sky.conf

@@ -1,21 +0,0 @@
-    server {
-       listen 80;
-       listen 443 ssl;
-       server_name sky-bazhong.t-aaron.com;
-
-        # SSL证书配置
-        ssl_certificate /etc/nginx/t-aaron.com.pem;
-        ssl_certificate_key /etc/nginx/t-aaron.com.key;
-        ssl_session_timeout 5m;
-        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
-
-       location / {
-          proxy_pass http://SKYWALKING_UI_bazhong:8080;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-       }
-    }

nginx/temp_vhosts/upstream.conf

@@ -1 +0,0 @@
-

nginx/vhosts/airport.conf

@@ -0,0 +1,50 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${AIRPORT_DOMAIN};
+        root /data/tuoheng_airport_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${AIRPORT_DOMAIN} https://${AIRPORT_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /airport {
+            proxy_pass http://gatewayService/airport;
+            proxy_set_header Host $host;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+        
+        location /permission {
+             proxy_pass http://airportService/permission;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/business.conf

@@ -0,0 +1,56 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${BUSINESS_DOMAIN};
+        root /data/tuoheng_business_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${BUSINESS_DOMAIN} https://${BUSINESS_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /permission {
+            proxy_pass http://businessService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /business-mini {
+            proxy_pass http://gatewayService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+       location /business {
+            proxy_pass http://gatewayService/business;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       }
+  
+    }

nginx/vhosts/cert/t-aaron.com.key

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAl20i2WRVBqF9NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJB
-A4xwkq2vsA5axj4b+CV9zXAsWDqfo0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeK
-vyq6kqkbTkEpG8qK4bJKDewEiF+vBLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r
-4QYm9zo8vZlY2/nkE4JYBrcdrgRO1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mc
-z0U5CcR8wgVTzzywKbv2R+kX7CPHSh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7
-+NvlMLgIdqQkMzxKc/JdtkHjdOK84Z+z9mNoPwIDAQABAoIBADOLLqWZBWgwaBKj
-li/MJZtGYE4cNlsBDSf4t8nsod7awfaiXIb8swT6oibne/anBZY+DMh1OmL98YD/
-bzzebPJxE8P6xCtIGYea0qiEKwAzA2PAk3Xm8YMilOzaOUgAda3Fpnd+szxIdabB
-xUuyvxGqXtb4zU9FKV9042oUJCD+YlqMSDhOUyt8agNcE9PpmzAOCQ36/845pCCt
-0H2iXc2qrV0koz7SIK2TksWGav1kVb7KfEOzGg1vhHJRKrP9mODkgIAFNVrBbIYd
-kUGaWCTqfuNGBxWSeV38XX5kKM5aHISB5gL4tjzrlkiMv4yBya7jTOWHHPK8ZTwL
-q9Tb18ECgYEA0amJ/BCQl6HRTOXN0+4jjx1seKnJTlKAwBATGxYbhOHQ1kBUPslh
-FwsG2Wcb46ccBnw8XwjSypDJJVOYCtdxlnDVqiCxQLdx06/JHOdYwb7zrmGpHLGs
-chZ5ccGI10FolW7CC21xErAS+o2d+cc3s1yZZtiYD1xSjR9sblw+aekCgYEAuOSr
-xK6NwbbSCYFWBHJ6257+Z0fzY79KPnhNK3E8q42ygSzn5KRuW4pfH6Kk3rLwcqkO
-3NOJXOK5T8paCkBcvXmVcladuqeamGY17XKRG35XwiwyjQhFUTjQLO4ob6Cm1SA8
-yguL80Imauhkfq9jTvhaEYahrN+smcn+TSuFv+cCgYBV3kLmGn6tq5eGEARZjQnB
-PoLDdH4+9qlGgA7jJA3HQZj/dr9KK7346wo2FfWlKjbfLRior3ttfRj0kaUOo6gg
-vjuz/sm5wKf809zhWprOVv+EZvkVCGuhGjVI8sOxrVdBBGiyt3L8/WH4ffG6b+4P
-JpipN4InoF8q7zjAhkUFqQKBgQCU1G136tJtBk7YG+YzujsvIjLCzGYc+tQ2qPvl
-ZkdiCLORy6X2pG24/g9IFdIE+aEXiwJNu3Gs9UwZ8Fa+PcTpOD+WRCa/Iz8MQepS
-8o/fw7m8sXsXj3rMwKDCKgseoADrOgH02YqUC8GE+QA8Ac48uSk3RlpKH9p+CNzN
-HaWSLQKBgQDE362akbYJdFknNg631VvsUTK+hL953UaY8OvtTBhDKjRqUhuniLr2
-R+CLoCLezhjzzx/11luowbVbcL2hgYxdPwEi4GNKmfGqs/jtkm1PkWej/4jw3Pcj
-Jq9Di+Vb9uTHp0O4ZlSZ3PKdn+ovTzVwrOPHmYXf5pLWIA5Qe0F1Wg==
+MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
++5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
+i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
+xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
+2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
+5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
+Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
+z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
+jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
+X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
+/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
+smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
+1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
+rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
+iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
+Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
+lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
+DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
+44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
+8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
+m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
+XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
+N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
+a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
+vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
 -----END RSA PRIVATE KEY-----

nginx/vhosts/cert/t-aaron.com.pem

@@ -1,76 +1,90 @@
 -----BEGIN CERTIFICATE-----
-MIIHljCCBX6gAwIBAgIQD49k2sFPkysTaVxmbXLLPDANBgkqhkiG9w0BAQsFADBc
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
-K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
-MjQwNTI4MDAwMDAwWhcNMjUwNjA4MjM1OTU5WjAYMRYwFAYDVQQDDA0qLnQtYWFy
-b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl20i2WRVBqF9
-NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJBA4xwkq2vsA5axj4b+CV9zXAsWDqf
-o0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeKvyq6kqkbTkEpG8qK4bJKDewEiF+v
-BLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r4QYm9zo8vZlY2/nkE4JYBrcdrgRO
-1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mcz0U5CcR8wgVTzzywKbv2R+kX7CPH
-Sh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7+NvlMLgIdqQkMzxKc/JdtkHjdOK8
-4Z+z9mNoPwIDAQABo4IDljCCA5IwHwYDVR0jBBgwFoAU8JyF/aKffY/JaLvV1IlN
-Hb7TkP8wHQYDVR0OBBYEFHgfehJZw28iIU4o2GOiJ4ZSQQ7aMCUGA1UdEQQeMByC
-DSoudC1hYXJvbi5jb22CC3QtYWFyb24uY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIB
-MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNV
-HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNV
-HR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9SYXBpZFNT
-TEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDBIoEagRIZCaHR0cDov
-L2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1
-NjIwMjJDQTEuY3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6
-Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMu
-ZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJD
-QTEuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1
-AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABj7400tYAAAQDAEYw
-RAIgfnSKqPxcIM1n61Wj7v4Mg6q+okpcU3BF90SdbbhpBi0CIHVeKYRiODN3XLes
-nVf5fyhTGnMOU6GrZfIODrB5gvO3AHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65
-Ay/ZDowuebgAAAGPvjTTFQAABAMASDBGAiEA2yVzWD3eRw/QGQX7jeULxvpFGMNG
-ZvGT7srGeX02ax0CIQDvzHcl6J296wCVqWacf8KQo61uovh7td/PhKnYpyUiVAB2
-AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABj7400ycAAAQDAEcw
-RQIgTkSIS1GXUtPuoTvVmdm57OCm1P2x4uPVQuo8LJN68w4CIQCvaSRtK63o2gUI
-gmi4h2Ch/CzRE48Zr0Eu7TkOBwVsfzANBgkqhkiG9w0BAQsFAAOCAgEAA+ab0S21
-cgtoI2TUfCdPolQVV8no3YY3bQJzDZCpmva4dpYxSoQ7qTrOfIeUI3iyeKkaREGb
-Xu6lAUhOvWZ7q/mp9od9pWJvPjbUmYT5OaWxhe3KiWmyo2TemABcCtOHe7v0qE5Y
-arPmL4HgrhGAqpkWl1eZFQpfGdQ5ry0yCikDZz9umvasdbxuHKfJGPCAsyPqik0r
-LmxnUYWOjCCNoSanDKj4ckdNkv/A9RXvazk/ZT1ElsBo/pK6eemiHmRNj3s6AWGO
-chGlkHkuvkgCgNsXFT3pqK6uVrE4yD8qmxDPOOaT8wC1MB9xYO77SmMOimelacG6
-d3DsUXGvYdUONZF2LzSpUkzFYofhZhULexI6xOCWnp3t7aCzTJQc68F6iwU6JYGW
-7l2AioXUW6Q4AYNlUEo0EG3u6g4H98xAW5YIVX3u9cT8ZerVfTTmO1AQkkMM98nH
-bvFx4/53T9eCTB9OBwiqISFICNXJNKhUuudVKQ6w0AfrI6kMk6dkhO3kkhb0cL/F
-nDAInqJ8BlMtV01owk2CaEica81WP/cjEDItnnjjJ5INUklraYfZFVgN71c78zr5
-rgF2DSQSsC+pPoqoloAC/YdiRw72kqaZlkXOaUgJBk2xJ73H27TriAPDmdtYA+Xd
-vtfjp7o21OOXsORq6LHElFYlcJO+mDYGzz8=
+MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
+MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
+LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
+rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
+e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
+8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
+f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
+m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
+TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
+7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
+HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
+DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
+BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
+TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
+cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
+cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
+/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
+95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
+6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
+6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
+1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
+m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
+ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
+/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
+4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
+mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
+Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
+QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
+7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
+k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIFyzCCBLOgAwIBAgIQCgWbJfVLPYeUzGYxR3U4ozANBgkqhkiG9w0BAQsFADBh
+MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
+ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
+NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
+8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
+5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
+n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
+YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
+IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
+BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
+HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
+b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
+BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
+CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
+SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
+CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
+0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
+zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
+44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
+8o34/m8Fxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrUmFwaWRTU0wgR2xv
-YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB
-BQADggIPADCCAgoCggIBAKY5PJhwCX2UyBb1nelu9APen53D5+C40T+BOZfSFaB0
-v0WJM3BGMsuiHZX2IHtwnjUhLL25d8tgLASaUNHCBNKKUlUGRXGztuDIeXb48d64
-k7Gk7u7mMRSrj+yuLSWOKnK6OGKe9+s6oaVIjHXY+QX8p2I2S3uew0bW3BFpkeAr
-LBCU25iqeaoLEOGIa09DVojd3qc/RKqr4P11173R+7Ub05YYhuIcSv8e0d7qN1sO
-1+lfoNMVfV9WcqPABmOasNJ+ol0hAC2PTgRLy/VZo1L0HRMr6j8cbR7q0nKwdbn4
-Ar+ZMgCgCcG9zCMFsuXYl/rqobiyV+8U37dDScAebZTIF/xPEvHcmGi3xxH6g+dT
-CjetOjJx8sdXUHKXGXC9ka33q7EzQIYlZISF7EkbT5dZHsO2DOMVLBdP1N1oUp0/
-1f6fc8uTDduELoKBRzTTZ6OOBVHeZyFZMMdi6tA5s/jxmb74lqH1+jQ6nTU2/Mma
-hGNxUuJpyhUHezgBA6sto5lNeyqc+3Cr5ehFQzUuwNsJaWbDdQk1v7lqRaqOlYjn
-iomOl36J5txTs0wL7etCeMRfyPsmc+8HmH77IYVMUOcPJb+0gNuSmAkvf5QXbgPI
-Zursn/UYnP9obhNbHc/9LYdQkB7CXyX9mPexnDNO7pggNA2jpbEarLmZGi4grMmf
-AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTwnIX9
-op99j8lou9XUiU0dvtOQ/zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3R
-VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
-cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
-RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
-Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD
-VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC
-AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAfjh/s1f5dDdfm0sNm74/dW
-MbbsxfYV1LoTpFt+3MSUWvSbiPQfUkoV57b5rutRJvnPP9mSlpFwcZ3e1nSUbi2o
-ITGA7RCOj23I1F4zk0YJm42qAwJIqOVenR3XtyQ2VR82qhC6xslxtNf7f2Ndx2G7
-Mem4wpFhyPDT2P6UJ2MnrD+FC//ZKH5/ERo96ghz8VqNlmL5RXo8Ks9rMr/Ad9xw
-Y4hyRvAz5920myUffwdUqc0SvPlFnahsZg15uT5HkK48tHR0TLuLH8aRpzh4KJ/Y
-p0sARNb+9i1R4Fg5zPNvHs2BbIve0vkwxAy+R4727qYzl3027w9jEFC6HMXRaDc=
+QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
+ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
+jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
+AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
+aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
+L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
+Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
+hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
+Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
+kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
+bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
+axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
+pbo=
 -----END CERTIFICATE-----

nginx/vhosts/dsp.conf

@@ -0,0 +1,40 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${DSP_DOMAIN};
+        root /data/dsp_admin_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /api {
+                proxy_pass http://gatewayService;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/hhz.conf

@@ -0,0 +1,54 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${HHZ_DOMAIN};
+        root /data/tuoheng_hhz_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /permission {
+                proxy_pass http://${HHZ_ADMIN_NAME}:9055;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /wxapp {
+                proxy_pass http://${HHZ_API_NAME}:9056/api;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /hhz {
+                proxy_pass http://gatewayService/hhz;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/minio.conf

@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginx/vhosts/minioconsole.conf

@@ -0,0 +1,20 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginx/vhosts/oidcadmin.conf

@@ -0,0 +1,39 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_ADMIN_DOMAIN};
+
+    client_max_body_size 2g;
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+   # 开启gzip功能
+    gzip on;
+    gzip_min_length 10k;
+    gzip_comp_level 9;
+    gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+    gzip_vary on;
+    gzip_disable "MSIE [1-6]\.";
+
+    location /{
+        try_files $uri $uri/ @router;
+        index index.html;
+    }
+
+    location @router{
+        rewrite ^.*$ /index.html last;
+    }
+
+    location /oidc {
+        proxy_pass http://gatewayService;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

nginx/vhosts/oidcservice.conf

@@ -1,9 +1,8 @@
- server {
+server {
     listen 80;
     listen 443 ssl;
-
-     server_name ${OIDC_DOMAIN};
-
+    server_name ${OIDC_SERVER_DOMAIN};
+    client_max_body_size 2g;
     # SSL证书配置
     ssl_certificate /etc/nginx/t-aaron.com.pem;
     ssl_certificate_key /etc/nginx/t-aaron.com.key;
@@ -12,12 +11,14 @@
     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
 
-
     location / {
         proxy_pass http://${OIDC_SERVER_NAME}:8090;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
     }
- }
+}

nginx/vhosts/sky.conf

@@ -1,21 +0,0 @@
-    server {
-       listen 80;
-       listen 443 ssl;
-       server_name ${SKYWALKING_UI_DOMAIN};
-
-        # SSL证书配置
-        ssl_certificate /etc/nginx/t-aaron.com.pem;
-        ssl_certificate_key /etc/nginx/t-aaron.com.key;
-        ssl_session_timeout 5m;
-        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
-
-       location / {
-          proxy_pass http://${SKYWALKING_UI_NAME}:8080;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-       }
-    }

nginx/vhosts/srs.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginx/vhosts/upstream.conf

@@ -1 +1,11 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}
 
+upstream airportService {
+    server ${AIRPORT_NAME}:9060;
+}
+
+upstream businessService {
+    server ${BUSINESS_NAME}:9260;
+}

nginx/vhosts/xxljob.conf

@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen 443 ssl;
-    server_name ${XXL_JOB_DOMAIN};
+    server_name ${XXLJOB_DOMAIN};
 
     # SSL证书配置
     ssl_certificate /etc/nginx/t-aaron.com.pem;
@@ -11,7 +11,7 @@ server {
     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     location / {
-        proxy_pass http://${XXL_JOB_NAME}:8080;
+        proxy_pass http://${XXLJOB_NAME}:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginxbazhong/Dockerfile.nginx

@@ -0,0 +1,40 @@
+FROM nginx:latest
+
+# 删除默认的nginx配置
+RUN rm -rf /etc/nginx/conf.d/*
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
+
+# 复制SSL证书文件到nginx目录
+COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
+COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+
+# 设置正确的权限
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+
+# 暴露端口
+EXPOSE 80 443
+
+# 启动nginx
+CMD ["nginx", "-g", "daemon off;"] 

nginxbazhong/build.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# 这个脚本现在只是一个包装器，调用两个新脚本
+
+echo "步骤1: 替换配置文件中的环境变量..."
+./replace_vars.sh
+
+# 检查替换结果是否成功
+if [ $? -ne 0 ]; then
+    echo "错误: 变量替换失败，中止构建"
+    exit 1
+fi
+
+#echo ""
+echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
+
+echo ""
+echo "步骤2: 构建Nginx镜像..."
+echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
+./build_image.sh

nginxbazhong/build_image.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+# 设置Nginx镜像名称（如果环境变量中未定义）
+if [ -z "${NGINX_IMAGE}" ]; then
+    export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
+fi
+
+echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
+
+# 检查临时目录是否存在
+TEMP_DIR="temp_vhosts"
+if [ ! -d "$TEMP_DIR" ]; then
+    echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
+    exit 1
+fi
+
+# 检查临时目录中是否有配置文件
+if [ -z "$(ls -A $TEMP_DIR)" ]; then
+    echo "警告: $TEMP_DIR 目录为空，将使用空配置构建镜像"
+fi
+
+# 检查SSL证书文件是否存在
+if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
+    echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
+    echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
+    echo "Nginx容器的SSL功能可能无法正常工作"
+fi
+
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+
+
+# 构建Docker镜像
+echo "使用Dockerfile.nginx构建镜像..."
+docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
+
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
+# 检查构建结果
+if [ $? -eq 0 ]; then
+    echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
+    
+    # 推送到镜像仓库（如果需要）
+    echo "推送镜像到仓库: ${NGINX_IMAGE}"
+    docker push ${NGINX_IMAGE}
+    
+    if [ $? -eq 0 ]; then
+        echo "镜像推送成功!"
+    else
+        echo "警告: 镜像推送失败!"
+    fi
+else
+    echo "错误: Nginx镜像构建失败!"
+    exit 1
+fi
+
+echo "Nginx镜像构建和推送完成!"
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginxbazhong/replace_vars.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+echo "开始替换配置文件中的环境变量..."
+
+# 检查vhosts目录是否存在
+if [ ! -d "vhosts" ]; then
+    echo "错误: vhosts目录不存在!"
+    exit 1
+fi
+
+# 检查vhosts目录中是否有配置文件
+if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
+    echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
+fi
+
+# 创建临时目录
+TEMP_DIR="temp_vhosts"
+rm -rf $TEMP_DIR
+mkdir -p $TEMP_DIR
+
+# 处理所有.conf文件，替换环境变量，跳过cert目录
+for conf_file in vhosts/*.conf; do
+    # 检查文件是否存在(处理无匹配文件的情况)
+    if [ ! -f "$conf_file" ]; then
+        continue
+    fi
+    
+    # 跳过cert目录中的文件
+    if [[ "$conf_file" == *"/cert/"* ]]; then
+        continue
+    fi
+    
+    filename=$(basename "$conf_file")
+    echo "处理文件: $filename"
+    
+    # 读取原始文件内容
+    content=$(cat "$conf_file")
+    
+    # 获取environment.sh中所有环境变量
+    env_vars=$(grep -E "^export [A-Z_]+" ../environment.sh | sed 's/export //')
+    
+    # 逐个替换环境变量
+    for var in $env_vars; do
+        var_name=$(echo $var | cut -d= -f1)
+        var_value=${!var_name}
+        if [ ! -z "$var_value" ]; then
+            # 使用更安全的变量替换方法
+            pattern="\\\${$var_name}"
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
+            echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
+        fi
+    done
+    
+    # 写入处理后的内容到临时文件
+    echo "$content" > "$TEMP_DIR/$filename"
+    
+    echo "  文件处理完成: $filename"
+done
+
+echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
+echo "请检查替换结果，确认无误后运行 build_image.sh 构建镜像" 

nginxbazhong/vhosts/cert/t-aaron.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA25lx3A2pDVMDxs1ecKHxGJwKTValNrnJqCY4q1cirGT5ES9M
+JagMOPCGpiGO1CzcIY04HGtF2DZ3qZO7duKXfW+H/yZAZeJp8NHKEH1UVcrW3azl
+KPxflR/nF0Wjmxdyv7Rc+EBPO6UHRycFsejQw1QKXvj2oGVHiwbP7vdAq3iLDBwp
+iT0d8WZcw5a+gQwx4mqex06YkpxXx0ggCb++Z6AD4Iys9fV3Fa95ez3JlqcgK17S
+hiNDO2liI3iGTB5CrDnmsie+iq/iWjdbZjdD+8kkVs0caxvNHynUvhBY23Kiys0A
+mjj6kOVOl36Q6cXvRDqz+JsN10ec7iCgjA0+XwIDAQABAoIBACdBF6RRYM278Cni
+XiZeHF3czs6iVWgh79U599lQ+ya76fXTcZYtovmurTMXPpPY7QSmXMhfuJ18pwlO
+Gi2XNaM7g6DtcoeD4JImvisSbDflyWDY3iHkcyWSDVoQnb1EhMOV9yR9QmyUBGgI
+prD1wBOaezwc3uEvGYnVjufVlN7RmZy7Wi3K3uNbbkPcPv4bYZagwNMXusIqgWBO
+ZGuC2vbYMo4aD/dg8L94IWLA/lXrehnoo6/A7B3fO6gOyWAfK+WOSg7V5kPm49E4
+nhs5jyyqnr/mvGT+590GzI4ERmr/OsYuk4sIk6XI0/xmUtGNIuVvpOjEqFVlh74Z
+7Ly7U0ECgYEA9nkucVCtDTMMciFOXN8YsehxYIt4Nt5BAfoa8TbQ7FK+DIEnbY0l
+uRNJTFUXGP70lChoQ49b8XbxMEbFWwv+oXIyKTDaR05jfjiDA2UfPOaYXZUJmbwD
+KL9Ruj11AM4V/ia1ywjIBF8PyBBxVRGJXUqCgWqcJRs/njPqCRakEiECgYEA5BZZ
+aOpq8f4LNnSDRs/mAHfKtaj6SczkJAanNlfgXaiwMydwpzLF0YlRa3lxpC6t5FSL
+JCm/K9uw3j+uZUrRudEGlyxiqQqUun1X94ICDq61JhC6N374i0oWLFwYZTOLrKFD
+mOrWJRqNC92O7CyACljwrZ4yoaA3WJIDIgggQH8CgYEArYNoH5vVB/rNIzexTA4+
++1gRIQ9uhOn4R+UDvJaDhCtH4dO2pxf724vpSRSKGy25jufXZuBwsM+0QfFAlLUg
+ABY9m+PpdtOHlV9BVE2HLT+FOjRmutSyQKhXZ85GJVfwAajMyG+ZKAKoQIba0jFz
+S7rdnzAnVrQVGFGhy94liSECgYAqYujcsWuMawyEYySePTZd8eUO20cf/d6Lv1zF
+oZEFdrq/1t19hNb0OJOT6G6w9yfDnd55qvRm3x3AP49WLZBJ+slBwLLY/SlkerSl
+P1jIh7kMSOGCPKtNn0f9mGPEMs8LFrDsMv/2xzdc9CCCTUbCJYMckKCSHqcKY6AH
+bAEqWwKBgAUfj7I+8VKY/Bbkdtq282VbESNMXry+xTl76MpUdWrGmzj6uqupD9ia
+s9BTD+WVg3fBKLegZd04PAiShvg7AHcM0sz5s31PkPs9itTSI12WJb7uTXjCbrF/
+Kk3n3D/NarLljEH1FRk7vIpkzmVgVoP6y2qQ4XvBcCBECsuTrSi8
+-----END RSA PRIVATE KEY-----

nginxbazhong/vhosts/cert/t-aaron.com.pem

@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIGSTCCBTGgAwIBAgIQDBSKURsSVtHdjua9yd+AsjANBgkqhkiG9w0BAQsFADBj
+MQswCQYDVQQGEwJDTjE2MDQGA1UECgwtQmVpamluZyBYaW5jaGFjaGEgQ3JlZGl0
+IE1hbmFnZW1lbnQgQ28uLCBMdGQuMRwwGgYDVQQDDBNYY2MgVHJ1c3QgRFYgU1NM
+IENBMB4XDTI0MDkxODA3MDIyMloXDTI1MDkxODA3MDIyMVowGzEZMBcGA1UEAwwQ
+Ki5qb3VhdmNsb3VkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANuZcdwNqQ1TA8bNXnCh8RicCk1WpTa5yagmOKtXIqxk+REvTCWoDDjwhqYhjtQs
+3CGNOBxrRdg2d6mTu3bil31vh/8mQGXiafDRyhB9VFXK1t2s5Sj8X5Uf5xdFo5sX
+cr+0XPhATzulB0cnBbHo0MNUCl749qBlR4sGz+73QKt4iwwcKYk9HfFmXMOWvoEM
+MeJqnsdOmJKcV8dIIAm/vmegA+CMrPX1dxWveXs9yZanICte0oYjQztpYiN4hkwe
+Qqw55rInvoqv4lo3W2Y3Q/vJJFbNHGsbzR8p1L4QWNtyosrNAJo4+pDlTpd+kOnF
+70Q6s/ibDddHnO4goIwNPl8CAwEAAaOCAz8wggM7MAwGA1UdEwEB/wQCMAAwQwYD
+VR0fBDwwOjA4oDagNIYyaHR0cDovL3hpbmNoYWNoYTJkdi5jcmwuY2VydHVtLnBs
+L3hpbmNoYWNoYTJkdi5jcmwweQYIKwYBBQUHAQEEbTBrMC8GCCsGAQUFBzABhiNo
+dHRwOi8veGluY2hhY2hhMmR2Lm9jc3AtY2VydHVtLmNvbTA4BggrBgEFBQcwAoYs
+aHR0cDovL3JlcG9zaXRvcnkuY2VydHVtLnBsL3hpbmNoYWNoYTJkdi5jZXIwHwYD
+VR0jBBgwFoAUoUOOADQJ5Xs1M651iQTyMmEPqOcwHQYDVR0OBBYEFLCYgbavJMn2
+4gJWJSV6QnXuJnuLMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGDCqEaAGG9ncCBQEV
+AzAnMCUGCCsGAQUFBwIBFhlodHRwczovL3d3dy5jZXJ0dW0ucGwvQ1BTMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0R
+BCQwIoIQKi5qb3VhdmNsb3VkLmNvbYIOam91YXZjbG91ZC5jb20wggF/BgorBgEE
+AdZ5AgQCBIIBbwSCAWsBaQB3AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw7w5CHrR+
+Tqo0AAABkgPwc/AAAAQDAEgwRgIhAOLKjVwrM6v9Nze9eKon2+90PWAOcbVCSF+H
+XD1w8xPwAiEA1Dd3b7f7Ae32oQVW6/QsbNMiXGbI3Q05+VL9Ae4KZ+YAdQB9WR4S
+4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZID8HVNAAAEAwBGMEQCIFUR
+2nBwjmQAFhcQVyM0Mzgn3cZlv6apdNjyfA3EUjz5AiAFtDETorhvmIZf7X3B5vr+
+KZ7Yg7outcoqNrWllqqe7wB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciys
+u8gqAAABkgPwc8MAAAQDAEgwRgIhAOuFfoYTn/3AuAs50keFes3K11WaRuGdUV0t
+FJpmIbzYAiEA8JnWiC63EyXmrGggvpFi6HazdAogySC00YffwPnznycwDQYJKoZI
+hvcNAQELBQADggEBAC+ROX5vA4wzwhAAbP0009mTGaZA5+6JGAXtoEUu1yaKzVMx
+3qBvQFej6m6ISAkI7gjvD3PS+D8/LvrmAPH5MWHiVaGyjArui7Z9k+JmGTGXc2bi
+S81i519kNs8M5yIvDavm7iILIL+3x3PgcSsf0+8PcKuL7hJvR+E4updYsOIIocmz
+lG8N2WROXQ3yfUC47RRt3MEOY35RW2XwvIsxmYQ7s3oiQuzdWmRFiL0BbOVQiKNG
+SQiO+hnhGBKMXqSBU9SXCUCgUUO+DBYg/aT6xpX3Joreoi33Vwkqu8BYBA4NSKCi
+3Whlrq4TI0stFNeKen1O9j1MsBMkpAX2jwWBg1M=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEzzCCA7egAwIBAgIRAMK3VduTvUcsGNNRC9juoN4wDQYJKoZIhvcNAQELBQAw
+fjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
+QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEiMCAG
+A1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTAeFw0yMjA3MDEwNzUxMDFa
+Fw0yNzA2MzAwNzUxMDFaMGMxCzAJBgNVBAYTAkNOMTYwNAYDVQQKDC1CZWlqaW5n
+IFhpbmNoYWNoYSBDcmVkaXQgTWFuYWdlbWVudCBDby4sIEx0ZC4xHDAaBgNVBAMM
+E1hjYyBUcnVzdCBEViBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCpa5zapltXVizFjCctkL/jY/pycE4gR4m+Nd8B1aqUcolQrlD2pWL785f1
+2/AFVAxlZuAsMfqT4qQL+M0y9jfg7qRhH80CLg5picFn8ZONR5SthRvOdBuG/COb
+1YS6IFa7M7mSWQcAdnLfJVlzdzJLWh4fCW+4I4ymV0AQvjpomOHv2UWyBwckKgbh
+obgR9mx65zduNFWFNC60A+7NY++6BIY5qv/Vafo1exBas1X/e/pdDgqEM9GZYCHR
+1+uDcssGA6qsis7tsDjdLOS4Y+0nQYtE/dxPpdyEdyXvJprnR7rgYCS8Xmi5Kgj4
+vUFOTeg+/bpH7Z/JRPH8aKPMD6TrAgMBAAGjggFhMIIBXTASBgNVHRMBAf8ECDAG
+AQH/AgEAMB0GA1UdDgQWBBShQ44ANAnlezUzrnWJBPIyYQ+o5zAfBgNVHSMEGDAW
+gBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9j
+cmwuY2VydHVtLnBsL2N0bmNhLmNybDBrBggrBgEFBQcBAQRfMF0wKAYIKwYBBQUH
+MAGGHGh0dHA6Ly9zdWJjYS5vY3NwLWNlcnR1bS5jb20wMQYIKwYBBQUHMAKGJWh0
+dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9jdG5jYS5jZXIwOgYDVR0gBDMwMTAv
+BgRVHSAAMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vd3d3LmNlcnR1bS5wbC9DUFMw
+DQYJKoZIhvcNAQELBQADggEBAA9Nm/PoxLgAQhGx+C73ueZFFsIMtI/3j+OBgopN
+jeDTcLwB97EZW75xgY1JeapByljUyF/ccjHmGg89pSqiOoznrd84H/cvfVXZlY+f
+0k98JdzAdkeTg1Kca2ppqTBg1kX565gYOUwj0kXyP+AjVuyKwFht7RJpV5BE4Ejo
+fQOaOtv5PFyIE+TlqOQjzBZWzWyt7EUUpKbhhhfoiX0CfneyNhP9805n2RMG79UR
+MVtpz8D8yUKgQ6q+V4lZ2flN+p1lLcBOOf79+yRWtE9E/ntSc4DjExnIg5eLiIVD
++huf+lzpbZOq7IhL/XI3A3TTOhw5FCXfq0uPtC5z/MYXW1c=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
+MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
+ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
+cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
+WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
+Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
+IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
+UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
+TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
+BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
+kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
+AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
+sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
+I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
+J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
+VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----

nginxbazhong/vhosts/consul.conf

@@ -2,7 +2,7 @@
 server {
     listen 80;
     listen 443 ssl;
-    server_name consul-bazhong.t-aaron.com;
+    server_name ${CONSUL_DOMAIN};
 
     ssl_certificate /etc/nginx/t-aaron.com.pem;
     ssl_certificate_key /etc/nginx/t-aaron.com.key;
@@ -12,7 +12,7 @@ server {
     ssl_prefer_server_ciphers on;
 
     location / {
-        proxy_pass http://CONSUL_bazhong:8500;
+        proxy_pass http://${CONSUL_NAME}:8500;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginxbazhong/vhosts/dsp.conf

@@ -0,0 +1,39 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${DSP_DOMAIN};
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /api {
+                proxy_pass http://gatewayService;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxbazhong/vhosts/hhz.conf

@@ -0,0 +1,54 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${HHZ_DOMAIN};
+        root /data/tuoheng_hhz_web/dist;
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /permission {
+                proxy_pass http://${HHZ_ADMIN_NAME}:9055;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /wxapp {
+                proxy_pass http://${HHZ_API_NAME}:9056/api;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /hhz {
+                proxy_pass http://gatewayService/hhz;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxbazhong/vhosts/minio.conf

@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/minioconsole.conf

@@ -0,0 +1,20 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/oidcadmin.conf

@@ -0,0 +1,39 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_ADMIN_DOMAIN};
+
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+   # 开启gzip功能
+    gzip on;
+    gzip_min_length 10k;
+    gzip_comp_level 9;
+    gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+    gzip_vary on;
+    gzip_disable "MSIE [1-6]\.";
+
+    location /{
+        try_files $uri $uri/ @router;
+        index index.html;
+    }
+
+    location @router{
+        rewrite ^.*$ /index.html last;
+    }
+
+    location /oidc {
+        proxy_pass http://gatewayService;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

nginxbazhong/vhosts/oidcservice.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${OIDC_SERVER_NAME}:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
+    }
+}

nginxbazhong/vhosts/srs.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/upstream.conf

@@ -0,0 +1,3 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}

nginxbazhong/vhosts/xxljob.conf

@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen 443 ssl;
-    server_name xxljob-bazhong.t-aaron.com;
+    server_name ${XXLJOB_DOMAIN};
 
     # SSL证书配置
     ssl_certificate /etc/nginx/t-aaron.com.pem;
@@ -11,7 +11,7 @@ server {
     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     location / {
-        proxy_pass http://XXL_JOB_bazhong:8080;
+        proxy_pass http://${XXLJOB_NAME}:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginxdashuju/Dockerfile.nginx

@@ -0,0 +1,40 @@
+FROM nginx:latest
+
+# 删除默认的nginx配置
+RUN rm -rf /etc/nginx/conf.d/*
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
+
+# 复制SSL证书文件到nginx目录
+COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
+COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+
+# 设置正确的权限
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+
+# 暴露端口
+EXPOSE 80 443
+
+# 启动nginx
+CMD ["nginx", "-g", "daemon off;"] 

nginxdashuju/build.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# 这个脚本现在只是一个包装器，调用两个新脚本
+
+echo "步骤1: 替换配置文件中的环境变量..."
+./replace_vars.sh
+
+# 检查替换结果是否成功
+if [ $? -ne 0 ]; then
+    echo "错误: 变量替换失败，中止构建"
+    exit 1
+fi
+
+#echo ""
+echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
+
+echo ""
+echo "步骤2: 构建Nginx镜像..."
+echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
+./build_image.sh

nginxdashuju/build_image.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+# 设置Nginx镜像名称（如果环境变量中未定义）
+if [ -z "${NGINX_IMAGE}" ]; then
+    export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
+fi
+
+echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
+
+# 检查临时目录是否存在
+TEMP_DIR="temp_vhosts"
+if [ ! -d "$TEMP_DIR" ]; then
+    echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
+    exit 1
+fi
+
+# 检查临时目录中是否有配置文件
+if [ -z "$(ls -A $TEMP_DIR)" ]; then
+    echo "警告: $TEMP_DIR 目录为空，将使用空配置构建镜像"
+fi
+
+# 检查SSL证书文件是否存在
+if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
+    echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
+    echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
+    echo "Nginx容器的SSL功能可能无法正常工作"
+fi
+
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+
+
+# 构建Docker镜像
+echo "使用Dockerfile.nginx构建镜像..."
+docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
+
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
+# 检查构建结果
+if [ $? -eq 0 ]; then
+    echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
+    
+    # 推送到镜像仓库（如果需要）
+    echo "推送镜像到仓库: ${NGINX_IMAGE}"
+    docker push ${NGINX_IMAGE}
+    
+    if [ $? -eq 0 ]; then
+        echo "镜像推送成功!"
+    else
+        echo "警告: 镜像推送失败!"
+    fi
+else
+    echo "错误: Nginx镜像构建失败!"
+    exit 1
+fi
+
+echo "Nginx镜像构建和推送完成!"
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginxdashuju/replace_vars.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+echo "开始替换配置文件中的环境变量..."
+
+# 检查vhosts目录是否存在
+if [ ! -d "vhosts" ]; then
+    echo "错误: vhosts目录不存在!"
+    exit 1
+fi
+
+# 检查vhosts目录中是否有配置文件
+if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
+    echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
+fi
+
+# 创建临时目录
+TEMP_DIR="temp_vhosts"
+rm -rf $TEMP_DIR
+mkdir -p $TEMP_DIR
+
+# 处理所有.conf文件，替换环境变量，跳过cert目录
+for conf_file in vhosts/*.conf; do
+    # 检查文件是否存在(处理无匹配文件的情况)
+    if [ ! -f "$conf_file" ]; then
+        continue
+    fi
+    
+    # 跳过cert目录中的文件
+    if [[ "$conf_file" == *"/cert/"* ]]; then
+        continue
+    fi
+    
+    filename=$(basename "$conf_file")
+    echo "处理文件: $filename"
+    
+    # 读取原始文件内容
+    content=$(cat "$conf_file")
+    
+    # 获取environment.sh中所有环境变量
+    env_vars=$(grep -E "^export [A-Z_]+" ../environment.sh | sed 's/export //')
+    
+    # 逐个替换环境变量
+    for var in $env_vars; do
+        var_name=$(echo $var | cut -d= -f1)
+        var_value=${!var_name}
+        if [ ! -z "$var_value" ]; then
+            # 使用更安全的变量替换方法
+            pattern="\\\${$var_name}"
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
+            echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
+        fi
+    done
+    
+    # 写入处理后的内容到临时文件
+    echo "$content" > "$TEMP_DIR/$filename"
+    
+    echo "  文件处理完成: $filename"
+done
+
+echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
+echo "请检查替换结果，确认无误后运行 build_image.sh 构建镜像" 

nginxdashuju/vhosts/airport.conf

@@ -0,0 +1,50 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${AIRPORT_DOMAIN};
+        root /data/tuoheng_airport_web/dist;
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${AIRPORT_DOMAIN} https://${AIRPORT_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /airport {
+            proxy_pass http://gatewayService/airport;
+            proxy_set_header Host $host;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+        
+        location /permission {
+             proxy_pass http://airportService/permission;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxdashuju/vhosts/cert/t-aaron.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
++5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
+i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
+xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
+2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
+5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
+Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
+z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
+jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
+X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
+/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
+smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
+1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
+rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
+iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
+Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
+lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
+DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
+44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
+8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
+m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
+XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
+N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
+a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
+vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
+-----END RSA PRIVATE KEY-----

nginxdashuju/vhosts/cert/t-aaron.com.pem

@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
+MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
+LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
+rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
+e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
+8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
+f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
+m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
+TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
+7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
+HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
+DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
+BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
+TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
+cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
+cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
+/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
+95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
+6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
+6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
+1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
+m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
+ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
+/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
+4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
+mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
+Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
+QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
+7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
+k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
+ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
+NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
+8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
+5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
+n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
+YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
+IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
+BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
+HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
+b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
+BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
+CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
+SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
+CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
+0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
+zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
+44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
+8o34/m8Fxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
+ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
+jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
+AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
+aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
+L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
+Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
+hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
+Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
+kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
+bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
+axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
+pbo=
+-----END CERTIFICATE-----

nginxdashuju/vhosts/consul.conf

@@ -0,0 +1,21 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${CONSUL_DOMAIN};
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${CONSUL_NAME}:8500;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/minio.conf

@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/minioconsole.conf

@@ -0,0 +1,20 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/oidcservice.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${OIDC_SERVER_NAME}:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
+    }
+}

nginxdashuju/vhosts/srs.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/upstream.conf

@@ -0,0 +1,9 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}
+
+upstream airportService {
+    server ${AIRPORT_NAME}:9060;
+}
+
+

nginxdashuju/vhosts/xxljob.conf

@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${XXLJOB_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location / {
+        proxy_pass http://${XXLJOB_NAME}:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+                                 

readme.md

@@ -7,3 +7,5 @@
 #### 1.network.sh 是为了生成网络环境
 #### 2.volumn.sh 是为了建立volumn,给服务用
 ### 在非docker swarm的环境中运行,在单机docker环境中运行
+### 要跟踪文件的变化，每次的提示都按照最新的文件分析
+### 遇见需要执行的语句,在对话框中让我执行,你直接对执行结果进行分析

server/nginx.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-source ../environment.sh
-
-# 检查并停止/删除已存在的容器
-if docker ps -a | grep -q ${NGINX_NAME}; then
-    echo "停止并删除已存在的 ${NGINX_NAME} 容器..."
-    docker stop ${NGINX_NAME} >/dev/null 2>&1
-    docker rm ${NGINX_NAME} >/dev/null 2>&1
-fi
-
-# 启动Nginx容器
-docker run --pull always -d \
---name ${NGINX_NAME} \
---network ${NETWORK} \
--p ${NGINX_HTTP_PORT}:80 \
--p ${NGINX_HTTPS_PORT}:443 \
---env TZ=Asia/Shanghai \
---memory ${NGINX_MEMORY} \
---restart unless-stopped \
-${NGINX_IMAGE}
-
-# 显示运行中的容器
-docker ps 

server/oidcadmin.sh

@@ -1,29 +0,0 @@
-source ../environment.sh
- 
-
-if docker ps -a | grep -q ${OIDC_ADMIN_NAME}; then
-    echo "停止并删除已存在的 OIDC_ADMIN_NAME 容器..."
-    docker stop ${OIDC_ADMIN_NAME} >/dev/null 2>&1
-    docker rm ${OIDC_ADMIN_NAME} >/dev/null 2>&1
-fi
-
-
-docker run --pull always -d \
---name ${OIDC_ADMIN_NAME} \
---network ${NETWORK} \
---env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
---env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
---env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_ADMIN_NAME} \
---env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
---env XXL_ENABLE=false \
---env SPRING_REDIS_HOST=${REDIS_NAME} \
---env SPRING_REDIS_PORT=6379 \
---env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
---env SPRING_DATASOURCE_USERNAME=root \
---env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
---env TZ=Asia/Shanghai \
---env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
---mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
---memory ${OIDC_ADMIN_MEMORY} \
---restart unless-stopped \
-${OIDC_ADMIN_IMAGE}

server/oidcservice.sh

@@ -1,29 +0,0 @@
-source ../environment.sh
- 
-
-if docker ps -a | grep -q ${OIDC_SERVER_NAME}; then
-    echo "停止并删除已存在的 OIDC_SERVER_NAME 容器..."
-    docker stop ${OIDC_SERVER_NAME} >/dev/null 2>&1
-    docker rm ${OIDC_SERVER_NAME} >/dev/null 2>&1
-fi
-
-
-docker run --pull always -d \
---name ${OIDC_SERVER_NAME} \
---network ${NETWORK} \
---env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
---env SPRING_CLOUD_CONSUL_PORT=${CONSUL_PORT} \
---env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${OIDC_SERVER_NAME} \
---env XXL_JOB_ADMIN_ADDRESSES=${XXLJOB_NAME}:${XXLJOB_PORT} \
---env XXL_ENABLE=false \
---env SPRING_REDIS_HOST=${REDIS_NAME} \
---env SPRING_REDIS_PORT=6379 \
---env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_oidc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
---env SPRING_DATASOURCE_USERNAME=root \
---env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
---env TZ=Asia/Shanghai \
---env SPRING_KAFKA_COMMON_BOOTSTRAP-SERVERS=${KAFKA_NAME}:9092 \
---mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
---memory ${OIDC_SERVER_MEMORY} \
---restart unless-stopped \
-${OIDC_SERVER_IMAGE}

serviceImageBuilder/Dockerfile

@@ -1,22 +0,0 @@
-# 使用一个基础镜像
-#FROM openjdk:11-jre-slim
-FROM tuoheng/centos:base
-USER th
-# 定义构建参数
-ARG SW_APP_NAME
-ARG SW_SKY_AOP
-# 设置工作目录
-WORKDIR /data/java/tuoheng
-COPY apache-skywalking-java-agent-9.0.0.tgz  .
-RUN  tar -zxvf apache-skywalking-java-agent-9.0.0.tgz
-#复制应用程序到容器中
-COPY tuoheng.jar .
-# 设置环境变量
-ENV PATH="/usr/java/jdk/bin:${PATH}"
-ENV SW_AGENT_COLLECTOR_BACKEND_SERVICES="${SW_SKY_AOP}" \
-    SW_AGENT_NAME="${SW_APP_NAME}"
-#暴露应用程序的端口
-#EXPOSE 8090
-# 运行应用程序
-ENTRYPOINT ["java", "-Dfile.encoding=UTF-8","-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar","-jar","tuoheng.jar"]
-                                                                                                                                                                                                                                                                                                                                                                                            

serviceImageBuilder/builder.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-# This script builds the Docker image
-# 读取第一个参数
-if [ $# -ne 3 ]; then
-  echo "错误：调用该脚本时必须传入 3 个参数 分别为服务名 镜像名 包名"
-  exit 1
-fi
-echo "服务名: $1 Image $2 Java包: $3"
-rm tuoheng.jar
-cp $3 tuoheng.jar
-source ../environment.sh
-#docker service rm $APP_NAME
-sleep 5
-docker container prune -f
-sleep 5
-cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agent-9.0.0.tgz
-docker image rm $2
-docker build --no-cache \
-  --build-arg SW_APP_NAME=$1 \
-  --build-arg SW_SKY_AOP=$SKY_AOP \
-  -t $2 .  # 注意末尾的 `.` 表示当前路径
-docker push $2                                                                                               

serviceImageBuilder/gateway.sh

@@ -1,4 +0,0 @@
-source ../environment.sh
-rm $GATEWAY_JAR
-cp $GATEWAY_REMOTE_JAR $GATEWAY_JAR
-./builder.sh $GATEWAY_NAME $GATEWAY_IMAGE $GATEWAY_JAR

serviceImageBuilder/oidcadmin.sh

@@ -1,4 +0,0 @@
-source ../environment.sh
-rm $OIDC_ADMIN_JAR
-cp $OIDC_ADMIN_REMOTE_JAR $OIDC_ADMIN_JAR
-./builder.sh $OIDC_ADMIN_NAME $OIDC_ADMIN_IMAGE $OIDC_ADMIN_JAR

serviceImageBuilder/oidcservice.sh

@@ -1,4 +0,0 @@
-source ../environment.sh
-rm $OIDC_SERVER_JAR
-cp $OIDC_SERVER_REMOTE_JAR $OIDC_SERVER_JAR
-./builder.sh $OIDC_SERVER_NAME $OIDC_SERVER_IMAGE $OIDC_SERVER_JAR

start/airport.sh

@@ -0,0 +1,77 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${AIRPORT_NAME}; then
+    echo "停止并删除已存在的 AIRPORT_NAME 容器..."
+    docker stop ${AIRPORT_NAME} >/dev/null 2>&1
+    docker rm ${AIRPORT_NAME} >/dev/null 2>&1
+fi
+
+if [ "$USEDAJIANG" = "true" ]; then
+    echo "......使用自己的MQTT配置......."
+    docker run --pull always -d \
+    --name ${AIRPORT_NAME} \
+    --network ${NETWORK} \
+    --env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+    --env SPRING_CLOUD_CONSUL_PORT=8500 \
+    --env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${AIRPORT_NAME} \
+    --env XXL_JOB_ADMIN_ADDRESSES=http://${XXLJOB_NAME}:8080/xxl-job-admin \
+    --env XXL_JOB_ACCESSTOKEN=${XXLJOB_ACCESS_TOKEN} \
+    --env XXL_ENABLE=true \
+    --env SPRING_REDIS_HOST=${REDIS_NAME} \
+    --env SPRING_REDIS_PORT=6379 \
+    --env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_airport?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+    --env SPRING_DATASOURCE_USERNAME=root \
+    --env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+    --env SRS_NAME=${SRS_DOMAIN} \
+    --env VIDEOSERVER_REQUESTURL=http://${STREAM_NAME}:8080 \
+    --env VIDEOSERVER_VIDEOPLAYURL=https://${SRS_DOMAIN}:${NGINX_HTTPS_PORT}/recording/ \
+    --env SPRING_KAFKA_BOOTSTRAP_SERVERS=${KAFKA_NAME}:${KAFKA_PORT} \
+    --env MINIO_OSS_ENDPOINT=http://${MINIO_NAME}:9000 \
+    --env MINIO_OSS_OUTENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+    --env MINIO_DAJIOSS_ENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+    --env MINIO_OSS_ACCESSKEYID=${MINIO_ACCESS_KEY} \
+    --env MINIO_OSS_ACCESSKEYSECRET=${MINIO_SECRET_KEY} \
+    --env TZ=Asia/Shanghai \
+    --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+    --memory ${AIRPORT_MEMORY} \
+    --restart unless-stopped \
+    ${AIRPORT_IMAGE}
+else
+    docker run --pull always -d \
+    --name ${AIRPORT_NAME} \
+    --network ${NETWORK} \
+    --env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+    --env SPRING_CLOUD_CONSUL_PORT=8500 \
+    --env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${AIRPORT_NAME} \
+    --env XXL_JOB_ADMIN_ADDRESSES=http://${XXLJOB_NAME}:8080/xxl-job-admin \
+    --env XXL_JOB_ACCESSTOKEN=${XXLJOB_ACCESS_TOKEN} \
+    --env XXL_ENABLE=true \
+    --env SPRING_REDIS_HOST=${REDIS_NAME} \
+    --env SPRING_REDIS_PORT=6379 \
+    --env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_airport?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+    --env SPRING_DATASOURCE_USERNAME=root \
+    --env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+    --env SRS_NAME=${SRS_DOMAIN} \
+    --env SPRING_MQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+    --env SPRING_MQTT_URL=tcp://${MQTT_NAME}:1883 \
+    --env SPRING_MQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+    --env SPRING_NEWMQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+    --env SPRING_NEWMQTT_URL=tcp://${MQTT_NAME}:1883 \
+    --env SPRING_NEWMQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+    --env VIDEOSERVER_REQUESTURL=http://${STREAM_NAME}:8080 \
+    --env VIDEOSERVER_VIDEOPLAYURL=https://${SRS_DOMAIN}:${NGINX_HTTPS_PORT}/recording/ \
+    --env SPRING_KAFKA_BOOTSTRAP_SERVERS=${KAFKA_NAME}:${KAFKA_PORT} \
+    --env MINIO_OSS_ENDPOINT=http://${MINIO_NAME}:9000 \
+    --env MINIO_OSS_OUTENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+    --env MINIO_DAJIOSS_ENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+    --env MINIO_OSS_ACCESSKEYID=${MINIO_ACCESS_KEY} \
+    --env MINIO_OSS_ACCESSKEYSECRET=${MINIO_SECRET_KEY} \
+    --env TZ=Asia/Shanghai \
+    --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+    --memory ${AIRPORT_MEMORY} \
+    --restart unless-stopped \
+    ${AIRPORT_IMAGE}
+fi
+
+ 

start/business.sh

@@ -0,0 +1,50 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${BUSINESS_NAME}; then
+    echo "停止并删除已存在的 BUSINESS_NAME 容器..."
+    docker stop ${BUSINESS_NAME} >/dev/null 2>&1
+    docker rm ${BUSINESS_NAME} >/dev/null 2>&1
+fi
+
+
+
+docker run --pull always -d \
+--name ${BUSINESS_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=8500 \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${BUSINESS_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=http://${XXLJOB_NAME}:8080/xxl-job-admin \
+--env XXL_JOB_ACCESSTOKEN=${XXLJOB_ACCESS_TOKEN} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_business?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_USERNAME=root \
+--env SPRING_DATASOURCE_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env SPRING_MQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_MQTT_URL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_MQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_URL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+--env VIDEOSERVER_REQUESTURL=http://${STREAM_NAME}:8080 \
+--env VIDEOSERVER_VIDEOPLAYURL=https://${SRS_DOMAIN}:${NGINX_HTTPS_PORT}/recording/ \
+--env SPRING_KAFKA_BOOTSTRAP_SERVERS=${KAFKA_NAME}:${KAFKA_PORT} \
+--env MINIO_OSS_ENDPOINT=http://${MINIO_NAME}:9000 \
+--env MINIO_OSS_OUTENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+--env MINIO_DAJIOSS_ENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+--env MINIO_OSS_ACCESSKEYID=${MINIO_ACCESS_KEY} \
+--env MINIO_OSS_ACCESSKEYSECRET=${MINIO_SECRET_KEY} \
+--env TUOHENG_LIVE_CHANNEL_DOMAIN_URL=https://${SRS_DOMAIN_FULL}/ \
+--env TUOHENG_PUSH_URL=rtmp://${SRS_RTMP_DOMAIN_FULL}/live/ \
+--env TUOHENG_PULL_URL=https://${SRS_DOMAIN_FULL}/live/ \
+--env TUOHENG_DSP_DOMAIN_URL=http://${DSP_PORTAL_NAME}:7011/ \
+--env TUOHENG_DSP_CALLBACK_URL=https://${BUSINESS_DOMAIN_FULL}/business/admin/dsp/{requestId}/callback \
+--env TUOHENG_AIRPORT_URL=https://${AIRPORT_DOMAIN_FULL}/airport/admin \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${BUSINESS_MEMORY} \
+--restart unless-stopped \
+${BUSINESS_IMAGE}

start/dspadmin.sh

@@ -0,0 +1,45 @@
+source ../environment.sh
+ 
+
+if docker ps -a | grep -q ${DSP_ADMIN_NAME}; then
+    echo "停止并删除已存在的 DSP_ADMIN_NAME 容器..."
+    docker stop ${DSP_ADMIN_NAME} >/dev/null 2>&1
+    docker rm ${DSP_ADMIN_NAME} >/dev/null 2>&1
+fi
+
+
+docker run --pull always -d \
+--name ${DSP_ADMIN_NAME} \
+--network ${NETWORK} \
+--env SPRING_CLOUD_CONSUL_HOST=${CONSUL_NAME} \
+--env SPRING_CLOUD_CONSUL_PORT=8500 \
+--env SPRING_CLOUD_CONSUL_DISCOVERY_HOSTNAME=${DSP_ADMIN_NAME} \
+--env XXL_JOB_ADMIN_ADDRESSES=http://${XXLJOB_NAME}:8080/xxl-job-admin \
+--env XXL_JOB_ACCESSTOKEN=${XXLJOB_ACCESS_TOKEN} \
+--env XXL_ENABLE=false \
+--env SPRING_REDIS_HOST=${REDIS_NAME} \
+--env SPRING_REDIS_PORT=6379 \
+--env SPRING_DATASOURCE_DRUID_URL="jdbc:mysql://${MYSQL_NAME}:3306/tuoheng_dsp?useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2b8&useSSL=true&tinyInt1isBit=false" \
+--env SPRING_DATASOURCE_DRUID_USERNAME=root \
+--env SPRING_DATASOURCE_DRUID_PASSWORD=${MYSQL_ROOT_PASSWORD} \
+--env SPRING_MQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_MQTT_URL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_MQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_ONLINEURL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_URL=tcp://${MQTT_NAME}:1883 \
+--env SPRING_NEWMQTT_NEWURL=tcp://${MQTT_NAME}:1883 \
+--env VIDEOSERVER_REQUESTURL=http://${STREAM_NAME}:8080 \
+--env VIDEOSERVER_VIDEOPLAYURL=https://${SRS_DOMAIN}:${NGINX_HTTPS_PORT}/recording/ \
+--env SPRING_KAFKA_BOOTSTRAP_SERVERS=${KAFKA_NAME}:${KAFKA_PORT} \
+--env MINIO_OSS_ENDPOINT=http://${MINIO_NAME}:9000 \
+--env MINIO_OSS_OUTENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+--env MINIO_DAJIOSS_ENDPOINT=https://${MINIO_DOMAIN}:${NGINX_HTTPS_PORT} \
+--env MINIO_OSS_ACCESSKEYID=${MINIO_ACCESS_KEY} \
+--env MINIO_OSS_ACCESSKEYSECRET=${MINIO_SECRET_KEY} \
+--env TUOHENG_PUSH_URL=rtmp://${SRS_DOMAIN}:${SRS_RTMP_PORT}/live/ \
+--env TUOHENG_PULL_URL=https://${SRS_DOMAIN}:${NGINX_HTTPS_PORT}/live/ \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--memory ${DSP_ADMIN_MEMORY} \
+--restart unless-stopped \
+${DSP_ADMIN_IMAGE}