调度

.cursorrules

@@ -0,0 +1,37 @@
+    # Role
+    你是一名极其优秀具有20年经验的产品经理和精通所有编程语言的工程师。与你交流的用户是不懂代码的初中生，不善于表达产品和代码需求。你的工作对用户来说非常重要，完成后将获得10000美元奖励。
+
+    # Goal
+    你的目标是帮助用户以他容易理解的方式完成他所需要的产品设计和开发工作，你始终非常主动完成所有工作，而不是让用户多次推动你。
+
+    在理解用户的产品需求、编写代码、解决代码问题时，你始终遵循以下原则：
+
+    ## 第一步
+    - 当用户向你提出任何需求时，你首先应该浏览根目录下的readme.md文件和所有代码文档，理解这个项目的目标、架构、实现方式等。如果还没有readme文件，你应该创建，这个文件将作为用户使用你提供的所有功能的说明书，以及你对项目内容的规划。因此你需要在readme.md文件中清晰描述所有功能的用途、使用方法、参数说明、返回值说明等，确保用户可以轻松理解和使用这些功能。
+
+    # 本规则由 AI进化论-花生 创建，版权所有，引用请注明出处
+
+    ## 第二步
+    你需要理解用户正在给你提供的是什么任务
+    ### 当用户直接为你提供需求时，你应当：
+    - 首先，你应当充分理解用户需求，并且可以站在用户的角度思考，如果我是用户，我需要什么？
+    - 其次，你应该作为产品经理理解用户需求是否存在缺漏，你应当和用户探讨和补全需求，直到用户满意为止；
+    - 最后，你应当使用最简单的解决方案来满足用户需求，而不是使用复杂或者高级的解决方案。
+
+    ### 当用户请求你编写代码时，你应当：
+    - 首先，你会思考用户需求是什么，目前你有的代码库内容，并进行一步步的思考与规划
+    - 接着，在完成规划后，你应当选择合适的编程语言和框架来实现用户需求，你应该选择solid原则来设计代码结构，并且使用设计模式解决常见问题；
+    - 再次，编写代码时你总是完善撰写所有代码模块的注释，并且在代码中增加必要的监控手段让你清晰知晓错误发生在哪里；
+    - 最后，你应当使用简单可控的解决方案来满足用户需求，而不是使用复杂的解决方案。
+
+    ### 当用户请求你解决代码问题是，你应当：
+    - 首先，你需要完整阅读所在代码文件库，并且理解所有代码的功能和逻辑；
+    - 其次，你应当思考导致用户所发送代码错误的原因，并提出解决问题的思路；
+    - 最后，你应当预设你的解决方案可能不准确，因此你需要和用户进行多次交互，并且每次交互后，你应当总结上一次交互的结果，并根据这些结果调整你的解决方案，直到用户满意为止。
+    - 特别注意：当一个bug经过两次调整仍未解决时，你将启动系统二思考模式：
+      1. 首先，系统性分析导致bug的可能原因，列出所有假设
+      2. 然后，为每个假设设计验证方法
+      3. 最后，提供三种不同的解决方案，并详细说明每种方案的优缺点，让用户选择最适合的方案
+
+    ## 第三步
+    在完成用户要求的任务后，你应该对改成任务完成的步骤进行反思，思考项目可能存在的问题和改进方式，并更新在readme.md文件中

.gitnore

@@ -0,0 +1,7 @@
+*.jar
+*temp_vhosts*
+*temp*
+.DS_Store
+*.tgz
+readme.md
+.cursorrules

.idea/.gitignore

@@ -0,0 +1,8 @@
+# 默认忽略的文件
+/shelf/
+/workspace.xml
+# 基于编辑器的 HTTP 客户端请求
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/docker.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_23" default="true" project-jdk-name="openjdk-23" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/docker.iml" filepath="$PROJECT_DIR$/.idea/docker.iml" />
+    </modules>
+  </component>
+</project>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

bazhong.sh

@@ -0,0 +1,62 @@
+#域名前缀
+export VERSION=default
+export DOMAIN=bazhong
+#域名后缀
+export DOMAIN_END=bazhongfeifu.com
+# 主机对外爆露的HTTP端口
+export NGINX_HTTP_PORT=9999
+# 主机对外爆露的HTTPS端口
+export NGINX_HTTPS_PORT=3443
+# 对外MYSQL端口
+export MYSQL_PORT=3309
+# 对外Redis端口
+export REDIS_PORT=6381
+# MQTT 配置
+# MQTT对外爆露端口
+export MQTT_PORT=1884
+# 对外KAFKA端口
+export KAFKA_PORT=9292
+# SRS对外爆露端口
+export SRS_RTMP_PORT=1938
+# Minio控制台对外爆露端口
+export MINIO_CONSOLE_PORT=9022
+
+#这部分不用管
+export HHZ_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_hhz_web/dist
+export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/dsp-admin/dist
+export AIRPORT_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/tuoheng_airport_web/dist
+export BUSINESS_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/business_web/dist
+export OIDC_WEB_DIST=/home/th/workspace/dockerbuilder/webs/bazhong/oidc_web/dist
+
+#这部分不需要修改
+export SKYWALKING_UI_DOMAIN=sky.${DOMAIN_END}
+export CONSUL_DOMAIN=consul.${DOMAIN_END}
+export XXLJOB_DOMAIN=xxljob.${DOMAIN_END}
+export OIDC_SERVER_DOMAIN=oidc.${DOMAIN_END}
+export OIDC_ADMIN_DOMAIN=oidcadmin.${DOMAIN_END}
+export MINIO_DOMAIN=minio.${DOMAIN_END}
+export MINIO_CONSOLE_DOMAIN=minioconsole.${DOMAIN_END}
+export AIRPORT_DOMAIN=airport.${DOMAIN_END}
+export BUSINESS_DOMAIN=business.${DOMAIN_END}
+export SRS_DOMAIN=srs.${DOMAIN_END}
+export HHZ_DOMAIN=hhz.${DOMAIN_END}
+export DSP_DOMAIN=dsp.${DOMAIN_END}
+export KAFKA_DOMAIN=kafka.${DOMAIN_END}
+
+
+#域名证书位置写在这边 
+#dsp.bazhongfeifu.com hhz.bazhongfeifu.com  minio.bazhongfeifu.com oidc.bazhongfeifu.com srs.bazhongfeifu.com
+export DSP_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/dsp/dsp.bazhongfeifu.com.pem
+export DSP_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/dsp/dsp.bazhongfeifu.com.key
+
+export HHZ_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/hhz/hhz.bazhongfeifu.com.pem
+export HHZ_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/hhz/hhz.bazhongfeifu.com.key
+
+export MINIO_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/minio/minio.bazhongfeifu.com.pem
+export MINIO_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/minio/minio.bazhongfeifu.com.key
+
+export OIDC_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/oidc/oidc.bazhongfeifu.com.pem
+export OIDC_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/oidc/oidc.bazhongfeifu.com.key
+
+export SRS_PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/srs/srs.bazhongfeifu.com.pem
+export SRS_KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginxbazhong/certs/srs/srs.bazhongfeifu.com.key

builder/Dockerfile

@@ -1,10 +1,13 @@
 # 使用一个基础镜像
 #FROM openjdk:11-jre-slim
-FROM tuoheng/centos:base
+FROM registry.t-aaron.com/tuoheng/centos:base
 USER th
 # 定义构建参数
 ARG SW_APP_NAME
-ARG SW_SKY_AOP
+ARG SW_AGENT_COLLECTOR_BACKEND_SERVICES
+# 使用参数设置环境变量
+ENV SW_APP_NAME=${SW_APP_NAME} \
+    SW_AGENT_COLLECTOR_BACKEND_SERVICES=${SW_AGENT_COLLECTOR_BACKEND_SERVICES}
 # 设置工作目录
 WORKDIR /data/java/tuoheng
 COPY apache-skywalking-java-agent-9.0.0.tgz  .
@@ -13,10 +16,12 @@ RUN  tar -zxvf apache-skywalking-java-agent-9.0.0.tgz
 COPY tuoheng.jar .
 # 设置环境变量
 ENV PATH="/usr/java/jdk/bin:${PATH}"
-ENV SW_AGENT_COLLECTOR_BACKEND_SERVICES="${SW_SKY_AOP}" \
-    SW_AGENT_NAME="${SW_APP_NAME}"
 #暴露应用程序的端口
 #EXPOSE 8090
 # 运行应用程序
-ENTRYPOINT ["java", "-Dfile.encoding=UTF-8","-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar","-jar","tuoheng.jar"]
-                                                                                                                                                                                                                                                                                                                                                                                            
+ENTRYPOINT ["java", "-Dfile.encoding=UTF-8", \
+    "-javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar", \
+    "-jar", "tuoheng.jar"]
+# ENTRYPOINT exec java -Dfile.encoding=UTF-8 \
+# -javaagent:/data/java/tuoheng/skywalking-agent/skywalking-agent.jar \
+# -jar tuoheng.jar

builder/airport.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $AIRPORT_JAR
+cp $AIRPORT_REMOTE_JAR $AIRPORT_JAR
+./builder.sh $AIRPORT_NAME $AIRPORT_IMAGE $AIRPORT_JAR

builder/builder.sh

@@ -17,6 +17,6 @@ cp /data/java/apache-skywalking-java-agent-9.0.0.tgz apache-skywalking-java-agen
 docker image rm $2
 docker build --no-cache \
   --build-arg SW_APP_NAME=$1 \
-  --build-arg SW_SKY_AOP=$SKY_AOP \
+  --build-arg SW_AGENT_COLLECTOR_BACKEND_SERVICES=${SKYWALKING_OAP_NAME}:11800 \
   -t $2 .  # 注意末尾的 `.` 表示当前路径
 docker push $2                                                                                               

builder/business.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $BUSINESS_JAR
+cp $BUSINESS_REMOTE_JAR $BUSINESS_JAR
+./builder.sh $BUSINESS_NAME $BUSINESS_IMAGE $BUSINESS_JAR

builder/dspadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_ADMIN_JAR
+cp $DSP_ADMIN_REMOTE_JAR $DSP_ADMIN_JAR
+./builder.sh $DSP_ADMIN_NAME $DSP_ADMIN_IMAGE $DSP_ADMIN_JAR

builder/dspapi.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_API_JAR
+cp $DSP_API_REMOTE_JAR $DSP_API_JAR
+./builder.sh $DSP_API_NAME $DSP_API_IMAGE $DSP_API_JAR

builder/dspinspection.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_INSPECTION_JAR
+cp $DSP_INSPECTION_REMOTE_JAR $DSP_INSPECTION_JAR
+./builder.sh $DSP_INSPECTION_NAME $DSP_INSPECTION_IMAGE $DSP_INSPECTION_JAR

builder/dspmini.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_MINI_JAR
+cp $DSP_MINI_REMOTE_JAR $DSP_MINI_JAR
+./builder.sh $DSP_MINI_NAME $DSP_MINI_IMAGE $DSP_MINI_JAR

builder/dspportal.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $DSP_PORTAL_JAR
+cp $DSP_PORTAL_REMOTE_JAR $DSP_PORTAL_JAR
+./builder.sh $DSP_PORTAL_NAME $DSP_PORTAL_IMAGE $DSP_PORTAL_JAR

builder/ffmpeg/dockerfile

@@ -0,0 +1,21 @@
+FROM alfg/ffmpeg:latest
+
+# 安装OpenJDK 11
+RUN apk add --no-cache openjdk11-jre
+
+# 设置Java环境变量
+ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk
+ENV PATH=$PATH:$JAVA_HOME/bin
+
+# 验证安装
+RUN java -version && \
+    ffmpeg -version && \
+    ffmpeg -codecs && \
+    ffmpeg -formats
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

builder/hhzadmin.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $HHZ_ADMIN_JAR
+cp $HHZ_ADMIN_REMOTE_JAR $HHZ_ADMIN_JAR
+./builder.sh $HHZ_ADMIN_NAME $HHZ_ADMIN_IMAGE $HHZ_ADMIN_JAR

builder/hhzapi.sh

@@ -0,0 +1,4 @@
+source ../environment.sh
+rm $HHZ_API_JAR
+cp $HHZ_API_REMOTE_JAR $HHZ_API_JAR
+./builder.sh $HHZ_API_NAME $HHZ_API_IMAGE $HHZ_API_JAR

builder/stream.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+source ../environment.sh
+# 检查必要的环境变量
+if [ -z "$STREAM_REMOTE_JAR" ]; then
+    echo "Error: STREAM_REMOTE_JAR environment variable is not set"
+    exit 1
+fi
+
+if [ -z "$STREAM_IMAGE" ]; then
+    echo "Error: STREAM_IMAGE environment variable is not set"
+    exit 1
+fi
+
+if [ -z "$STREAM_JAR" ]; then
+    echo "Error: STREAM_JAR environment variable is not set"
+    exit 1
+fi
+
+# 创建临时构建目录
+BUILD_DIR=$(mktemp -d)
+trap 'rm -rf "$BUILD_DIR"' EXIT
+
+# 复制JAR文件
+echo "Copying JAR file from $STREAM_REMOTE_JAR"
+cp "$STREAM_REMOTE_JAR" "$BUILD_DIR/${STREAM_JAR}"
+
+# 检查JAR文件是否复制成功
+if [ ! -f "$BUILD_DIR/${STREAM_JAR}" ]; then
+    echo "Error: Failed to copy JAR file"
+    exit 1
+fi
+
+# 创建Dockerfile
+cat > "$BUILD_DIR/Dockerfile" << EOF
+FROM registry.t-aaron.com/tuoheng/ffmpeg:latest
+
+# 设置工作目录
+WORKDIR /app
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/\$TZ /etc/localtime && echo \$TZ > /etc/timezone
+
+# 创建数据目录
+RUN mkdir -p /data/temp && chmod 777 /data/temp
+# 创建数据目录
+RUN mkdir -p /data/recording && chmod 777 /data/recording
+# 创建数据目录
+RUN mkdir -p /data/record && chmod 777 /data/record
+
+# 复制JAR文件
+COPY ${STREAM_JAR} /app/
+
+# 设置启动命令
+ENTRYPOINT ["java", "-jar", "/app/${STREAM_JAR}"]
+EOF
+
+# 构建Docker镜像
+echo "Building Docker image: $STREAM_IMAGE"
+docker build -t "$STREAM_IMAGE" "$BUILD_DIR"
+
+# 清理
+# rm -rf "$BUILD_DIR"
+
+echo "Docker image $STREAM_IMAGE has been built successfully"
+
+docker push $STREAM_IMAGE

dashuju.sh

@@ -0,0 +1,56 @@
+echo "开始执行 dashuju.sh"
+export VERSION=default
+export DOMAIN=dashuju
+export DOMAIN_END=t-aaron.com
+# 主机对外爆露的HTTP端口
+export NGINX_HTTP_PORT=9999
+# 主机对外爆露的HTTPS端口--------- 
+export NGINX_HTTPS_PORT=3443
+# MYSQL对外地址 ----
+export MYSQL_PORT=3009
+export REDIS_PORT=6381
+#MQTT 配置
+# MQTT对外爆露端口 -- OK
+export MQTT_PORT=8000
+export MQTT_WS_PORT=9004
+export KAFKA_PORT=9292
+# SRS对外爆露端口---- OK
+export SRS_RTMP_PORT=1935
+# Minio对外爆露端口
+export MINIO_API_PORT=9700
+# Minio控制台对外爆露端口
+export MINIO_CONSOLE_PORT=9022
+
+
+export MINIO_ACCESS_KEY=5x2X7FkeyxEYQPAFOUet
+export MINIO_SECRET_KEY=WOH5bzWr3OdrdzrPdN3hXFlxsSWJuRW2kQeRUbJI
+
+# Consul 配置
+export CONSUL_PORT=8600
+# XXL-Job 配置
+export XXLJOB_PORT=8383
+
+export HHZ_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/tuoheng_hhz_web/dist
+export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/dsp-admin/dist
+export AIRPORT_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/tuoheng_airport_web/dist
+export BUSINESS_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/business_web/dist
+export OIDC_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dashuju/oidc_web/dist
+
+echo $HHZ_ADMIN_WEB_DIST
+echo $DSP_ADMIN_WEB_DIST
+echo $AIRPORT_WEB_DIST
+echo $BUSINESS_WEB_DIST
+
+#域名证书位置写在这边
+#export PEM_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.pem
+#export KEY_PATH=/Users/sunpeng/workspace/remote/docker/nginx/vhosts/cert/t-aaron.com.key
+
+#前端配置
+#export VUE_APP_API_BASE_URL = https://${HHZ_DOMAIN}:${NGINX_HTTPS_PORT}/
+#export VUE_APP_AUTHORITY = https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+#export VUE_APP_OUT_AUTHORITY = https://${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+#VUE_APP_API_BASE_URL=https://${AIRPORT_DOMAIN}:${NGINX_HTTPS_PORT}/airport
+#https://airport-develop.t-aaron.com:3443
+#https://hhz-develop.t-aaron.com:3443
+
+#https://oidc-develop.t-aaron.com:3443

environment.sh

@@ -1,28 +1,135 @@
 #!/bin/bash
 # 定基本环境变量并导出
-# 所有端口都为主机对外爆露的端口
-export DOMAIN=bazhong
+# 不同的环境采用不同的DOMAIN
+if [ -z "${VERSION}" ]; then
+    export VERSION=""
+    echo "环境变量 VERSION 未设置"
+else
+    echo "环境变量 VERSION 已设置，设置为 ${VERSION}"
+fi
+
+if [ -z "${DOMAIN}" ]; then
+    export DOMAIN=bazhong
+    echo "环境变量 DOMAIN 未设置，设置为默认值 ${DOMAIN}"
+else
+    echo "环境变量 DOMAIN 已设置，设置为 ${DOMAIN}"
+fi
+
+if [[ "$(uname)" == "Darwin" ]]; then
+  echo "当前是 Mac 系统"
+  export PLATFORM=""
+  # 这里写 Mac 下要执行的命令
+else
+  echo "当前不是 Mac 系统"
+  export PLATFORM="linux"
+  echo "环境变量 PLATFORM 已设置，设置为 ${PLATFORM}"
+  # 这里写 Linux 或其他系统下要执行的命令
+fi
+
+
 export NETWORK="swarm_network_$DOMAIN"
-export HOST_IP=127.0.0.1
+# 镜像仓库地址
 export REGISTRY=registry.t-aaron.com
-export SKY_DOMAIN=sky-${DOMAIN}.t-aaron.com
-export CONSUL_DOMAIN=consul-${DOMAIN}.t-aaron.com
-export XXLJOB_DOMAIN=xxljob-${DOMAIN}.t-aaron.com
-export OIDC_SERVER_DOMAIN=oidc-${DOMAIN}.t-aaron.com
+# 主机的域名后缀
+if [ -z "${DOMAIN_END}" ]; then
+    export DOMAIN_END=t-aaron.com
+    echo "环境变量 DOMAIN_END 未设置，设置为默认值 ${DOMAIN_END}"
+else
+    echo "环境变量 DOMAIN_END 已设置，设置为 ${DOMAIN_END}"
+fi
 
+# 主机对外爆露的HTTP端口
+if [ -z "$NGINX_HTTP_PORT" ]; then
+    export NGINX_HTTP_PORT=8899
+else
+    echo "环境变量 NGINX_HTTP_PORT 已设置，设置为 ${NGINX_HTTP_PORT}"
+fi
+# 主机对外爆露的HTTPS端口
+if [ -z "$NGINX_HTTPS_PORT" ]; then
+    export NGINX_HTTPS_PORT=2443
+else
+    echo "环境变量 NGINX_HTTPS_PORT 已设置，设置为 ${NGINX_HTTPS_PORT}"
+fi
 
+if [ -z "$SKYWALKING_UI_DOMAIN" ]; then
+   export SKYWALKING_UI_DOMAIN=sky-${DOMAIN}.${DOMAIN_END}
+fi
+
+if [ -z "$CONSUL_DOMAIN" ]; then
+   export CONSUL_DOMAIN=consul-${DOMAIN}.${DOMAIN_END}
+fi
+
+if [ -z "$XXLJOB_DOMAIN" ]; then
+   export XXLJOB_DOMAIN=xxljob-${DOMAIN}.${DOMAIN_END}
+fi
+
+if [ -z "$OIDC_SERVER_DOMAIN" ]; then
+   export OIDC_SERVER_DOMAIN=oidc-${DOMAIN}.${DOMAIN_END}
+fi
+export OIDC_DOMAIN_FULL=${OIDC_SERVER_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$OIDC_ADMIN_DOMAIN" ]; then
+   export OIDC_ADMIN_DOMAIN=oidcadmin-${DOMAIN}.${DOMAIN_END}
+fi
+export OIDC_ADMIN_DOMAIN_FULL=${OIDC_ADMIN_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$MINIO_DOMAIN" ]; then
+   export MINIO_DOMAIN=minio-${DOMAIN}.${DOMAIN_END}
+fi
+
+if [ -z "$MINIO_CONSOLE_DOMAIN" ]; then
+   export MINIO_CONSOLE_DOMAIN=minioconsole-${DOMAIN}.${DOMAIN_END}
+fi
+
+if [ -z "$AIRPORT_DOMAIN" ]; then
+   export AIRPORT_DOMAIN=airport-${DOMAIN}.${DOMAIN_END}
+fi
+export AIRPORT_DOMAIN_FULL=${AIRPORT_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$BUSINESS_DOMAIN" ]; then
+   export BUSINESS_DOMAIN=business-${DOMAIN}.${DOMAIN_END}
+fi
+export BUSINESS_DOMAIN_FULL=${BUSINESS_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$SRS_DOMAIN" ]; then
+   export SRS_DOMAIN=srs-${DOMAIN}.${DOMAIN_END}
+fi
+export SRS_DOMAIN_FULL=${SRS_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$HHZ_DOMAIN" ]; then
+   export HHZ_DOMAIN=hhz-${DOMAIN}.${DOMAIN_END}
+fi
+export HHZ_DOMAIN_FULL=${HHZ_DOMAIN}:${NGINX_HTTPS_PORT}
+
+if [ -z "$DSP_DOMAIN" ]; then
+   export DSP_DOMAIN=dsp-${DOMAIN}.${DOMAIN_END}
+fi
+export DSP_DOMAIN_FULL=${DSP_DOMAIN}:${NGINX_HTTPS_PORT}
 export REGISTRY_HOST=${REGISTRY}/tuoheng/
-#export REGISTRY_HOST=""
+
+if [ -z "$KAFKA_DOMAIN" ]; then
+  export KAFKA_DOMAIN=kafka-${DOMAIN}.${DOMAIN_END}
+fi
+ 
+
+
+
+ 
 
 #Nginx 配置
 export NGINX_NAME=NGINX_${DOMAIN}
-export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}
-export NGINX_HTTP_PORT=8899
-export NGINX_HTTPS_PORT=2443
+export NGINX_IMAGE=${REGISTRY_HOST}nginx:${DOMAIN}${VERSION}
 export NGINX_MEMORY=256m
 
-#MySql 配置
-export MYSQL_PORT=3308
+#MySql 配置 
+# 数据库对外爆露端口 
+
+# 主机对外爆露的HTTPS端口
+if [ -z "$MYSQL_PORT" ]; then
+    export MYSQL_PORT=3308
+else
+    echo "环境变量 MYSQL_PORT 已设置，设置为 ${MYSQL_PORT}"
+fi
 export MYSQL_ROOT_PASSWORD=tuoheng2024
 export MYSQL_IMAGE=${REGISTRY_HOST}mysql:8.0.25
 export MYSQL_DATA=${NETWORK}_mysql_data
@@ -30,120 +137,327 @@ export MYSQL_NAME=MYSQL_${DOMAIN}
 export MYSQL_MEMORY=1g    
 
 #Redis 配置
-export REDIS_PORT=6380
+if [ -z "$REDIS_PORT" ]; then
+   export REDIS_PORT=6380
+else
+    echo "环境变量 REDIS_PORT 已设置，设置为 ${REDIS_PORT}"
+fi
+ 
 export REDIS_IMAGE=${REGISTRY_HOST}redis:latest
 export REDIS_DATA=${NETWORK}_redis_data
 export REDIS_NAME=REDIS_${DOMAIN}
 export REDIS_MEMORY=512m    
 
+
 #MQTT 配置
-export MQTT_PORT=1883
-export MQTT_WS_PORT=9001
+# MQTT对外爆露端口
+if [ -z "$MQTT_PORT" ]; then
+   export MQTT_PORT=1883
+else
+    echo "环境变量 MQTT_PORT 已设置，设置为 ${MQTT_PORT}"
+fi
+if [ -z "$MQTT_WS_PORT" ]; then
+   export MQTT_WS_PORT=9001
+else
+    echo "环境变量 MQTT_WS_PORT 已设置，设置为 ${MQTT_WS_PORT}"
+fi
+ 
+ 
 export MQTT_IMAGE=${REGISTRY_HOST}eclipse-mosquitto:latest
 export MQTT_NAME=MQTT_${DOMAIN}
 export MQTT_MEMORY=512m    
 
 #Kafka 配置
-export KAFKA_PORT=9092
-export KAFKA_IMAGE=${REGISTRY_HOST}confluentinc/cp-kafka:latest
+# Kafka对外爆露端口
+if [ -z "$KAFKA_PORT" ]; then
+   export KAFKA_PORT=9292
+else
+    echo "环境变量 KAFKA_PORT 已设置，设置为 ${KAFKA_PORT}"
+fi
+if [[ "$(uname)" == "Darwin" ]]; then
+  echo "当前是 Mac 系统"
+  export KAFKA_IMAGE=${REGISTRY_HOST}bitnami/kafka:latest
+  # 这里写 Mac 下要执行的命令
+else
+  echo "当前不是 Mac 系统"
+  export KAFKA_IMAGE=${REGISTRY_HOST}bitnami/kafka:${PLATFORM}
+  echo "环境变量 KAFKA_IMAGE 已设置，设置为 ${KAFKA_IMAGE}"
+  # 这里写 Linux 或其他系统下要执行的命令
+fi
 export KAFKA_NAME=KAFKA_${DOMAIN}
-export KAFKA_MEMORY=512m   
-
+export KAFKA_MEMORY=2g
+export KAFKA_DATA=${NETWORK}_kafka_data  
+export KAFKA_DOMAIN_FULL=${KAFKA_DOMAIN}:${KAFKA_PORT}
+ 
 
 #SRS 配置
-export SRS_NAME=SRS_${DOMAIN}
-export SRS_HTTP_PORT=8080
-export SRS_RTMP_PORT=1935
-export SRS_RTC_PORT=8000
+# SRS对外爆露端口 Name比较特别,没有DOAMIN后缀
+export SRS_NAME=SRS
+if [ -z "$SRS_RTMP_PORT" ]; then
+  export SRS_RTMP_PORT=1935
+else
+    echo "环境变量 SRS_RTMP_PORT 已设置，设置为 ${SRS_RTMP_PORT}"
+fi
+if [ -z "$SRS_RTC_PORT" ]; then
+  export SRS_RTC_PORT=8000
+else
+    echo "环境变量 SRS_RTC_PORT 已设置，设置为 ${SRS_RTC_PORT}"
+fi
+if [ -z "$SRS_SRT_PORT" ]; then
+  export SRS_SRT_PORT=10080
+else
+    echo "环境变量 SRS_SRT_PORT 已设置，设置为 ${SRS_SRT_PORT}"
+fi
+export SRS_RTMP_DOMAIN_FULL=${SRS_DOMAIN}:${SRS_RTMP_PORT}
 export SRS_MEMORY=512m
-export SRS_IMAGE=registry.cn-hangzhou.aliyuncs.com/ossrs/srs:5
+export SRS_IMAGE=${REGISTRY_HOST}srs:6
 export SRS_DATA=${NETWORK}_srs_data
 
-
-#Minio 配置
-export MINIO_NAME=MINIO_${DOMAIN}
+#Minio 配置 Name比较特别,没有DOAMIN后缀
+export MINIO_NAME=MINIO
 export MINIO_MEMORY=512m
-export MINIO_IMAGE=quay.io/minio/minio
+export MINIO_IMAGE=${REGISTRY_HOST}quay.io/minio:latest${PLATFORM}
 export MINIO_DATA=${NETWORK}_minio_data 
-export MINIO_API_PORT=9000
-export MINIO_CONSOLE_PORT=9002
+# Minio对外爆露端口
+if [ -z "$MINIO_API_PORT" ]; then
+   export MINIO_API_PORT=9000
+else
+    echo "环境变量 MINIO_API_PORT 已设置，设置为 ${MINIO_API_PORT}"
+fi
+# Minio控制台对外爆露端口
+if [ -z "$MINIO_CONSOLE_PORT" ]; then
+   export MINIO_CONSOLE_PORT=9002
+else
+    echo "环境变量 MINIO_CONSOLE_PORT 已设置，设置为 ${MINIO_CONSOLE_PORT}"
+fi
 export MINIO_ROOT_USER=miniopassword
 export MINIO_ROOT_PASSWORD=miniopassword   
 
+if [ -z "$MINIO_ACCESS_KEY" ]; then
+    export MINIO_ACCESS_KEY=shvngIfksXjTqlQHKSxt
+else
+    echo "环境变量 MINIO_ACCESS_KEY 已设置，设置为 ${MINIO_ACCESS_KEY}"
+fi
+
+if [ -z "$MINIO_SECRET_KEY" ]; then
+    export MINIO_SECRET_KEY=Xed4RsGAF1iX7bzEsNEXydnEYsWMUHzU4cA4IPGl
+else
+    echo "环境变量 MINIO_SECRET_KEY 已设置，设置为 ${MINIO_SECRET_KEY}"
+fi
+
 # Elasticsearch 配置
 export ES_NAME=ES_${DOMAIN}
-export ES_IMAGE=elasticsearch:7.8.0
+export ES_IMAGE=${REGISTRY_HOST}elasticsearch:7.8.0
 export ES_MEMORY=1g
+# Elasticsearch对外爆露端口
 export ES_PORT=9200
 export ES_DATA=${NETWORK}_es_data
+export ES_LOG_DATA=${NETWORK}_es_log_data
 
 # SkyWalking 配置
 export SKYWALKING_OAP_NAME=SKYWALKING_OAP_${DOMAIN}
 export SKYWALKING_UI_NAME=SKYWALKING_UI_${DOMAIN}
-export SKYWALKING_OAP_IMAGE=apache/skywalking-oap-server:8.6.0-es7
-export SKYWALKING_UI_IMAGE=apache/skywalking-ui:8.6.0
-export SKYWALKING_OAP_MEMORY=512m
-export SKYWALKING_UI_MEMORY=512m
+export SKYWALKING_OAP_IMAGE=${REGISTRY_HOST}apache/skywalking-oap-server:8.6.0-es7
+export SKYWALKING_UI_IMAGE=${REGISTRY_HOST}apache/skywalking-ui:8.6.0
+export SKYWALKING_OAP_MEMORY=1g
+export SKYWALKING_UI_MEMORY=1g
+# SkyWalking UI对外爆露端口
 export SKYWALKING_UI_PORT=8181
 export SW_AGENT_COLLECTOR_BACKEND_SERVICES=${SKYWALKING_OAP_NAME}:11800
 export SKYWALKING_USERNAME=skywalking
 export SKYWALKING_PASSWORD=skywalking
 
+#SKY_AOP 配置
+export SKY_AOP=${SKYWALKING_OAP_NAME}:11800
 
 # Consul 配置
 export CONSUL_NAME=CONSUL_${DOMAIN}
 export CONSUL_IMAGE=${REGISTRY_HOST}consul:latest
-export CONSUL_PORT="8500"
+if [ -z "$CONSUL_PORT" ]; then
+   export CONSUL_PORT=8500
+else
+    echo "环境变量 CONSUL_PORT 已设置，设置为 ${CONSUL_PORT}"
+fi
 export CONSUL_MEMORY="512m"
 
 # XXL-Job 配置
-export XXLJOB_NAME=XXL_JOB_${DOMAIN}
+export XXLJOB_NAME=XXL-JOB-${DOMAIN}
 export XXLJOB_IMAGE=${REGISTRY_HOST}xuxueli/xxl-job-admin:2.4.0
-export XXLJOB_PORT=8282
-export XXLJOB_MEMORY=512m
+if [ -z "$XXLJOB_PORT" ]; then
+   export XXLJOB_PORT=8282 
+else
+    echo "环境变量 XXLJOB_PORT 已设置，设置为 ${XXLJOB_PORT}"
+fi
+export XXLJOB_MEMORY=1g
 export XXLJOB_ACCESS_TOKEN=default_token
  
-#SKY_AOP 配置
-export SKY_AOP=106.15.229.178:11800
+
 
 #OIDCServer 配置
-export OIDC_SERVER_NAME=OIDC_SERVER_${DOMAIN} 
-export OIDC_SERVER_IMAGE=${REGISTRY_HOST}oidcserver:${DOMAIN} 
+export OIDC_SERVER_NAME=OIDC-SERVER${DOMAIN} 
+export OIDC_SERVER_IMAGE=${REGISTRY_HOST}oidcserver:${DOMAIN}${VERSION} 
 export OIDC_SERVER_JAR=tuoheng_oidc_server.jar
-export OIDC_SERVER_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcservice/${OIDC_SERVER_JAR}
-export OIDC_SERVER_MEMORY=512m
+if [ -z "$OIDC_SERVER_REMOTE_JAR" ]; then
+   export OIDC_SERVER_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcservice/${OIDC_SERVER_JAR}
+else
+    echo "环境变量 OIDC_SERVER_REMOTE_JAR 已设置，设置为 ${OIDC_SERVER_REMOTE_JAR}"
+fi
+export OIDC_SERVER_MEMORY=1g
 
 #OIDCAdmin 配置
-export OIDC_ADMIN_NAME=OIDC_ADMIN_${DOMAIN} 
-export OIDC_ADMIN_IMAGE=${REGISTRY_HOST}oidcadmin:${DOMAIN} 
+export OIDC_ADMIN_NAME=OIDC-ADMIN${DOMAIN} 
+export OIDC_ADMIN_IMAGE=${REGISTRY_HOST}oidcadmin:${DOMAIN}${VERSION} 
 export OIDC_ADMIN_JAR=tuoheng_oidc_admin.jar
-export OIDC_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcadmin/${OIDC_ADMIN_JAR}
-export OIDC_ADMIN_MEMORY=512m
+if [ -z "$OIDC_ADMIN_REMOTE_JAR" ]; then
+   export OIDC_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/oidcadmin/${OIDC_ADMIN_JAR}
+else
+    echo "环境变量 OIDC_ADMIN_REMOTE_JAR 已设置，设置为 ${OIDC_ADMIN_REMOTE_JAR}"
+fi
+export OIDC_ADMIN_MEMORY=1g
 
-
-export GATEWAY_NAME=GATEWAY_${DOMAIN}
-export GATEWAY_IMAGE=${REGISTRY_HOST}gateway:${DOMAIN}
+#网关配置
+export GATEWAY_NAME=GATEWAY${DOMAIN}
+export GATEWAY_IMAGE=${REGISTRY_HOST}gateway:${DOMAIN}${VERSION}
 export GATEWAY_JAR=tuoheng_gateway.jar
-export GATEWAY_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/gateway/${GATEWAY_JAR}
-export GATEWAY_MEMORY=512m
+if [ -z "$GATEWAY_REMOTE_JAR" ]; then
+  export GATEWAY_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/gateway/${GATEWAY_JAR}
+else
+    echo "环境变量 GATEWAY_REMOTE_JAR 已设置，设置为 ${GATEWAY_REMOTE_JAR}"
+fi
+export GATEWAY_MEMORY=1g
+
+#流媒体录制配置
+export STREAM_NAME=STREAM
+export STREAM_IMAGE=${REGISTRY_HOST}stream:${DOMAIN}${VERSION}
+if [ -z "$STREAM_REMOTE_JAR" ]; then
+  export STREAM_REMOTE_JAR=/Users/sunpeng/workspace/ideaproject/stream_server/target/stream_server-0.0.1-SNAPSHOT.jar
+else
+    echo "环境变量 STREAM_REMOTE_JAR 已设置，设置为 ${STREAM_REMOTE_JAR}"
+fi
+export STREAM_MEMORY=1g
+export STREAM_JAR=stream_server-0.0.1-SNAPSHOT.jar
+export STREAM_DATA=${NETWORK}_stream_data
+export STREAM_DEBUG_PORT=7878
+
+#河湖长
+export HHZ_API_NAME=HHZ-API${DOMAIN}
+export HHZ_API_IMAGE=${REGISTRY_HOST}hhzapi:${DOMAIN}${VERSION}
+export HHZ_API_JAR=tuoheng_hhz_api.jar
+if [ -z "$HHZ_API_REMOTE_JAR" ]; then
+  export HHZ_API_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/hhz-api/${HHZ_API_JAR}
+else
+    echo "环境变量 HHZ_API_REMOTE_JAR 已设置，设置为 ${HHZ_API_REMOTE_JAR}"
+fi
+export HHZ_API_MEMORY=1g
+
+#河湖长
+export HHZ_ADMIN_NAME=HHZ-ADMIN${DOMAIN}
+export HHZ_ADMIN_IMAGE=${REGISTRY_HOST}hhzadmin:${DOMAIN}${VERSION}
+export HHZ_ADMIN_JAR=tuoheng_hhz_admin.jar
+if [ -z "${HHZ_ADMIN_REMOTE_JAR}" ]; then
+    export HHZ_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/hhz-admin/${HHZ_ADMIN_JAR}
+else
+    echo "环境变量 HHZ_ADMIN_REMOTE_JAR 已设置，设置为 ${HHZ_ADMIN_REMOTE_JAR}"
+fi
+export HHZ_ADMIN_MEMORY=1g
+if [ -z "${HHZ_ADMIN_WEB_DIST}" ]; then
+    export HHZ_ADMIN_WEB_DIST=/Users/sunpeng/workspace/remote/tuoheng_hhz_web/dist
+else
+    echo "环境变量 HHZ_ADMIN_WEB_DIST 已设置，设置为 ${HHZ_ADMIN_WEB_DIST}"
+fi
 
 
+#机场平台
+export AIRPORT_NAME=AIRPORT${DOMAIN}
+export AIRPORT_IMAGE=${REGISTRY_HOST}airport:${DOMAIN}${VERSION}
+export AIRPORT_JAR=tuoheng_airport_admin.jar
+if [ -z "${AIRPORT_REMOTE_JAR}" ]; then
+    export AIRPORT_REMOTE_JAR=/Users/sunpeng/workspace/remote/tuoheng_airport/tuoheng-admin/target/${AIRPORT_JAR}
+else
+    echo "环境变量 AIRPORT_REMOTE_JAR 已设置，设置为 ${AIRPORT_REMOTE_JAR}"
+fi
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    export AIRPORT_WEB_DIST=/Users/sunpeng/workspace/remote/docker/tuoheng_airport_web/dist
+else
+    echo "环境变量 AIRPORT_WEB_DIST 已设置，设置为 ${AIRPORT_WEB_DIST}"
+fi
+export AIRPORT_MEMORY=1g
 
 
-#主机INGRESS_PORT 映射到容器80 INGRESS_SSL_PORT 映射到容器 443
-export INGRESS_PORT=80
-#export INGRESS_SSL_PORT=443
- 
-export OIDC_URL=https://oidc-$DOMAIN-software.t-aaron.com
-export OIDC_PORT=8090
-export XXL_JOB=http://xxljob:8080/xxl-job-admin
-#固定基本配置
-export TZ=Asia/Shanghai
-export SPRING_CLOUD_CONSUL_HOST=consul
-export SPRING_CLOUD_CONSUL_PORT=8500
- 
+export BUSINESS_NAME=BUSINESS${DOMAIN}
+export BUSINESS_IMAGE=${REGISTRY_HOST}business:${DOMAIN}${VERSION}
+export BUSINESS_JAR=tuoheng_business_admin.jar
+if [ -z "${BUSINESS_REMOTE_JAR}" ]; then
+   export BUSINESS_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/business/${BUSINESS_JAR}
+else
+    echo "环境变量 BUSINESS_REMOTE_JAR 已设置，设置为 ${BUSINESS_REMOTE_JAR}"
+fi
+export BUSINESS_MEMORY=512m
+if [ -z "${BUSINESS_WEB_DIST}" ]; then
+    export BUSINESS_WEB_DIST=/Users/sunpeng/workspace/remote/tuoheng_hhz_web/dist
+else
+    echo "环境变量 BUSINESS_WEB_DIST 已设置，设置为 ${BUSINESS_WEB_DIST}"
+fi
 
  
+export DSP_API_NAME=DSP-API${DOMAIN}
+export DSP_API_IMAGE=${REGISTRY_HOST}dspapi:${DOMAIN}${VERSION}
+export DSP_API_JAR=tuoheng_dsp_api.jar
+if [ -z "${DSP_API_REMOTE_JAR}" ]; then
+   export DSP_API_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-api/${DSP_API_JAR}
+else
+    echo "环境变量 DSP_API_REMOTE_JAR 已设置，设置为 ${DSP_API_REMOTE_JAR}"
+fi
+export DSP_API_MEMORY=1g
+
+export DSP_ADMIN_NAME=DSP-ADMIN${DOMAIN}
+export DSP_ADMIN_IMAGE=${REGISTRY_HOST}dspadmin:${DOMAIN}${VERSION}
+export DSP_ADMIN_JAR=tuoheng_dsp_admin.jar
+if [ -z "${DSP_ADMIN_REMOTE_JAR}" ]; then
+    export DSP_ADMIN_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-admin/${DSP_ADMIN_JAR}
+else
+    echo "环境变量 DSP_ADMIN_REMOTE_JAR 已设置，设置为 ${DSP_ADMIN_REMOTE_JAR}"
+fi
+export DSP_ADMIN_MEMORY=512m
+if [ -z "${DSP_ADMIN_WEB_DIST}" ]; then
+    export DSP_ADMIN_WEB_DIST=/home/th/workspace/dockerbuilder/webs/dsp-admin/dist
+else
+    echo "环境变量 DSP_ADMIN_WEB_DIST 已设置，设置为 ${DSP_ADMIN_WEB_DIST}"
+fi
 
 
+export DSP_INSPECTION_NAME=DSP-INSPECTION${DOMAIN}
+export DSP_INSPECTION_IMAGE=${REGISTRY_HOST}dspinspection:${DOMAIN}${VERSION}
+export DSP_INSPECTION_JAR=tuoheng_dsp_inspection.jar
+if [ -z "${DSP_INSPECTION_REMOTE_JAR}" ]; then
+    export DSP_INSPECTION_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-inspection/${DSP_INSPECTION_JAR}
+else
+    echo "环境变量 DSP_INSPECTION_REMOTE_JAR 已设置，设置为 ${DSP_INSPECTION_REMOTE_JAR}"
+fi
+export DSP_INSPECTION_MEMORY=512m
 
+export DSP_MINI_NAME=DSP-MINI${DOMAIN}
+export DSP_MINI_IMAGE=${REGISTRY_HOST}dspmini:${DOMAIN}${VERSION}
+export DSP_MINI_JAR=tuoheng_dsp_miniprogram.jar
+if [ -z "${DSP_MINI_REMOTE_JAR}" ]; then
+    export DSP_MINI_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-mini/${DSP_MINI_JAR}
+else
+    echo "环境变量 DSP_MINI_REMOTE_JAR 已设置，设置为 ${DSP_MINI_REMOTE_JAR}"
+fi
+export DSP_MINI_MEMORY=512m
+
+export DSP_PORTAL_NAME=DSP-PORTAL${DOMAIN}
+export DSP_PORTAL_IMAGE=${REGISTRY_HOST}dspportal:${DOMAIN}${VERSION}
+export DSP_PORTAL_JAR=tuoheng_dsp_portal.jar
+if [ -z "${DSP_PORTAL_REMOTE_JAR}" ]; then
+    export DSP_PORTAL_REMOTE_JAR=/home/th/workspace/test/swarm/dockerfile/dsp-portal/${DSP_PORTAL_JAR}
+else
+    echo "环境变量 DSP_PORTAL_REMOTE_JAR 已设置，设置为 ${DSP_PORTAL_REMOTE_JAR}"
+fi
+export DSP_PORTAL_MEMORY=512m
+
+# Kafka UI 配置
+export KAFKA_UI_PORT=8080
+export KAFKA_UI_NAME=KAFKA_UI_${DOMAIN}
+export KAFKA_UI_IMAGE=registry.t-aaron.com/tuoheng/provectuslabs/kafka-ui:latest
+export KAFKA_UI_MEMORY=512m

init/1.network.sh

@@ -1,7 +1,10 @@
 source ../environment.sh
 if ! docker network inspect ${NETWORK} >/dev/null 2>&1; then
-  docker network create --driver bridge ${NETWORK}
-  echo "创建 ${NETWORK} bridge 网络成功"
+  docker network create --driver bridge \
+    --subnet=172.20.0.0/16 \
+    --gateway=172.20.0.1 \
+    ${NETWORK}
+  echo "创建 ${NETWORK} bridge 网络成功，子网: 172.20.0.0/16，网关: 172.20.0.1"
 else
   echo "${NETWORK} 网络已存在"
 fi

init/10.sky-oap.sh

@@ -48,13 +48,16 @@ echo "启动 SkyWalking OAP..."
 docker run -d \
     --name ${SKYWALKING_OAP_NAME} \
     --network $NETWORK \
+    -p 13800:11800 \
     --memory $SKYWALKING_OAP_MEMORY \
     --restart unless-stopped \
+    -e TZ=Asia/Shanghai \
     -e SW_STORAGE=elasticsearch7 \
     -e SW_STORAGE_ES_CLUSTER_NODES=${ES_NAME}:9200 \
+    -e SW_CORE_RECORD_DATA_TTL=1 \
+    -e SW_CORE_METRICS_DATA_TTL=1 \
     --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
     $SKYWALKING_OAP_IMAGE
 
 # 等待OAP启动
    # 确认 OAP 完全启动后再启动 UI
- 

init/2.volumn.sh

@@ -42,5 +42,28 @@ else
    echo "${ES_DATA} 卷已存在"    
 fi
 
+source ../environment.sh
+if ! docker volume inspect ${ES_LOG_DATA} >/dev/null 2>&1; then
+   docker volume create ${ES_LOG_DATA}
+   echo "创建 ${ES_LOG_DATA} 卷成功"
+else
+   echo "${ES_LOG_DATA} 卷已存在"    
+fi
 
- 
+
+
+source ../environment.sh
+if ! docker volume inspect ${KAFKA_DATA} >/dev/null 2>&1; then
+   docker volume create ${KAFKA_DATA}
+   echo "创建 ${KAFKA_DATA} 卷成功"
+else
+   echo "${KAFKA_DATA} 卷已存在"    
+fi
+
+source ../environment.sh
+if ! docker volume inspect ${STREAM_DATA} >/dev/null 2>&1; then
+   docker volume create ${STREAM_DATA}
+   echo "创建 ${STREAM_DATA} 卷成功"
+else
+   echo "${STREAM_DATA} 卷已存在"    
+fi

init/3.mysql.sh

@@ -13,6 +13,19 @@ if [ -z "$MYSQL_PORT" ]; then
     exit 1
 fi
 
+rm -fr ./mysql-config
+# 创建MySQL配置目录
+mkdir -p ./mysql-config
+
+
+# 创建MySQL配置文件
+cat > ./mysql-config/my.cnf << EOF
+[mysqld]
+sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
+character-set-server=utf8mb4
+collation-server=utf8mb4_unicode_ci
+EOF
+
 if docker ps -a | grep -q ${MYSQL_NAME}; then
     echo "停止并删除已存在的 MySQL 容器..."
     docker stop ${MYSQL_NAME} >/dev/null 2>&1
@@ -24,11 +37,19 @@ docker run -d \
 --network $NETWORK \
 -p ${MYSQL_PORT}:3306 \
 -e MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \
--e MYSQL_CHARACTER_SET_SERVER=utf8mb4 \
--e MYSQL_COLLATION_SERVER=utf8mb4_unicode_ci \
 -v ${MYSQL_DATA}:/var/lib/mysql \
+-v $(pwd)/mysql-config/my.cnf:/etc/mysql/conf.d/my.cnf \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
 --memory ${MYSQL_MEMORY} \
 --restart unless-stopped \
 ${MYSQL_IMAGE}
 
+# 等待MySQL启动
+echo "等待MySQL启动..."
+sleep 10
+
+# 验证SQL_MODE设置
+docker exec ${MYSQL_NAME} mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "SELECT @@sql_mode;"
+
 docker ps

init/5.mqtt.sh

@@ -26,6 +26,7 @@ docker run -d \
 -p ${MQTT_WS_PORT}:9001 \
 --memory ${MQTT_MEMORY} \
 --restart unless-stopped \
+-v $(pwd)/volumes/mqtt/mosquitto.conf:/mosquitto/config/mosquitto.conf \
 ${MQTT_IMAGE}
 
 docker ps

init/6.kafka.sh

@@ -4,10 +4,7 @@ echo "错误: 未找到 NETWORK 环境变量"
 exit 1
 fi
 
-if [ -z "$HOST_IP" ]; then
-echo "错误: 未找到 HOST_IP 环境变量"
-exit 1
-fi
+ 
 
 if [ -z "$KAFKA_PORT" ]; then
 echo "错误: 未找到 KAFKA_PORT 环境变量"
@@ -35,28 +32,72 @@ if docker ps -a | grep -q ${KAFKA_NAME}; then
     docker rm ${KAFKA_NAME} >/dev/null 2>&1
 fi
 
+echo "开始创建 KAFKA 容器..."
+echo ${KAFKA_DOMAIN_FULL}
+echo ${KAFKA_NAME}
 
 docker run -d \
 --name ${KAFKA_NAME} \
 --network $NETWORK \
--p ${KAFKA_PORT}:9092 \
--e KAFKA_NODE_ID=1 \
--e KAFKA_PROCESS_ROLES=broker,controller \
--e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:29093 \
--e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${HOST_IP}:${KAFKA_PORT} \
--e KAFKA_CONTROLLER_QUORUM_VOTERS=1@${KAFKA_NAME}:29093 \
--e KAFKA_CONTROLLER_LISTENER_NAMES=CONTROLLER \
--e CLUSTER_ID=b8f3a0c1-1234-5678-9abc-def012345678 \
--e KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT \
--e KAFKA_INTER_BROKER_LISTENER_NAME=PLAINTEXT \
--e KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
--e KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1 \
--e KAFKA_TRANSACTION_STATE_LOG_MIN_ISR=1 \
--e KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS=0 \
--e KAFKA_NUM_PARTITIONS=3 \
--e KAFKA_AUTO_CREATE_TOPICS_ENABLE=true \
---memory ${KAFKA_MEMORY} --restart unless-stopped ${KAFKA_IMAGE}
+-p ${KAFKA_PORT}:${KAFKA_PORT} \
+-e KAFKA_CFG_NODE_ID=1 \
+-e KAFKA_CFG_PROCESS_ROLES=broker,controller \
+-e KAFKA_CFG_LISTENERS=PLAINTEXT://:${KAFKA_PORT},CONTROLLER://:29093 \
+-e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://${KAFKA_DOMAIN_FULL} \
+-e KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@${KAFKA_NAME}:29093 \
+-e KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER \
+-e KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT \
+-e KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT \
+-e KAFKA_CFG_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
+-e KAFKA_CFG_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1 \
+-e KAFKA_CFG_TRANSACTION_STATE_LOG_MIN_ISR=1 \
+-e KAFKA_CFG_GROUP_INITIAL_REBALANCE_DELAY_MS=0 \
+-e KAFKA_CFG_NUM_PARTITIONS=3 \
+-e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true \
+-e KAFKA_CFG_LOG_RETENTION_HOURS=168 \
+-e KAFKA_CFG_LOG_RETENTION_BYTES=-1 \
+-e KAFKA_CFG_DELETE_TOPIC_ENABLE=true \
+--env TZ=Asia/Shanghai \
+--mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+--mount type=volume,source=${KAFKA_DATA},target=/bitnami/kafka \
+--memory ${KAFKA_MEMORY} \
+--restart unless-stopped \
+${KAFKA_IMAGE}
 
+docker ps
 
+# 等待 Kafka 服务就绪
+echo "等待 Kafka 服务就绪..."
+sleep 30
+
+# 创建所需的 topics
+echo "开始创建 Kafka topics..."
+
+# 创建机场相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-imitateFly
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic airport-push-voltage-test
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic business-update-dataPermissions-task
+
+# 创建 DSP 算法相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-online-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-offline-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-image-tasks
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-alg-task-results
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-local
+
+# 创建 DSP 录制相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-result
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-recording-local
+
+# 创建 DSP 推流相关 topics
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-task
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-result
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --create --bootstrap-server 127.0.0.1:${KAFKA_PORT} --topic dsp-push-stream-local
+
+# 列出所有创建的 topics
+echo "已创建的 topics 列表："
+docker exec ${KAFKA_NAME} /opt/bitnami/kafka/bin/kafka-topics.sh --bootstrap-server 127.0.0.1:${KAFKA_PORT} --list
 
  

init/7.srs.sh

@@ -20,10 +20,7 @@ if [ -z "$SRS_RTMP_PORT" ]; then
 echo "错误: 未找到 SRS_RTMP_PORT 环境变量"
 exit 1
 fi
-if [ -z "$SRS_HTTP_PORT" ]; then
-echo "错误: 未找到 SRS_HTTP_PORT 环境变量"
-exit 1  
-fi
+
 if [ -z "$SRS_RTC_PORT" ]; then
 echo "错误: 未找到 SRS_RTC_PORT 环境变量"
 exit 1
@@ -39,16 +36,60 @@ if docker ps -a | grep -q ${SRS_NAME}; then
     docker rm ${SRS_NAME} >/dev/null 2>&1
 fi
 
+# 在容器内检查并创建必要的目录结构
+echo "检查SRS目录结构..."
+docker run --rm \
+    -v "${SRS_DATA}:/usr/local/srs/objs/nginx/html" \
+    $SRS_IMAGE \
+    /bin/sh -c '
+        if [ -d "/usr/local/srs/objs/nginx/html/record" ]; then
+            echo "record目录已存在，跳过创建"
+        else
+            echo "创建record目录..."
+            mkdir -p /usr/local/srs/objs/nginx/html/record
+        fi
+    '
+
 # 启动SRS容器
-# 启动SRS容器
+# 启动SRS容器 默认也有8080端口
+CANDIDATE=${SRS_DOMAIN}
+#echo ${SRS_DOMAIN}
+# CANDIDATE=${SRS_DOMAIN}
+echo $CANDIDATE
+
+# docker run -d \
+#     --name ${SRS_NAME} \
+#     --network $NETWORK \
+#     --memory $SRS_MEMORY \
+#     --restart unless-stopped \
+#     -p ${SRS_RTMP_PORT}:1935 \
+#     -p ${SRS_RTC_PORT}:8000/udp \
+#     -p ${SRS_SRT_PORT}:10080/udp \
+#     --env CANDIDATE=$CANDIDATE \
+#     -v "$(pwd)/volumes/srs/conf/srs.conf:/usr/local/srs/conf/docker.conf" \
+#     -v "${SRS_DATA}:/usr/local/srs/objs/nginx/html" \
+#     --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+#     $SRS_IMAGE
+ 
+
 docker run -d \
     --name ${SRS_NAME} \
     --network $NETWORK \
     --memory $SRS_MEMORY \
     --restart unless-stopped \
     -p ${SRS_RTMP_PORT}:1935 \
-    -p ${SRS_HTTP_PORT}:8080 \
     -p ${SRS_RTC_PORT}:8000/udp \
-    -v "$(pwd)/volumes/srs/conf/srs.conf:/usr/local/srs/conf/srs.conf" \
-    -v "${SRS_DATA}:/usr/local/srs/objs" \
-    $SRS_IMAGE
+    -p ${SRS_SRT_PORT}:10080/udp \
+    --env CANDIDATE=$CANDIDATE \
+    -v "${SRS_DATA}:/usr/local/srs/objs/nginx/html" \
+    --mount type=bind,source=/etc/localtime,target=/etc/localtime,readonly \
+    $SRS_IMAGE ./objs/srs -c conf/srt2rtc.conf
+
+
+
+ 
+
+# docker run -d --name SRS   --network $NETWORK --rm -it -p 1935:1935 -p 1985:1985 -p 8080:8080 -p 10080:10080/udp  -p 8000:8000/udp \
+#     $SRS_IMAGE ./objs/srs -c conf/srt2rtc.conf
+
+ 

init/8.minio.sh

@@ -36,6 +36,14 @@ if [ -z "$MINIO_ROOT_PASSWORD" ]; then
 echo "错误: 未找到 MINIO_ROOT_PASSWORD 环境变量"
 exit 1
 fi
+if [ -z "$MINIO_ACCESS_KEY" ]; then
+echo "错误: 未找到 MINIO_ACCESS_KEY 环境变量"
+exit 1
+fi
+if [ -z "$MINIO_SECRET_KEY" ]; then
+echo "错误: 未找到 MINIO_SECRET_KEY 环境变量"
+exit 1
+fi
 
 if docker ps -a | grep -q ${MINIO_NAME}; then
     echo "停止并删除已存在的 MinIO 容器..."
@@ -55,3 +63,73 @@ docker run -d \
     -e MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} \
     -v "${MINIO_DATA}:/data" \
     $MINIO_IMAGE server /data --console-address ":9001"
+
+# 等待 MinIO 服务启动
+echo "等待 MinIO 服务启动..."
+sleep 10
+
+# 创建 MinIO 服务账号配置目录
+mkdir -p $(pwd)/volumes/minio/policies
+
+# 创建 MinIO 服务账号配置文件
+cat > $(pwd)/volumes/minio/policies/mqtt-policy.json << EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "admin:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
+EOF
+
+# 创建 MinIO 服务账号
+echo "创建 MinIO 服务账号..."
+docker exec ${MINIO_NAME} mc alias set myminio http://localhost:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
+docker exec ${MINIO_NAME} mc admin user add myminio ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY}
+
+# 将策略文件复制到容器内
+docker cp $(pwd)/volumes/minio/policies/mqtt-policy.json ${MINIO_NAME}:/tmp/mqtt-policy.json
+
+# 创建和附加策略
+docker exec ${MINIO_NAME} mc admin policy create myminio mqtt-policy /tmp/mqtt-policy.json
+docker exec ${MINIO_NAME} mc admin policy attach myminio mqtt-policy --user ${MINIO_ACCESS_KEY}
+
+# 清理临时文件
+docker exec ${MINIO_NAME} rm /tmp/mqtt-policy.json
+
+# 创建所需的 bucket
+echo "创建所需的 bucket..."
+for bucket in default image ta-tech-image th-airport th-dsp video th-hhz; do
+    echo "处理 bucket: $bucket"
+    # 检查 bucket 是否存在
+    if ! docker exec ${MINIO_NAME} mc ls myminio/$bucket >/dev/null 2>&1; then
+        echo "创建 bucket: $bucket"
+        docker exec ${MINIO_NAME} mc mb myminio/$bucket
+    else
+        echo "bucket $bucket 已存在"
+    fi
+    # 设置 bucket 为 public
+    echo "设置 bucket $bucket 为 public"
+    docker exec ${MINIO_NAME} mc anonymous set public myminio/$bucket
+done
+
+echo "MinIO 服务账号和 bucket 创建完成"

init/9.es.sh

@@ -41,4 +41,5 @@ docker run -d \
     -e "xpack.security.enabled=false" \
     -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
     -v "${ES_DATA}:/usr/share/elasticsearch/data" \
+    -v "${ES_LOG_DATA}:/usr/share/elasticsearch/logs" \
     $ES_IMAGE

init/migratevolumes/minio/back.sh

@@ -0,0 +1,2 @@
+source ../../../environment.sh 
+docker run --rm -v ${MINIO_DATA}:/data registry.t-aaron.com/tuoheng/alpine tar czf - -C /data . > minio_backup.tar.gz

init/migratevolumes/minio/recovey.sh

@@ -0,0 +1,3 @@
+source ../../../environment.sh 
+docker volume create ${MINIO_DATA}
+docker run --rm -i -v ${MINIO_DATA}:/data alpine sh -c "tar xzf - -C /data" < minio_backup.tar.gz

init/volumes/minio/policies/mqtt-policy.json

@@ -0,0 +1,26 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "admin:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "kms:*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}

init/volumes/mqtt/mosquitto.conf

@@ -0,0 +1,6 @@
+listener 1883
+allow_anonymous true
+persistence false
+log_dest stdout
+log_type all
+connection_messages true

init/volumes/srs/conf/srs.conf

@@ -1,7 +1,12 @@
 listen              1935;
 max_connections     1000;
-srs_log_tank        file;
-srs_log_file        ./objs/srs.log;
+daemon              off;
+srs_log_tank        console;
+
+http_api {
+    enabled         on;
+    listen          1985;
+}
 
 http_server {
     enabled         on;
@@ -9,23 +14,68 @@ http_server {
     dir             ./objs/nginx/html;
 }
 
-rtc_server {
-    enabled         on;
-    listen          8000;
+srt_server {
+    enabled on;
+    listen 10080;
+    maxbw 1000000000;
+    connect_timeout 4000;
+    peerlatency 0;
+    recvlatency 0;
 }
 
+rtc_server {
+    enabled on;
+    # Listen at udp://8000
+    listen 8000;
+    #
+    # The $CANDIDATE means fetch from env, if not configed, use * as default.
+    #
+    # The * means retrieving server IP automatically, from all network interfaces,
+    # @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
+    candidate $CANDIDATE;
+}
+
+# @doc https://github.com/ossrs/srs/issues/1147#issuecomment-577607026
 vhost __defaultVhost__ {
+
+    # dvr {
+    #     enabled         on;
+    #     #all表示录制所有视频流，也可以按频道录制
+    #     #规则为<app>/<stream>，例：live/stream1 live/stream2
+    #     #规则为<app>/<stream>，例：live/stream1 live/stream2
+    #     dvr_apply       all;
+    #     #dvr计划
+    #     dvr_plan        segment;
+    #     #录制的路径，详细配置规则见附录三
+    #     dvr_path        ./objs/nginx/html/record/[2006][01][02]/[app][stream]/[timestamp].flv;
+    #     #segment方式录制时间设置，单位: s
+    #     dvr_duration    900;
+    #     #开启按关键帧且flv 
+    #     dvr_wait_keyframe       on;
+    #     #时间戳抖动算法。full使用完全的时间戳矫正；
+    #     #zero只是保证从0开始；off不矫正时间戳。
+    #     time_jitter             full;
+    # }
+
+    srt {
+        enabled     on;
+    }
     rtc {
         enabled     on;
+        # @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtmp-to-rtc
+        rtmp_to_rtc on;
+        # @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtc-to-rtmp
+        rtc_to_rtmp on;
     }
     http_remux {
         enabled     on;
         mount       [vhost]/[app]/[stream].flv;
     }
-    hls {
-        enabled     on;
-        hls_path    ./objs/nginx/html;
-        hls_fragment    10;
-        hls_window      60;
-    }
-}
+
+    #  hls {
+    #     enabled     on;
+    #     hls_path    ./objs/nginx/html;
+    #     hls_fragment    10;
+    #     hls_window      60;
+    # }
+}

nginx/Dockerfile.nginx

@@ -3,15 +3,34 @@ FROM nginx:latest
 # 删除默认的nginx配置
 RUN rm -rf /etc/nginx/conf.d/*
 
-# 复制vhosts配置到nginx配置目录
-COPY vhosts/ /etc/nginx/conf.d/
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+RUN mkdir -p /data/tuoheng_oidc_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
 
 # 复制SSL证书文件到nginx目录
 COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
 COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
 
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+COPY oidc_web_dist/ /data/tuoheng_oidc_web/dist/
+
 # 设置正确的权限
-RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
 
 # 设置时区
 ENV TZ=Asia/Shanghai

nginx/build.sh

@@ -11,10 +11,10 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-echo ""
+#echo ""
 echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
-echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
-read -p ""
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
 
 echo ""
 echo "步骤2: 构建Nginx镜像..."

nginx/build_image.sh

@@ -29,13 +29,60 @@ if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key
     echo "Nginx容器的SSL功能可能无法正常工作"
 fi
 
-# 将替换后的配置文件复制到vhosts目录
-cp -r $TEMP_DIR/* vhosts/
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+echo  ${AIRPORT_WEB_DIST}
+ls ${AIRPORT_WEB_DIST}
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+echo ${HHZ_ADMIN_WEB_DIST}
+ls ${HHZ_ADMIN_WEB_DIST}
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+echo ${BUSINESS_WEB_DIST}
+ls ${BUSINESS_WEB_DIST}
+
+rm -rf oidc_web_dist
+mkdir -p oidc_web_dist
+cp -r "${OIDC_WEB_DIST}"/* oidc_web_dist/
+
+echo ${OIDC_WEB_DIST}
+ls ${OIDC_WEB_DIST}
 
 # 构建Docker镜像
 echo "使用Dockerfile.nginx构建镜像..."
 docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
 
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
 # 检查构建结果
 if [ $? -eq 0 ]; then
     echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
@@ -55,4 +102,5 @@ else
 fi
 
 echo "Nginx镜像构建和推送完成!"
-echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下" 
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginx/replace_vars.sh

@@ -14,6 +14,7 @@ fi
 # 检查vhosts目录中是否有配置文件
 if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
     echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
 fi
 
 # 创建临时目录
@@ -39,22 +40,26 @@ for conf_file in vhosts/*.conf; do
     # 读取原始文件内容
     content=$(cat "$conf_file")
     
-    # 获取environment.sh中所有环境变量
-    env_vars=$(grep -E "^export [A-Z_]+" ../environment.sh | sed 's/export //')
+    # 获取所有环境变量（包括export和非export的）
+    # 使用set命令获取所有变量，然后过滤出大写字母开头的变量
+    env_vars=$(set | grep -E "^[A-Z_]+=" | cut -d= -f1)
     
     # 逐个替换环境变量
-    for var in $env_vars; do
-        var_name=$(echo $var | cut -d= -f1)
-        var_value=${!var_name}
+    for var_name in $env_vars; do
+        # 使用eval获取变量值，这样可以处理包含特殊字符的值
+        eval "var_value=\$$var_name"
         if [ ! -z "$var_value" ]; then
-            # 使用简单的变量替换方法
+            # 使用更安全的变量替换方法
             pattern="\\\${$var_name}"
-            echo "  替换变量: ${pattern} -> $var_value"
-            content=$(echo "$content" | sed "s|${pattern}|$var_value|g")
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
+            # echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
         fi
     done
     
-    # 写入处理后的内容到目标文件
+    # 写入处理后的内容到临时文件
     echo "$content" > "$TEMP_DIR/$filename"
     
     echo "  文件处理完成: $filename"

nginx/temp_vhosts/oidcservice.conf

@@ -1,23 +0,0 @@
- server {
-     listen 80;
-     listen 443 ssl;
-
-     server_name oidc-bazhong.t-aaron.com;
-
-     # SSL证书配置
-     ssl_certificate /etc/nginx/t-aaron.com.pem;
-     ssl_certificate_key /etc/nginx/t-aaron.com.key;
-     ssl_session_timeout 5m;
-     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_prefer_server_ciphers on;
-
-
-     location / {
-        proxy_pass http://OIDC_SERVER_bazhong:8090;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
- }

nginx/temp_vhosts/sky.conf

@@ -1,21 +0,0 @@
-    server {
-       listen 80;
-       listen 443 ssl;
-       server_name sky-bazhong.t-aaron.com;
-
-        # SSL证书配置
-        ssl_certificate /etc/nginx/t-aaron.com.pem;
-        ssl_certificate_key /etc/nginx/t-aaron.com.key;
-        ssl_session_timeout 5m;
-        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
-
-       location / {
-          proxy_pass http://SKYWALKING_UI_bazhong:8080;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-       }
-    }

nginx/temp_vhosts/upstream.conf

@@ -1 +0,0 @@
-

nginx/vhosts/airport.conf

@@ -0,0 +1,50 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${AIRPORT_DOMAIN};
+        root /data/tuoheng_airport_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${AIRPORT_DOMAIN} https://${AIRPORT_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /airport {
+            proxy_pass http://gatewayService/airport;
+            proxy_set_header Host $host;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+        
+        location /permission {
+             proxy_pass http://airportService/permission;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/business.conf

@@ -0,0 +1,56 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${BUSINESS_DOMAIN};
+        root /data/tuoheng_business_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${BUSINESS_DOMAIN} https://${BUSINESS_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /permission {
+            proxy_pass http://businessService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /business-mini {
+            proxy_pass http://gatewayService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+       location /business {
+            proxy_pass http://gatewayService/business;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       }
+  
+    }

nginx/vhosts/cert/t-aaron.com.key

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAl20i2WRVBqF9NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJB
-A4xwkq2vsA5axj4b+CV9zXAsWDqfo0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeK
-vyq6kqkbTkEpG8qK4bJKDewEiF+vBLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r
-4QYm9zo8vZlY2/nkE4JYBrcdrgRO1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mc
-z0U5CcR8wgVTzzywKbv2R+kX7CPHSh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7
-+NvlMLgIdqQkMzxKc/JdtkHjdOK84Z+z9mNoPwIDAQABAoIBADOLLqWZBWgwaBKj
-li/MJZtGYE4cNlsBDSf4t8nsod7awfaiXIb8swT6oibne/anBZY+DMh1OmL98YD/
-bzzebPJxE8P6xCtIGYea0qiEKwAzA2PAk3Xm8YMilOzaOUgAda3Fpnd+szxIdabB
-xUuyvxGqXtb4zU9FKV9042oUJCD+YlqMSDhOUyt8agNcE9PpmzAOCQ36/845pCCt
-0H2iXc2qrV0koz7SIK2TksWGav1kVb7KfEOzGg1vhHJRKrP9mODkgIAFNVrBbIYd
-kUGaWCTqfuNGBxWSeV38XX5kKM5aHISB5gL4tjzrlkiMv4yBya7jTOWHHPK8ZTwL
-q9Tb18ECgYEA0amJ/BCQl6HRTOXN0+4jjx1seKnJTlKAwBATGxYbhOHQ1kBUPslh
-FwsG2Wcb46ccBnw8XwjSypDJJVOYCtdxlnDVqiCxQLdx06/JHOdYwb7zrmGpHLGs
-chZ5ccGI10FolW7CC21xErAS+o2d+cc3s1yZZtiYD1xSjR9sblw+aekCgYEAuOSr
-xK6NwbbSCYFWBHJ6257+Z0fzY79KPnhNK3E8q42ygSzn5KRuW4pfH6Kk3rLwcqkO
-3NOJXOK5T8paCkBcvXmVcladuqeamGY17XKRG35XwiwyjQhFUTjQLO4ob6Cm1SA8
-yguL80Imauhkfq9jTvhaEYahrN+smcn+TSuFv+cCgYBV3kLmGn6tq5eGEARZjQnB
-PoLDdH4+9qlGgA7jJA3HQZj/dr9KK7346wo2FfWlKjbfLRior3ttfRj0kaUOo6gg
-vjuz/sm5wKf809zhWprOVv+EZvkVCGuhGjVI8sOxrVdBBGiyt3L8/WH4ffG6b+4P
-JpipN4InoF8q7zjAhkUFqQKBgQCU1G136tJtBk7YG+YzujsvIjLCzGYc+tQ2qPvl
-ZkdiCLORy6X2pG24/g9IFdIE+aEXiwJNu3Gs9UwZ8Fa+PcTpOD+WRCa/Iz8MQepS
-8o/fw7m8sXsXj3rMwKDCKgseoADrOgH02YqUC8GE+QA8Ac48uSk3RlpKH9p+CNzN
-HaWSLQKBgQDE362akbYJdFknNg631VvsUTK+hL953UaY8OvtTBhDKjRqUhuniLr2
-R+CLoCLezhjzzx/11luowbVbcL2hgYxdPwEi4GNKmfGqs/jtkm1PkWej/4jw3Pcj
-Jq9Di+Vb9uTHp0O4ZlSZ3PKdn+ovTzVwrOPHmYXf5pLWIA5Qe0F1Wg==
+MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
++5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
+i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
+xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
+2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
+5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
+Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
+z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
+jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
+X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
+/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
+smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
+1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
+rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
+iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
+Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
+lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
+DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
+44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
+8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
+m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
+XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
+N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
+a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
+vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
 -----END RSA PRIVATE KEY-----

nginx/vhosts/cert/t-aaron.com.pem

@@ -1,76 +1,90 @@
 -----BEGIN CERTIFICATE-----
-MIIHljCCBX6gAwIBAgIQD49k2sFPkysTaVxmbXLLPDANBgkqhkiG9w0BAQsFADBc
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xNDAyBgNVBAMT
-K1JhcGlkU1NMIEdsb2JhbCBUTFMgUlNBNDA5NiBTSEEyNTYgMjAyMiBDQTEwHhcN
-MjQwNTI4MDAwMDAwWhcNMjUwNjA4MjM1OTU5WjAYMRYwFAYDVQQDDA0qLnQtYWFy
-b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl20i2WRVBqF9
-NkDTAhen86bl10pGrmyEHrsBXIt/DZgtXjJBA4xwkq2vsA5axj4b+CV9zXAsWDqf
-o0l+PHkcyoAj3LrTf23mkQLTd3i4B1JYTYeKvyq6kqkbTkEpG8qK4bJKDewEiF+v
-BLiq6bzUfSXIqBeNJuh1kG+rKOTxUvsy+89r4QYm9zo8vZlY2/nkE4JYBrcdrgRO
-1+bsAIPKWR403Bz5jzKLx+TxqQykd4K1f3Mcz0U5CcR8wgVTzzywKbv2R+kX7CPH
-Sh60x2MdFO41c5y2HZJF3NNqBYD6WJGhKsV7+NvlMLgIdqQkMzxKc/JdtkHjdOK8
-4Z+z9mNoPwIDAQABo4IDljCCA5IwHwYDVR0jBBgwFoAU8JyF/aKffY/JaLvV1IlN
-Hb7TkP8wHQYDVR0OBBYEFHgfehJZw28iIU4o2GOiJ4ZSQQ7aMCUGA1UdEQQeMByC
-DSoudC1hYXJvbi5jb22CC3QtYWFyb24uY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIB
-MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNV
-HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNV
-HR8EgZcwgZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9SYXBpZFNT
-TEdsb2JhbFRMU1JTQTQwOTZTSEEyNTYyMDIyQ0ExLmNybDBIoEagRIZCaHR0cDov
-L2NybDQuZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1
-NjIwMjJDQTEuY3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6
-Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMu
-ZGlnaWNlcnQuY29tL1JhcGlkU1NMR2xvYmFsVExTUlNBNDA5NlNIQTI1NjIwMjJD
-QTEuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1
-AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABj7400tYAAAQDAEYw
-RAIgfnSKqPxcIM1n61Wj7v4Mg6q+okpcU3BF90SdbbhpBi0CIHVeKYRiODN3XLes
-nVf5fyhTGnMOU6GrZfIODrB5gvO3AHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65
-Ay/ZDowuebgAAAGPvjTTFQAABAMASDBGAiEA2yVzWD3eRw/QGQX7jeULxvpFGMNG
-ZvGT7srGeX02ax0CIQDvzHcl6J296wCVqWacf8KQo61uovh7td/PhKnYpyUiVAB2
-AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABj7400ycAAAQDAEcw
-RQIgTkSIS1GXUtPuoTvVmdm57OCm1P2x4uPVQuo8LJN68w4CIQCvaSRtK63o2gUI
-gmi4h2Ch/CzRE48Zr0Eu7TkOBwVsfzANBgkqhkiG9w0BAQsFAAOCAgEAA+ab0S21
-cgtoI2TUfCdPolQVV8no3YY3bQJzDZCpmva4dpYxSoQ7qTrOfIeUI3iyeKkaREGb
-Xu6lAUhOvWZ7q/mp9od9pWJvPjbUmYT5OaWxhe3KiWmyo2TemABcCtOHe7v0qE5Y
-arPmL4HgrhGAqpkWl1eZFQpfGdQ5ry0yCikDZz9umvasdbxuHKfJGPCAsyPqik0r
-LmxnUYWOjCCNoSanDKj4ckdNkv/A9RXvazk/ZT1ElsBo/pK6eemiHmRNj3s6AWGO
-chGlkHkuvkgCgNsXFT3pqK6uVrE4yD8qmxDPOOaT8wC1MB9xYO77SmMOimelacG6
-d3DsUXGvYdUONZF2LzSpUkzFYofhZhULexI6xOCWnp3t7aCzTJQc68F6iwU6JYGW
-7l2AioXUW6Q4AYNlUEo0EG3u6g4H98xAW5YIVX3u9cT8ZerVfTTmO1AQkkMM98nH
-bvFx4/53T9eCTB9OBwiqISFICNXJNKhUuudVKQ6w0AfrI6kMk6dkhO3kkhb0cL/F
-nDAInqJ8BlMtV01owk2CaEica81WP/cjEDItnnjjJ5INUklraYfZFVgN71c78zr5
-rgF2DSQSsC+pPoqoloAC/YdiRw72kqaZlkXOaUgJBk2xJ73H27TriAPDmdtYA+Xd
-vtfjp7o21OOXsORq6LHElFYlcJO+mDYGzz8=
+MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
+MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
+LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
+rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
+e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
+8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
+f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
+m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
+TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
+7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
+HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
+DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
+BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
+TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
+cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
+cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
+/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
+95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
+6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
+6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
+1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
+m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
+ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
+/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
+4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
+mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
+Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
+QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
+7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
+k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIFyzCCBLOgAwIBAgIQCgWbJfVLPYeUzGYxR3U4ozANBgkqhkiG9w0BAQsFADBh
+MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
+ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
+NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
+8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
+5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
+n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
+YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
+IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
+BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
+HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
+b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
+BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
+CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
+SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
+CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
+0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
+zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
+44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
+8o34/m8Fxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrUmFwaWRTU0wgR2xv
-YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB
-BQADggIPADCCAgoCggIBAKY5PJhwCX2UyBb1nelu9APen53D5+C40T+BOZfSFaB0
-v0WJM3BGMsuiHZX2IHtwnjUhLL25d8tgLASaUNHCBNKKUlUGRXGztuDIeXb48d64
-k7Gk7u7mMRSrj+yuLSWOKnK6OGKe9+s6oaVIjHXY+QX8p2I2S3uew0bW3BFpkeAr
-LBCU25iqeaoLEOGIa09DVojd3qc/RKqr4P11173R+7Ub05YYhuIcSv8e0d7qN1sO
-1+lfoNMVfV9WcqPABmOasNJ+ol0hAC2PTgRLy/VZo1L0HRMr6j8cbR7q0nKwdbn4
-Ar+ZMgCgCcG9zCMFsuXYl/rqobiyV+8U37dDScAebZTIF/xPEvHcmGi3xxH6g+dT
-CjetOjJx8sdXUHKXGXC9ka33q7EzQIYlZISF7EkbT5dZHsO2DOMVLBdP1N1oUp0/
-1f6fc8uTDduELoKBRzTTZ6OOBVHeZyFZMMdi6tA5s/jxmb74lqH1+jQ6nTU2/Mma
-hGNxUuJpyhUHezgBA6sto5lNeyqc+3Cr5ehFQzUuwNsJaWbDdQk1v7lqRaqOlYjn
-iomOl36J5txTs0wL7etCeMRfyPsmc+8HmH77IYVMUOcPJb+0gNuSmAkvf5QXbgPI
-Zursn/UYnP9obhNbHc/9LYdQkB7CXyX9mPexnDNO7pggNA2jpbEarLmZGi4grMmf
-AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTwnIX9
-op99j8lou9XUiU0dvtOQ/zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3R
-VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
-cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
-RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
-Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD
-VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC
-AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAfjh/s1f5dDdfm0sNm74/dW
-MbbsxfYV1LoTpFt+3MSUWvSbiPQfUkoV57b5rutRJvnPP9mSlpFwcZ3e1nSUbi2o
-ITGA7RCOj23I1F4zk0YJm42qAwJIqOVenR3XtyQ2VR82qhC6xslxtNf7f2Ndx2G7
-Mem4wpFhyPDT2P6UJ2MnrD+FC//ZKH5/ERo96ghz8VqNlmL5RXo8Ks9rMr/Ad9xw
-Y4hyRvAz5920myUffwdUqc0SvPlFnahsZg15uT5HkK48tHR0TLuLH8aRpzh4KJ/Y
-p0sARNb+9i1R4Fg5zPNvHs2BbIve0vkwxAy+R4727qYzl3027w9jEFC6HMXRaDc=
+QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
+ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
+jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
+AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
+aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
+L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
+Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
+hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
+Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
+kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
+bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
+axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
+pbo=
 -----END CERTIFICATE-----

nginx/vhosts/dsp.conf

@@ -0,0 +1,40 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${DSP_DOMAIN};
+        root /data/dsp_admin_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /api {
+                proxy_pass http://gatewayService;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/hhz.conf

@@ -0,0 +1,54 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${HHZ_DOMAIN};
+        root /data/tuoheng_hhz_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /permission {
+                proxy_pass http://${HHZ_ADMIN_NAME}:9055;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /wxapp {
+                proxy_pass http://${HHZ_API_NAME}:9056/api;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /hhz {
+                proxy_pass http://gatewayService/hhz;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginx/vhosts/minio.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /th-airport/ {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+     	# 添加以下 header 配置
+     	add_header Content-Disposition "attachment";
+    	add_header Content-Type "application/octet-stream";
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginx/vhosts/minioconsole.conf

@@ -0,0 +1,20 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginx/vhosts/oidcadmin.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_ADMIN_DOMAIN};
+    root /data/tuoheng_oidc_web/dist;
+
+    client_max_body_size 2g;
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+   # 开启gzip功能
+    gzip on;
+    gzip_min_length 10k;
+    gzip_comp_level 9;
+    gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+    gzip_vary on;
+    gzip_disable "MSIE [1-6]\.";
+
+    location /{
+        try_files $uri $uri/ @router;
+        index index.html;
+    }
+
+    location @router{
+        rewrite ^.*$ /index.html last;
+    }
+
+    location /oidc {
+        proxy_pass http://gatewayService;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

nginx/vhosts/oidcservice.conf

@@ -1,23 +1,24 @@
- server {
-     listen 80;
-     listen 443 ssl;
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
+    client_max_body_size 2g;
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
 
-     server_name ${OIDC_DOMAIN};
-
-     # SSL证书配置
-     ssl_certificate /etc/nginx/t-aaron.com.pem;
-     ssl_certificate_key /etc/nginx/t-aaron.com.key;
-     ssl_session_timeout 5m;
-     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_prefer_server_ciphers on;
-
-
-     location / {
+    location / {
         proxy_pass http://${OIDC_SERVER_NAME}:8090;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
     }
- }
+}

nginx/vhosts/sky.conf

@@ -1,21 +0,0 @@
-    server {
-       listen 80;
-       listen 443 ssl;
-       server_name ${SKYWALKING_UI_DOMAIN};
-
-        # SSL证书配置
-        ssl_certificate /etc/nginx/t-aaron.com.pem;
-        ssl_certificate_key /etc/nginx/t-aaron.com.key;
-        ssl_session_timeout 5m;
-        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
-
-       location / {
-          proxy_pass http://${SKYWALKING_UI_NAME}:8080;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-       }
-    }

nginx/vhosts/srs.conf

@@ -0,0 +1,48 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /rtc {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:1985;
+    }
+
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginx/vhosts/upstream.conf

@@ -1 +1,11 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}
 
+upstream airportService {
+    server ${AIRPORT_NAME}:9060;
+}
+
+upstream businessService {
+    server ${BUSINESS_NAME}:9260;
+}

nginx/vhosts/xxljob.conf

@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen 443 ssl;
-    server_name ${XXL_JOB_DOMAIN};
+    server_name ${XXLJOB_DOMAIN};
 
     # SSL证书配置
     ssl_certificate /etc/nginx/t-aaron.com.pem;
@@ -11,7 +11,7 @@ server {
     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     location / {
-        proxy_pass http://${XXL_JOB_NAME}:8080;
+        proxy_pass http://${XXLJOB_NAME}:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginxbazhong/Dockerfile.nginx

@@ -0,0 +1,40 @@
+FROM nginx:latest
+
+# 删除默认的nginx配置
+RUN rm -rf /etc/nginx/conf.d/*
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
+
+# 复制SSL证书文件到nginx目录
+COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
+COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+
+# 设置正确的权限
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+
+# 暴露端口
+EXPOSE 80 443
+
+# 启动nginx
+CMD ["nginx", "-g", "daemon off;"] 

nginxbazhong/build.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# 这个脚本现在只是一个包装器，调用两个新脚本
+
+echo "步骤1: 替换配置文件中的环境变量..."
+./replace_vars.sh
+
+# 检查替换结果是否成功
+if [ $? -ne 0 ]; then
+    echo "错误: 变量替换失败，中止构建"
+    exit 1
+fi
+
+#echo ""
+echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
+
+echo ""
+echo "步骤2: 构建Nginx镜像..."
+echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
+./build_image.sh

nginxbazhong/build_image.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+# 设置Nginx镜像名称（如果环境变量中未定义）
+if [ -z "${NGINX_IMAGE}" ]; then
+    export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
+fi
+
+echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
+
+# 检查临时目录是否存在
+TEMP_DIR="temp_vhosts"
+if [ ! -d "$TEMP_DIR" ]; then
+    echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
+    exit 1
+fi
+
+# 检查临时目录中是否有配置文件
+if [ -z "$(ls -A $TEMP_DIR)" ]; then
+    echo "警告: $TEMP_DIR 目录为空，将使用空配置构建镜像"
+fi
+
+# 检查SSL证书文件是否存在
+if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
+    echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
+    echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
+    echo "Nginx容器的SSL功能可能无法正常工作"
+fi
+
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+
+
+# 构建Docker镜像
+echo "使用Dockerfile.nginx构建镜像..."
+docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
+
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
+# 检查构建结果
+if [ $? -eq 0 ]; then
+    echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
+    
+    # 推送到镜像仓库（如果需要）
+    echo "推送镜像到仓库: ${NGINX_IMAGE}"
+    docker push ${NGINX_IMAGE}
+    
+    if [ $? -eq 0 ]; then
+        echo "镜像推送成功!"
+    else
+        echo "警告: 镜像推送失败!"
+    fi
+else
+    echo "错误: Nginx镜像构建失败!"
+    exit 1
+fi
+
+echo "Nginx镜像构建和推送完成!"
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginxbazhong/certs/dsp/dsp.bazhongfeifu.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2C6nED5xMZdHGY39R4iZ/o8DPN7h5QcgQfZxwReNaEEoQB8V
+HPOIfDD94YIlJfyvTpcluDH7ox0s4lU3r28vwxlMuafcZ0XY6IUlszW8vW2DWV3X
+mn3UJfitKy30of3fu5a6xMvlarYoQroHjG7ANBp2v9p/a2iwKuLWRiZ12femIUME
+nln73a76TNgqfEVszzSIciZFC1LRH9KknqgCMAXNjlKBnWqeM0odWLyOK38DDmB7
+R0YulMWbXqoRvcwFqH+VwXkncXq1AJXH70R/4Iv69uofVW/mjnsT4zbYkjp+hT+j
+mkS/1vNW9T7rFcQA8YhaEtndiD+gG9XvvEohHQIDAQABAoIBAAylegTIv61uKJd1
+nMtPp0E4KNvUPAm+XM7kYFYyjwVPc8/VzFHjwJMR+KAgZr+YpGwStSmtKYfVapfu
+R/IoLSFFfHK16lOo8d30VWFs84FvWR+OuPtNgMNx5It3RkLTC6tjz2w4yKRxSzH6
+w6Xy9U/MUTBlqKOQvbwx2zrCVY2ZGXg1h4jmyqclOTkoH7UXW4nwzDzTEwXg3/S4
+JzB8USgWnY8KoNC/ae5h2ppHm8v46hnqC4i0bArUCQ9cqRdQrEgLdzJBWWYU9O61
+hil3XYIBKTjYyfio+GvwcXZWct6+ltYOwsVaP+jDgMTeMndo2f8RZ+7a89pex7rM
+zaO2WdECgYEA8cUil26sN8uGTPdLa2+uSqCHmcdaL8E/0EOFxXiuiunNOFXouZZ8
+zUcSm1S5uwTYVkMkgYyPsblNRbcyXHoddetg/7/++oRSvevfTu6Hnf/jISmkV79U
+zxc0vf2N0YF9G2re+iPlVPiz59CXqe/RN326luyUXcBDSukd8p8M2DUCgYEA5Of5
+OZ6AbDvsT6WzJn1miSOOtIhGyla8Ff/T7Y/u32z3EWA+E4XzdSqv4UVVzvu8F+ZH
+cRq5u2WH8ePCxrSDG4Pu8u3dbLM3ltwaQKsqTeHFtyJxI6Be4kw0FzBUn2Wq879s
+0KxhW9IlM3HeVO2uZ9WUEdBf3z8OkQiGyqHR0kkCgYEAvWhSvE5RD3kcIwoOBQI+
+imqPMVNzfTwpkTCFCXqNS3j1dLAhHdwes/d9RUGwLCsUjSgW3oNPQ83HEtn902M7
+11jq6hHxYTPvWqkCjmTizE5fE2j7Pl8/wuoMQNf2le6bI7KrM06R6Orajr7lQpYF
+0zJlzr1TUstALNzKwHwIZQ0CgYANwSqmnbGVz1v5xTkonOxmXS6cBnxKeD/BCqhP
+ZBC0eDW4Y5IXVjs01SXQYXwwfcvlm767OyHh8s3iaQ8xJXOjWaAoFMbzWymB9SPW
+svJNz70zrewieeZ5rp6KrirHkTJehyggudr3y37UwojbjZSnRJwrHdxE6+MSL/L5
+hhO3kQKBgCBXhF5OY1rlMqLDw5uEywkhwNJQ9TQtoU8bZF8Bq53R8c6yFF8PnHam
+AvulZq7Lm3Uy3C91mEevSeczxv408XAk56PzCk7S3L6UPVPCL9xSR0i5zVTt0h/u
+IOSQNeKxliU+2nswQr5S+6eyLX/UKcJ7HQvtdcGAysnwqSCRbLpm
+-----END RSA PRIVATE KEY-----

nginxbazhong/certs/dsp/dsp.bazhongfeifu.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGGjCCBQKgAwIBAgIQAZp0hEf2o+MesDZ6ZH2gpjANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjExMDAwMDAwWhcNMjUwOTA4MjM1OTU5WjAf
+MR0wGwYDVQQDExRkc3AuYmF6aG9uZ2ZlaWZ1LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANgupxA+cTGXRxmN/UeImf6PAzze4eUHIEH2ccEXjWhB
+KEAfFRzziHww/eGCJSX8r06XJbgx+6MdLOJVN69vL8MZTLmn3GdF2OiFJbM1vL1t
+g1ld15p91CX4rSst9KH937uWusTL5Wq2KEK6B4xuwDQadr/af2tosCri1kYmddn3
+piFDBJ5Z+92u+kzYKnxFbM80iHImRQtS0R/SpJ6oAjAFzY5SgZ1qnjNKHVi8jit/
+Aw5ge0dGLpTFm16qEb3MBah/lcF5J3F6tQCVx+9Ef+CL+vbqH1Vv5o57E+M22JI6
+foU/o5pEv9bzVvU+6xXEAPGIWhLZ3Yg/oBvV77xKIR0CAwEAAaOCAwEwggL9MB8G
+A1UdIwQYMBaAFHjfkZBf7t6s9sV169VMVVPvJEq2MB0GA1UdDgQWBBQQEF08n8sQ
+ve8cN32s1jnaIFB3uzA5BgNVHREEMjAwghRkc3AuYmF6aG9uZ2ZlaWZ1LmNvbYIY
+d3d3LmRzcC5iYXpob25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkw
+JwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEF
+BQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBK
+BggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRp
+b25FdmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisG
+AQQB1nkCBAIEggFuBIIBagFoAHYA3dzKNJXX4RYF55Uy+sef+D0cUN/bADoUEnYK
+LKy7yCoAAAGXXgZ1PQAABAMARzBFAiEAv4e6x53qjguPGxz5yPyNbIBQxTejdy7y
+pzkfcwW6twUCIBU+uD9lLtBQBjS4g2Pllew40M3HUeOWHEbikU18zHo1AHYA7TxL
+1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXXgZ1QAAABAMARzBFAiBe
+PxPWLDL7/QJvSedk35AhF5epn4qJrT+A04+3WDxCUwIhAKcm8QvqZ8pasybEyuQ+
+oU4jjq0Zyp0APrFDv+lbqzepAHYApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2
+J086hFQAAAGXXgZ1WQAABAMARzBFAiEA7dm7ejvNX0rH41KPOLoXLTSuJdsPExZr
+2Jt+gw6bo9ICIEE2vBqZURfhjZ7m2tNReMX/rdJDOveWXmlJ8JJUkU9iMA0GCSqG
+SIb3DQEBCwUAA4IBAQDNU3GhC5+xJK8XRc2nxALXecJ7sNIlEhBTztz1C7qkvy2J
+N2SAhiTv1ZMIv+E+8i8XPYP0r9Kti6NW2SZ0UUtSn7WXIJDuAC8Kl++/9BOGQwnF
+0z+xQg5llRRBUW16X5PwdTixXYdEkd002ezfShkgczoukg/Z+MHpSV3xsfofDJ39
+DWddp40j32zj8yO+SNGReocsrMIryHr1DCODt757XfgSfH+H1eR+WWnKBrKkcwCz
+vhEdOQc8c1QAV+cnj4i8Zx19WGsKGKTld0O4BjeWKlRUMDUzwWFqATzW01LQeK8W
+zlAfCJ/gz3JWbRPQL1tBUB2HYpABRU/VRWsbIVOZ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/certs/hhz/hhz.bazhongfeifu.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA8xDeVvd9ZyrKLgFGvLRUYZJUEXpy/nTcfxxuN9NP0KCZm2sg
+hRptMjifLAv2lALCaLDoqQcs7f+TRyheFrQ1OOiaprgOk0UxQg2MgIHFe00J4qsB
+O7hxTgo0u4orfvgt/6+i6KT+ycyrt2ymZEs8GOWcZ4mbanrISsx1oZIbbeC8yWbi
+mEeRPH/wkuGSEzeLuauH7ZqRY0ibOEkn8wO0hj7j6OgpVCAj2JD8LxfIZmQPfY2b
+0qw196fHpswpVIwdz0miyu1g2PYyckY5533nrui6TEypOFICO9KboVUcsQ9vIKNe
+LugBautKl9RoI9wdCbyGAlxCFXSPSfPwJTGTnwIDAQABAoIBAAc6qLTjHnvbhhuG
+gTE/7G83IsCe/jLljItL8AFBYSh+Jk4SNRY7BNAPZriGJeVytuUrNyLpKjkX4Vb7
+8zRvU/08ecux7LO3mpvxeuIgOfHisYO9fJy8mG4Zl/Doo/DeS8FE2tkFfehy6bvb
+rjqMZvNXR5FoF9MREh+bY3eUjglKAiuN6OfeYmcC7kUnMe4pdUKI5NIrZRNOw2OF
+Uq8iY7x0XDhto0v7BnL2J8oj2FbHpXONSNGA/Bz22wu6z6fHrfEC7DUNzHSGYSNA
+XgO/gndlgruti5asv5cEpbH4qoJUQmLLc+PIievac3QJIDTxG6w+lr2s1l7BYVcU
+Wnlvx2ECgYEA//sVaHGEU0Ve/Vozt3VTAZ8O2uSEXJCPcLNP8ZBp7n4R2Ygq/lTI
+JPj2/hf5NOEcFitZ3KgEHtvN6+e2AtTC/DYq/o/I8qlcRZIrY36C1k7MXDBKbUTI
+ar0TqjcPNjqvPEm7mYI+hzsU0MsRXK6KtQ0hUZ6DHnm52GACueZQo78CgYEA8xWJ
+brXW4qIhjENdqTsCfq2wyiP1+XQdhsTirtPvk4fu9dRQMYFIT1d6SQB3wfRDizCd
+QA8fkh0aUnygVU8rH8zMFrIAqVVLj4rdnvLF72/Uo9NBLQP55RpUHXxDQRCCeLRM
+CujNakmH+5uFhlaQvWtxdoGKz9MDAO2dvUnxiCECgYBNwTPwhMLAFItVA8g/ysiK
+7oixnsZB47tebWk0JDy5L9w2KnF8zb351RIZfqi5EkPYzBRAvVx7DyNOrBSSaZRM
+zhtjNcPBSgZ4L300fKI7fLYArr580G7cVVCa3JynSU4fTvpIF9LsetrIzVYZw/7o
+HfPn+fE0GZ+FBSzu0PHfuwKBgQC2lqfLpATL6TK/094nfq6qDrdrrsVVYdXH5F3N
+Kl6bd5CT0K2H8e8pwbCV4ycRZfPSOmrzsihprTiXWwtn6PaghUmLhpselnYSVSGR
+AhSRfHPBtq4PLRxo7XTfTPaLieYm2m8ABsw9GQxufuw18xH3ZhwtArMM1hg8ez9v
+7nnhYQKBgQDhsCU7uNda56GSVWYxynm2H2oqQOX0Nbuf8QGBnewh7Z835/Q1UJ18
+l8OYQID050F2T81by7SsFjkMlSaRyAT7Y2PIpD4oGyzcZ6wPBr/bkG/0imcTsmtA
+AqFsOmYA+nZLL7Ugp+vJIXpxQ8sIzZ6qkYuVU+RUP+m770PblXfYWg==
+-----END RSA PRIVATE KEY-----

nginxbazhong/certs/hhz/hhz.bazhongfeifu.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGGTCCBQGgAwIBAgIQA/EbOq+dMv6jg8jI3SOlBDANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjExMDAwMDAwWhcNMjUwOTA4MjM1OTU5WjAf
+MR0wGwYDVQQDExRoaHouYmF6aG9uZ2ZlaWZ1LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAPMQ3lb3fWcqyi4BRry0VGGSVBF6cv503H8cbjfTT9Cg
+mZtrIIUabTI4nywL9pQCwmiw6KkHLO3/k0coXha0NTjomqa4DpNFMUINjICBxXtN
+CeKrATu4cU4KNLuKK374Lf+vouik/snMq7dspmRLPBjlnGeJm2p6yErMdaGSG23g
+vMlm4phHkTx/8JLhkhM3i7mrh+2akWNImzhJJ/MDtIY+4+joKVQgI9iQ/C8XyGZk
+D32Nm9KsNfenx6bMKVSMHc9JosrtYNj2MnJGOed9567oukxMqThSAjvSm6FVHLEP
+byCjXi7oAWrrSpfUaCPcHQm8hgJcQhV0j0nz8CUxk58CAwEAAaOCAwAwggL8MB8G
+A1UdIwQYMBaAFHjfkZBf7t6s9sV169VMVVPvJEq2MB0GA1UdDgQWBBQO2E9cYfDN
+qllEGxyk1sq2UDuL9DA5BgNVHREEMjAwghRoaHouYmF6aG9uZ2ZlaWZ1LmNvbYIY
+d3d3Lmhoei5iYXpob25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkw
+JwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEF
+BQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBK
+BggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRp
+b25FdmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAX0GCisG
+AQQB1nkCBAIEggFtBIIBaQFnAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE
+6+WGJjoAAAGXXf1LqAAABAMARzBFAiEAghe678TpdQjJMBtjUdWrkFKXZcmqW3/7
+g9oQtO96RtsCIARm9YZ0m5G9P/+jlJyjjCBdMLxHeey/3zN+K9ZZsvZ1AHUA7TxL
+1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXXf1L4gAABAMARjBEAiAl
+64X5UIbpa7JbPpHNwO26Aq176bwAVM5hBq41iAoM+wIgRebQ9M8fSaMiICPndpVL
+BeBPJD70wybgodXfhPQKdkAAdgCkQsUGSWBhVI8P1Oqc+3otJkVNh6l/L99FWfYn
+TzqEVAAAAZdd/Uv2AAAEAwBHMEUCIQCsQVBZgttLSY80nAeyD3GCayPaqqO6cYNp
+fLc8/9VMwgIgQZUDI20WmYPRfUBJTFCUTE3hb7ljcN/vSPgrMJ94mEUwDQYJKoZI
+hvcNAQELBQADggEBAGH/XBWKScC8a67ZE4DuVGzZ3LetcAykFnsoBiyVasKULOEk
+Yhyrf/BQ12QThjdLUdlKjiwmf1XQb7BIMeF9Y8vMoUl5BbSDPiFlCWQpQvi+pvH1
+H+c5ro5WKxIr+JK+K2t5VYu+ZgbE4jB672TJD5yehlrY3kpDCUTo3cQUxKpU5XP2
+0RCaRxFbrZZOD0rAZcYde277dO51Y3+zUjtb+bGTOeQzljRe1leXpA/MeSv/jDZL
+UL88bwDWRhB0mwry41I1pI15j40Un/OayA1NtHnpE/X8Q7QTG8tVCHBI5MzY+y+R
+PA0eFpftphvPagYR/x/vc1nYVmu79/ZqYEARD1k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/certs/minio/minio.bazhongfeifu.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAsBWcnqcyek0/FedBxERIeuNKnAOklChz/TlxYNoCmZTx/rHI
+5hMFKxVEO9hMhNpWf3i1/ttcn+tP9ihiTL7V7UK4EjtLa0ggEuy8KWhrUOdov3rv
+L1XPocHxuD02JQQ99inqUss5pu/9pTMJBg4FFjSQZWQ8RAeaZp3d32KMqJlU/RM1
+PBkU2D66KAVgPujR7taIqi1yCs4TL8iEe7QXoL+y6un32uoVJEQ3JPOc2BNNhH7Z
+XgNxPpx/kTfYoBU9nCTp/kTQ17PXpYRXOWnzQS8qoijxx+OeO/aGpRm9Xn3q+rCL
+O5c4QImUVTn4urc5jXZnIecQm9cVpjDxMglbVwIDAQABAoIBABwDxuV7rsLEO8y6
+0dJYQNCDDVxGvMOxBJ8y/psM+cvrOsMtuvZWlq8U6kRmieoQfiGNbXs3oFl1y++F
+26SKhNOuQUXuoXWsmyRs/hTNHwHXXL7WNWwVCCdGtDP+p84k33d6PLnhHnI1DZMK
+dx2Q/nXayrxu7E2wiKavPYfBu0+ZbeDeEQ0RaxNXi0pk2VGX+Q91H/KmrKnqz1ow
+FRCZpMMSo1BbhcuN2XnnhgGrMisWQiyHxVn+t4AtP5VHTy0YGmZyFzkv3+DuscCL
+JfbdfvPZAmGofIVSpmttsaZ2BZaEir8xgv91c7GUJA/iKRTGK8fS2WHnwcKW1iri
+EYJRfAkCgYEA4sy+ZCRF+NWoRv7QycJaLoExHdTnuZ345UdDGtUhCxDhbI34+SwN
+FZRhDC4KL7CM0cjV9T3FB5/Z/FntI6tF4KOIpZZs+3gdfMwJsUZwW93rR2PZuG7Z
+sW8XOE0KbLTS8DAs+s9iIlFRWevF7gF2hVRor7qfcln2dagjA4A6hz8CgYEAxsFN
+5BjdYYO+rd/kydrbxeSUcizx1bFoP2Ki6wThwQbDkr2OwzMkWpx0NQOK/8jUdVJs
+QSvw8FCz6PV+uLHVWIe1Rf2YiWbfls3JXbAkJgsDihIESWv7Bi5adhHImIimgCbm
+psctkJ7HaYXI867jwsts8MZ6E6YDv6BbqKcl/ekCgYAjEtSyueVUSP5gFFIHkZXO
+sU3+Ngmr6+Es2+tlv+X/RxoFZqNFLWnMl4i2kHwkyeHNI4jrByVsO21DmEiTBo6k
+4cVlDjFGZlnxDcDF+IWxv0z+WlO2MPZbeTmXDFr7Wq9wU5LxKpcbhYXWKR8P4owI
+rHgQDQVRctYpddoMVY03kwKBgHrmm1CZo4MiIS2JTgMXx2B2OOjlK+F04z6WsqFb
+EnH2ycaaWoYPwMIbDqyddT03pVCq1+/wyPsBHE7IR0TUClXFDO2ro8ALEeVBeOvq
++F9h3h1piKcSE1Y+IYfy9TSFA1gpNeUZMu7DkBGLPbiZg5M3kTTNtj0iIh1Dfooq
+WY7JAoGAEzVqgKQ/Hsow2jh+IroSe0K6QVf/cA2tXv0SslaLqA6S6HX94MGOvgKp
++VlabNcvEM44o3XdY1uEW9MtbAvhJ/JIrFVqUUPIBsDrXcQFfcGjlwO3Gw+2sUmv
+MEJP3rRasACUtfwZm3yKS/XrV2zndVuhAk6WAtrwEBIg2tvcVLg=
+-----END RSA PRIVATE KEY-----

nginxbazhong/certs/minio/minio.bazhongfeifu.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGITCCBQmgAwIBAgIQDgGIX2k4drGqYMZBaJ4BJjANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjExMDAwMDAwWhcNMjUwOTA4MjM1OTU5WjAh
+MR8wHQYDVQQDExZtaW5pby5iYXpob25nZmVpZnUuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAsBWcnqcyek0/FedBxERIeuNKnAOklChz/TlxYNoC
+mZTx/rHI5hMFKxVEO9hMhNpWf3i1/ttcn+tP9ihiTL7V7UK4EjtLa0ggEuy8KWhr
+UOdov3rvL1XPocHxuD02JQQ99inqUss5pu/9pTMJBg4FFjSQZWQ8RAeaZp3d32KM
+qJlU/RM1PBkU2D66KAVgPujR7taIqi1yCs4TL8iEe7QXoL+y6un32uoVJEQ3JPOc
+2BNNhH7ZXgNxPpx/kTfYoBU9nCTp/kTQ17PXpYRXOWnzQS8qoijxx+OeO/aGpRm9
+Xn3q+rCLO5c4QImUVTn4urc5jXZnIecQm9cVpjDxMglbVwIDAQABo4IDBjCCAwIw
+HwYDVR0jBBgwFoAUeN+RkF/u3qz2xXXr1UxVU+8kSrYwHQYDVR0OBBYEFKSr7CDt
+4q/hmhl3W8W6sHMOXqZmMD0GA1UdEQQ2MDSCFm1pbmlvLmJhemhvbmdmZWlmdS5j
+b22CGnd3dy5taW5pby5iYXpob25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EM
+AQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAO
+BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGA
+BggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0
+LmNvbTBKBggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Vu
+Y3J5cHRpb25FdmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCC
+AX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA3dzKNJXX4RYF55Uy+sef+D0cUN/b
+ADoUEnYKLKy7yCoAAAGXXgZ9awAABAMASDBGAiEA0fhmYH8IpexdSFeYxPCMM4Gb
+Zf3Koy7X0NQZ1/9vp9wCIQC73UAB7MojMJLfo+TFfg51V+Y6hBkNo85iB/snIdnr
+HgB2AO08S9boBsKkogBX28sk4jgB31Ev7cSGxXAPIN23Pj/gAAABl14GfWwAAAQD
+AEcwRQIhAPHbZSi73F5berZU5CsDQNWOtJCftFxqmUI+lYd39iaCAiBYxkTdm0nW
+bCqDKj+dpPWZm8VF7UX5rzi915XOk+4cyQB2AKRCxQZJYGFUjw/U6pz7ei0mRU2H
+qX8v30VZ9idPOoRUAAABl14GfX8AAAQDAEcwRQIgQKbwxRlSvLoq5C44XgDj4AM+
+05YbQkaDb4feK01q0qwCIQDc7KsXOf+3BPCXp43HK2RFqiEw23R+5SJPQpk7J2aW
+qDANBgkqhkiG9w0BAQsFAAOCAQEATxt05CHKg1/hoHLfZkL0GxKaRVVQkx1RcPBf
+V9bWAYpziY+/SjKEl64pkgCeaad3RyG3i68qjZxemPfH86b7dvsET1MZv1YvpBJR
+NQicKSpa1nUisj5/FjdJuGap1O8XkmnW8SDRoY9940vKJIIGXzhVJCgRqzG8YS7R
+AowfIs518XRF9kmQ9k/poJpf/Y5OkYoEVTiLOAZXzrPYZZ1jc1pDeMbVzLmBUNxU
+YW/BmeEtrKVu74hgZ7pbJqdHqiWgm+fQibFlMucLoS5zQEUJWLmPo2RZtsPoVCEw
+MO7lU9XuD0EQ8yYM4cZEbe04Kn313GELsNbHbedePltW1AMtPg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/certs/oidc/oidc.bazhongfeifu.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEApFXSBtks4CZNCWKuQpDpICcq4tapOf1Vc9W3lcwGDe4PPkrA
+OupPjp3VvQCNtXS9eVYqV28OZuoI4wT3F3cJwVrfO9w0a0Z8Ywyv0IgmKklu4JIv
+/C097Z09V1caL+Om5Ql8I5PBCUht07KA1zx7bFAN5GQxWM2w5SdRA8N8jLt3fGAq
+GsC8v8KBPLPgy64FqQudpwAV4773cleJxtB//bAjzRK2TkyOGqWtw7K9J1w1IMI/
+r0MQDXL093bHfJ2crBcckUEamlywzEAv/9a95SWJD1bfSMKCHB2Nx8RhPfgjliv6
+xayyrsEa2BT6nukTWJ3G0iP0WHt+RNxsTAKXKQIDAQABAoIBACePU0p7wF5LShM+
+0qVKnhwz4ZKOy1ke35HNem7QmQqEat37f7APFMzHuRrRBcwPSMdrUzEOFoD2yOHh
+oZvf95S4y/Fsjp/ebXYoqTBBfjKCz/K2rl9+AqDvT8N1P+QUYOpU8LHd0UPrUCj8
+mSB3Olz2HooDBpASoAliABIwXoy/9w5UROL03dFnIH0iQyw2T12QgHm7avf+Q5CH
+LWoh42PvTMzKtKvf4Ftdyn5h38y4pWT1mzdwMIr0Xn6MjjIGZZDKqmSUnK1Wn0jE
+0OHKEKvmvTAxAVShN4G6DtZW4/iZID/SDcTp7zNcEUP9PcZF57hhfDpNmdQbtZPT
+XZyRgwMCgYEA4Y6EalcXcrQ2+8ih0Lw+zFb8RCGdrCRw+OP15Z/O0VRZB+Ax40CY
+GgPojQKII0iGR05o7k2WBZUnClgmWC+Y98RIERo2KfaUUIXPr5T7NuZXSX4bc1hv
+KE6KyqlqcZjdj1Y43FL8NKfsqzO4vyq6am7CDHZ8wHXTFrs9qNEJ38sCgYEAuoP3
+TGe/1Oy9VLAjOb88BPedW1GCbuJsax2u6/E104gGGgy07HzO3/Wy6mBNsDJhKPdW
+aygpe8dD2kiMpeDAmJ5tk4mv5WdTToqKiO01Cth84ufz0CDNTuZNOtlDOMuArgTE
+IAOwByldKwbS1jcmnp8EgPnRNhz3veEM5R6K3lsCgYEAnRWuLokc8WuE53FhEIgp
+jBIAekqXDq4KZ6wLMrJLTQnbP1rqI4R26ZdTO/FJcpktuzdmaKBsHNM1b0TY3422
+kMeIETEaC7uIq1OlwniVRDTDEZHb+Ebck0uv6Vh3o0l89DhuPTMmJl3Uu563yZsu
+XLVqO1fBph/otOoOFSYQJGUCgYByYcHEIpAbRT/q8sX3gRaOuUfQG9GQrNzuZ9rB
+KUDoQ6/yQ76klPnNkQEzCPI7zvmUxPJDbvLZzN8Iu5s9kvKp5eavJy4u0kndjcrd
+pBL2XsNf5/22spcV/th38YtvBiYZEiUwuPI3wh835sxfwJy3hC+f5RRvSh6IXL6q
+uCtTpwKBgQCbTxrmdd3PGG3eq2We18GYlOoZmNvmtlDI7WrnjPLqC3oNYe/2Cq2L
+gCw6AKzllFmoPcUsc7u+uROTpwr3L/rU9tNcwkViRHpxBR1KnBePLgI9nzOrSEv1
+vlZb4/y56JaX1SL9qxavQz0XryZke0Zqu7d3ngwu0qINvao9iyK4kw==
+-----END RSA PRIVATE KEY-----

nginxbazhong/certs/oidc/oidc.bazhongfeifu.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGHDCCBQSgAwIBAgIQAV7sHSSTHlx7h2Mr/y12nDANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjExMDAwMDAwWhcNMjUwOTA4MjM1OTU5WjAg
+MR4wHAYDVQQDExVvaWRjLmJhemhvbmdmZWlmdS5jb20wggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCkVdIG2SzgJk0JYq5CkOkgJyri1qk5/VVz1beVzAYN
+7g8+SsA66k+OndW9AI21dL15VipXbw5m6gjjBPcXdwnBWt873DRrRnxjDK/QiCYq
+SW7gki/8LT3tnT1XVxov46blCXwjk8EJSG3TsoDXPHtsUA3kZDFYzbDlJ1EDw3yM
+u3d8YCoawLy/woE8s+DLrgWpC52nABXjvvdyV4nG0H/9sCPNErZOTI4apa3Dsr0n
+XDUgwj+vQxANcvT3dsd8nZysFxyRQRqaXLDMQC//1r3lJYkPVt9IwoIcHY3HxGE9
++COWK/rFrLKuwRrYFPqe6RNYncbSI/RYe35E3GxMApcpAgMBAAGjggMCMIIC/jAf
+BgNVHSMEGDAWgBR435GQX+7erPbFdevVTFVT7yRKtjAdBgNVHQ4EFgQU6FdT7bP1
+4TBktgheO0mrMsy82IgwOwYDVR0RBDQwMoIVb2lkYy5iYXpob25nZmVpZnUuY29t
+ghl3d3cub2lkYy5iYXpob25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIB
+MCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNV
+HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggr
+BgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNv
+bTBKBggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5
+cHRpb25FdmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAX0G
+CisGAQQB1nkCBAIEggFtBIIBaQFnAHcAEvFONL1TckyEBhnDjz96E/jntWKHiJxt
+MAWE6+WGJjoAAAGXXgZvWwAABAMASDBGAiEAkGtOl0AFxS2ay8gj8bWDBvKkVUqj
+X11UzuHZUWfsD6YCIQDMugtWkgWLOoJe1za50F7t6Vpo/veP5w9p6gb3yqmIlgB1
+AO08S9boBsKkogBX28sk4jgB31Ev7cSGxXAPIN23Pj/gAAABl14Gb4sAAAQDAEYw
+RAIgXY/GFKH9RC9Uzd9VRrZ//HOkLXLQs88UFJqmX8hdhMMCIF2gk4GkZYwxTfjW
+WlDJVveyf7Fop7JdWiT4XmH9rGzoAHUApELFBklgYVSPD9TqnPt6LSZFTYepfy/f
+RVn2J086hFQAAAGXXgZvoQAABAMARjBEAiBK+YyLE2Iy21HL2TzvvVKC9814mJdH
+7MNl0gzBWbPxlAIgbkqUO9oGeW0iWqHdOaTMmY6ru62++rcMph1Nd+/ffEQwDQYJ
+KoZIhvcNAQELBQADggEBAEJT4lME4qOJu9X7wMDDwncr3ExGoLmXiDOIPczZH+M8
+aNrHduXlN9VsZEICuvZyUDIW8qTQbeRzpZcR1cEcbFiLxMiENtfz9F4yJsO7LaXU
+V6PSpdivAS5uqZuHVKKqdmkzsG96WHMCrnHEzrqVwaH7++3aM8iN81azGBXlaowR
+uVoYBSnSOyxrWwBFAAtt3+lpSbiqwvZ0LJq696uRidLZ3X35jnNhfARXICI5F6Ud
+24C+XU0myEG2pSjvf4td+h+S19tttMdZ5TfO7yeDbJovBcA+MIewHw0iO3bTeCEy
+rXXLrB+WdgFJoN34YZ2agQGar9eSMZeR8+wc6oAfU1A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/certs/srs/srs.bazhongfeifu.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAuUqGvLtgawHTNVNXyxCWCrEfc2tNzCAGpaYM7WEt5Ezp6JLT
+rk+3DmgbRo+oJckyd0eqwLhDEbho+QydB9M/z41Lg6lXhkIWS/66g3udqc+mqfop
+/LEMXhQrxoxG2RWBp4YKIpJ7dkxkFfm8Z3WM4lx5KdWO6IOGmcbEqPr6TCLh1rTJ
+aPIj3hL7SkEb66W3mh46rg4zu+F5SgQTKU3i4ntoCCqFBE6mUuItS4eKaPnesxU9
+dl9aXIhOefijoQfpPQkumwB1H4g6Vd5W/Pa7K5nkzlGQZ2Or6W+7Eexq156vSTkZ
+sqfsUfeI9pmBPOHnMotm6vuj5REy7d9BFCEMCQIDAQABAoIBABECJ3pqmXqpHmSj
+jl2xsObcBGmOsi5TIEO+CYC+w2d/V0IF5vrLZB/P7EperyOCI6jxrK8ScExPnl8s
+ymX9/Q+wcNFDTv6gJrYkyfp+HeZeYnZG5D9xrGjJtuJRB8MvPLQOffQCIzrO31Rp
+v2LLK7qu8gumMqni7OJFGHyfG9u3eIIENZKAZ4Zh5Yh9IA/LarWtfi9k98AWooxa
+11/E6p+FKsIxi4Y6YaL5h7GwZz+RXZh5r7bfijTgL0uULpHP1+8VPWIUHELG6joL
+hlyUg4abdY5F5/0uJLhpApYk2OUF88jzdEcAoq+rc89R+TgeouyY7djPAyI1j+7K
+9LWidNMCgYEA7pGIVA98+TkDzpD8JwImEXeF4BJ3m1p8hW65JhN7NYKLQG+Qj7/c
+X9jMvLO5Rb6TIDuOU/fHmZf7prZ47Nx9LM5ZBGEIWHG0x7jJoo6EioIIBwZYvwRP
+oVgZ9R+HwGxsE4EM+/tUmrA3LyiTk3Rv/W/g5MeIGfozLCSlExFCJV8CgYEAxtRu
+SUaB/t9a4ezTB4alTzTrnD0N54lJb3L5r+ptKUnnZAsd0VUwPmefS2tlZxm2LdEy
+xiaLR/sUlLWZSGVqU9nePRQjfSXAOicaNJRWxDF3wmbWDAQkFNeh1QwOa6gUBvWP
+gZt0wGF7NTmLxlwHmKRPS6Fh/p7XuPBhzDl5n5cCgYAOunFeLy6Z/Ekd4ZmPlvRe
+s7BSKxGzR5zUaAeKMD21CgAq1Dhqh3/Fcw8Av1+6zI8suECLMoriEp34pt9EUEBy
+GbMpMAxh2XM9uUzJel74Zhq0xFGKSWvZHCVOGso4uPjbI2Z30AZjHmnpwWmK+u9H
+CDcsKJ1gbS/nk8OVL8WTpQKBgAUp4ytX/2xFFLElW12oq4ZhE3VdSI0ozZVtYPqm
+lesqli3M9BtJoRUdz88/nMSOsGKEOlNXEOrvpFswVCjDKX2//LuNWFaZsmJQPaf7
+6jzyI/ASh6CMQvuflf5Yb89v8AU2P2HYTbHpVi/NrMmb/j6CleSa7laUfXm6FHAf
+Vf9FAoGALpENzSXno5fcAlfJ21i6gjIbWg0T34YjSjXBjdRopjahBi5uAoLHA422
+xlcBGVptwbMbmwowUQPNioeFUCkqp0tIU02fNbc4ymBXUo5zcvdQQOM8yujmyi6E
+bfy1DiNqXjPtME2T/gPRgQ3+HogXKFd20UlQsfWa9MvSJopsS2U=
+-----END RSA PRIVATE KEY-----

nginxbazhong/certs/srs/srs.bazhongfeifu.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGGjCCBQKgAwIBAgIQCwvAUo+P9At8EgHZ6hTXpzANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjExMDAwMDAwWhcNMjUwOTA4MjM1OTU5WjAf
+MR0wGwYDVQQDExRzcnMuYmF6aG9uZ2ZlaWZ1LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALlKhry7YGsB0zVTV8sQlgqxH3NrTcwgBqWmDO1hLeRM
+6eiS065Ptw5oG0aPqCXJMndHqsC4QxG4aPkMnQfTP8+NS4OpV4ZCFkv+uoN7nanP
+pqn6KfyxDF4UK8aMRtkVgaeGCiKSe3ZMZBX5vGd1jOJceSnVjuiDhpnGxKj6+kwi
+4da0yWjyI94S+0pBG+ult5oeOq4OM7vheUoEEylN4uJ7aAgqhQROplLiLUuHimj5
+3rMVPXZfWlyITnn4o6EH6T0JLpsAdR+IOlXeVvz2uyuZ5M5RkGdjq+lvuxHsatee
+r0k5GbKn7FH3iPaZgTzh5zKLZur7o+URMu3fQRQhDAkCAwEAAaOCAwEwggL9MB8G
+A1UdIwQYMBaAFHjfkZBf7t6s9sV169VMVVPvJEq2MB0GA1UdDgQWBBQElt5mBxsV
+PXrH9IfgRMfSmPg0iTA5BgNVHREEMjAwghRzcnMuYmF6aG9uZ2ZlaWZ1LmNvbYIY
+d3d3LnNycy5iYXpob25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkw
+JwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEF
+BQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBK
+BggrBgEFBQcwAoY+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRp
+b25FdmVyeXdoZXJlRFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisG
+AQQB1nkCBAIEggFuBIIBagFoAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE
+6+WGJjoAAAGXXgZ3kwAABAMARzBFAiA6RzjH1ZkJyJ8QMwU6u5EYEXM+HFZ+Xwro
+CmUjYOBUbAIhANiVRUsFVrzkLzA6hlR2IjWJ+Jhio27vQjqpK7AjEZ+tAHYA7TxL
+1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXXgZ3wAAABAMARzBFAiB6
+aKqYsU1w+Cz4Y5FCVcrpkAKZGRGBg+W9ua45Ve4u6QIhANVAUFO4CMACa2s1QcOb
+xLZgVeC7+Tfc34YC7NqUja+SAHYApELFBklgYVSPD9TqnPt6LSZFTYepfy/fRVn2
+J086hFQAAAGXXgZ32AAABAMARzBFAiAgiIjVG3Q1cxqtXB0yi4skAZU1NjRtqo7F
+4srPW3GEuAIhAN1CblEdqUuubi2cuPXqGpQ33m3MnbmjTkYUNZ5FfW2iMA0GCSqG
+SIb3DQEBCwUAA4IBAQAxoC1+4FgBQfZ/8C3XcRCQQx+CeQ3g2NtfhYnoEiavLxfp
+f7srNes4SPoGinSysGp9PPXeb1T8HIViL6kqM+ao/ch+0WS1HZLHksAjjgj5k22e
+2EuZcPRB0Q9RxvPMNYZOOMpkmaPaSua+ovRW7afK8YlW1lQ6gdyD0QtGMTBDDxyI
+Q84DUZIaofTbLxALwGMrRy9NAzdkkcZkcWKyRiUeeZ5TX/xRaQ1KHlYmk3bB0ZIX
+dym9S0wl/yju8qLerdzFaEBk/eVRoKwbPjkYyHUzGT2YTXRzk4J0LZ8l14PuA/c+
+cxaz9e+qsyFCtTh6+wFYJWpUYmIb9apbG4uYN587
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/replace_vars.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+echo "开始替换配置文件中的环境变量..."
+
+# 检查vhosts目录是否存在
+if [ ! -d "vhosts" ]; then
+    echo "错误: vhosts目录不存在!"
+    exit 1
+fi
+
+# 检查vhosts目录中是否有配置文件
+if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
+    echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
+fi
+
+# 创建临时目录
+TEMP_DIR="temp_vhosts"
+rm -rf $TEMP_DIR
+mkdir -p $TEMP_DIR
+
+# 处理所有.conf文件，替换环境变量，跳过cert目录
+for conf_file in vhosts/*.conf; do
+    # 检查文件是否存在(处理无匹配文件的情况)
+    if [ ! -f "$conf_file" ]; then
+        continue
+    fi
+    
+    # 跳过cert目录中的文件
+    if [[ "$conf_file" == *"/cert/"* ]]; then
+        continue
+    fi
+    
+    filename=$(basename "$conf_file")
+    echo "处理文件: $filename"
+    
+    # 读取原始文件内容
+    content=$(cat "$conf_file")
+    
+    # 获取所有环境变量（包括export和非export的）
+    # 使用set命令获取所有变量，然后过滤出大写字母开头的变量
+    env_vars=$(set | grep -E "^[A-Z_]+=" | cut -d= -f1)
+    
+    # 逐个替换环境变量
+    for var_name in $env_vars; do
+        # 使用eval获取变量值，这样可以处理包含特殊字符的值
+        eval "var_value=\$$var_name"
+        if [ ! -z "$var_value" ]; then
+            # 使用更安全的变量替换方法
+            pattern="\\\${$var_name}"
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
+            echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
+        fi
+    done
+    
+    # 写入处理后的内容到临时文件
+    echo "$content" > "$TEMP_DIR/$filename"
+    
+    echo "  文件处理完成: $filename"
+done
+
+echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
+echo "请检查替换结果，确认无误后运行 build_image.sh 构建镜像" 

nginxbazhong/vhosts/cert/t-aaron.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzgFo1avCs7whcfARpcr/SfBxY2QY+tsiJIDdueMIU30g0wOa
+oAKUR1pTQvXgUfQUpqc1CQTLI/NuxxOI9+VKIs3XreqC1GGE8tsKhiarYgKxg2hT
+pONRGvgJY9k8v0ivZ8pnh82+5T62P3sMxnXl92MboZ2QNG93eOvm6hLjYYgia0J5
+xGJF3UH3fkDmEFkcBei8cLzcZ7E6F4+z9/6rGCsGVeXMvOBH8DDooCrGgY/Q4DXF
+NgRUQcAZiY+xHyWE9AkqQsMN5S00GLmmVZzUYJT7Yab8pBMzS2JjSz8zEUSC79fj
+9go8LRVh9kGj49xkqBDZ061D7Bf7AKKxeYf2pQIDAQABAoIBAENRyZj9urAym/lY
+WuQDjN50QRGaTeF4R9WG+S48R2XFH7tlU5vTi/IvTcM1h1swuKjnPlkWpG24qOxM
+cXeVCd+Kxd8TIjLWNXSJaQyCyYHLYIgRSTg6grAd+y+Sd5wI3C0+Qwvpi+btUfA3
+vWqDb6Wi0Q5E57GC9Zdh+8Flb8HYfS2oUCa+ybV7haugBxVJ6wfDJ6ap8U2tAs4r
+FsfWntb01j57crr851pRFPZduB6UrQyOIdOiEzQatHfF9fUBIPMojAQkjZ7oXKUD
+rkK+AiW8wjp8b1QtM98d2EZ6PY6CCIIA7pW1Km7mn/tcayCLOP+Wp9wuvXzfcFfr
+ZBkwGhcCgYEA8AvcnZfU3GpG4Mj6Y2xVo4CnpEGtZXsCBNaTvEiHmB0S00cKJW8O
+bGBJ427Okwh7SMlKwgbq3G3zwPLysLyUkUyzhUNg1jLOYoWgjVmneqEnfFBc50PD
+4f9PLVI4BR+JhiE3yKf6KWGFGPBD8AuO0t8SE5eewbHuvsU0SANHxrcCgYEA27Jg
+5Uy81mtJOevK4sESf5U0MRpVBAuDsqeipXb+Et9RldfVj4wgEI+UmScSdGmGedB8
+hcieQR7WN/xWa35vPmUTrv6NVJCPdl8jgXa9kkQ4G14FtM8wb3UvqUV7V5rYlwYD
+IKiMClrzLuAhO/DZ4ksl4WmfMMydcZNt7wEd8YMCgYEAuZLh/i9HzxKWMucMs1oo
+JpuqflCL5V0gJW9hjPihYtZvHEjaLjBZ/Sy/UoTyTDcNYCrFkZRZcwnJnIv1VO6l
+CGM8kbSSI2Xpqb7WbRA3apU1emSCPgNkZs3Cfy4FwugroDcD8iryOZV7mNj+HJBC
+3QC4786SW/nbsT2xek6W6acCgYEAvctvbAiMRsyumQw73QMg4Plb+mOeOH1eC/RI
+TZvryRAGImYwh+9tMAFqRZj8l3cmhov3V3hGR0nFlN45Jmo23ndhttcP75NnbMKq
+IMkc4oRu2C20zkwDsvZQ83IkKT2LiYTXJNqXCMcjuUZFT8w13wo+smqV7QmHprvP
+yB9159MCgYEAl01MZAXTv78FqSmwHuHVLJIUbNOD634jnSTAevqmlmBNshiOnBB4
+nK9u6Y1EXHtGhvC7sKI9TxP8qa/c/Wy83RlNZITnqSYbr8rUd4QVaT7W9cvUXqDk
+8uyXWb83uhT42a5F1HIidVM0gdkYCCsDOXwVGwluYIOO7yGScW9XaM0=
+-----END RSA PRIVATE KEY-----

nginxbazhong/vhosts/cert/t-aaron.com.pem

@@ -0,0 +1,62 @@
+-----BEGIN CERTIFICATE-----
+MIIGDjCCBPagAwIBAgIQAtO0spBILr9/eGiyXYuDDTANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzIwHhcNMjUwNjA0MDAwMDAwWhcNMjUwOTAxMjM1OTU5WjAb
+MRkwFwYDVQQDExBiYXpob25nZmVpZnUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAzgFo1avCs7whcfARpcr/SfBxY2QY+tsiJIDdueMIU30g0wOa
+oAKUR1pTQvXgUfQUpqc1CQTLI/NuxxOI9+VKIs3XreqC1GGE8tsKhiarYgKxg2hT
+pONRGvgJY9k8v0ivZ8pnh82+5T62P3sMxnXl92MboZ2QNG93eOvm6hLjYYgia0J5
+xGJF3UH3fkDmEFkcBei8cLzcZ7E6F4+z9/6rGCsGVeXMvOBH8DDooCrGgY/Q4DXF
+NgRUQcAZiY+xHyWE9AkqQsMN5S00GLmmVZzUYJT7Yab8pBMzS2JjSz8zEUSC79fj
+9go8LRVh9kGj49xkqBDZ061D7Bf7AKKxeYf2pQIDAQABo4IC+TCCAvUwHwYDVR0j
+BBgwFoAUeN+RkF/u3qz2xXXr1UxVU+8kSrYwHQYDVR0OBBYEFLIceIQ5LJOX4ptc
+IrLcQtSWeK1iMDEGA1UdEQQqMCiCEGJhemhvbmdmZWlmdS5jb22CFHd3dy5iYXpo
+b25nZmVpZnUuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEW
+G2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEFBQcBAQR0MHIwJAYI
+KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBKBggrBgEFBQcwAoY+
+aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25FdmVyeXdoZXJl
+RFZUTFNDQS1HMi5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFu
+BIIBagFoAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGXOlrz
+oQAABAMARzBFAiEA3DKltxu2NdGZVRizCnsMcQrjsdUfOfeK7Gi89/mi6XgCIDAC
+e3cklysIbPpFN2CXHCUqGN8nnTEf1EfuInmbjYnfAHUA7TxL1ugGwqSiAFfbyyTi
+OAHfUS/txIbFcA8g3bc+P+AAAAGXOlrz3QAABAMARjBEAiAeEtD8KpJChGqkTzjc
+6GQMoMpV9Oo2EZq/Nk91/jAH6wIgd3U+dEc9iBMS70/XI0Az+2bWtV3NYQj8yId1
+YXJt8+kAdwCkQsUGSWBhVI8P1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZc6WvPx
+AAAEAwBIMEYCIQCZ/7QxFonLcR9P+7zvo9vMafvuLBkYhSL8buUagf1shwIhAMLQ
+KyeHtn8AN8Ul7pGU/2KeNBVfuz6ZoIsM7AfVTskiMA0GCSqGSIb3DQEBCwUAA4IB
+AQDH+Xvw+aTHuefPxEj2j6QDB5j8Q0VJNs5o9KKRRuTFrlchR1dRl2SmZDvB0EbO
+ocgq3eGy676vFR06oLTIS3XrsmNWelE6oHlLLs1fHVfHI5s40MfbOWycdCO8i1rz
+Fl/FzFR/Rv2hjMrP0gme9jnt4k3y9WT38P9M6ncaP4ELZxbJyeSQ9AhEmzw+k8iI
+R+bPU4DILDfy81FJJuGVnu1iF7IFZMJ8O2xZWdBXGW1HI4a7Ls0v97enOnmH/yZH
+v1OpGI88+NjmU0ucV7pEYoSYCFCl/Hs/LsqR0FrYehp9rl1iEemJjq7DlCC/mhHF
+McoTlrWas0Qj7jriMohfwYWg
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
+eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
+NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
+QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
+NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
+ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
+lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
+BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
+L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
+98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
+xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
+GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
+n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
+-----END CERTIFICATE-----

nginxbazhong/vhosts/consul.conf

@@ -0,0 +1,17 @@
+
+server {
+    listen 80;
+    server_name ${CONSUL_DOMAIN};
+
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location / {
+        proxy_pass http://${CONSUL_NAME}:8500;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/dsp.conf

@@ -0,0 +1,39 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${DSP_DOMAIN};
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/dsp.pem;
+        ssl_certificate_key /etc/nginx/dsp.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /api {
+                proxy_pass http://HOSTNAMEIP:7021;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxbazhong/vhosts/hhz.conf

@@ -0,0 +1,54 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${HHZ_DOMAIN};
+        root /data/tuoheng_hhz_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/hhz.pem;
+        ssl_certificate_key /etc/nginx/hhz.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        
+        location /permission {
+                proxy_pass http://${HHZ_ADMIN_NAME}:9055;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /wxapp {
+                proxy_pass http://${HHZ_API_NAME}:9056/api;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /hhz {
+                proxy_pass http://HOSTNAMEIP:7021/hhz;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxbazhong/vhosts/minio.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/minio.pem;
+    ssl_certificate_key /etc/nginx/minio.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /th-airport/ {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+     	# 添加以下 header 配置
+     	add_header Content-Disposition "attachment";
+    	add_header Content-Type "application/octet-stream";
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/minioconsole.conf

@@ -0,0 +1,17 @@
+
+server {
+    listen 80;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/oidcservice.conf

@@ -0,0 +1,32 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/oidc.pem;
+    ssl_certificate_key /etc/nginx/oidc.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${OIDC_SERVER_NAME}:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
+    }
+
+    location /oidc {
+        proxy_pass http://gatewayService;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

nginxbazhong/vhosts/srs.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/srs.pem;
+    ssl_certificate_key /etc/nginx/srs.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginxbazhong/vhosts/upstream.conf

@@ -0,0 +1,3 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}

nginxbazhong/vhosts/xxljob.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name ${XXLJOB_DOMAIN};
+
+    # SSL证书配置
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location / {
+        proxy_pass http://${XXLJOB_NAME}:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+                                 

nginxdashuju/Dockerfile.nginx

@@ -0,0 +1,40 @@
+FROM nginx:latest
+
+# 删除默认的nginx配置
+RUN rm -rf /etc/nginx/conf.d/*
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 创建目标目录
+RUN mkdir -p /data/tuoheng_airport_web/dist
+RUN mkdir -p /data/tuoheng_hhz_web/dist
+RUN mkdir -p /data/tuoheng_business_web/dist
+
+# 创建视频录制和图片的地址
+RUN mkdir -p /data/recording
+RUN mkdir -p /data/srs
+
+# 复制temp_vhosts配置到nginx配置目录
+COPY temp_vhosts/ /etc/nginx/conf.d/
+
+# 复制SSL证书文件到nginx目录
+COPY vhosts/cert/t-aaron.com.pem /etc/nginx/t-aaron.com.pem
+COPY vhosts/cert/t-aaron.com.key /etc/nginx/t-aaron.com.key
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+# 复制 AIRPORT_WEB_DIST 目录下的文件到容器中
+COPY airport_web_dist/ /data/tuoheng_airport_web/dist/
+COPY hhz_admin_web_dist/ /data/tuoheng_hhz_web/dist/
+COPY business_web_dist/ /data/tuoheng_business_web/dist/
+
+# 设置正确的权限
+RUN chmod 644 /etc/nginx/t-aaron.com.pem /etc/nginx/t-aaron.com.key && \
+    chmod -R 755 /data/tuoheng_airport_web/dist
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+
+# 暴露端口
+EXPOSE 80 443
+
+# 启动nginx
+CMD ["nginx", "-g", "daemon off;"] 

nginxdashuju/build.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# 这个脚本现在只是一个包装器，调用两个新脚本
+
+echo "步骤1: 替换配置文件中的环境变量..."
+./replace_vars.sh
+
+# 检查替换结果是否成功
+if [ $? -ne 0 ]; then
+    echo "错误: 变量替换失败，中止构建"
+    exit 1
+fi
+
+#echo ""
+echo "变量替换已完成，请检查 temp_vhosts/ 目录中的文件"
+#echo "确认替换结果无误后，按回车键继续构建镜像，或按Ctrl+C取消"
+#read -p ""
+
+echo ""
+echo "步骤2: 构建Nginx镜像..."
+echo "注意: SSL证书文件将从vhosts/cert/目录复制到镜像中的/etc/nginx/目录"
+./build_image.sh

nginxdashuju/build_image.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+# 设置Nginx镜像名称（如果环境变量中未定义）
+if [ -z "${NGINX_IMAGE}" ]; then
+    export NGINX_IMAGE="${REGISTRY_HOST}nginx:${DOMAIN}"
+fi
+
+echo "开始构建Nginx镜像: ${NGINX_IMAGE}"
+
+# 检查临时目录是否存在
+TEMP_DIR="temp_vhosts"
+if [ ! -d "$TEMP_DIR" ]; then
+    echo "错误: $TEMP_DIR 目录不存在! 请先运行 replace_vars.sh 脚本"
+    exit 1
+fi
+
+# 检查临时目录中是否有配置文件
+if [ -z "$(ls -A $TEMP_DIR)" ]; then
+    echo "警告: $TEMP_DIR 目录为空，将使用空配置构建镜像"
+fi
+
+# 检查SSL证书文件是否存在
+if [ ! -f "vhosts/cert/t-aaron.com.pem" ] || [ ! -f "vhosts/cert/t-aaron.com.key" ]; then
+    echo "警告: SSL证书文件不存在于vhosts/cert/目录中"
+    echo "预期的证书文件位置: vhosts/cert/t-aaron.com.pem 和 vhosts/cert/t-aaron.com.key"
+    echo "Nginx容器的SSL功能可能无法正常工作"
+fi
+
+# 检查 AIRPORT_WEB_DIST 目录是否存在
+if [ -z "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 环境变量未设置!"
+    exit 1
+fi
+
+if [ ! -d "${AIRPORT_WEB_DIST}" ]; then
+    echo "错误: AIRPORT_WEB_DIST 目录不存在: ${AIRPORT_WEB_DIST}"
+    exit 1
+fi
+
+if [ ! -d "${HHZ_ADMIN_WEB_DIST}" ]; then
+    echo "错误: HHZ_ADMIN_WEB_DIST 目录不存在: ${HHZ_ADMIN_WEB_DIST}"
+    exit 1
+fi
+
+# 每增加一个前端项目，需要在这里添加一个临时目录，并复制文件；Dockerfile.nginx 中也要添加一个COPY命令
+echo "创建临时目录并复制 AIRPORT_WEB_DIST 文件..."
+rm -rf airport_web_dist
+mkdir -p airport_web_dist
+cp -r "${AIRPORT_WEB_DIST}"/* airport_web_dist/
+
+rm -rf hhz_admin_web_dist
+mkdir -p hhz_admin_web_dist
+cp -r "${HHZ_ADMIN_WEB_DIST}"/* hhz_admin_web_dist/
+
+rm -rf business_web_dist
+mkdir -p business_web_dist
+cp -r "${BUSINESS_WEB_DIST}"/* business_web_dist/
+
+
+
+# 构建Docker镜像
+echo "使用Dockerfile.nginx构建镜像..."
+docker build -t ${NGINX_IMAGE} -f Dockerfile.nginx .
+
+# 清理临时目录
+rm -rf airport_web_dist
+rm -rf hhz_admin_web_dist
+
+# 检查构建结果
+if [ $? -eq 0 ]; then
+    echo "Nginx镜像构建成功: ${NGINX_IMAGE}"
+    
+    # 推送到镜像仓库（如果需要）
+    echo "推送镜像到仓库: ${NGINX_IMAGE}"
+    docker push ${NGINX_IMAGE}
+    
+    if [ $? -eq 0 ]; then
+        echo "镜像推送成功!"
+    else
+        echo "警告: 镜像推送失败!"
+    fi
+else
+    echo "错误: Nginx镜像构建失败!"
+    exit 1
+fi
+
+echo "Nginx镜像构建和推送完成!"
+echo "SSL证书已被包含在镜像中，位于/etc/nginx/目录下"
+echo "AIRPORT_WEB_DIST 文件已被复制到镜像中的 /data/tuoheng_airport_web/dist 目录" 

nginxdashuju/replace_vars.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# 加载环境变量
+source ../environment.sh
+
+echo "开始替换配置文件中的环境变量..."
+
+# 检查vhosts目录是否存在
+if [ ! -d "vhosts" ]; then
+    echo "错误: vhosts目录不存在!"
+    exit 1
+fi
+
+# 检查vhosts目录中是否有配置文件
+if [ -z "$(ls -A vhosts/*.conf 2>/dev/null)" ]; then
+    echo "警告: vhosts目录中没有.conf文件，没有配置文件需要处理"
+    exit 0
+fi
+
+# 创建临时目录
+TEMP_DIR="temp_vhosts"
+rm -rf $TEMP_DIR
+mkdir -p $TEMP_DIR
+
+# 处理所有.conf文件，替换环境变量，跳过cert目录
+for conf_file in vhosts/*.conf; do
+    # 检查文件是否存在(处理无匹配文件的情况)
+    if [ ! -f "$conf_file" ]; then
+        continue
+    fi
+    
+    # 跳过cert目录中的文件
+    if [[ "$conf_file" == *"/cert/"* ]]; then
+        continue
+    fi
+    
+    filename=$(basename "$conf_file")
+    echo "处理文件: $filename"
+    
+    # 读取原始文件内容
+    content=$(cat "$conf_file")
+    
+    # 获取所有环境变量（包括export和非export的）
+    # 使用set命令获取所有变量，然后过滤出大写字母开头的变量
+    env_vars=$(set | grep -E "^[A-Z_]+=" | cut -d= -f1)
+    
+    # 逐个替换环境变量
+    for var_name in $env_vars; do
+        # 使用eval获取变量值，这样可以处理包含特殊字符的值
+        eval "var_value=\$$var_name"
+        if [ ! -z "$var_value" ]; then
+            # 使用更安全的变量替换方法
+            pattern="\\\${$var_name}"
+            
+            # 转义特殊字符
+            escaped_value=$(echo "$var_value" | sed 's/[\/&]/\\&/g')
+            echo "  替换变量: ${pattern} -> $var_value"
+            content=$(echo "$content" | sed "s|${pattern}|${escaped_value}|g")
+        fi
+    done
+    
+    # 写入处理后的内容到临时文件
+    echo "$content" > "$TEMP_DIR/$filename"
+    
+    echo "  文件处理完成: $filename"
+done
+
+echo "环境变量替换完成! 替换后的文件位于 $TEMP_DIR/ 目录"
+echo "请检查替换结果，确认无误后运行 build_image.sh 构建镜像" 

nginxdashuju/vhosts/airport.conf

@@ -0,0 +1,92 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${AIRPORT_DOMAIN};
+        root /data/tuoheng_airport_web/dist;
+
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+        add_header X-Frame-Options ALLOWALL;
+
+        add_header 'Access-Control-Allow-Origin' 'https://${BUSINESS_DOMAIN_FULL}' always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
+
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${AIRPORT_DOMAIN} https://${AIRPORT_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /airport {
+
+            # 先清除后端返回的 CORS 相关头
+            proxy_hide_header Access-Control-Allow-Origin;
+            proxy_hide_header Access-Control-Allow-Credentials;
+            proxy_hide_header Access-Control-Allow-Headers;
+            proxy_hide_header Access-Control-Allow-Methods;
+            proxy_hide_header Access-Control-Max-Age;
+            proxy_hide_header Access-Control-Expose-Headers;
+
+            add_header 'Access-Control-Allow-Origin' "https://${BUSINESS_DOMAIN_FULL}" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With, client-id' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Max-Age' 1728000 always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Type, Authorization, client-id' always;
+            add_header 'Vary' 'Origin' always;
+            add_header 'Content-Security-Policy' "frame-ancestors *" always;
+            add_header X-Frame-Options ALLOWALL always;
+
+            if ($request_method = 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' "https://${BUSINESS_DOMAIN_FULL}" always;
+                add_header 'Access-Control-Allow-Credentials' 'true' always;
+                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With, client-id' always;
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+                add_header 'Access-Control-Max-Age' 1728000 always;
+                add_header 'Access-Control-Expose-Headers' 'Content-Type, Authorization, client-id' always;
+                add_header 'Vary' 'Origin' always;
+                add_header 'Content-Security-Policy' "frame-ancestors *" always;
+                add_header X-Frame-Options ALLOWALL always;
+                add_header 'Content-Length' 0;
+                add_header 'Content-Type' 'text/plain; charset=utf-8';
+                return 204;
+            }
+
+            proxy_pass http://gatewayService/airport;
+            proxy_set_header Host $host;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+        
+        location /permission {
+             proxy_pass http://airportService/permission;
+             proxy_set_header Host $host;
+             proxy_set_header X-Real-IP $remote_addr;
+             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }

nginxdashuju/vhosts/business.conf

@@ -0,0 +1,56 @@
+    server
+    {
+        listen 80;
+        listen 443 ssl;
+        server_name ${BUSINESS_DOMAIN};
+        root /data/tuoheng_business_web/dist;
+        client_max_body_size 2g;
+        # SSL证书配置
+        ssl_certificate /etc/nginx/t-aaron.com.pem;
+        ssl_certificate_key /etc/nginx/t-aaron.com.key;
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+
+        # 开启gzip功能
+        gzip on;
+        gzip_min_length 10k;
+        gzip_comp_level 9;
+        gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
+        gzip_vary on;
+        gzip_disable "MSIE [1-6]\.";
+
+
+        location /{
+            try_files $uri $uri/ @router;
+            index index.html;
+            proxy_redirect http://${BUSINESS_DOMAIN} https://${BUSINESS_DOMAIN_FULL};
+        }
+
+        location @router{
+            rewrite ^.*$ /index.html last;
+        }
+
+        location /permission {
+            proxy_pass http://businessService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        location /business-mini {
+            proxy_pass http://gatewayService;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+       location /business {
+            proxy_pass http://gatewayService/business;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       }
+  
+    }

nginxdashuju/vhosts/cert/t-aaron.com.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
++5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
+i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
+xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
+2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
+5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
+Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
+z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
+jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
+X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
+/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
+smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
+1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
+rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
+iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
+Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
+lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
+DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
+44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
+8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
+m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
+XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
+N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
+a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
+vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
+-----END RSA PRIVATE KEY-----

nginxdashuju/vhosts/cert/t-aaron.com.pem

@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
+MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
+LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
+rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
+e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
+8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
+f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
+m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
+TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
+7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
+HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
+DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
+BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
+TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
+cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
+cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
+/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
+95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
+6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
+6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
+1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
+m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
+ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
+/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
+4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
+mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
+Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
+QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
+7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
+k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
+ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
+NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
+8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
+5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
+n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
+YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
+IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
+BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
+HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
+b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
+BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
+CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
+SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
+CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
+0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
+zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
+44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
+8o34/m8Fxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
+ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
+jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
+AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
+aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
+L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
+Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
+hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
+Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
+kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
+bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
+axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
+pbo=
+-----END CERTIFICATE-----

nginxdashuju/vhosts/consul.conf

@@ -2,7 +2,7 @@
 server {
     listen 80;
     listen 443 ssl;
-    server_name consul-bazhong.t-aaron.com;
+    server_name ${CONSUL_DOMAIN};
 
     ssl_certificate /etc/nginx/t-aaron.com.pem;
     ssl_certificate_key /etc/nginx/t-aaron.com.key;
@@ -12,7 +12,7 @@ server {
     ssl_prefer_server_ciphers on;
 
     location / {
-        proxy_pass http://CONSUL_bazhong:8500;
+        proxy_pass http://${CONSUL_NAME}:8500;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginxdashuju/vhosts/minio.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /th-airport/ {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+     	# 添加以下 header 配置
+     	add_header Content-Disposition "attachment";
+    	add_header Content-Type "application/octet-stream";
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+    location /ta-tech-image/DJIimage {
+        add_header Content-Disposition 'attachment; filename="$arg_filename"';
+        add_header x-oss-force-download 'true';
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9000;
+    }
+
+
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/minioconsole.conf

@@ -0,0 +1,20 @@
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${MINIO_CONSOLE_DOMAIN};
+
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${MINIO_NAME}:9001;
+    }
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/oidcservice.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    listen 3443 ssl;
+    server_name ${OIDC_SERVER_DOMAIN};
+
+    # SSL证书配置
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_pass http://${OIDC_SERVER_NAME}:8090;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 只添加这一行来修复重定向
+        proxy_redirect http://${OIDC_SERVER_DOMAIN} https://${OIDC_DOMAIN_FULL};
+    }
+}

nginxdashuju/vhosts/srs.conf

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name ${SRS_DOMAIN};
+    client_max_body_size 2g;
+    ssl_certificate /etc/nginx/t-aaron.com.pem;
+    ssl_certificate_key /etc/nginx/t-aaron.com.key;
+    ssl_session_timeout 5m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header  X-Real-IP    $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://${SRS_NAME}:8080;
+    }
+
+    location /recording/ {
+        alias /data/recording/;
+        autoindex on;
+        autoindex_exact_size off;
+        autoindex_localtime on;
+        charset utf-8;
+        
+        # 允许所有文件类型访问
+        include mime.types;
+        default_type application/octet-stream;
+        
+        # 添加一些基本的访问控制
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, HEAD';
+        
+        # 配置文件下载时的行为
+        if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|jpeg|png|gif|svg|mp3|mp4|wav|avi|mov|wmv|flv|mkv)$) {
+            add_header Content-Disposition 'attachment';
+        }
+    }
+}                                                                                                                                                                                                                                                 

nginxdashuju/vhosts/upstream.conf

@@ -0,0 +1,11 @@
+upstream gatewayService {
+    server ${GATEWAY_NAME}:7011;
+}
+
+upstream airportService {
+    server ${AIRPORT_NAME}:9060;
+}
+
+upstream businessService {
+    server ${BUSINESS_NAME}:9260;
+}