| docker/docker-compose.yml | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| docker/nginx/conf/conf.d/ssl/ssl2035.crt | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| docker/nginx/conf/conf.d/ssl/ssl2035.key | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| docker/nginx/conf/nginx.conf | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 |
docker/docker-compose.yml
@@ -46,7 +46,7 @@ interval: 10s timeout: 2s retries: 3 start_period: 10s start_period: 7s ports: - 8080:8080 - 8848:8848 @@ -57,7 +57,7 @@ privileged: true networks: - network-jhs restart: always #restart: always # redis redis: image: redis:7 @@ -116,12 +116,13 @@ image: nginx:1.29 ports: - 80:80 - 443:443 environment: TZ: Asia/Shanghai volumes: - ./nginx/logs:/var/log/nginx #- ./nginx/conf.d:/etc/nginx/conf.d - ./nginx/html:/usr/share/nginx/html - ./nginx/conf/conf.d:/etc/nginx/conf.d - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf depends_on: - gateway docker/nginx/conf/conf.d/ssl/ssl2035.crt
对比新文件 @@ -0,0 +1,24 @@ -----BEGIN CERTIFICATE----- MIID9zCCAt+gAwIBAgIUYsseD8Of/+aDbUUkcyu3cxoryggwDQYJKoZIhvcNAQEL BQAwgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRAwDgYDVQQHDAdC ZWlKaW5nMRAwDgYDVQQKDAd0ZXJyYWl0MRAwDgYDVQQLDAd0ZXJyYWl0MRIwEAYD VQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEDI1Mjc0MDQ1NEBxcS5jb20w HhcNMjUwNzA0MDQxNzI5WhcNMzUwNzAyMDQxNzI5WjCBijELMAkGA1UEBhMCQ04x EDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxEDAOBgNVBAoMB3Rl cnJhaXQxEDAOBgNVBAsMB3RlcnJhaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0G CSqGSIb3DQEJARYQMjUyNzQwNDU0QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAIZic158SDVpEaG8/2OGUTas7avhxZshEljysTglFCsZ7G0O uqspsBxn73gwkUHPX69PYUMb2MKez2cYsg5rdlO7HVhINPUKCCIq1g2aIoc1FCII 1Ism3chWNpxFPwxsTDwNYTzX1EUI5+j+v5s7XGYuUg5ZXbxgDS680zab03gbUsfA SS8Z9AwiqVY2zx57nsfNObhuG91Y+hKrQT/7j3b28TuzuVRsxCdX85zs75Ouv3Rj a3VcAM031WFJyDqD/eGJ9qHXJsm/FljfTelMjUZzDO2elWC/TvFyUsdw0T+utReR xi8easFwS1iLGpBtsr+rc11Nyn7pAL/iU9ghQP8CAwEAAaNTMFEwHQYDVR0OBBYE FFbRdA0156Cucd84iOmQBmunBHXuMB8GA1UdIwQYMBaAFFbRdA0156Cucd84iOmQ BmunBHXuMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGOJEY2l Sqf7h3Vhuu/pRP3szEYCQ//NKPxhOiGynKjAsmBFMbDX6FO3k4201zHsAHqe70r5 y+UImQWdwptVhzFxrrCo8IY7ic58vcVJWqwDLP7QeJ+N9PxcgSA1aQmEjufSk8Hu QJozYwiumqiRHC+mvuScP9U+BlZ/GMixtIWFwfFokWvQ8QmVZTeIxJepHY0i6Mzl dXr5JRt8VrbrR4w8s4e6P9VQRV0P8spjixd0BXRHXJznLdlU9/ZWQYyTfwWMhk6y Bmth/Hrju2ikg1G9YnI69SnlLGXyE7OwD17hV4W+n/0O6xAz0yBkFQddt6JlBwCH fWvWidy4Wml4cHw= -----END CERTIFICATE----- docker/nginx/conf/conf.d/ssl/ssl2035.key
对比新文件 @@ -0,0 +1,28 @@ -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCGYnNefEg1aRGh vP9jhlE2rO2r4cWbIRJY8rE4JRQrGextDrqrKbAcZ+94MJFBz1+vT2FDG9jCns9n GLIOa3ZTux1YSDT1CggiKtYNmiKHNRQiCNSLJt3IVjacRT8MbEw8DWE819RFCOfo /r+bO1xmLlIOWV28YA0uvNM2m9N4G1LHwEkvGfQMIqlWNs8ee57HzTm4bhvdWPoS q0E/+4929vE7s7lUbMQnV/Oc7O+Trr90Y2t1XADNN9VhScg6g/3hifah1ybJvxZY 303pTI1GcwztnpVgv07xclLHcNE/rrUXkcYvHmrBcEtYixqQbbK/q3NdTcp+6QC/ 4lPYIUD/AgMBAAECggEAD/t+LHBBh5X4Z9uk0BRgbPfsyF1wn/4zQsA9EtKuGbYv 59ncROZksJbX5IZ6MBvWuHCLaRd9vx/IxkJ/TWG7JULYFEYk2OPENd68WHUgGCPY QiKkt0FRworRBzg2bbwk5kYnw2cJMttX9t5IBtFCMFDf/MmPcWDxuxZFVHWnP93B QIqWe44pB2BkHlO30bDVK9Brvn8tB2M7VMSiS2vLBCxfZ2fjMqLSjkpI3RxjQnYk SygDcKCfovFOPRKD/rFyyAfbEvwsY/8/F2ZsMPwWeeaEcaadjLf0DfSXeXOd711S vkkgpn2pj3I2v6S0QcQRAi5SaLVTRKat77tSW39eYQKBgQC5miE/eTFzRSYNC7Rk GTL9A4aDPp+ZlN+sR5cFD/dAW6YNTFzeakIUd7Oc9YgycY45fPCtR+uXElXAv+TP ec+pq4CiVOqXVig1S2a68fyLaO11QhJoovJPAUEBoahXEnLpUTBtgjlCadl0D29F 7f/72hqezl5bIc79NdT33xfjkQKBgQC5WyB83oP9sxzyKpyqtt+tQH8AK5taW9JS RWSEAWWXM4Ju/owvfmG885dcIwiLHcR39ENfZoJ1Mi0A7B+aJ3LuYLaUdjOJIPyb Lq6BzAaCIkmH2wF3ZYrZAnzVf3//uPeKtk08ne4DT+DSbebEsITmJtPeQeQgWhIZ 1onK8B9zjwKBgDiClzDuQ4InQaijMa9whLfIhQIc5Rcr3tZjjbW64Ls1rF9MKtKF Y807jPJzR56kOHuEcPsxdKewq29efdo16mZsk2PZmvus/d0MMiElYJFJx1L2ZQh6 5G/tn89RWyH3ugkT8TzGc4ynEdBmiqiuCEy0YXqMtunkZ1NtOoSl5m4hAoGBAKi+ JCpprMH3IN/6GRx1VdZ1A+mUyV6Ofz+0uthOKT1ogFMp21eVd8c7/8y6fBmiJO2L axZbzWKCJmRTkkWVqlUHqNApd6tcY3unGOlDY51vN3+9ymz2/VuonxsCcvXMX1dh tZj8seVEAAmyUcc4aBTavkD1vYgSV648GL+usQNTAoGATttDS4oM0TN3ngyKYUzU 2/uYUi5iUON2m/aVxptllzQtsOJxJnTdOsMWGgeL5bV11Wmi21wbm4atS3VWFZbd JeRTRk74HHT3VGf4IjmaLr6XZ/9VuaA9UJUxbvlKrxSG/P9MO5u6KMWouAsrInW2 uzAZobB6chszzYCAewPlawY= -----END PRIVATE KEY----- docker/nginx/conf/nginx.conf
@@ -12,7 +12,7 @@ server { listen 80; server_name localhost; server_name local80; location / { root /usr/share/nginx/html; @@ -44,14 +44,60 @@ proxy_pass http://gateway:8001/system; } # actuator if ($request_uri ~ "/actuator") { return 403; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } server { listen 443 ssl; listen [::]:443 ssl; server_name local443; ssl_certificate /etc/nginx/conf.d/ssl/ssl2035.crt; ssl_certificate_key /etc/nginx/conf.d/ssl/ssl2035.key; ssl_session_cache shared:SSL:50m; ssl_session_timeout 7d; ssl_ciphers HIGH:!aNULL:!MD5; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; try_files $uri $uri/ /index.html /sso/index.html; index index.html index.htm; } location /sso { alias /usr/share/nginx/html/sso; try_files $uri $uri/ /sso/; #index index.html index.htm; } location /api/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gateway:8001/; } location /system { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://gateway:8001/system; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
