From 5894a4a94bd415e6219a5852b05f127fd03e3aba Mon Sep 17 00:00:00 2001
From: 13693261870 <252740454@qq.com>
Date: 星期一, 14 七月 2025 16:47:15 +0800
Subject: [PATCH] 支持https协议
---
docker/docker-compose.yml | 7 ++-
docker/nginx/conf/nginx.conf | 60 ++++++++++++++++++++++++++---
docker/nginx/conf/conf.d/ssl/ssl2035.key | 28 ++++++++++++++
docker/nginx/conf/conf.d/ssl/ssl2035.crt | 24 ++++++++++++
4 files changed, 109 insertions(+), 10 deletions(-)
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 7a9e2e1..8558be9 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -46,7 +46,7 @@
interval: 10s
timeout: 2s
retries: 3
- start_period: 10s
+ start_period: 7s
ports:
- 8080:8080
- 8848:8848
@@ -57,7 +57,7 @@
privileged: true
networks:
- network-jhs
- restart: always
+ #restart: always
# redis
redis:
image: redis:7
@@ -116,12 +116,13 @@
image: nginx:1.29
ports:
- 80:80
+ - 443:443
environment:
TZ: Asia/Shanghai
volumes:
- ./nginx/logs:/var/log/nginx
- #- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/html:/usr/share/nginx/html
+ - ./nginx/conf/conf.d:/etc/nginx/conf.d
- ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
depends_on:
- gateway
diff --git a/docker/nginx/conf/conf.d/ssl/ssl2035.crt b/docker/nginx/conf/conf.d/ssl/ssl2035.crt
new file mode 100644
index 0000000..389777b
--- /dev/null
+++ b/docker/nginx/conf/conf.d/ssl/ssl2035.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIUYsseD8Of/+aDbUUkcyu3cxoryggwDQYJKoZIhvcNAQEL
+BQAwgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlKaW5nMRAwDgYDVQQHDAdC
+ZWlKaW5nMRAwDgYDVQQKDAd0ZXJyYWl0MRAwDgYDVQQLDAd0ZXJyYWl0MRIwEAYD
+VQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEDI1Mjc0MDQ1NEBxcS5jb20w
+HhcNMjUwNzA0MDQxNzI5WhcNMzUwNzAyMDQxNzI5WjCBijELMAkGA1UEBhMCQ04x
+EDAOBgNVBAgMB0JlaUppbmcxEDAOBgNVBAcMB0JlaUppbmcxEDAOBgNVBAoMB3Rl
+cnJhaXQxEDAOBgNVBAsMB3RlcnJhaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0G
+CSqGSIb3DQEJARYQMjUyNzQwNDU0QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAIZic158SDVpEaG8/2OGUTas7avhxZshEljysTglFCsZ7G0O
+uqspsBxn73gwkUHPX69PYUMb2MKez2cYsg5rdlO7HVhINPUKCCIq1g2aIoc1FCII
+1Ism3chWNpxFPwxsTDwNYTzX1EUI5+j+v5s7XGYuUg5ZXbxgDS680zab03gbUsfA
+SS8Z9AwiqVY2zx57nsfNObhuG91Y+hKrQT/7j3b28TuzuVRsxCdX85zs75Ouv3Rj
+a3VcAM031WFJyDqD/eGJ9qHXJsm/FljfTelMjUZzDO2elWC/TvFyUsdw0T+utReR
+xi8easFwS1iLGpBtsr+rc11Nyn7pAL/iU9ghQP8CAwEAAaNTMFEwHQYDVR0OBBYE
+FFbRdA0156Cucd84iOmQBmunBHXuMB8GA1UdIwQYMBaAFFbRdA0156Cucd84iOmQ
+BmunBHXuMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGOJEY2l
+Sqf7h3Vhuu/pRP3szEYCQ//NKPxhOiGynKjAsmBFMbDX6FO3k4201zHsAHqe70r5
+y+UImQWdwptVhzFxrrCo8IY7ic58vcVJWqwDLP7QeJ+N9PxcgSA1aQmEjufSk8Hu
+QJozYwiumqiRHC+mvuScP9U+BlZ/GMixtIWFwfFokWvQ8QmVZTeIxJepHY0i6Mzl
+dXr5JRt8VrbrR4w8s4e6P9VQRV0P8spjixd0BXRHXJznLdlU9/ZWQYyTfwWMhk6y
+Bmth/Hrju2ikg1G9YnI69SnlLGXyE7OwD17hV4W+n/0O6xAz0yBkFQddt6JlBwCH
+fWvWidy4Wml4cHw=
+-----END CERTIFICATE-----
diff --git a/docker/nginx/conf/conf.d/ssl/ssl2035.key b/docker/nginx/conf/conf.d/ssl/ssl2035.key
new file mode 100644
index 0000000..245d721
--- /dev/null
+++ b/docker/nginx/conf/conf.d/ssl/ssl2035.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCGYnNefEg1aRGh
+vP9jhlE2rO2r4cWbIRJY8rE4JRQrGextDrqrKbAcZ+94MJFBz1+vT2FDG9jCns9n
+GLIOa3ZTux1YSDT1CggiKtYNmiKHNRQiCNSLJt3IVjacRT8MbEw8DWE819RFCOfo
+/r+bO1xmLlIOWV28YA0uvNM2m9N4G1LHwEkvGfQMIqlWNs8ee57HzTm4bhvdWPoS
+q0E/+4929vE7s7lUbMQnV/Oc7O+Trr90Y2t1XADNN9VhScg6g/3hifah1ybJvxZY
+303pTI1GcwztnpVgv07xclLHcNE/rrUXkcYvHmrBcEtYixqQbbK/q3NdTcp+6QC/
+4lPYIUD/AgMBAAECggEAD/t+LHBBh5X4Z9uk0BRgbPfsyF1wn/4zQsA9EtKuGbYv
+59ncROZksJbX5IZ6MBvWuHCLaRd9vx/IxkJ/TWG7JULYFEYk2OPENd68WHUgGCPY
+QiKkt0FRworRBzg2bbwk5kYnw2cJMttX9t5IBtFCMFDf/MmPcWDxuxZFVHWnP93B
+QIqWe44pB2BkHlO30bDVK9Brvn8tB2M7VMSiS2vLBCxfZ2fjMqLSjkpI3RxjQnYk
+SygDcKCfovFOPRKD/rFyyAfbEvwsY/8/F2ZsMPwWeeaEcaadjLf0DfSXeXOd711S
+vkkgpn2pj3I2v6S0QcQRAi5SaLVTRKat77tSW39eYQKBgQC5miE/eTFzRSYNC7Rk
+GTL9A4aDPp+ZlN+sR5cFD/dAW6YNTFzeakIUd7Oc9YgycY45fPCtR+uXElXAv+TP
+ec+pq4CiVOqXVig1S2a68fyLaO11QhJoovJPAUEBoahXEnLpUTBtgjlCadl0D29F
+7f/72hqezl5bIc79NdT33xfjkQKBgQC5WyB83oP9sxzyKpyqtt+tQH8AK5taW9JS
+RWSEAWWXM4Ju/owvfmG885dcIwiLHcR39ENfZoJ1Mi0A7B+aJ3LuYLaUdjOJIPyb
+Lq6BzAaCIkmH2wF3ZYrZAnzVf3//uPeKtk08ne4DT+DSbebEsITmJtPeQeQgWhIZ
+1onK8B9zjwKBgDiClzDuQ4InQaijMa9whLfIhQIc5Rcr3tZjjbW64Ls1rF9MKtKF
+Y807jPJzR56kOHuEcPsxdKewq29efdo16mZsk2PZmvus/d0MMiElYJFJx1L2ZQh6
+5G/tn89RWyH3ugkT8TzGc4ynEdBmiqiuCEy0YXqMtunkZ1NtOoSl5m4hAoGBAKi+
+JCpprMH3IN/6GRx1VdZ1A+mUyV6Ofz+0uthOKT1ogFMp21eVd8c7/8y6fBmiJO2L
+axZbzWKCJmRTkkWVqlUHqNApd6tcY3unGOlDY51vN3+9ymz2/VuonxsCcvXMX1dh
+tZj8seVEAAmyUcc4aBTavkD1vYgSV648GL+usQNTAoGATttDS4oM0TN3ngyKYUzU
+2/uYUi5iUON2m/aVxptllzQtsOJxJnTdOsMWGgeL5bV11Wmi21wbm4atS3VWFZbd
+JeRTRk74HHT3VGf4IjmaLr6XZ/9VuaA9UJUxbvlKrxSG/P9MO5u6KMWouAsrInW2
+uzAZobB6chszzYCAewPlawY=
+-----END PRIVATE KEY-----
diff --git a/docker/nginx/conf/nginx.conf b/docker/nginx/conf/nginx.conf
index efc5ae4..1aef55f 100644
--- a/docker/nginx/conf/nginx.conf
+++ b/docker/nginx/conf/nginx.conf
@@ -12,7 +12,7 @@
server {
listen 80;
- server_name localhost;
+ server_name local80;
location / {
root /usr/share/nginx/html;
@@ -44,14 +44,60 @@
proxy_pass http://gateway:8001/system;
}
- # actuator
- if ($request_uri ~ "/actuator") {
- return 403;
- }
-
error_page 500 502 503 504 /50x.html;
+
location = /50x.html {
root html;
}
}
-}
\ No newline at end of file
+
+ server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ server_name local443;
+
+ ssl_certificate /etc/nginx/conf.d/ssl/ssl2035.crt;
+ ssl_certificate_key /etc/nginx/conf.d/ssl/ssl2035.key;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 7d;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers on;
+
+ location / {
+ root /usr/share/nginx/html;
+ try_files $uri $uri/ /index.html /sso/index.html;
+ index index.html index.htm;
+ }
+
+ location /sso {
+ alias /usr/share/nginx/html/sso;
+ try_files $uri $uri/ /sso/;
+ #index index.html index.htm;
+ }
+
+ location /api/ {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ proxy_pass http://gateway:8001/;
+ }
+
+ location /system {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ proxy_pass http://gateway:8001/system;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+
+ location = /50x.html {
+ root html;
+ }
+ }
+}
--
Gitblit v1.9.3