1. 添加nginx-docker配置内容

10 months ago · bcca316358
parent 621cbec5e1
commit bcca316358
8 changed files with 233 additions and 0 deletions
--- a/docker/nginx/docs/conf.d/http.conf
+++ b/docker/nginx/docs/conf.d/http.conf
@ -0,0 +1,27 @@
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+	client_max_body_size 20M;  # 设置客户端请求的最大上传大小为 20MB，可以根据实际情况修改
+
+   	location / {
+   	root   /usr/share/nginx/html/dist;
+   	index  index.html index.htm;
+        }
+
+   	error_page   500 502 503 504  /50x.html;
+       location =  /50x.html {
+           root   /usr/share/nginx/html/dist;
+       }
+
+   	# 前台后端服务
+       location /knowledge-graph/ {
+        proxy_pass http://kg_servers/knowledge-graph/;
+   		proxy_set_header Host $http_host;
+   		proxy_set_header X-Real-IP $remote_addr;
+   		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+   		proxy_set_header X-Forwarded-Proto $scheme;
+       }
+}
--- a/docker/nginx/docs/conf.d/https.conf
+++ b/docker/nginx/docs/conf.d/https.conf
@ -0,0 +1,44 @@
+server {
+    listen 443 ssl;
+    server_name example.com;
+
+    ssl_certificate /data/vp/nginx/ssl/cert.pem;
+    ssl_certificate_key /data/vp/nginx/ssl/key.pem;
+
+    # 配置SSL参数
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384;
+
+    # 配置SSL会话缓存
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 30m;
+
+    # 配置SSL安全性选项
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    
+	client_max_body_size 20M;  # 设置客户端请求的最大上传大小为 20MB，可以根据实际情况修改
+	
+	location / {
+	root   /usr/share/nginx/html/dist;
+	index  index.html index.htm;
+       # add_header 	Cache-Control no-store;
+    }
+
+	error_page   500 502 503 504  /50x.html;
+    location =  /50x.html {
+        root   /usr/share/nginx/html/dist;
+    }
+
+  	# 前台后端服务
+       location /knowledge-graph/ {
+        proxy_pass http://kg_servers/knowledge-graph/;
+   		proxy_set_header Host $http_host;
+   		proxy_set_header X-Real-IP $remote_addr;
+   		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+   		proxy_set_header X-Forwarded-Proto $scheme;
+       }
+}
--- a/docker/nginx/docs/conf.d/nginx.conf
+++ b/docker/nginx/docs/conf.d/nginx.conf
@ -0,0 +1,33 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /data/vp/nginx/conf/*.conf;
+    include /etc/nginx/conf.d/*.conf;
+
+}
--- a/docker/nginx/docs/conf.d/servers.conf.template
+++ b/docker/nginx/docs/conf.d/servers.conf.template
@ -0,0 +1,6 @@
+# 前台服务后端地址，多个地址可用与负载均衡
+# 解析以逗号分隔的多个 upstream 值
+
+    upstream kg_servers {
+        server $UPSTREAM_KG_SERVERS;
+    }
--- a/docker/nginx/docs/docker-entrypoint.sh
+++ b/docker/nginx/docs/docker-entrypoint.sh
@ -0,0 +1,57 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+set -e
+# /etc/nginx/conf.d/servers.conf 文件不存在，就通过环境变量UPSTREAM_KG_SERVERS生成/data/vp/nginx/conf/servers.conf
+if [ ! -f "/data/vp/nginx/conf/servers.conf" ]; then
+    echo "BEGIN REPLACE SERVERS.CONF ...."
+    # 替换文件中的变量
+    envsubst '$UPSTREAM_KG_SERVERS' < /data/vp/nginx/conf/servers.conf.template > /data/vp/nginx/conf/servers.conf
+    echo "REPLACEMENT COMPLETE"
+else
+    echo "SERVERS.CONF ALREADY EXISTS"
+fi
+
+
+entrypoint_log() {
+    if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then
+    if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
+        entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
+
+        entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/"
+        find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
+            case "$f" in
+                *.envsh)
+                    if [ -x "$f" ]; then
+                        entrypoint_log "$0: Sourcing $f";
+                        . "$f"
+                    else
+                        # warn on shell scripts without exec bit
+                        entrypoint_log "$0: Ignoring $f, not executable";
+                    fi
+                    ;;
+                *.sh)
+                    if [ -x "$f" ]; then
+                        entrypoint_log "$0: Launching $f";
+                        "$f"
+                    else
+                        # warn on shell scripts without exec bit
+                        entrypoint_log "$0: Ignoring $f, not executable";
+                    fi
+                    ;;
+                *) entrypoint_log "$0: Ignoring $f";;
+            esac
+        done
+
+        entrypoint_log "$0: Configuration complete; ready for start up"
+    else
+        entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration"
+    fi
+fi
+
+exec "$@"
--- a/docker/nginx/docs/ssl/cert.pem
+++ b/docker/nginx/docs/ssl/cert.pem
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl8CFC5Pwm//gTURwneg5cjhbkyueufNMA0GCSqGSIb3DQEBCwUAMHgx
+CzAJBgNVBAYTAkNIMQswCQYDVQQIDAJOSjEOMAwGA1UEBwwFbmogeWgxDDAKBgNV
+BAoMA3NzdDEMMAoGA1UECwwDc3N0MQ8wDQYDVQQDDAZzc3RvcmcxHzAdBgkqhkiG
+9w0BCQEWEDEyMzQ1NkBlbWFpbC5jb20wHhcNMjMxMTEwMDEyMzIzWhcNMjMxMjEw
+MDEyMzIzWjB4MQswCQYDVQQGEwJDSDELMAkGA1UECAwCTkoxDjAMBgNVBAcMBW5q
+IHloMQwwCgYDVQQKDANzc3QxDDAKBgNVBAsMA3NzdDEPMA0GA1UEAwwGc3N0b3Jn
+MR8wHQYJKoZIhvcNAQkBFhAxMjM0NTZAZW1haWwuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA0/VotZw72C+GVQnKsVfwtxeXEPPfiUfE0/H6mp8A
+jhxHnFofNK5mvjYs3++U9UEfP1jq84flaD5qgrEGzhauJg6NdrLdcd9RCguu8Pkm
+YHIMVl9UzLQexKg15wh0Fc8S6vc3xGBPfosS29YJulXcUZB2CeVJ9CXCTx2Z1dRG
+Ug9eMTiPwgB8GnQ56h2GjTyCnVWeVoXBFVef6sY0czkPoJVPk7TZI3K5BmaLBNX1
+0L4OzaJtOa6ZWll3rGxVrk/7oB+Z3t3l8NXF9SrmC039K3sZerNLjlVUdkGD52jz
+xCc4Eixcus2pduKfIP3dUhdn05TNUln1/nIFRErcXUWdswIDAQABMA0GCSqGSIb3
+DQEBCwUAA4IBAQCLmsogw3J6KOyHnzaWQaKvhRzqPAupIBY4HYTk+hyOahgMMkkd
+3QIiWU/pp0Nu5iyYytzGRCQIz1Jh+xpk3UQVpayDB8C4XIB7oyzpuatTuyeCvq/
+lnDlk8jk64EewLLWE2pOce6yAKZ/xhcQiDI9YcjgGOkUOjv7Hgqhzwlafrt5FXGB
+znFmVi5A52RqkkteplkRsl08OE5VmfxwFYJWZ7QXMlp5ec13oCE21PU+cmLLF/Vb
+xl7JJKeMOgDICiSczcYzwP56SiYFktKQ8KmDotFWgBM9mtxkEcOqPb2Xe9vzOclk
+AK+5bHhgF2yZGhjbNuzp/FwGSAIozuR5IXxJ
+-----END CERTIFICATE-----
--- a/docker/nginx/docs/ssl/csr.pem
+++ b/docker/nginx/docs/ssl/csr.pem
@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICvTCCAaUCAQAweDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAk5KMQ4wDAYDVQQH
+DAVuaiB5aDEMMAoGA1UECgwDc3N0MQwwCgYDVQQLDANzc3QxDzANBgNVBAMMBnNz
+dG9yZzEfMB0GCSqGSIb3DQEJARYQMTIzNDU2QGVtYWlsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANP1aLWcO9gvhlUJyrFX8LcXlxDz34lHxNPx
+pqfAI4cR5xaHzSuZr42LN/vlPVBHz9Y6vOH5Wg+aoKxBs4WriYOjXay3XHfUQoL
+rvD5JmByDFZfVMy0HsSoNecIdBXPEur3N8RgT36LEtvWCbpV3FGQdgnlSfQlwk8d
+mdXURlIPXjE4j8IAfBp0Oeodho08gp1VnlaFwRVXn+rGNHM5D6CVT5O02SNyuQZm
+iwTV9dC+Ds2ibTmumVpZd6xsVa5P+6Afmd7d5fDVxfUq5gtN/St7GXqzS45VVHZB
+g+do88QnOBIsXLrNqXbinyD93VIXZ9OUzVJZ9f5yBURK3F1FnbMCAwEAAaAAMA0G
+CSqGSIb3DQEBCwUAA4IBAQCFdN/RMNZtduCGs21f5Le4uGePh2nHzqB2tPzPsWYV
+LLPO/pInHB0lQ3vJLFtIeaTLIDwB+AFcdM7rNhMGz9rj/Qrk9LCvgm+CQGUOy1h4
+r1tJ27z+8xfwHls/fgghHnSLoaUvma2FfIQzZc/rGTDLkdERBZ1skxOVqIw56qlA
+aPyKUt9s/fg6P5xMSv5SDIR89n0i3TChSa8nNdHV1Ld44mLZ7Aw29ChXI5DaQ05t
+B6rdNz3AofmxlkzHIlFl46kPMy4H5jgHWlOBT+eLHv/fecPWCNpgnr9vi7O2Ih9o
+i8KHDeK1T9Bl5U+sGof6E0Sey/xBOEGnYzuiQUl4kxfL
+-----END CERTIFICATE REQUEST-----
--- a/docker/nginx/docs/ssl/key.pem
+++ b/docker/nginx/docs/ssl/key.pem
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDT9Wi1nDvYL4ZV
+CcqxV/C3F5cQ89+JR8TT8fqanwCOHEecWh80rma+Nizf75T1QR8/WOrzh+VoPmqC
+sQbOFq4mDo12st1x31EKC67w+SZgcgxWX1TMtB7EqDXnCHQVzxLq9zfEYE9+ixLb
+1gm6VdxRkHYJ5Un0JcJPHZnV1EZSD14xOI/CAHwadDnqHYaNPIKdVZ5WhcEVV5/q
+xjRzOQ+glU+TtNkjcrkGZosE1fXQvg7Nom05rplaWXesbFWuT/ugH5ne3eXw1cX1
+KuYLTf0rexl6s0uOVVR2QYPnaPPEJzgSLFy6zal24p8g/d1SF2fTlM1SWfX+cgVE
+StxdRZ2zAgMBAAECggEAAPoKh3u20uI1LkMjSfnrxAw5x/w3tXw9LfTZgMjmycDb
+m57Wsflzw8CgKFAEUbUBHdudCY5AwmA3QW7rZxu3pbk/caKVXqb2yqMPJVEgmiUs
+ZWF/FIpn8eQMi4oAbvFLVwXYnfELrLubVKQB23f10fJmeNkzpApggNjUEqYtxMcH
+MjfUmXzrZhvFKdRjdmyITa4gI9djuRvOIfWz0bZTePUtcfgCfpkM3lbxWRIst7Dg
+FqCcgX68XOHHDCzzWTE7LasFBZx3mAcOyRMC+MKw96becC4r1c2KFFKh8tFp57y2
+hQ1ybjxeF2MaWf3I/ioi2uTUza+L8m2RsKwABcRwIQKBgQDUrnn/WtKdryDU0rBj
+cwsKTrMCycblwYCJj58cGSiETTVJOlhh1N2QtE/kwQI69tUVOc7C5p5FZzk+iff7
+KwvwDqurtW5kKHE5IamUnKqv32bbHuRtg9CB0ktmmbxOrwP5s+QGhh5fKGvFKs3D
+xVytLVw76f+BLK4NaBbzCdEN6wKBgQD/IT0F9f9XnTIa1a/bNVLCuRRZdWjDK40i
+bD8EgO9T/FxK4yXSV3IB2C6mQNdMxDcmFBTS7EoXPZpZYuFCqBKQvV1OQ0yUAy2b
+PmmZMBakbpQHkIjkq2cgXNXaVdDeKPfoG4SqPz/6x7p/Np/UG9Ey8juNuQXmIiH
+wwjwTfqVWQKBgQDNd6ogykuDTvd24/zIdxIJaTKD1Q+0U5asTvY2HRAJkNWT4ywT
+h6Rt8eTlaJmRAXmmQezAWjA5eJnTE1NhcZrc1i9/eY4mcPPBcAX2rswvkLI7qsKg
+EqJTaSiy/H7xvR8oE2SN8PBSmihTmSCkq3z3SUU8FLpkvxd/mDnjnm469QKBgQCg
+rRQ7ftPTH+MAV3erPIfkrp8MQA88a181QKrncTRI1nRhjXCyafQZCUdH2So+5Iw+
+5QLAW6PFwzxD8yweyK74jOoIcgX2aZH92u2PR4CFCaYm8weAU84W9MfpUyRsD7xV
+CDqKcfb0TeVoQ6Bv8f5Be34N2HAKFDxYFBK7FMEt8QKBgDNBG3n8/912dDWV1Dve
+o4v+TAnlAMHgEXZH+VCCzeIyj1UkUh4sxdIGGaGCPrWGrqxIYIKPKX8gPIWQ7QJj
+QJZyL5nqGXWwZUvBuHzE3tB24XJpuHGfg+oBdDfg0aiEMTQKnRORdgHHVdB9W3SN
+2TrXQbtwB1X+wioA4615n6ih
+-----END PRIVATE KEY-----