From 4f623317c8268b0b1f2bad01409ee79a62e99129 Mon Sep 17 00:00:00 2001
From: caiyuchao <caiyuchao@agrandtech.com>
Date: Tue, 1 Apr 2025 18:07:33 +0800
Subject: [PATCH] =?UTF-8?q?feat:=E6=B7=BB=E5=8A=A0https=E8=AE=BF=E9=97=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 build/bin/wfcsetup.sh                      |  4 +++
 build/docker/.env                          |  1 +
 build/docker/compose/docker-compose.yml    |  2 ++
 build/docker/nginx/conf/default/nginx.conf | 15 +++++++++-
 build/docker/nginx/ssl/req.cnf             | 33 ++++++++++++++++++++++
 5 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 build/docker/nginx/ssl/req.cnf

diff --git a/build/bin/wfcsetup.sh b/build/bin/wfcsetup.sh
index 1b998cb..54f5fc0 100755
--- a/build/bin/wfcsetup.sh
+++ b/build/bin/wfcsetup.sh
@@ -6,6 +6,7 @@ redis_work_dir=${docker_work_dir}/redis
 src_service_dir=${wfc_work_dir}/systemd/system
 dst_service_dir=/etc/systemd/system
 java_work_dir=${docker_work_dir}/java
+ssl_work_dir=${docker_work_dir}/ssl
 
 base_dockers="wfc-nacos wfc-mysql wfc-redis"
 jar_dockers="wfc-auth wfc-gateway wfc-modules-system wfc-modules-user wfc-modules-job wfc-modules-file wfc-modules-payment"
@@ -113,6 +114,9 @@ case "$1" in
             fi
         done < $org_env_file
 
+        # 生成ssl证书
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ${ssl_work_dir}/server.key -out ${ssl_work_dir}/server.crt -config ${ssl_work_dir}/req.cnf -sha256
+
         # nginx定义原始文件和临时文件
         org_nginx_conf=${docker_work_dir}/nginx/conf/nginx.conf
         tmp_intermediate_conf=${docker_work_dir}/nginx/conf/tmp_intermediate.conf
diff --git a/build/docker/.env b/build/docker/.env
index d370c3f..a83b679 100644
--- a/build/docker/.env
+++ b/build/docker/.env
@@ -11,6 +11,7 @@ NACOS_PROFILE_NAME=prod
 NACOS_NAME_SPACE=wfc-prod
 NACOS_SERVER_NAME=wfc-nacos
 WFC_SERVER_PORT=80
+WFC_SERVER_HTTPS_PORT=443
 NACOS_SERVER_PORT=8848
 GATEWAY_SERVER_PORT=8080
 AUTH_SERVER_PORT=8081
diff --git a/build/docker/compose/docker-compose.yml b/build/docker/compose/docker-compose.yml
index 4ad9e3b..4b1800e 100644
--- a/build/docker/compose/docker-compose.yml
+++ b/build/docker/compose/docker-compose.yml
@@ -346,12 +346,14 @@ services:
       context: ./nginx
     ports:
       - "${WFC_SERVER_PORT}:${WFC_SERVER_PORT}"
+      - "${WFC_SERVER_HTTPS_PORT}:${WFC_SERVER_HTTPS_PORT}"
     networks:
       - wfc-fe-network      
       - wfc-be-network      
     volumes:
       - ./wfc/modules/file/upload:/opt/wfc/file/upload
       - ./nginx/html/dist:/opt/wfc/portal
+      - ./nginx/ssl:/opt/wfc/ssl
       - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
       - ./nginx/logs:/var/log/nginx
       - ./nginx/conf.d:/etc/nginx/conf.d
diff --git a/build/docker/nginx/conf/default/nginx.conf b/build/docker/nginx/conf/default/nginx.conf
index e548c82..cc283d4 100644
--- a/build/docker/nginx/conf/default/nginx.conf
+++ b/build/docker/nginx/conf/default/nginx.conf
@@ -19,8 +19,21 @@ http {
     client_max_body_size 5m;
 
     server {
-        listen       80;
+        listen 80;
+        server_name localhost;
+        return 301 https://$host$request_uri; # 将HTTP请求重定向到HTTPS
+   }
+
+    server {
+        listen       443 ssl;
         server_name  localhost;
+        ssl_certificate /opt/wfc/ssl/server.crt;
+        ssl_certificate_key /opt/wfc/ssl/server.key;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 120m;
+        ssl_prefer_server_ciphers on;
+        ssl_session_tickets off;
+        ssl_stapling_verify on;
 
         location /kyc {
             alias   /opt/wfc/file/upload;
diff --git a/build/docker/nginx/ssl/req.cnf b/build/docker/nginx/ssl/req.cnf
new file mode 100644
index 0000000..9b9ff7e
--- /dev/null
+++ b/build/docker/nginx/ssl/req.cnf
@@ -0,0 +1,33 @@
+
+# 定义输入用户信息选项的"特征名称"字段名，该扩展字段定义了多项用户信息。
+distinguished_name = req_distinguished_name
+
+# 生成自签名证书时要使用的证书扩展项字段名，该扩展字段定义了要加入到证书中的一系列扩展项。
+x509_extensions = v3_req
+
+# 如果设为no，那么 req 指令将直接从配置文件中读取证书字段的信息，而不提示用户输入。
+prompt = no
+
+[req_distinguished_name]
+#国家代码，一般都是CN(大写)
+C = CN
+#省份
+ST = gd
+#城市
+L = gz
+#企业/单位名称
+O = wanfi
+#企业部门
+OU = wanfi
+#证书的主域名
+CN = localhost
+
+##### 要加入到证书请求中的一系列扩展项 #####
+[v3_req]
+keyUsage = critical, digitalSignature, keyAgreement
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1 = 192.168.11.111
+# IP.2 = 192.168.11.222