feat:添加https访问

2025-04-01 18:07:33 +08:00
parent 4b00b3f828
commit 4f623317c8
5 changed files with 54 additions and 1 deletions
--- a/build/docker/.env
+++ b/build/docker/.env
@@ -11,6 +11,7 @@ NACOS_PROFILE_NAME=prod
 NACOS_NAME_SPACE=wfc-prod
 NACOS_SERVER_NAME=wfc-nacos
 WFC_SERVER_PORT=80
+WFC_SERVER_HTTPS_PORT=443
 NACOS_SERVER_PORT=8848
 GATEWAY_SERVER_PORT=8080
 AUTH_SERVER_PORT=8081
--- a/build/docker/compose/docker-compose.yml
+++ b/build/docker/compose/docker-compose.yml
@@ -346,12 +346,14 @@ services:
      context: ./nginx
    ports:
      - "${WFC_SERVER_PORT}:${WFC_SERVER_PORT}"
+      - "${WFC_SERVER_HTTPS_PORT}:${WFC_SERVER_HTTPS_PORT}"
    networks:
      - wfc-fe-network      
      - wfc-be-network      
    volumes:
      - ./wfc/modules/file/upload:/opt/wfc/file/upload
      - ./nginx/html/dist:/opt/wfc/portal
+      - ./nginx/ssl:/opt/wfc/ssl
      - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/logs:/var/log/nginx
      - ./nginx/conf.d:/etc/nginx/conf.d
--- a/build/docker/nginx/conf/default/nginx.conf
+++ b/build/docker/nginx/conf/default/nginx.conf
@@ -19,8 +19,21 @@ http {
    client_max_body_size 5m;

    server {
-        listen       80;
+        listen 80;
+        server_name localhost;
+        return 301 https://$host$request_uri; # 将HTTP请求重定向到HTTPS
+   }
+
+    server {
+        listen       443 ssl;
        server_name  localhost;
+        ssl_certificate /opt/wfc/ssl/server.crt;
+        ssl_certificate_key /opt/wfc/ssl/server.key;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 120m;
+        ssl_prefer_server_ciphers on;
+        ssl_session_tickets off;
+        ssl_stapling_verify on;

        location /kyc {
            alias   /opt/wfc/file/upload;
--- a/build/docker/nginx/ssl/req.cnf
+++ b/build/docker/nginx/ssl/req.cnf
@@ -0,0 +1,33 @@
+
+# 定义输入用户信息选项的"特征名称"字段名，该扩展字段定义了多项用户信息。
+distinguished_name = req_distinguished_name
+
+# 生成自签名证书时要使用的证书扩展项字段名，该扩展字段定义了要加入到证书中的一系列扩展项。
+x509_extensions = v3_req
+
+# 如果设为no，那么 req 指令将直接从配置文件中读取证书字段的信息，而不提示用户输入。
+prompt = no
+
+[req_distinguished_name]
+#国家代码，一般都是CN(大写)
+C = CN
+#省份
+ST = gd
+#城市
+L = gz
+#企业/单位名称
+O = wanfi
+#企业部门
+OU = wanfi
+#证书的主域名
+CN = localhost
+
+##### 要加入到证书请求中的一系列扩展项 #####
+[v3_req]
+keyUsage = critical, digitalSignature, keyAgreement
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1 = 192.168.11.111
+# IP.2 = 192.168.11.222