feat:添加https访问

build/bin/wfcsetup.sh

@@ -6,6 +6,7 @@ redis_work_dir=${docker_work_dir}/redis
 src_service_dir=${wfc_work_dir}/systemd/system
 dst_service_dir=/etc/systemd/system
 java_work_dir=${docker_work_dir}/java
+ssl_work_dir=${docker_work_dir}/ssl
 
 base_dockers="wfc-nacos wfc-mysql wfc-redis"
 jar_dockers="wfc-auth wfc-gateway wfc-modules-system wfc-modules-user wfc-modules-job wfc-modules-file wfc-modules-payment"
@@ -113,6 +114,9 @@ case "$1" in
             fi
         done < $org_env_file
 
+        # 生成ssl证书
+        openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ${ssl_work_dir}/server.key -out ${ssl_work_dir}/server.crt -config ${ssl_work_dir}/req.cnf -sha256
+
         # nginx定义原始文件和临时文件
         org_nginx_conf=${docker_work_dir}/nginx/conf/nginx.conf
         tmp_intermediate_conf=${docker_work_dir}/nginx/conf/tmp_intermediate.conf

build/docker/.env

@@ -11,6 +11,7 @@ NACOS_PROFILE_NAME=prod
 NACOS_NAME_SPACE=wfc-prod
 NACOS_SERVER_NAME=wfc-nacos
 WFC_SERVER_PORT=80
+WFC_SERVER_HTTPS_PORT=443
 NACOS_SERVER_PORT=8848
 GATEWAY_SERVER_PORT=8080
 AUTH_SERVER_PORT=8081

build/docker/compose/docker-compose.yml

@@ -346,12 +346,14 @@ services:
       context: ./nginx
     ports:
       - "${WFC_SERVER_PORT}:${WFC_SERVER_PORT}"
+      - "${WFC_SERVER_HTTPS_PORT}:${WFC_SERVER_HTTPS_PORT}"
     networks:
       - wfc-fe-network      
       - wfc-be-network      
     volumes:
       - ./wfc/modules/file/upload:/opt/wfc/file/upload
       - ./nginx/html/dist:/opt/wfc/portal
+      - ./nginx/ssl:/opt/wfc/ssl
       - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
       - ./nginx/logs:/var/log/nginx
       - ./nginx/conf.d:/etc/nginx/conf.d

build/docker/nginx/conf/default/nginx.conf

@@ -19,8 +19,21 @@ http {
     client_max_body_size 5m;
 
     server {
-        listen       80;
+        listen 80;
+        server_name localhost;
+        return 301 https://$host$request_uri; # 将HTTP请求重定向到HTTPS
+   }
+
+    server {
+        listen       443 ssl;
         server_name  localhost;
+        ssl_certificate /opt/wfc/ssl/server.crt;
+        ssl_certificate_key /opt/wfc/ssl/server.key;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 120m;
+        ssl_prefer_server_ciphers on;
+        ssl_session_tickets off;
+        ssl_stapling_verify on;
 
         location /kyc {
             alias   /opt/wfc/file/upload;

build/docker/nginx/ssl/req.cnf

@@ -0,0 +1,33 @@
+
+# 定义输入用户信息选项的"特征名称"字段名，该扩展字段定义了多项用户信息。
+distinguished_name = req_distinguished_name
+
+# 生成自签名证书时要使用的证书扩展项字段名，该扩展字段定义了要加入到证书中的一系列扩展项。
+x509_extensions = v3_req
+
+# 如果设为no，那么 req 指令将直接从配置文件中读取证书字段的信息，而不提示用户输入。
+prompt = no
+
+[req_distinguished_name]
+#国家代码，一般都是CN(大写)
+C = CN
+#省份
+ST = gd
+#城市
+L = gz
+#企业/单位名称
+O = wanfi
+#企业部门
+OU = wanfi
+#证书的主域名
+CN = localhost
+
+##### 要加入到证书请求中的一系列扩展项 #####
+[v3_req]
+keyUsage = critical, digitalSignature, keyAgreement
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+IP.1 = 192.168.11.111
+# IP.2 = 192.168.11.222