chore: docker部署安装脚本

2024-12-13 14:18:31 +08:00
parent 62bfc47a0a
commit da42adef91
8 changed files with 185 additions and 41 deletions
--- a/docker/omc/nginx/cert/omc-server.crt
+++ b/docker/omc/nginx/cert/omc-server.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2jCCAcKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQKEwlHbyBP
+TUMgQ0EwHhcNMjQwMTA5MDcxMjU1WhcNMzQwMTA2MDcxMjU1WjAVMRMwEQYDVQQK
+EwpPTUMgU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSTG
+HNOWScYVHHiGw9z8q2u3ZMUaOFBm6+F4p4PrpM1h3FtHmYv5IWr5kqoMgCU/FmPG
+HrSqDzrm+J4QMdguq40Jd4QOadiDg5oyLIM6Su32sjtG/y5an3abtY9hNCoWDdpy
+kNRb1i9NQ2uTSBHm1lTVWutZWgm7D9jES8JB2byDwAOONwGlqAw6buxUlIP2vCtn
+SpMF8Mqdypnw8K17DLXpP+D8Exw4mjOmJEVOGnw/pinjDCHm9SEiFtagdXIWliwl
+DgbyVeSE70JhaGV2bGlmldV2sN2qPvG/W99pCeObxNcCko9JdJqsDVQTiOTY6uaH
+o/GdDnzZh4TbbDutDQIDAQABozYwNDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwDQYDVR0OBAYEBAECAwQwDQYJKoZIhvcNAQELBQADggEBAJY6
+eI54wSn+kNteFEdoFS2jVM+GAMS0x4blX2wzNro6HqhlYC6oJ8TxRS6V22ugWLFX
+M/pcqV5FA1XCSibYdwscdaoUSUYc6inlkHxrbfSryiQqXAkEv8Ote3dqtOu7Z0BY
+PkykdMrCUXn5ksYgoTa7G1CdAiaKMeuTz801l1g8AIOpNV1+Xhi29TKA134VDW9S
+2aDcD6jEs63rqKx/knStli0F58N0kOKjmmt45stP90o5NsshAMumzP0xhfwC94Gg
+eBXg6ThM3nuOBQyzPEtUZioRKKV4XmgZF/F4ePCnS4ST9ft09kx7UcR9MVzGIHov
+whwVw6o5O7h1xQr6Pjw=
+-----END CERTIFICATE-----
--- a/docker/omc/nginx/cert/omc-server.key
+++ b/docker/omc/nginx/cert/omc-server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApSTGHNOWScYVHHiGw9z8q2u3ZMUaOFBm6+F4p4PrpM1h3FtH
+mYv5IWr5kqoMgCU/FmPGHrSqDzrm+J4QMdguq40Jd4QOadiDg5oyLIM6Su32sjtG
+/y5an3abtY9hNCoWDdpykNRb1i9NQ2uTSBHm1lTVWutZWgm7D9jES8JB2byDwAOO
+NwGlqAw6buxUlIP2vCtnSpMF8Mqdypnw8K17DLXpP+D8Exw4mjOmJEVOGnw/pinj
+DCHm9SEiFtagdXIWliwlDgbyVeSE70JhaGV2bGlmldV2sN2qPvG/W99pCeObxNcC
+ko9JdJqsDVQTiOTY6uaHo/GdDnzZh4TbbDutDQIDAQABAoIBAHxE49+lSJ5TNGes
+Op0AmhHUiLiHqWde+VPe4xALMTNeaZmMBqEAt4PyH8PBuo5jeMm8YsWQZbf4Nv42
+0zDu4I+vHcSV1tLHXo+VZNQiG6du0gjkmlRD6WW9twY00oySbu4Vx8g8RK80AQwO
+01GURwRZ6gL0vtQGJoGSOIRZtXvGLltVR52OfkgNMjNepwtJvMV7PW5xYwEcnx+i
+sZD/6hl49Qv5g4dCCGrnr8Garx9+cUkVP/ipkBnjyKACfzYQhoauo03Rv4iuNdy6
+QD9KB95ALHq66vYXF72YW75JQhQ3C1qGcghNn68RIlufSnA7D7J9VCG5VSXfVrk2
+a5Xw2HECgYEAzaXU75hl87fmf88X+8M6+OuaMnnLAwIadbcecakkO4bgzNF1SYwv
+dbZ608LvdUt+BYVU43CCX3//a/MI+Ncp5sk85TLsXUxXGWonO1zXpa3+BAEXJe1n
+xnWVdytWMeoyzhBZ/Vkx7/NAu5WSViXgQ3trB0Wr3OGw3Nksb4Son8cCgYEAzZQc
+SlglEiU+Z+BsCV07FEkU6xgsmxQQuptPuGcm713Ik8c8a5KAyjbhpp+oBvn8v69i
+hVGHcFmZYeazBL39dC4/6E/wDOVEwN2fY8oYBnrPvoz7FUTvObRjZakrgVj+XAjS
+lg9RuMm1tYPFR52V5BTngJ9Rkj/AewxWnGMDtIsCgYEAng1i/5ZQXSUs+XPwCeY9
+b8yb4Ulr9u7p6SkJM+/8UefS5HfjPdiJLV5HPnOm2K5ht9qGqJrzCHT2mT/b2Gx9
+3ssxizI9KWOf2X+VkXFEqCh2fxtbcCHrTUNX0ZQ0Ff7adzdoAmhIEhQR31oQczd/
+Cj5Tvu4ULZoj9UjQdxEtDEcCgYAYrW3T8s7IZdYe7A6r9RgRcFBlhCpel0MG03v3
+W9KNq0lXi/QRya1SGNJviPzHkZyoeeourMHAV9EUsnfM2u2g06hyP55GPgNJz5DB
+jtHhfT6Q1iWRwQuidqfz3SHOzhsCe0CkKMSblQMN/fphhWYn0eaURwuoraRyYOHI
+tg4MzwKBgGImdyBx/l6bkWa4GywZ9iw5RDe7KYN9UclnBcHDkIELXskp8bTbwpBy
+m/IyLC5eLOzdK7c2Odtd3LP/AG5fYPAzQ5S6YmSDPp1JEKODbg51wcMJpLSvG2Q/
+P5paV/ZAKbxgXpilBrjSejM/QLYqD8756z5lgo5biR7bGkBA+nkj
+-----END RSA PRIVATE KEY-----
--- a/docker/omc/nginx/nginx.conf
+++ b/docker/omc/nginx/nginx.conf
@@ -4,8 +4,8 @@ pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;

 events {
-        worker_connections 1024;
-        # multi_accept on;
+    worker_connections 1024;
+    # multi_accept on;
 }

 http {
@@ -64,23 +64,13 @@ http {
        listen       80;
        listen  [::]:80;
        server_name  localhost;
-        
-        # 修改允许最大请求体大小为100MB
-        client_max_body_size 100M;
-        # 持久连接的超时时间默认60s
+        #if ($scheme = "http") {
+        #    return 301 https://$host$request_uri;
+        #}
+
+        client_max_body_size 100M; 
        keepalive_timeout    180s;

-        #access_log  /var/log/nginx/host.access.log  main;
-
-        # ssl_certificate /etc/nginx/cert/www.x.cn_chain.crt;
-        # ssl_certificate_key /etc/nginx/cert/www.x.cn.key;
-
-        # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-        # ssl_session_timeout  5m;
-        # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
-        # ssl_prefer_server_ciphers on;
-        # ssl_dhparam /etc/nginx/cert/dhparams.pem;
-
        # OMC
        location / {
            root /usr/local/bin/web;
@@ -91,12 +81,6 @@ http {
        }

        location /omc-api/ {
-            proxy_pass http://127.0.0.1:33030/;
-            
-            proxy_connect_timeout  180s;       # 默认60s
-            proxy_send_timeout     180s;       # 默认60s
-            proxy_read_timeout     180s;       # 默认60s
-            
            proxy_cache_bypass                  $http_upgrade;
            proxy_set_header Upgrade            $http_upgrade;
            proxy_set_header Connection         "upgrade";
@@ -106,13 +90,15 @@ http {
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_set_header X-Forwarded-Host   $host;
            proxy_set_header X-Forwarded-Port   $server_port;
+
+            proxy_connect_timeout  180s;
+            proxy_send_timeout     180s;
+            proxy_read_timeout     180s;
+
+            proxy_pass http://127.0.0.1:33030/;
        }

        location /api/rest/ {
-            # 添加斜杠并重定向
-            #rewrite ^([^.]*[^/])$ $1/ permanent;
-            proxy_pass http://127.0.0.1:33030/api/rest/;
-
            proxy_cache_bypass  $http_upgrade;
            proxy_set_header Upgrade            $http_upgrade;
            proxy_set_header Connection         "upgrade";
@@ -122,6 +108,8 @@ http {
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_set_header X-Forwarded-Host   $host;
            proxy_set_header X-Forwarded-Port   $server_port;
+
+            proxy_pass http://127.0.0.1:33030/api/rest/;
        }

        #error_page  404              /404.html;
@@ -130,7 +118,72 @@ http {
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
-            root   /usr/local/etc/omc/frontend;
+            return 301 http://$host$request_uri;
+        }
+    }
+
+    server {
+        listen       443 ssl http2;
+        listen  [::]:443 ssl http2;
+        server_name  localhost;
+        
+        client_max_body_size 100M;
+        keepalive_timeout    180s;
+
+        ssl_certificate /etc/nginx/cert/omc-server.crt;
+        ssl_certificate_key /etc/nginx/cert/omc-server.key;
+
+        ssl_session_timeout  5m;
+        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+
+        # OMC
+        location / {
+            root /usr/local/bin/web;
+            #root /usr/local/etc/omc/frontend;
+
+            try_files $uri $uri/ /index.html;
+            index  index.html index.htm;
+        }
+
+        location /omc-api/ {
+            proxy_cache_bypass                  $http_upgrade;
+            proxy_set_header Upgrade            $http_upgrade;
+            proxy_set_header Connection         "upgrade";
+            proxy_set_header Host               $host;
+            proxy_set_header X-Real-IP          $remote_addr;
+            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto  $scheme;
+            proxy_set_header X-Forwarded-Host   $host;
+            proxy_set_header X-Forwarded-Port   $server_port;
+
+            proxy_connect_timeout  180s;
+            proxy_send_timeout     180s;
+            proxy_read_timeout     180s;
+
+            proxy_pass https://127.0.0.1:33443/;
+        }
+
+        location /api/rest/ {
+            proxy_cache_bypass  $http_upgrade;
+            proxy_set_header Upgrade            $http_upgrade;
+            proxy_set_header Connection         "upgrade";
+            proxy_set_header Host               $host;
+            proxy_set_header X-Real-IP          $remote_addr;
+            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto  $scheme;
+            proxy_set_header X-Forwarded-Host   $host;
+            proxy_set_header X-Forwarded-Port   $server_port;
+
+            proxy_pass https://127.0.0.1:33443/api/rest/;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            return 301 https://$host$request_uri;
        }
    }
 }
--- a/docker/omc/omc.yaml
+++ b/docker/omc/omc.yaml
@@ -16,6 +16,15 @@ rest:
  - ipv4: 0.0.0.0
    ipv6:
    port: 33030
+    scheme: http
+  - ipv4: 0.0.0.0
+    ipv6:
+    port: 33443
+    scheme: https
+    clientAuthType: 0
+    caFile: /etc/nginx/cert/omc-ca.crt
+    certFile: /etc/nginx/cert/omc-server.crt
+    keyFile: /etc/nginx/cert/omc-server.key

 webServer:
  enabled: false
--- a/docker/omc/tmp/README.md
+++ b/docker/omc/tmp/README.md
@@ -0,0 +1 @@
+# OMC tmp Dir