diff --git a/.env.example b/.env.example index c6400a8c..e3b1e210 100644 --- a/.env.example +++ b/.env.example @@ -6,8 +6,11 @@ SPRING_PROFILES_ACTIVE=prod DEMO_MODE=false API_CORS=true -SECRET_KEY=uQeacXV8b3isvKLK API_EXPOSE_TOKEN=pmqeHOyZaumHm0Wt +SECRET_KEY=uQeacXV8b3isvKLK + +NGINX_SERVICE_HOST=service +NGINX_SERVICE_PORT=9200 MYSQL_HOST=mysql MYSQL_PORT=3306 diff --git a/docker-compose.yaml b/docker-compose.yaml index 0b369748..22216eda 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -12,6 +12,9 @@ services: image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest ports: - ${SERVICE_PORT:-1081}:80 + environment: + NGINX_SERVICE_HOST: ${NGINX_SERVICE_HOST:-service} + NGINX_SERVICE_PORT: ${NGINX_SERVICE_PORT:-9200} restart: unless-stopped depends_on: service: diff --git a/docker/ui/Dockerfile b/docker/ui/Dockerfile index 6abe6e8e..37436173 100644 --- a/docker/ui/Dockerfile +++ b/docker/ui/Dockerfile @@ -11,13 +11,20 @@ RUN \ ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ echo "${TZ}" > /etc/timezone && \ rm -rf /var/cache/apk/* && \ + rm -rf /etc/nginx/nginx.conf && \ rm -rf /etc/nginx/conf.d/* -# 复制包 +# 复制前端静态文件 COPY ./ui/dist /usr/share/nginx/html # 复制配置 -COPY ./ui/nginx.conf /etc/nginx/conf.d +COPY ./ui/nginx.conf /etc/nginx +COPY ./ui/service.conf /etc/nginx/conf.d + +# 复制启动脚本 +COPY ./ui/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh # 启动 +ENTRYPOINT ["/entrypoint.sh"] CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/docker/ui/entrypoint.sh b/docker/ui/entrypoint.sh new file mode 100644 index 00000000..fc3cd7bc --- /dev/null +++ b/docker/ui/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +# 设置环境变量 +NGINX_SERVICE_HOST="${NGINX_SERVICE_HOST:-service}" +NGINX_SERVICE_PORT="${NGINX_SERVICE_PORT:-9200}" + +# 替换环境变量 +sed -i "s|\${NGINX_SERVICE_HOST}|${NGINX_SERVICE_HOST}|g" /etc/nginx/conf.d/service.conf +sed -i "s|\${NGINX_SERVICE_PORT}|${NGINX_SERVICE_PORT}|g" /etc/nginx/conf.d/service.conf + +exec "$@" \ No newline at end of file diff --git a/docker/ui/nginx.conf b/docker/ui/nginx.conf index ec9925bc..634b7c46 100644 --- a/docker/ui/nginx.conf +++ b/docker/ui/nginx.conf @@ -1,56 +1,30 @@ -server { - listen 80; - server_name localhost; - client_max_body_size 1024m; +user nginx; +worker_processes auto; - # 是否启动 gzip 压缩 - gzip on; - # 需要压缩的常见静态资源 - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; - # 如果文件大于 1k 就启动压缩 - gzip_min_length 1k; - # 缓冲区 - gzip_buffers 4 16k; - # 压缩的等级 - gzip_comp_level 2; - # access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - # web history 模式 404 - try_files $uri $uri/ /index.html; - } - - location /orion-visor/api { - proxy_pass http://service:9200/orion-visor/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /orion-visor/keep-alive { - proxy_pass http://service:9200/orion-visor/keep-alive; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; +events { + worker_connections 1024; } +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_tokens off; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker/ui/service.conf b/docker/ui/service.conf new file mode 100644 index 00000000..a940f896 --- /dev/null +++ b/docker/ui/service.conf @@ -0,0 +1,56 @@ +server { + listen 80; + server_name localhost; + client_max_body_size 1024m; + + # 是否启动 gzip 压缩 + gzip on; + # 需要压缩的常见静态资源 + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; + # 如果文件大于 1k 就启动压缩 + gzip_min_length 1k; + # 缓冲区 + gzip_buffers 4 16k; + # 压缩的等级 + gzip_comp_level 2; + # access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # web history 模式 404 + try_files $uri $uri/ /index.html; + } + + location /orion-visor/api { + proxy_pass http://${NGINX_SERVICE_HOST}:${NGINX_SERVICE_PORT}/orion-visor/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /orion-visor/keep-alive { + proxy_pass http://${NGINX_SERVICE_HOST}:${NGINX_SERVICE_PORT}/orion-visor/keep-alive; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} +