From 2360f0401b096fcd3eec844d173820343fd03117 Mon Sep 17 00:00:00 2001 From: Charles7c Date: Wed, 4 Jan 2023 22:19:00 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E4=BC=98=E5=8C=96?= =?UTF-8?q?=E9=83=A8=E7=BD=B2=E9=85=8D=E7=BD=AE=EF=BC=88=E5=90=8E=E7=AB=AF?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E4=BD=BF=E7=94=A8=E7=8B=AC=E7=AB=8B=E5=9F=9F?= =?UTF-8?q?=E5=90=8D=20api.charles7c.top=20=E6=8F=90=E4=BE=9B=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yml | 4 ++- continew-admin-ui/.env.production | 2 +- docker/nginx/conf/nginx.conf | 45 ++++++++++++++++++++++++------- 3 files changed, 40 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2e193fb..1671f3f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -81,7 +81,7 @@ jobs: username: ${{ secrets.SERVER_USERNAME }} password: ${{ secrets.SERVER_PASSWORD }} local: ./continew-admin-ui/dist - remote: /docker/continew-admin/web + remote: /docker/continew-admin/tmp # 6、重启前端服务 - name: Restart uses: appleboy/ssh-action@master @@ -91,4 +91,6 @@ jobs: username: ${{ secrets.SERVER_USERNAME }} password: ${{ secrets.SERVER_PASSWORD }} script: | + rm -rf /docker/continew-admin/web/* + mv /docker/continew-admin/tmp/* /docker/continew-admin/web docker restart nginx \ No newline at end of file diff --git a/continew-admin-ui/.env.production b/continew-admin-ui/.env.production index 3db1578..9880a66 100644 --- a/continew-admin-ui/.env.production +++ b/continew-admin-ui/.env.production @@ -1 +1 @@ -VITE_API_BASE_URL= 'https://cnadmin.charles7c.top' \ No newline at end of file +VITE_API_BASE_URL= 'https://api.charles7c.top' \ No newline at end of file diff --git a/docker/nginx/conf/nginx.conf b/docker/nginx/conf/nginx.conf index 3c47eda..0a379f7 100644 --- a/docker/nginx/conf/nginx.conf +++ b/docker/nginx/conf/nginx.conf @@ -21,13 +21,48 @@ http { access_log /var/log/nginx/access.log main; + # 后端项目 upstream admin-server { ip_hash; server 172.17.0.1:18000; } server { - # listen 80; + listen 443 ssl; + server_name api.charles7c.top; + + # 证书直接存放 /docker/nginx/cert 目录下即可(更改证书名称即可,无需更改证书路径) + ssl on; + ssl_certificate /etc/nginx/cert/xxx.local.pem; # /etc/nginx/cert/ 为 docker 映射路径 不允许更改 + ssl_certificate_key /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为 docker 映射路径 不允许更改 + ssl_session_timeout 5m; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://admin-server/; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + } + + # HTTP 请求 将转发到 HTTPS + server { + listen 80; + server_name api.charles7c.top; + rewrite ^ https://$http_host$request_uri? permanent; + } + + # 前端项目 + server { listen 443 ssl; server_name cnadmin.charles7c.top; @@ -49,14 +84,6 @@ http { error_page 405 =200 https://$host$request_uri; } - location ~*/(auth|captcha) { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://admin-server; - } - error_page 500 502 503 504 /50x.html; location = /50x.html { root html; -- GitLab