From 755a597c45ee8680d0d7a518a6d36ca23012f495 Mon Sep 17 00:00:00 2001
From: wangxiang <1827945911@qq.com>
Date: Wed, 12 Jul 2023 17:39:12 +0800
Subject: [PATCH] chore: tsl

---
 cloud/bigscreen-design/docker/default.conf |  2 +-
 docker/Dockerfile                          |  1 +
 docker/docker-compose.yaml                 |  2 +-
 docker/kicc-ui.conf                        | 20 +++++--
 docker/secret/ssl.key                      | 27 ++++++++++
 docker/secret/ssl.pem                      | 61 ++++++++++++++++++++++
 6 files changed, 106 insertions(+), 7 deletions(-)
 create mode 100644 docker/secret/ssl.key
 create mode 100644 docker/secret/ssl.pem

diff --git a/cloud/bigscreen-design/docker/default.conf b/cloud/bigscreen-design/docker/default.conf
index b21f5d8..7018c5c 100644
--- a/cloud/bigscreen-design/docker/default.conf
+++ b/cloud/bigscreen-design/docker/default.conf
@@ -10,10 +10,10 @@ server {
     root /data;
 
     #设置转发请求头参数
-    proxy_set_header Host $http_host;
     proxy_connect_timeout 15s;
     proxy_send_timeout 15s;
     proxy_read_timeout 15s;
+    proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-Proto http;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c08c0bf..2df70d3 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,7 @@
 FROM nginx
 
 COPY ./dist /data
+COPY ./secret /secret
 
 RUN rm /etc/nginx/conf.d/default.conf
 
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
index e2f5a7a..4ec8992 100644
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -2,7 +2,6 @@
 # VERSION: 1.0.0
 # Author: 康来生物科技有限公司-王翔
 
-# https://support.websoft9.com/docs/docker/zh/solution-compose.html#command
 version: '3'
 services:
   kicc-ui:
@@ -17,6 +16,7 @@ services:
       - kicc-gateway
     ports:
       - 80:80
+      - 443:443
 
 networks:
   docker-cloud_default:
diff --git a/docker/kicc-ui.conf b/docker/kicc-ui.conf
index 1208d9c..9d9f46f 100644
--- a/docker/kicc-ui.conf
+++ b/docker/kicc-ui.conf
@@ -1,6 +1,7 @@
 server {
     # 自定义访问端口
     listen 80;
+    listen 443 ssl;
     client_max_body_size 100M;
 
     # 服务名称
@@ -9,19 +10,29 @@ server {
     # 代理访问根地址
     root /data;
 
+    # ssl证书地址
+    ssl_certificate      /secret/ssl.pem;  # pem文件的路径
+    ssl_certificate_key  /secret/ssl.key;  # key文件的路径
+
+    # ssl验证相关配置
+    ssl_session_timeout  5m;    #缓存有效期
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
+    ssl_prefer_server_ciphers on;           #使用服务器端的首选算法
+
     #设置转发请求头参数
-    #proxy_set_header Host $http_host;
     proxy_connect_timeout 15s;
     proxy_send_timeout 15s;
     proxy_read_timeout 15s;
-    proxy_set_header X-Forwarded-Proto http;
+    proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    error_page 497 https://$host$request_uri;
 
     # 代理访问kicc-ui地址
     location / {
-     try_files $uri $uri/ /index.html;
-     error_page 405 =200 http://$host$request_uri;
+      try_files $uri $uri/ /index.html;
+      error_page 405 =200 https://$host$request_uri;
     }
 
     # 代理访问后端微服务网关地址
@@ -35,5 +46,4 @@ server {
        rewrite ^/prod-upload(.*)$ /system_proxy/system/file/upload break;
        proxy_pass http://kicc-gateway:9999;
     }
-
 }
diff --git a/docker/secret/ssl.key b/docker/secret/ssl.key
new file mode 100644
index 0000000..6626e79
--- /dev/null
+++ b/docker/secret/ssl.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAv4FqBfyUlNxtsL1Rv2ybsRPGRpPgUs8kXEQEacxk4zj98z53
+NBO6v547pxZCZQpX0V2g8tel9LSalJfzeU5lFmUWo8fIb/KJL3XIAtE6JDCne+2M
+sgliRyUFizwoQhyjiDoBU38Dh4jPzuldynsrqtkwdoV+mi6vreOYTTvq7mXTJPvO
+V2MKbpcPrO4JMTUr5gIiEIWIddnnrlQUCBZtpei6AYxz9LfTdzNC0L+LeUNLQK0y
+KWPEzPbyh90XTgBKGx5d5NDwvgK2fVKOUeKyDuMS5pflzlBrez/tsSIJlMycf+Ol
+usUgdVpD+ionmwleEbFIX19kwPxJdOhKLKN/owIDAQABAoIBAB3MT8iFsELnd6Pw
+GWe9SQ6JIql5ugZ4l9JJfRxPQwV+KTmvpxGx3jWRs/uAQa2CKf74YCJZPsfwUDs9
+15MxCRaufRLX887DgOgjHg+eKbtW3MCySlmrjyC92Hp9TlBXL3TzfaBV26E7vwYV
+ltP6TWWkrN9MT1JDYG+gweKGp7wXVAG9JmQVJDaW7ikh8rzRDxFV4ssLboyab7y+
+AyXKzG3iVDYZQLgHMK/4iuuw5GB5fAIbjSCBRwUdqWsJHTGLD/7iEjdS98Q6eR5R
++4FUoxuJSKgIUr6dEVo4DuJhnGwtNKseKZztKovkO35mEr+WoEkP+TfGh0CEfNAl
+cgMaDJkCgYEA6JOEt2lE4tEP3DRgWRE9ml6axteIZH4t6O4BWibiQjZpV/U9M9Km
+/qfIF1x4Qs6x+7V49WdpnWJwEj9qgCfJgIlpkFHnt9wDpv46kvnFPHxi2k+NMiHH
+rITyRD2zcXarX/mPmso9GQTEaqGEdUVfIlOh3UklgeS/SCwloOJFr6kCgYEA0sr5
+lygR6+ygucoQZW7pjPmkOxQUfCuQBT+u2UPNRkrdNSA+QnK6URwOUxm1DNvgMEL6
+UOo78FpOE7dutMF25wr4ay49FJoxPC/mZJK3nPTWMrUq1z+JVjUqoF1dlBgDhFb1
+/yNsUJEdBoFjwbtj63EibX2WIX5+RIKH/SMm9GsCgYBkilkGHLjNwIi1reK0vjI+
+SIVqTgRFRRK9rh3hhgurifASOQ7jFz5fudJS3wOSBd6FLJcEp1bN1Z8TFF0K16hR
+K5X58J5WKgNeLmrN3LG6Cx+Etn0YXef+mV5Nx8qJ0z4UeELvLFwrM5dhbT9gnsOY
+iETh71wKggN6xLLjkM2FOQKBgQCwH5Pnbj17KF0qnuCQP9m4RqWoDyEGlsdg+1K2
+ieYsA0VMrEIY9w8h0hVN7b7OnbB14qCPlwa5zlpKMwu2z6bvaMUjmKDEZAkbRtJz
+2fq8k/2cpK7E5ntzojyZfSlBIcdefeJQaWKI9paP5vBY4J+eCws+/J3CIpSR3ZaO
+NR7JPQKBgGaxRPBoODtViQNSgELQwtvl9b7wfjrq9zr+QDu7IliJHTO2EHr5c0BT
+xHVDwKbwhYTXu7FY/UDiVi9qJarna2a3hDhxTuXNcIsMcY8j7ehBtwcEQUh3XHkl
+rlDMifkgcIbspSzLfpZMt3WtlLPRN/Zd6R3NpsYBXb8y7FgrevCv
+-----END RSA PRIVATE KEY-----
diff --git a/docker/secret/ssl.pem b/docker/secret/ssl.pem
new file mode 100644
index 0000000..f8040da
--- /dev/null
+++ b/docker/secret/ssl.pem
@@ -0,0 +1,61 @@
+-----BEGIN CERTIFICATE-----
+MIIF+jCCBOKgAwIBAgIQCd3UR/8eiz+PnIuPMYAJTzANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzEwHhcNMjMwNzExMDAwMDAwWhcNMjQwNzEwMjM1OTU5WjAe
+MRwwGgYDVQQDExNraWNjLmthbmdsYWlsYWIuY29tMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAv4FqBfyUlNxtsL1Rv2ybsRPGRpPgUs8kXEQEacxk4zj9
+8z53NBO6v547pxZCZQpX0V2g8tel9LSalJfzeU5lFmUWo8fIb/KJL3XIAtE6JDCn
+e+2MsgliRyUFizwoQhyjiDoBU38Dh4jPzuldynsrqtkwdoV+mi6vreOYTTvq7mXT
+JPvOV2MKbpcPrO4JMTUr5gIiEIWIddnnrlQUCBZtpei6AYxz9LfTdzNC0L+LeUNL
+QK0yKWPEzPbyh90XTgBKGx5d5NDwvgK2fVKOUeKyDuMS5pflzlBrez/tsSIJlMyc
+f+OlusUgdVpD+ionmwleEbFIX19kwPxJdOhKLKN/owIDAQABo4IC4jCCAt4wHwYD
+VR0jBBgwFoAUVXRPsnJP9WC6UNHX5lFcmgGHGtcwHQYDVR0OBBYEFEr7Uu2aYP03
+3jwRgau6oHbho1ykMB4GA1UdEQQXMBWCE2tpY2Mua2FuZ2xhaWxhYi5jb20wDgYD
+VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNV
+HSAENzA1MDMGBmeBDAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lj
+ZXJ0LmNvbS9DUFMwgYAGCCsGAQUFBwEBBHQwcjAkBggrBgEFBQcwAYYYaHR0cDov
+L29jc3AuZGlnaWNlcnQuY29tMEoGCCsGAQUFBzAChj5odHRwOi8vY2FjZXJ0cy5k
+aWdpY2VydC5jb20vRW5jcnlwdGlvbkV2ZXJ5d2hlcmVEVlRMU0NBLUcxLmNydDAJ
+BgNVHRMEAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDuzdBk1dsazsVc
+t520zROiModGfLzs3sNRSFlGcR+1mwAAAYlE6nV/AAAEAwBHMEUCICLfvgTkH5+9
+26HHK9OZttW3+ro29cFkRotfJ5L1HFVTAiEA/286k4UJ7NELqGK9h9cA+0RW1urS
+a4NpItAnz8ojm2YAdQDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAA
+AYlE6nWNAAAEAwBGMEQCHxbjQpt42VdYq3IOGxfkVRuoM888b85dJGT47KYEP2AC
+IQCp3jKf9PJSgdXEdb9wESTGVcIRm80JrHUtmR2lMmu+1wB2ADtTd3U+LbmATosw
+Wwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABiUTqddkAAAQDAEcwRQIhAMabvTGdsX4y
+U9mpZGwNGduN5xNugnaj5AAsGbtlgA6eAiAvWxxbdsBEWjYxkAfJXyYo2ncuJwZC
+vJP2qATY/0HaETANBgkqhkiG9w0BAQsFAAOCAQEAnUtijXy1pu+hyTBp9Lgd/lqF
+0WF6AWfNZxBvbrLN5a3JxLVcPuk2ioUOGF23l0EwwPPBH9xR1qIPb522YIFWN7Vc
+OVgihHFoACaulNk6ykFkGjgTESj4VCeVBkSmknivQaVAyvAN/Tp+5llqAf3KzyYK
+gVaqTp/yP918+luSe0V22CcUm88nSDw2Hl3obsMOd0TIfMhQ/oKz4+dI8wkEf+w7
+Zax3HXCUpOl1hLiagCRdU01CEqt9SSHLwyisAhUGERbEWv1zJlz/kUZSkQ4ZV3Su
+xBsmgJ7VbA/Z27s+YWUe/kel5zGqczCo2c6DYVvcBgkExhd71vG4otnDa8uhCQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
+oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
+lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
+pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
+yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
+wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
+pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
+BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
+SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
+M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
+4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
+sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
+rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
+-----END CERTIFICATE-----