From 8a8181839562e32e2a10983ed060aff299c58870 Mon Sep 17 00:00:00 2001
From: wangxiang <1827945911@qq.com>
Date: Wed, 6 Sep 2023 21:55:39 +0800
Subject: [PATCH] fix: dev and prod

---
 docker/{ => development}/Dockerfile           |  6 +-
 docker/development/default.conf               | 53 ++++++++++++
 docker/docker-compose.yaml                    | 21 +++--
 docker/production/Dockerfile                  | 10 +++
 .../{kicc-ui.conf => production/default.conf} | 82 ++++++++++---------
 5 files changed, 125 insertions(+), 47 deletions(-)
 rename docker/{ => development}/Dockerfile (52%)
 create mode 100644 docker/development/default.conf
 create mode 100644 docker/production/Dockerfile
 rename docker/{kicc-ui.conf => production/default.conf} (69%)

diff --git a/docker/Dockerfile b/docker/development/Dockerfile
similarity index 52%
rename from docker/Dockerfile
rename to docker/development/Dockerfile
index 2df70d3..85c7bcc 100644
--- a/docker/Dockerfile
+++ b/docker/development/Dockerfile
@@ -1,10 +1,10 @@
 FROM nginx
 
-COPY ./dist /data
-COPY ./secret /secret
+COPY ../dist /data
+COPY ../secret /secret
 
 RUN rm /etc/nginx/conf.d/default.conf
 
-ADD kicc-ui.conf /etc/nginx/conf.d/
+ADD default.conf /etc/nginx/conf.d/
 
 RUN /bin/bash -c 'echo init ok'
diff --git a/docker/development/default.conf b/docker/development/default.conf
new file mode 100644
index 0000000..53fdfb9
--- /dev/null
+++ b/docker/development/default.conf
@@ -0,0 +1,53 @@
+# 如果没有显式声明 default server 则第一个 server 会被隐式的设为 default server
+server {
+  # 自定义访问端口
+  listen 80;
+  client_max_body_size 100M;
+
+  # 服务名称
+  server_name localhost;
+
+  # 代理访问根地址
+  root /data;
+
+  #设置转发请求头参数
+  proxy_connect_timeout 15s;
+  proxy_send_timeout 15s;
+  proxy_read_timeout 15s;
+  proxy_set_header Host $http_host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+  # 代理访问kicc-ui地址
+  location / {
+    try_files $uri $uri/ /index.html;
+    error_page 405 =200 https://$host$request_uri;
+  }
+
+  # 代理访问后端微服务网关地址
+  location ^~/prod-api/ {
+    rewrite ^/prod-api/(.*)$ /$1 break;
+    proxy_pass http://kicc-gateway:9999;
+  }
+
+  # 代理访问后端上传地址
+  location ^~/prod-upload {
+    rewrite ^/prod-upload(.*)$ /system_proxy/system/file/upload break;
+    proxy_pass http://kicc-gateway:9999;
+  }
+
+  # 代理访问后端文件在线预览地址
+  location ^~/prod-preview/ {
+    proxy_pass http://kicc-fileview:8012/;
+  }
+
+  # 代理访问后端微服务报表地址,绕过https不能内嵌http
+  location ^~/ureport/ {
+    proxy_pass http://kicc-gateway:9999/report_proxy/ureport/;
+  }
+
+  # 代理访问后端微服务大屏设计器地址(直接代理线上)
+  location ^~/bigscreen/ {
+    proxy_pass http://kicc.kanglailab.com:8085/;
+  }
+}
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
index 630a628..bd6c76f 100644
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@@ -4,17 +4,24 @@
 
 version: '3'
 services:
-  kicc-ui:
+  kicc-ui-dev:
     build:
-      context: .
+      context: ./development
     restart: always
-    container_name: kicc-ui
-    image: kicc-ui
+    container_name: kicc-ui-dev
+    image: kicc-ui-dev
     networks:
       - docker-cloud_default
-    external_links:
-      - kicc-gateway
-      - kicc-fileview
+    ports:
+      - 80:80
+      - 443:443
+  kicc-ui-prod:
+    build:
+      context: ./production
+    restart: always
+    container_name: kicc-ui-prod
+    image: kicc-ui-prod
+    network_mode: 'host'
     ports:
       - 80:80
       - 443:443
diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile
new file mode 100644
index 0000000..85c7bcc
--- /dev/null
+++ b/docker/production/Dockerfile
@@ -0,0 +1,10 @@
+FROM nginx
+
+COPY ../dist /data
+COPY ../secret /secret
+
+RUN rm /etc/nginx/conf.d/default.conf
+
+ADD default.conf /etc/nginx/conf.d/
+
+RUN /bin/bash -c 'echo init ok'
diff --git a/docker/kicc-ui.conf b/docker/production/default.conf
similarity index 69%
rename from docker/kicc-ui.conf
rename to docker/production/default.conf
index a84fd80..ac43911 100644
--- a/docker/kicc-ui.conf
+++ b/docker/production/default.conf
@@ -1,16 +1,36 @@
 # 如果没有显式声明 default server 则第一个 server 会被隐式的设为 default server
-# development环境(不需要配置https会导致开发时无法内嵌http页面)
 server {
   # 自定义访问端口
   listen 80;
+
+  # 服务名称
+  server_name kicc.kanglailab.com;
+
+  # 把http的域名请求转成https
+  return 301 https://$host$request_uri;
+}
+
+server {
+  # 自定义访问端口
+  listen 443 ssl;
   client_max_body_size 100M;
 
   # 服务名称
-  server_name localhost;
+  server_name kicc.kanglailab.com;
 
   # 代理访问根地址
   root /data;
 
+  # ssl证书地址
+  ssl_certificate      /secret/ssl.pem;  # pem文件的路径
+  ssl_certificate_key  /secret/ssl.key;  # key文件的路径
+
+  # ssl验证相关配置
+  ssl_session_timeout  5m;    #缓存有效期
+  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
+  ssl_prefer_server_ciphers on;           #使用服务器端的首选算法
+
   #设置转发请求头参数
   proxy_connect_timeout 15s;
   proxy_send_timeout 15s;
@@ -18,33 +38,49 @@ server {
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  error_page 497 https://$host$request_uri;
 
   # 代理访问kicc-ui地址
   location / {
     try_files $uri $uri/ /index.html;
-    error_page 405 =200 http://$host$request_uri;
+    error_page 405 =200 https://$host$request_uri;
   }
 
   # 代理访问后端微服务网关地址
   location ^~/prod-api/ {
     rewrite ^/prod-api/(.*)$ /$1 break;
-    proxy_pass http://kicc-gateway:9999;
+    proxy_pass http://localhost:9999;
   }
 
   # 代理访问后端上传地址
   location ^~/prod-upload {
     rewrite ^/prod-upload(.*)$ /system_proxy/system/file/upload break;
-    proxy_pass http://kicc-gateway:9999;
+    proxy_pass http://localhost:9999;
+  }
+
+  # 代理访问后端文件在线预览地址
+  location ^~/prod-preview/ {
+    proxy_pass http://localhost:8012/;
+  }
+
+  # 代理访问后端微服务报表地址,绕过https不能内嵌http
+  location ^~/ureport/ {
+    proxy_pass http://localhost:9999/report_proxy/ureport/;
+  }
+
+  # 代理访问后端微服务大屏设计器地址
+  location ^~/bigscreen/ {
+    proxy_pass http://localhost:8085/;
   }
 }
 
-# production环境（目前为了部署方便development环境跟production环境通用）
+#代理公司遗留项目
 server {
   # 自定义访问端口
   listen 80;
 
   # 服务名称
-  server_name kicc.kanglailab.com;
+  server_name spnapi.kanglailab.com;
 
   # 把http的域名请求转成https
   return 301 https://$host$request_uri;
@@ -56,7 +92,7 @@ server {
   client_max_body_size 100M;
 
   # 服务名称
-  server_name kicc.kanglailab.com;
+  server_name spnapi.kanglailab.com;
 
   # 代理访问根地址
   root /data;
@@ -82,34 +118,6 @@ server {
 
   # 代理访问kicc-ui地址
   location / {
-    try_files $uri $uri/ /index.html;
-    error_page 405 =200 https://$host$request_uri;
-  }
-
-  # 代理访问后端微服务网关地址
-  location ^~/prod-api/ {
-    rewrite ^/prod-api/(.*)$ /$1 break;
-    proxy_pass http://kicc-gateway:9999;
-  }
-
-  # 代理访问后端上传地址
-  location ^~/prod-upload {
-    rewrite ^/prod-upload(.*)$ /system_proxy/system/file/upload break;
-    proxy_pass http://kicc-gateway:9999;
-  }
-
-  # 代理访问后端文件在线预览地址
-  location ^~/prod-preview/ {
-    proxy_pass http://kicc-fileview:8012/;
-  }
-
-  # 代理访问后端微服务报表地址,绕过https不能内嵌http
-  location ^~/ureport/ {
-    proxy_pass http://kicc-gateway:9999/report_proxy/ureport/;
-  }
-
-  # 代理访问后端微服务大屏设计器地址
-  location ^~/bigscreen/ {
-    proxy_pass http://kicc.kanglailab.com:8085/;
+   proxy_pass http://localhost:8050;
   }
 }