docker swarm

2024-06-05 13:13:44 +08:00
parent d6dca2b585
commit 70f90c1d03
8912 changed files with 1269849 additions and 560260 deletions
--- a/docker-swarm/nginx-prod-50/README
+++ b/docker-swarm/nginx-prod-50/README
@ -0,0 +1,10 @@
+
+# crm1环境下  部署nginx
+
+env $(cat ./env_crm1 | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - crm1_nginx
+
+
+
+# prod环境下  部署nginx
+
+env $(cat ./env_prod | xargs) envsubst < ./docker-compose.yml | docker stack deploy --compose-file - prod_nginx
--- a/docker-swarm/nginx-prod-50/docker-compose.yml
+++ b/docker-swarm/nginx-prod-50/docker-compose.yml
@ -0,0 +1,62 @@
+version: '3.8'
+
+networks:
+  default:
+    name: ${NAMESPACE}
+    external: true
+services:
+  server:
+    image: 'docker.io/bitnami/nginx:1.24'
+    ports:
+      - '8080:8080'
+      - '8443:8443'
+    environment:
+      - TZ=Asia/Shanghai
+    volumes:
+      - /opt/logs/nginx/:/opt/bitnami/nginx/logs/
+    configs:
+      - source: nginx_conf
+        target: /opt/bitnami/nginx/conf/nginx.conf
+      - source: nginx_ssl_sinoassist_config
+        target: /opt/bitnami/nginx/conf/ssl.sinoassist.conf
+      - source: ssl_sinoassist_key
+        target: /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.key
+      - source: ssl_sinoassist_pem
+        target: /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.pem
+      - source: nginx_prod_config
+        target: /opt/bitnami/nginx/conf/server_blocks/prod.conf
+      - source: nginx_prod_sup_config
+        target: /opt/bitnami/nginx/conf/server_blocks/prod-sup.conf
+      - source: nginx_other_config
+        target: /opt/bitnami/nginx/conf/server_blocks/zd-other.conf
+
+    deploy:
+      mode: replicated
+      replicas: 2    
+      update_config:
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.${NAMESPACE}_nginx==1
+configs:
+  nginx_conf:
+    external: true
+    name: nginx_conf_v1
+  nginx_ssl_sinoassist_config:
+    external: true
+    name: nginx_ssl_sinoassist_conf_v1
+  nginx_prod_config:
+    external: true
+    name: nginx_prod_config_v1
+  nginx_prod_sup_config:
+    external: true
+    name: nginx_prod_sup_config_v1
+  nginx_other_config:
+    external: true
+    name: nginx_other_config_v1
+  ssl_sinoassist_key:
+    external: true
+    name: ssl_sinoassist_key_2024
+  ssl_sinoassist_pem:
+    external: true
+    name: ssl_sinoassist_pem_2024
--- a/docker-swarm/nginx-prod-50/env_crm1
+++ b/docker-swarm/nginx-prod-50/env_crm1
@ -0,0 +1,4 @@
+NAMESPACE=crm1
+NODE_PORT=8080
+CUSTOME_CONFIG=nginx_conf_v1
+CUSTOME_CONFIG=nginx_conf_v1
--- a/docker-swarm/nginx-prod-50/env_prod
+++ b/docker-swarm/nginx-prod-50/env_prod
@ -0,0 +1 @@
+NAMESPACE=prod
--- a/docker-swarm/nginx-prod-50/nginx.conf
+++ b/docker-swarm/nginx-prod-50/nginx.conf
@ -0,0 +1,60 @@
+# Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
+user              www www;  ## Default: nobody
+
+worker_processes  auto;
+error_log         "/opt/bitnami/nginx/logs/error.log";
+pid               "/opt/bitnami/nginx/tmp/nginx.pid";
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    log_format    main '$remote_addr - $remote_user [$time_local] '
+                       '"$request" $status $body_bytes_sent "$http_referer" '
+                       '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log    "/opt/bitnami/nginx/logs/access.log" main;
+    add_header    X-Frame-Options SAMEORIGIN;
+
+    client_body_temp_path  "/opt/bitnami/nginx/tmp/client_body" 1 2;
+    proxy_temp_path        "/opt/bitnami/nginx/tmp/proxy" 1 2;
+    fastcgi_temp_path      "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
+    scgi_temp_path         "/opt/bitnami/nginx/tmp/scgi" 1 2;
+    uwsgi_temp_path        "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
+
+    sendfile           on;
+    tcp_nopush         on;
+    tcp_nodelay        off;
+    gzip               on;
+    gzip_http_version  1.0;
+    gzip_comp_level    2;
+    gzip_proxied       any;
+    gzip_types         text/plain text/css application/javascript text/xml application/xml+rss;
+    keepalive_timeout  65;
+    ssl_protocols      TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
+    client_max_body_size 105M;
+    server_tokens off;
+
+    absolute_redirect  off;
+    port_in_redirect   off;
+
+    include  "/opt/bitnami/nginx/conf/server_blocks/*.conf";
+
+    # # HTTP Server
+    # server {
+    #     # Port to listen on, can also be set in IP:PORT format
+    #     listen  80;
+
+    #     include  "/opt/bitnami/nginx/conf/bitnami/*.conf";
+
+    #     location /status {
+    #         stub_status on;
+    #         access_log   off;
+    #         allow 127.0.0.1;
+    #         deny all;
+    #     }
+    # }
+}
--- a/docker-swarm/nginx-prod-50/nginx_other_config_v1
+++ b/docker-swarm/nginx-prod-50/nginx_other_config_v1
@ -0,0 +1,44 @@
+## 公司其他域名的切换
+
+# 4s店微信
+server {
+    listen       8080;
+    server_name  wx4s.sinoassist.com;
+
+    location / {
+        proxy_pass  http://192.168.10.7:8777;
+    }
+}
+
+
+# 微信供应商
+server {
+    listen       8080;
+    server_name  wxdd.sinoassist.com;
+
+    location / {
+        proxy_pass  http://192.168.10.7:8568;
+    }
+}
+
+# 呼叫中心接口
+server {
+    listen       8080;
+    server_name  apicc.sinoassist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+    location / {
+        proxy_pass  http://192.168.5.201:8080;
+    }
+}
+
+# 呼叫中心接口websocket
+server {
+    listen       8080;
+    server_name  apiccws.sinoassist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+    location / {
+        proxy_pass  http://192.168.5.201:1884;
+    }
+}
--- a/docker-swarm/nginx-prod-50/nginx_prod_config_v1
+++ b/docker-swarm/nginx-prod-50/nginx_prod_config_v1
@ -0,0 +1,167 @@
+
+
+upstream api.zhongdao {
+    server ss52_sa-gateway_svc:8080;
+    server ss53_sa-gateway_svc:8080;
+}
+
+# 中道外部接口
+server {
+    listen       8080;
+    server_name  api.sinoassist.net api.sinoassist.com xcx-api.sinoassist.com interface.review.sino-assist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+
+    location / {
+        proxy_pass  http://api.zhongdao;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location ~ .*actuator.* {
+        deny all;
+    }
+}
+
+
+# 接口
+server {
+    listen       8080;
+    server_name  api-nj.do-dec.com api-cd.do-dec.com api-wh.do-dec.com api-hz.do-dec.com api-sh.do-dec.com;
+
+    location / {
+        proxy_pass  http://api.zhongdao;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location ~ .*actuator.* {
+        deny all;
+    }
+}
+
+
+server {
+    server_name site.sinoassist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+
+    location / {   
+            root   /zd/cc-site/dist/;
+            index  index.html index.htm;
+            try_files $uri $uri/ /index.html;
+            if ($request_filename ~ .*\.(htm|html)$)
+            {
+                add_header Cache-Control no-cache;
+            }
+    }
+}
+
+
+server {
+    server_name www.sinoassist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+    location /h5/rescue {
+        alias   /zd/rescue-h5/dist/;
+        try_files  $uri $uri/ /h5/rescue/index.html;
+        index index.html;
+        if ($request_filename ~ .*\.(htm|html)$)
+            {
+                    add_header Cache-Control no-cache;
+            }
+    }
+
+    location /dev/h5/rescue {
+        proxy_pass  http://192.168.1.209:8030/dev/h5/rescue;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For
+        $proxy_add_x_forwarded_for;
+        client_max_body_size    200m;
+    }
+
+    location /h5/client/ {
+        alias   /zd/sino-client-h5/dist/build/h5/;
+        index index.html;
+        if ($request_filename ~ .*\.(htm|html)$)
+            {
+                    add_header Cache-Control no-cache;
+            }
+    }
+
+
+
+    location /h5/supplier/dispatch {
+        alias   /zd/supplier-dispatch-h5/dist/;
+        try_files  $uri $uri/  /h5/supplier/dispatch/index.html;
+        index index.html;
+        if ($request_filename ~ .*\.(htm|html)$)
+            {
+                    add_header Cache-Control no-cache;
+            }
+    }
+
+
+    # 太科app 海豚湾 微信验证配置
+
+    location /FowqINu4W1.txt {
+                default_type    text/html;
+                return 200 "90d7811c9e948fe95df1fd46ca3c1984";
+    }
+
+    location /HQgOV1DbaM.txt {
+                default_type    text/html;
+                return 200 "91aad82c4fadf3b6b4843771561dac64";
+    }
+    location /pay/gateway/ {
+        proxy_pass  http://192.168.3.121:9226/pay/gateway/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For
+        $proxy_add_x_forwarded_for;
+        client_max_body_size    200m;
+    }
+
+
+    location /pay/gateway/api/ {
+        proxy_next_upstream http_502 http_504 error timeout invalid_header;
+        proxy_set_header Host  $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://192.168.3.121:9216/api/;
+        # 启用支持websocket连接
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location / {
+        proxy_pass  http://prod_ss_sa-cc_svc:8080/;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    
+    location ~ ^/(export-app|common|order|supplier|contract|base) {
+            proxy_pass  http://api.zhongdao;
+    }
+}
+
+
+
+## 前端http强制转https
+server {
+    listen       8080;
+
+    server_name     www.sinoassist.com;
+    add_header Strict-Transport-Security max-age=15768000;
+    return 301 https://www.sinoassist.com$request_uri;
+
+}
--- a/docker-swarm/nginx-prod-50/nginx_prod_sup_config_v1
+++ b/docker-swarm/nginx-prod-50/nginx_prod_sup_config_v1
@ -0,0 +1,65 @@
+## 救援生产环境其他服务域名切换
+
+
+## rabbitmq stomp
+upstream stomp.zhongdao {
+    server prod_rabbitmq_queue1:15674;
+    server prod_rabbitmq_queue2:15674;
+    server prod_rabbitmq_stats:15674;
+}
+
+server {
+    listen       8080;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+    server_name  stomp.sinoassist.com;
+
+    location / {
+        proxy_pass http://stomp.zhongdao;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_set_header        Host            $host;
+        proxy_set_header        X-Real-IP       $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+
+
+# 备份文件服务器
+server {
+    listen       8080;
+    server_name  file.sinoassist.com;
+    include    /opt/bitnami/nginx/conf/ssl.sinoassist.conf;
+
+    # 录音文件服务器
+    location /ly/ {
+        proxy_pass  http://192.168.5.204:8088/;
+
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For
+        $proxy_add_x_forwarded_for;
+        if ($request_filename ~ .*\.(htm|html)$)
+        {
+            add_header Cache-Control no-cache;
+        }
+
+    }
+
+    # 备份文件服务器
+    location / {
+        proxy_pass  http://192.168.10.18:8888;
+
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-For
+        $proxy_add_x_forwarded_for;
+        if ($request_filename ~ .*\.(htm|html)$)
+        {
+            add_header Cache-Control no-cache;
+        }
+
+    }
+}
--- a/docker-swarm/nginx-prod-50/nginx_ssl_sinoassist_conf_v1
+++ b/docker-swarm/nginx-prod-50/nginx_ssl_sinoassist_conf_v1
@ -0,0 +1,11 @@
+listen 8443 ssl;
+
+ssl_certificate /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.pem;
+
+ssl_certificate_key /opt/bitnami/nginx/conf/server_blocks/sinoassist.com.key;
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers HIGH:!aNULL:!MD5:!DES:!3DES;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;