nginx.conf
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 限制body大小
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
upstream server {
server 127.0.0.1:8080;
}
upstream monitor-admin {
server 127.0.0.1:9090;
}
upstream xxljob-admin {
server 127.0.0.1:9100;
}
server {
#listen 80;
#server_name localhost;
# https配置参考 start
listen 443 ssl;
# 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径
ssl on;
ssl_certificate /etc/nginx/cert/www.jlstu.vip.pem; # /etc/nginx/cert/ 为docker映射路径 不允许更改
ssl_certificate_key /etc/nginx/cert/www.jlstu.vip.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# https配置参考 end
# 演示环境配置 拦截除 GET POST 之外的所有请求
# if ($request_method !~* GET|POST) {
# rewrite ^/(.*)$ /403;
# }
# location = /403 {
# default_type application/json;
# return 200 '{"msg":"演示模式,不允许操作","code":500}';
# }
# 限制外网访问内网 actuator 相关路径
location ~ ^(/[^/]*)?/actuator(/.*)?$ {
return 403;
}
location /h5 {
root /usr/share/nginx/html;
try_files $uri $uri/ /h5/index.html;
index index.html index.htm;
}
location /ry {
root /usr/share/nginx/html;
try_files $uri $uri/ /ry/index.html;
index index.html index.htm;
}
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://server/;
}
# https 会拦截内链所有的 http 请求 造成功能无法使用
# 解决方案1 将 admin 服务 也配置成 https
# 解决方案2 将菜单配置为外链访问 走独立页面 http 访问
location /admin/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://monitor-admin/admin/;
}
# https 会拦截内链所有的 http 请求 造成功能无法使用
# 解决方案1 将 xxljob 服务 也配置成 https
# 解决方案2 将菜单配置为外链访问 走独立页面 http 访问
location /xxl-job-admin/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xxljob-admin/xxl-job-admin/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
}
html里面放了app包和web包
docker-compose.yml
version: '3'
services:
mysql:
image: mysql:8.0.31
container_name: mysql
environment:
# 时区上海
TZ: Asia/Shanghai
# root 密码
MYSQL_ROOT_PASSWORD: root
# 初始化数据库(后续的初始化sql会在这个库执行)
MYSQL_DATABASE: ry-vue
ports:
- "3306:3306"
volumes:
# 数据挂载
- /docker/mysql/data/:/var/lib/mysql/
# 配置挂载
- /docker/mysql/conf/:/etc/mysql/conf.d/
command:
# 将mysql8.0默认密码策略 修改为 原先 策略 (mysql8.0对其默认策略做了更改 会导致密码无法匹配)
--default-authentication-plugin=mysql_native_password
--character-set-server=utf8mb4
--collation-server=utf8mb4_general_ci
--explicit_defaults_for_timestamp=true
--lower_case_table_names=1
privileged: true
network_mode: "host"
nginx-web:
image: nginx:1.22.1
container_name: nginx-web
environment:
# 时区上海
TZ: Asia/Shanghai
ports:
- "80:80"
- "443:443"
volumes:
# 证书映射
- /docker/nginx/cert:/etc/nginx/cert
# 配置文件映射
- /docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
# 页面目录
- /docker/nginx/html:/usr/share/nginx/html
# 日志目录
- /docker/nginx/log:/var/log/nginx
privileged: true
network_mode: "host"
redis:
image: redis:6.2.7
container_name: redis
ports:
- "6379:6379"
environment:
# 时区上海
TZ: Asia/Shanghai
volumes:
# 配置文件
- /docker/redis/conf:/redis/config:rw
# 数据文件
- /docker/redis/data/:/redis/data/:rw
command: "redis-server /redis/config/redis.conf"
privileged: true
network_mode: "host"
minio:
image: minio/minio:RELEASE.2023-03-24T21-41-23Z
container_name: minio
ports:
# api 端口
- "9000:9000"
# 控制台端口
- "9001:9001"
environment:
# 时区上海
TZ: Asia/Shanghai
# 管理后台用户名
MINIO_ROOT_USER: ruoyi
# 管理后台密码,最小8个字符
MINIO_ROOT_PASSWORD: ruoyi123
# https需要指定域名
#MINIO_SERVER_URL: "https://xxx.com:9000"
#MINIO_BROWSER_REDIRECT_URL: "https://xxx.com:9001"
# 开启压缩 on 开启 off 关闭
MINIO_COMPRESS: "off"
# 扩展名 .pdf,.doc 为空 所有类型均压缩
MINIO_COMPRESS_EXTENSIONS: ""
# mime 类型 application/pdf 为空 所有类型均压缩
MINIO_COMPRESS_MIME_TYPES: ""
volumes:
# 映射当前目录下的data目录至容器内/data目录
- /docker/minio/data:/data
# 映射配置目录
- /docker/minio/config:/root/.minio/
command: server --address ':9000' --console-address ':9001' /data # 指定容器中的目录 /data
privileged: true
network_mode: "host"
ruoyi-server1:
image: ruoyi/ruoyi-server:4.8.1
container_name: ruoyi-server1
environment:
# 时区上海
TZ: Asia/Shanghai
SERVER_PORT: 8080
volumes:
# 配置文件
- /docker/server1/logs/:/ruoyi/server/logs/
# skywalking 探针
# - /docker/skywalking/agent/:/ruoyi/skywalking/agent
privileged: true
network_mode: "host"
ruoyi-xxl-job-admin:
image: ruoyi/ruoyi-xxl-job-admin:4.8.1
container_name: ruoyi-xxl-job-admin
environment:
# 时区上海
TZ: Asia/Shanghai
volumes:
# 配置文件
- /docker/xxljob/logs/:/ruoyi/xxljob/logs
privileged: true
network_mode: "host"
web端baseUrl修改
