添加域名和SSL配置入口

1537ef04 · 陈泉 · 1ff8994d · 1537ef04 · 1537ef04
Commit 1537ef04 authored Mar 30, 2022 by 陈泉
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -241,6 +241,24 @@ services:
    networks:
      jeepay:
        ipv4_address: 172.20.0.33
+  # 如果你需要对外完整配置，可以使用下面的方式
+  # https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=pay.test.com&domains.0.server.documentRoot=&domains.0.server.redirectSubdomains=false&domains.0.https.hsts=false&domains.0.https.hstsPreload=true&domains.0.php.php=false&domains.0.reverseProxy.reverseProxy=true&domains.0.reverseProxy.proxyPass=http%3A%2F%2F172.20.0.26%3A9226&domains.0.routing.index=index.html&domains.0.routing.fallbackHtml=true&domains.0.routing.fallbackPhp=false&domains.0.logging.accessLog=true&domains.0.logging.errorLog=true&global.reverseProxy.proxyCoexistenceXForwarded=remove&global.app.lang=zhCN
+  # 访问并配置好所有域名和代理，下载文件放到项目根目录下取名叫做 nginx.tar.gz
+  #nginx:
+  #  image: nginx:latest
+  #  hostname: nginx
+  #  container_name: jeepay-nginx
+  #  ports:
+  #    - "80:80"
+  #    - "443:443"
+  #  depends_on:
+  #    - ui-manager
+  #    - ui-payment
+  #    - ui-merchant
+  #  volumes:
+  #    - ./nginx.tar.gz:/etc/nginx/nginx.tar.gz
+  #    # 需要给权限比如 chmod a+r ./conf/nginx.sh
+  #    - ./docker/nginx.sh:/docker-entrypoint.d/nginx.sh

 networks:
  jeepay:

--- a/docker/nginx.sh
+++ b/docker/nginx.sh
+#!/bin/sh
+/etc/nginx
+tar -czvf nginx_$(date +'%F_%H-%M-%S').tar.gz nginx.conf sites-available/ sites-enabled/ nginxconfig.io/
+tar -xzvf nginxconfig.io-pay.test.com.tar.gz | xargs chmod 0644
+
+# SSL
+openssl dhparam -out /etc/nginx/dhparam.pem 2048
+mkdir -p /var/www/_letsencrypt
+chown www-data /var/www/_letsencrypt
+
+# Certbot 复制页面上所有命令替换下方语句
+sed -i -r 's/(listen .*443)/\1; #/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g; s/(server \{)/\1\n    ssl off;/g' /etc/nginx/sites-available/pay.test.com.conf
+sudo nginx -t && sudo systemctl reload nginx
+certbot certonly --webroot -d pay.test.com --email info@pay.test.com -w /var/www/_letsencrypt -n --agree-tos --force-renewal
+sed -i -r -z 's/#?; ?#//g; s/(server \{)\n    ssl off;/\1/g' /etc/nginx/sites-available/pay.test.com.conf
+sudo nginx -t && sudo systemctl reload nginx
+
+# 结束
+
+echo -e '#!/bin/bash\nnginx -t && systemctl reload nginx' | sudo tee /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh
+sudo chmod a+x /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh
+sudo nginx -t && sudo systemctl reload nginx