wip: 配置bus和track的nginx

Author: th-ci

.env.default

@@ -7,6 +7,12 @@ SERVER_IP_INTERNAL='' # 127.0.0.1
 SERVER_HOSTNAME='' # livedvr.tripsdd.com
 SSL_CERTIFICATE='' # /home/docker-compose/ssl/livedvr_tripsdd_com
 
+# bus和track部署在同一台服务器上时, 需要通过域名区分两者
+BUS_HOSTNAME=${SERVER_HOSTNAME}
+BUS_SSL_CERTIFICATE=${SSL_CERTIFICATE}
+TRACK_HOSTNAME=${SERVER_HOSTNAME}
+TRACK_SSL_CERTIFICATE=${SSL_CERTIFICATE}
+
 #---------------------------------------------
 # 前端配置
 WEB_PORT_HTTP=80
@@ -48,9 +54,9 @@ VIDEO_PORT_HTTPS_5=9089
 
 # 必填, 后端和流媒体服务往网关服务器注册或者下发指令
 # 单机部署推荐别名jtt808，内网多服务器部署推荐内网IP, 外网部署使用外网IP
-JTT808_HOSTNAME='' # jtt808 | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
+JTT808_HOST='jtt808' # jtt808 | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 
-#808网关
+## 808网关
 JTT808_IP=${SERVER_IP_PUBLIC} # 默认使用服务器外网IP,设备使用
 JTT808_PORT=9011
 JTT808_PORT_HTTP=9012
@@ -61,31 +67,40 @@ JTT808_PORT_FTP_PASSIVE=9041-9049
 
 #---------------------------------------------
 
-#MYSQL, 必填
+## maintain
+MAINTAIN_HOST='maintain' # maintain | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
+MAINTAIN_PORT='8080'
+# 必填, TOKEN目录的绝对路径
+# - access/ras_key|ras_key.pub: 访问密钥的公私钥对
+# - refresh/ras_key|ras_key.pub: 刷新密钥的公私钥对
+# - ip2region.xdb: ip到区域的映射数据, 下载连接: https://raw.githubusercontent.com/lionsoul2014/ip2region/master/data/ip2region.xdb
+MAINTAIN_TOKEN_DIR=''
+
+## MYSQL, 必填
 MYSQL_HOST='mysql8' # mysql8 | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 MYSQL_PORT=3306
 MYSQL_USERNAME='root' #xxxxxxxx
 MYSQL_PASSWORD='' #xxxxxxxx
 
-#REDIS, 必填
+## REDIS, 必填
 REDIS_HOST='redis' # redis | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 REDIS_PORT=6379
 REDIS_PASSWORD='' #xxxxxxxx
 
-# MongoDB, jtt808必填
+## MongoDB, jtt808必填
 MONGODB_HOST='mongodb' # mongodb | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 MONGODB_PORT=27017
 MONGODB_PORT_HTTP=15672
 MONGODB_USERNAME='root' # MONGODB
 MONGODB_PASSWORD='' # MONGODB
 
-# Rabbitmq, Rtp存储模式必填
+## Rabbitmq, Rtp存储模式必填
 RABBITMQ_HOST='rabbitmq' # rabbitmq | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 RABBITMQ_PORT=5672
 RABBITMQ_USERNAME='' # admin
 RABBITMQ_PASSWORD='' # 123
 
-# Minio, Rtp存储模式必填
+## Minio, Rtp存储模式必填
 MINIO_HOST='minio' # minio | ${SERVER_IP_INTERNAL} | ${SERVER_IP_PUBLIC}
 MINIO_PORT=9000
 MINIO_USER=minioadmin

environments/.env.video.storage

@@ -5,7 +5,7 @@ VIDEO_HOSTNAME=livedvr.tripsdd.com
 VIDEO_SSL_CERTIFICATE=/home/docker-compose/ssl/livedvr_tripsdd_com
 
 ## 网关服务器
-JTT808_HOSTNAME=103.20.204.149
+JTT808_HOST=103.20.204.149
 
 # RABBITMQ
 RABBITMQ_HOST=1111 # 58.82.168.181

environments/.env.video.stream

@@ -5,4 +5,4 @@ VIDEO_HOSTNAME=livedvr.tripsdd.com
 VIDEO_SSL_CERTIFICATE=/home/docker-compose/ssl/livedvr_tripsdd_com
 
 ## 网关服务器
-JTT808_HOSTNAME=103.20.204.149
+JTT808_HOST=103.20.204.149

maintain/compose.yml

@@ -6,10 +6,10 @@ services:
     restart: always
     volumes:
       - /etc/localtime:/etc/localtime
-      - /home/token:/home/token
+      - ${MAINTAIN_TOKEN_DIR:?required}:/home/token
       - /data/logs/maintain:/logs
     ports:
-      - 8080:8080
+      - ${MAINTAIN_PORT:-8080}:8080
     environment:
       # DB
       - SPRING_DATASOURCE_URL=jdbc:mysql://${MYSQL_HOST:-mysql8}:${MYSQL_PORT:-3306}/maintain?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
@@ -41,7 +41,7 @@ services:
       - spring_my_minio_secretKey=${MINIO_SECRETKEY:?required}
 
       # 网关指令
-      - spring_my_gateway_jtt808_url=http://${JTT808_HOSTNAME:-jtt808}:${JTT808_PORT_HTTP:-9012}
+      - spring_my_gateway_jtt808_url=http://${JTT808_HOST:-jtt808}:${JTT808_PORT_HTTP:-9012}
 
       # 短信服务
       # - tencent_sms_secret_id=AKID74lBKCoAF2YomUv60e06vTkkSt3wYtxk
@@ -55,10 +55,10 @@ services:
       - spring_my_push_group_key=98b94f0f85808bfa0ac9cb5b
       - spring_my_push_group_secret=63b4ff15d550ba1675b1dceb
 
-     # 跨域 逗号分割
-      - spring_my_cors_origin-patterns=https://*.tgtrack.com,https://*.tripsdd.com,https://tripsdd.com      
+      # 跨域 逗号分割
+      - spring_my_cors_origin-patterns=https://*.tgtrack.com,https://*.tripsdd.com,https://tripsdd.com
 
-     #Mail-预设了bus的邮箱
+      # Mail-预设了bus的邮箱
       - spring_mail_host=${MAIL_HOST:-smtp.transcodegroup.com}
       - spring_mail_username=${MAIL_USERNAME:-smtp.transcodegroup.com}
       - spring_mail_password=${MAIL_PASSWORD:?required}

nginx/compose.bus.yml

@@ -2,4 +2,19 @@ services:
   nginx:
     configs:
       - source: bus.conf.template
-        target: /etc/nginx/templates/bus.conf.template
+        target: /etc/nginx/templates/bus.conf.template
+    secrets:
+      - bus-ssl-certificate
+      - bus-ssl-certificate-key
+    environment:
+      - BUS_HOSTNAME=${BUS_HOSTNAME:?required}
+
+secrets:
+  bus-ssl-certificate:
+    file: ${BUS_SSL_CERTIFICATE:?required}.crt
+  bus-ssl-certificate-key:
+    file: ${BUS_SSL_CERTIFICATE:?required}.key
+
+configs:
+  bus.conf.template:
+    file: ./conf/conf.d/bus.conf.template

nginx/compose.track.yml

@@ -2,4 +2,25 @@ services:
   nginx:
     configs:
       - source: track.conf.template
-        target: /etc/nginx/templates/track.conf.template
+        target: /etc/nginx/templates/track.conf.template
+    secrets:
+      - track-ssl-certificate
+      - track-ssl-certificate-key
+    environment:
+      - MAINTAIN_HOST=${MAINTAIN_HOST}
+      - MAINTAIN_PORT=${MAINTAIN_PORT}
+      - MINIO_HOST=${MINIO_HOST}
+      - MINIO_PORT=${MINIO_PORT}
+      - JTT808_HOST=${JTT808_HOST}
+      - JTT808_PORT_HTTP=${JTT808_PORT_HTTP}
+      - TRACK_HOSTNAME=${TRACK_HOSTNAME:?required}
+
+secrets:
+  track-ssl-certificate:
+    file: ${TRACK_SSL_CERTIFICATE:?required}.crt
+  track-ssl-certificate-key:
+    file: ${TRACK_SSL_CERTIFICATE:?required}.key
+
+configs:
+  track.conf.template:
+    file: ./conf/conf.d/track.conf.template

nginx/compose.yml

@@ -4,9 +4,8 @@ services:
     container_name: nginx
     restart: always
     ports:
-      # 默认443和80
-      - ${WEB_PORT_HTTPS}:443
-      - ${WEB_PORT_HTTP}:80
+      - ${WEB_PORT_HTTPS:-443}:443
+      - ${WEB_PORT_HTTP:-80}:80
     privileged: true
     secrets:
       - ssl-certificate
@@ -17,8 +16,6 @@ services:
     configs:
       - source: nginx.conf
         target: /etc/nginx/nginx.conf
-    environment:
-      - JTT808_PORT_HTTP=${JTT808_PORT_HTTP}
 
 secrets:
   ssl-certificate:
@@ -29,7 +26,3 @@ secrets:
 configs:
   nginx.conf:
     file: ./conf/nginx.conf
-  bus.conf.template:
-    file: ./conf/conf.d/bus.conf.template
-  track.conf.template:
-    file: ./conf/conf.d/track.conf.template

nginx/conf/conf.d/bus.conf.template

@@ -14,15 +14,13 @@ upstream dsp_server {
 server {
     listen 80;
     listen [::]:80;
-    # listen 443 ssl;
-    # listen [::]:443 ssl;
-    server_name ${PUBLIC_HOSTNAME_BUS} tg-th-bus.ipcjs.top;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name ${BUS_HOSTNAME};
+
+    ssl_certificate      /run/secrets/bus-ssl-certificate;
+    ssl_certificate_key  /run/secrets/bus-ssl-certificate-key;
 
-    # 证书文件 *.crt *.cer
-    ssl_certificate      /etc/nginx/ssl/xn.transcodegroup.cn.crt;
-    # 证书key文件
-    ssl_certificate_key  /etc/nginx/ssl/xn.transcodegroup.cn.key;
-    
     location / {
         alias   /usr/share/nginx/html/bus/;
         index  index.html index.htm;
@@ -75,15 +73,6 @@ server {
         proxy_set_header Connection $connection_upgrade;
     }
 
-    location /ws {
-        proxy_redirect off;
-        set $dynamic "shadowsocks";
-        proxy_pass http://$dynamic:8338;
-        proxy_set_header Host $http_host;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-    }
-
     error_page   500 502 503 504  /50x.html;
 
 }

nginx/conf/conf.d/track.conf.template

@@ -2,28 +2,19 @@
 upstream track_api_server {
     zone upstream_zone 64k;
     # 动态解析上游域名
-    server maintain:8080 resolve;
+    server ${MAINTAIN_HOST}:${MAINTAIN_PORT} resolve;
 }
 
 # track前端
 server {
     listen 80;
     listen [::]:80;
-    # listen       443 ssl;
-    # listen  [::]:443 ssl;
-    server_name th-track.transcodegroup.cn tg-th-track.ipcjs.top localhost;
-    
-    # 启用跨域
-    #add_header Access-Control-Allow-Origin *;
-    # 允许跨域的方法
-    #add_header Access-Control-Allow-Methods 'GET,POST,PUT,DELETE';
-    # 允许跨域的头标识
-    #add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
-    
-    # 证书文件 *.crt *.cer
-    #ssl_certificate      /etc/nginx/ssl/xn.transcodegroup.cn.crt;
-    # 证书key文件
-    #ssl_certificate_key  /etc/nginx/ssl/xn.transcodegroup.cn.key;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name ${TRACK_HOSTNAME};
+
+    ssl_certificate      /run/secrets/track-ssl-certificate;
+    ssl_certificate_key  /run/secrets/track-ssl-certificate-key;
 
     # 平台前端
     location / {
@@ -59,14 +50,12 @@ server {
     }
 
     location /minio/ {
-        # 动态解析域名
-        set $dynamic "minio";
-        proxy_pass   http://$dynamic:9000/;
+        proxy_pass   http://${MINIO_HOST}:${MINIO_PORT}/;
     }
 
     location /jtt808/ {
         # 网关的数据代理
-        proxy_pass   http://jtt808:${JTT808_PORT_HTTP}/jtt808/;
+        proxy_pass   http://${JTT808_HOST}:${JTT808_PORT_HTTP}/jtt808/;
     }
 
     location /api/ {
@@ -77,36 +66,9 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
-    
-    location /pass {
-        proxy_pass http://track_api_server/pass;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-    }
-    
-    location /file {
-        proxy_pass http://track_api_server/file;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-    }
-    
-    location /datamotor {
-        proxy_pass http://track_api_server/datamotor;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-    }
-    
-    location /video {
-        proxy_pass http://track_api_server/video;
+
+    location ~ ^/(pass|file|datamotor|video)/ {
+        proxy_pass http://track_api_server;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

single.stack.yaml

@@ -13,4 +13,4 @@ include:
   - ../../docker/jtt808/compose.yml
   - path:
     - ../../docker/nginx/compose.yml
-    - ../../docker/nginx/compose.track.yml
+    - ../../docker/nginx/compose.track.yml