Remnants/AdministrationItDepartmens
1
0
Fork 0
mirror of https://gitlab.com/MoonTestUse1/AdministrationItDepartmens.git synced 2025-08-14 00:25:46 +02:00
Code Activity

фикс авторизации3

Browse Source
This commit is contained in:
MoonTestUse1
2025-01-03 21:01:44 +06:00
parent b44497fe35
commit e66042bc00
5 changed files with 87 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docker/frontend/Dockerfile
View File

@@ -3,13 +3,10 @@ FROM node:18-alpine as build
WORKDIR /app
# Устанавливаем необходимые зависимости
RUN apk add --no-cache python3 make g++
# Копируем файлы package.json и package-lock.json
COPY frontend/package*.json ./
# Устанавливаем все зависимости (включая devDependencies)
# Устанавливаем все зависимости
RUN npm install
# Копируем исходный код
@@ -21,18 +18,13 @@ RUN npm run build
# Production stage
FROM nginx:alpine
# Устанавливаем certbot
RUN apk add --no-cache certbot certbot-nginx
# Копируем конфигурацию nginx и собранные файлы
COPY docker/frontend/nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=build /app/dist /usr/share/nginx/html
# Копируем скрипт SSL и создаем директории
COPY docker/frontend/init-ssl.sh /docker-entrypoint.d/init-ssl.sh
RUN chmod +x /docker-entrypoint.d/init-ssl.sh && \
mkdir -p /var/www/certbot /etc/letsencrypt
# Создаем директорию для pid файла
RUN mkdir -p /var/run/nginx
EXPOSE 80 443
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

34
docker/frontend/init-ssl.sh
View File

@@ -1,34 +0,0 @@
#!/bin/sh
# Проверяем наличие сертификата
if [ ! -f "/etc/letsencrypt/live/itformhelp.ru/fullchain.pem" ]; then
echo "Сертификат не найден. Получаем новый..."
# Останавливаем nginx для освобождения 80 порта
nginx -s stop || true
# Ждем освобождения порта
sleep 5
# Получаем сертификат
certbot certonly --standalone \
--email crocoman7887@gmail.com \
--agree-tos \
--no-eff-email \
--non-interactive \
-d itformhelp.ru
# Проверяем успешность получения сертификата
if [ ! -f "/etc/letsencrypt/live/itformhelp.ru/fullchain.pem" ]; then
echo "Ошибка получения сертификата"
exit 1
fi
echo "Сертификат успешно получен"
else
echo "Сертификат уже существует"
fi
# Запускаем nginx с новой конфигурацией
echo "Запускаем nginx..."
nginx -g "daemon off;"

100
docker/frontend/nginx.conf
View File

@@ -1,38 +1,74 @@
server {
listen 80;
server_name itformhelp.ru;
user nginx;
worker_processes auto;
pid /var/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache";
}
index index.html;
location /api/ {
proxy_pass http://support-backend:8000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Увеличиваем таймауты
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Обработка CORS preflight запросов
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
# Auth proxy
location /auth/ {
proxy_pass http://backend:8000/auth/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# API proxy
location /api/ {
proxy_pass http://backend:8000/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Handle SPA routing
location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, must-revalidate";
}
# Cache static assets
location /assets/ {
expires 1y;
add_header Cache-Control "public, no-transform";
}
# Enable CORS
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
}

7
docker/frontend/ssl-renew.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
# Обновляем сертификат
certbot renew --quiet
# Перезагружаем nginx для применения обновленного сертификата
nginx -s reload