Remnants/AdministrationItDepartmens
1
0
Fork 0
mirror of https://gitlab.com/MoonTestUse1/AdministrationItDepartmens.git synced 2025-08-14 00:25:46 +02:00
Code Activity

фикс авторизации3

Browse Source
This commit is contained in:
MoonTestUse1
2025-01-03 21:01:44 +06:00
parent b44497fe35
commit e66042bc00
5 changed files with 87 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docker/frontend/Dockerfile
View File

@@ -3,13 +3,10 @@ FROM node:18-alpine as build
WORKDIR /app WORKDIR /app
# Устанавливаем необходимые зависимости
RUN apk add --no-cache python3 make g++
# Копируем файлы package.json и package-lock.json # Копируем файлы package.json и package-lock.json
COPY frontend/package*.json ./ COPY frontend/package*.json ./
# Устанавливаем все зависимости (включая devDependencies) # Устанавливаем все зависимости
RUN npm install RUN npm install
# Копируем исходный код # Копируем исходный код
@@ -21,18 +18,13 @@ RUN npm run build
# Production stage # Production stage
FROM nginx:alpine FROM nginx:alpine
# Устанавливаем certbot
RUN apk add --no-cache certbot certbot-nginx
# Копируем конфигурацию nginx и собранные файлы # Копируем конфигурацию nginx и собранные файлы
COPY docker/frontend/nginx.conf /etc/nginx/conf.d/default.conf COPY docker/frontend/nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=build /app/dist /usr/share/nginx/html COPY --from=build /app/dist /usr/share/nginx/html
# Копируем скрипт SSL и создаем директории # Создаем директорию для pid файла
COPY docker/frontend/init-ssl.sh /docker-entrypoint.d/init-ssl.sh RUN mkdir -p /var/run/nginx
RUN chmod +x /docker-entrypoint.d/init-ssl.sh && \
mkdir -p /var/www/certbot /etc/letsencrypt
EXPOSE 80 443 EXPOSE 80
CMD ["nginx", "-g", "daemon off;"] CMD ["nginx", "-g", "daemon off;"]

34
docker/frontend/init-ssl.sh
View File

@@ -1,34 +0,0 @@
#!/bin/sh
# Проверяем наличие сертификата
if [ ! -f "/etc/letsencrypt/live/itformhelp.ru/fullchain.pem" ]; then
echo "Сертификат не найден. Получаем новый..."
# Останавливаем nginx для освобождения 80 порта
nginx -s stop || true
# Ждем освобождения порта
sleep 5
# Получаем сертификат
certbot certonly --standalone \
--email crocoman7887@gmail.com \
--agree-tos \
--no-eff-email \
--non-interactive \
-d itformhelp.ru
# Проверяем успешность получения сертификата
if [ ! -f "/etc/letsencrypt/live/itformhelp.ru/fullchain.pem" ]; then
echo "Ошибка получения сертификата"
exit 1
fi
echo "Сертификат успешно получен"
else
echo "Сертификат уже существует"
fi
# Запускаем nginx с новой конфигурацией
echo "Запускаем nginx..."
nginx -g "daemon off;"

78
docker/frontend/nginx.conf
View File

@@ -1,38 +1,74 @@
server { user nginx;
worker_processes auto;
pid /var/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
keepalive_timeout 65;
server {
listen 80; listen 80;
server_name itformhelp.ru; server_name localhost;
location / {
root /usr/share/nginx/html; root /usr/share/nginx/html;
try_files $uri $uri/ /index.html; index index.html;
add_header Cache-Control "no-cache";
}
location /api/ { # Auth proxy
proxy_pass http://support-backend:8000/; location /auth/ {
proxy_pass http://backend:8000/auth/;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade'; proxy_set_header Connection 'upgrade';
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Увеличиваем таймауты # API proxy
proxy_connect_timeout 60s; location /api/ {
proxy_send_timeout 60s; proxy_pass http://backend:8000/api/;
proxy_read_timeout 60s; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
# Обработка CORS preflight запросов # Handle SPA routing
if ($request_method = 'OPTIONS') { location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, must-revalidate";
}
# Cache static assets
location /assets/ {
expires 1y;
add_header Cache-Control "public, no-transform";
}
# Enable CORS
add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Max-Age' 1728000; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
} }
} }

7
docker/frontend/ssl-renew.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
# Обновляем сертификат
certbot renew --quiet
# Перезагружаем nginx для применения обновленного сертификата
nginx -s reload

23
frontend/nginx.conf
View File

@@ -1,6 +1,6 @@
server { server {
listen 80; listen 80 default_server;
server_name localhost; server_name itformhelp.ru;
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.html; index index.html;
@@ -12,10 +12,10 @@ server {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade'; proxy_set_header Connection 'upgrade';
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
# Отключаем проверку SSL
proxy_ssl_verify off;
} }
# API proxy # API proxy
@@ -25,15 +25,16 @@ server {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade'; proxy_set_header Connection 'upgrade';
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
# Отключаем проверку SSL
proxy_ssl_verify off;
} }
# Handle SPA routing # Handle SPA routing
location / { location / {
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, no-store, must-revalidate";
} }
# Cache static assets # Cache static assets
@@ -41,4 +42,10 @@ server {
expires 1y; expires 1y;
add_header Cache-Control "public, no-transform"; add_header Cache-Control "public, no-transform";
} }
# Enable CORS
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
} }