From 18f27a9a69d99e4bb17952ce37c95a73f51a0245 Mon Sep 17 00:00:00 2001 From: whyour Date: Sun, 2 Nov 2025 19:29:59 +0800 Subject: [PATCH] =?UTF-8?q?=E7=A7=BB=E9=99=A4=20nginx?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env.example | 3 +- ...ocker_image.yml => build-docker-image.yml} | 0 .umirc.ts | 2 +- back/app.ts | 4 +- back/config/index.ts | 2 +- back/loaders/express.ts | 24 ++++++-- docker/310.Dockerfile | 3 +- docker/Dockerfile | 3 +- docker/docker-entrypoint.sh | 12 +--- docker/front.conf | 61 ------------------- docker/nginx.conf | 45 -------------- package.json | 2 +- pnpm-lock.yaml | 12 ++-- shell/api.sh | 16 ++--- shell/check.sh | 19 +----- shell/share.sh | 44 ------------- 16 files changed, 46 insertions(+), 206 deletions(-) rename .github/workflows/{build_docker_image.yml => build-docker-image.yml} (100%) delete mode 100644 docker/front.conf delete mode 100644 docker/nginx.conf diff --git a/.env.example b/.env.example index 9a5c421a..0832167e 100644 --- a/.env.example +++ b/.env.example @@ -1,6 +1,5 @@ GRPC_PORT=5500 -BACK_PORT=5600 -PORT=5700 +BACK_PORT=5700 LOG_LEVEL='info' diff --git a/.github/workflows/build_docker_image.yml b/.github/workflows/build-docker-image.yml similarity index 100% rename from .github/workflows/build_docker_image.yml rename to .github/workflows/build-docker-image.yml diff --git a/.umirc.ts b/.umirc.ts index a0e057f1..cb14fbeb 100644 --- a/.umirc.ts +++ b/.umirc.ts @@ -17,7 +17,7 @@ export default defineConfig({ publicPath: process.env.NODE_ENV === 'production' ? './' : '/', proxy: { [`${baseUrl}api`]: { - target: 'http://127.0.0.1:5600/', + target: 'http://127.0.0.1:5700/', changeOrigin: true, ws: true, pathRewrite: { [`^${baseUrl}api`]: '/api' }, diff --git a/back/app.ts b/back/app.ts index 35042d0c..0859140c 100644 --- a/back/app.ts +++ b/back/app.ts @@ -96,7 +96,9 @@ class Application { } private setupMiddlewares() { - this.app.use(helmet()); + this.app.use(helmet({ + contentSecurityPolicy: false, + })); this.app.use(cors(config.cors)); this.app.use(compression()); this.app.use(monitoringMiddleware); diff --git a/back/config/index.ts b/back/config/index.ts index 090349ac..7e4d1623 100644 --- a/back/config/index.ts +++ b/back/config/index.ts @@ -29,7 +29,7 @@ interface Config { } const config: Config = { - port: parseInt(process.env.BACK_PORT || '5600', 10), + port: parseInt(process.env.BACK_PORT || '5700', 10), grpcPort: parseInt(process.env.GRPC_PORT || '5500', 10), nodeEnv: process.env.NODE_ENV || 'development', isDevelopment: process.env.NODE_ENV === 'development', diff --git a/back/loaders/express.ts b/back/loaders/express.ts index aa3d0ef6..b677489a 100644 --- a/back/loaders/express.ts +++ b/back/loaders/express.ts @@ -9,6 +9,7 @@ import rewrite from 'express-urlrewrite'; import { errors } from 'celebrate'; import { serveEnv } from '../config/serverEnv'; import { IKeyvStore, shareStore } from '../shared/store'; +import path from 'path'; export default ({ app }: { app: Application }) => { app.set('trust proxy', 'loopback'); @@ -19,12 +20,16 @@ export default ({ app }: { app: Application }) => { app.use(bodyParser.json({ limit: '50mb' })); app.use(bodyParser.urlencoded({ limit: '50mb', extended: true })); + const frontendPath = path.join(config.rootPath, 'static/dist'); + app.use(express.static(frontendPath)); + app.use( expressjwt({ secret: config.jwt.secret, algorithms: ['HS384'], }).unless({ - path: [...config.apiWhiteList, /^\/open\//], + // 使用正则表达式排除非API路径,只对/api/和/open/路径应用JWT验证 + path: [...config.apiWhiteList, /^\/$/, /^\/(?!api\/)(?!open\/).*/] }), ); @@ -39,6 +44,10 @@ export default ({ app }: { app: Application }) => { }); app.use(async (req: Request, res, next) => { + if (!['/open/', '/api/'].some((x) => req.path.startsWith(x))) { + return next(); + } + const headerToken = getToken(req); if (req.path.startsWith('/open/')) { const apps = await shareStore.getApps(); @@ -110,10 +119,15 @@ export default ({ app }: { app: Application }) => { app.use(rewrite('/open/*', '/api/$1')); app.use(config.api.prefix, routes()); - app.use((req, res, next) => { - const err: any = new Error('Not Found'); - err['status'] = 404; - next(err); + app.get('*', (req, res, next) => { + const indexPath = path.join(frontendPath, 'index.html'); + res.sendFile(indexPath, (err) => { + if (err) { + const err: any = new Error('Not Found'); + err['status'] = 404; + next(err); + } + }); }); app.use(errors()); diff --git a/docker/310.Dockerfile b/docker/310.Dockerfile index 8cd0f640..8a092081 100644 --- a/docker/310.Dockerfile +++ b/docker/310.Dockerfile @@ -39,7 +39,6 @@ RUN set -x \ tzdata \ perl \ openssl \ - nginx \ nodejs \ jq \ openssh \ @@ -84,6 +83,6 @@ COPY --from=builder /tmp/build/node_modules/. /ql/node_modules/ WORKDIR ${QL_DIR} HEALTHCHECK --interval=5s --timeout=2s --retries=20 \ - CMD curl -sf --noproxy '*' http://127.0.0.1:5600/api/health || exit 1 + CMD curl -sf --noproxy '*' http://127.0.0.1:5700/api/health || exit 1 ENTRYPOINT ["./docker/docker-entrypoint.sh"] diff --git a/docker/Dockerfile b/docker/Dockerfile index ae8d8cb1..6617b4ee 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -39,7 +39,6 @@ RUN set -x \ tzdata \ perl \ openssl \ - nginx \ nodejs \ jq \ openssh \ @@ -84,6 +83,6 @@ COPY --from=builder /tmp/build/node_modules/. /ql/node_modules/ WORKDIR ${QL_DIR} HEALTHCHECK --interval=5s --timeout=2s --retries=20 \ - CMD curl -sf --noproxy '*' http://127.0.0.1:5600/api/health || exit 1 + CMD curl -sf --noproxy '*' http://127.0.0.1:5700/api/health || exit 1 ENTRYPOINT ["./docker/docker-entrypoint.sh"] diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index be275a27..b06b9abb 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -14,26 +14,20 @@ log_with_style() { log_with_style "INFO" "🚀 1. 检测配置文件..." import_config "$@" -make_dir /etc/nginx/conf.d -make_dir /run/nginx -init_nginx fix_config pm2 l &>/dev/null -log_with_style "INFO" "🔄 2. 启动 nginx..." -nginx -s reload 2>/dev/null || nginx -c /etc/nginx/nginx.conf - -log_with_style "INFO" "⚙️ 3. 启动 pm2 服务..." +log_with_style "INFO" "⚙️ 2. 启动 pm2 服务..." reload_pm2 if [[ $AutoStartBot == true ]]; then - log_with_style "INFO" "🤖 4. 启动 bot..." + log_with_style "INFO" "🤖 3. 启动 bot..." nohup ql bot >$dir_log/bot.log 2>&1 & fi if [[ $EnableExtraShell == true ]]; then - log_with_style "INFO" "🛠️ 5. 执行自定义脚本..." + log_with_style "INFO" "🛠️ 4. 执行自定义脚本..." nohup ql extra >$dir_log/extra.log 2>&1 & fi diff --git a/docker/front.conf b/docker/front.conf deleted file mode 100644 index 1fe4c9ff..00000000 --- a/docker/front.conf +++ /dev/null @@ -1,61 +0,0 @@ -upstream baseApi { - server 0.0.0.0:5600; -} - -map $http_upgrade $connection_upgrade { - default keep-alive; - 'websocket' upgrade; -} - -server { - IPV4_CONFIG - IPV6_CONFIG - ssl_session_timeout 5m; - - location QL_BASE_URLapi/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://baseApi/api/; - proxy_buffering off; - proxy_redirect default; - proxy_connect_timeout 1800; - proxy_send_timeout 1800; - proxy_read_timeout 1800; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } - - location QL_BASE_URLopen/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://baseApi/open/; - proxy_buffering off; - proxy_redirect default; - proxy_connect_timeout 1800; - proxy_send_timeout 1800; - proxy_read_timeout 1800; - } - - gzip on; - gzip_static on; - gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript; - gzip_proxied any; - gzip_vary on; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.0; - QL_ROOT_CONFIG - - location QL_BASE_URL_LOCATION { - QL_ALIAS_CONFIG - index index.html index.htm; - try_files $uri QL_BASE_URLindex.html; - } - - location ~ .*\.(html)$ { - add_header Cache-Control no-cache; - } -} diff --git a/docker/nginx.conf b/docker/nginx.conf deleted file mode 100644 index 4d954137..00000000 --- a/docker/nginx.conf +++ /dev/null @@ -1,45 +0,0 @@ -user root; -worker_processes auto; -pcre_jit on; -error_log /var/log/nginx/error.log warn; -include /etc/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server_tokens off; - - client_max_body_size 4096m; - client_body_buffer_size 20m; - - keepalive_timeout 65; - - sendfile on; - - tcp_nodelay on; - - ssl_prefer_server_ciphers on; - - ssl_session_cache shared:SSL:2m; - - gzip on; - gzip_static on; - gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript; - gzip_proxied any; - gzip_vary on; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.0; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - include /etc/nginx/conf.d/*.conf; -} diff --git a/package.json b/package.json index 9bec3428..8c2dbc9e 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "@keyv/sqlite": "^4.0.1", "proper-lockfile": "^4.1.2", "compression": "^1.7.4", - "helmet": "^6.0.1" + "helmet": "^8.1.0" }, "devDependencies": { "moment": "2.30.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5177ec06..50cce37f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -63,8 +63,8 @@ dependencies: specifier: ^2.0.3 version: 2.0.3 helmet: - specifier: ^6.0.1 - version: 6.2.0 + specifier: ^8.1.0 + version: 8.1.0 hpagent: specifier: ^1.2.0 version: 1.2.0 @@ -3873,7 +3873,7 @@ packages: resolution: {integrity: sha512-ONIn/nSNQA57yRge3oaMQESef/6QhoeX7llWeDli0UZIfz8TQMkfNPTXA8VnnyeA1WUjG2pGqdjEIueYonMdfQ==} deprecated: This is a stub types definition. helmet provides its own type definitions, so you do not need this installed. dependencies: - helmet: 6.2.0 + helmet: 8.1.0 dev: true /@types/hoist-non-react-statics@3.3.5: @@ -8467,9 +8467,9 @@ packages: hasBin: true dev: true - /helmet@6.2.0: - resolution: {integrity: sha512-DWlwuXLLqbrIOltR6tFQXShj/+7Cyp0gLi6uAb8qMdFh/YBBFbKSgQ6nbXmScYd8emMctuthmgIa7tUfo9Rtyg==} - engines: {node: '>=14.0.0'} + /helmet@8.1.0: + resolution: {integrity: sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==} + engines: {node: '>=18.0.0'} /history@5.3.0: resolution: {integrity: sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==} diff --git a/shell/api.sh b/shell/api.sh index 4d5b5c25..93f1f481 100755 --- a/shell/api.sh +++ b/shell/api.sh @@ -41,7 +41,7 @@ add_cron_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" \ @@ -76,7 +76,7 @@ update_cron_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ @@ -108,7 +108,7 @@ update_cron_command_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ @@ -133,7 +133,7 @@ del_cron_api() { local ids="$1" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons?t=$currentTimeStamp" \ -X 'DELETE' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ @@ -163,7 +163,7 @@ update_cron() { local runningTime="${6:-0}" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons/status?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons/status?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ @@ -190,7 +190,7 @@ notify_api() { local content="$2" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/system/notify?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/system/notify?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ @@ -215,7 +215,7 @@ find_cron_api() { local params="$1" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons/detail?$params&t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/crons/detail?$params&t=$currentTimeStamp" \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" \ @@ -239,7 +239,7 @@ update_auth_config() { local tip="$2" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/open/system/auth/reset?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/open/system/auth/reset?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer ${__ql_token__}" \ diff --git a/shell/check.sh b/shell/check.sh index 6c6657cd..fd2cd6c9 100755 --- a/shell/check.sh +++ b/shell/check.sh @@ -20,10 +20,6 @@ copy_dep() { echo -e "---> 复制一份 $file_notify_js_sample 为 $file_notify_js\n" cp -fv $file_notify_js_sample $file_notify_js echo -e "---> 通知文件复制完成\n" - - echo -e "---> 2. 复制nginx配置文件\n" - init_nginx - echo -e "---> 配置文件复制完成\n" } pm2_log() { @@ -34,18 +30,6 @@ pm2_log() { tail -n 300 "$panelError" } -check_nginx() { - local nginxPid=$(ps -eo pid,command | grep nginx | grep -v grep) - echo -e "=====> 检测nginx服务\n$nginxPid" - if [[ $nginxPid ]]; then - echo -e "\n=====> nginx服务正常\n" - nginx -s reload - else - echo -e "\n=====> nginx服务异常,重新启动nginx\n" - nginx -c /etc/nginx/nginx.conf - fi -} - check_ql() { local api=$(curl -s --noproxy "*" "http://0.0.0.0:5700") echo -e "\n=====> 检测面板\n\n$api\n" @@ -58,7 +42,7 @@ check_pm2() { pm2_log local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/system?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5700/api/system?t=$currentTimeStamp" \ -H 'Accept: */*' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36' \ -H 'Referer: http://0.0.0.0:5700/crontab' \ @@ -78,7 +62,6 @@ main() { reset_env copy_dep check_ql - check_nginx check_pm2 reload_pm2 echo -e "\n=====> 检测结束\n" diff --git a/shell/share.sh b/shell/share.sh index 6c9bae89..235d0bd9 100755 --- a/shell/share.sh +++ b/shell/share.sh @@ -48,8 +48,6 @@ export file_notify_py=$dir_scripts/notify.py export file_notify_js=$dir_scripts/sendNotify.js export file_test_js=$dir_scripts/ql_sample.js export file_test_py=$dir_scripts/ql_sample.py -export nginx_app_conf=$dir_root/docker/front.conf -export nginx_conf=$dir_root/docker/nginx.conf export dep_notify_py=$dir_dep/notify.py export dep_notify_js=$dir_dep/sendNotify.js @@ -211,10 +209,6 @@ fix_config() { cp -f $file_test_py_sample $file_test_py fi - if [[ -s /etc/nginx/conf.d/default.conf ]]; then - cat /dev/null >/etc/nginx/conf.d/default.conf - fi - if [[ ! -s $dep_notify_js ]]; then cp -f $file_notify_js_sample $dep_notify_js fi @@ -334,44 +328,6 @@ format_timestamp() { fi } -init_nginx() { - cp -f $nginx_conf /etc/nginx/nginx.conf - cp -f $nginx_app_conf /etc/nginx/conf.d/front.conf - local location_url="/" - local aliasStr="" - local rootStr="" - if [[ $ql_base_url != "/" ]]; then - if [[ $ql_base_url != /* ]]; then - ql_base_url="/$ql_base_url" - fi - if [[ $ql_base_url != */ ]]; then - ql_base_url="$ql_base_url/" - fi - location_url="^~${ql_base_url%*/}" - aliasStr="alias ${dir_static}/dist;" - if ! grep -q "" "${dir_static}/dist/index.html"; then - awk -v text="" '/temp.html - mv temp.html "${dir_static}/dist/index.html" - fi - else - rootStr="root ${dir_static}/dist;" - fi - sed -i "s,QL_ALIAS_CONFIG,${aliasStr},g" /etc/nginx/conf.d/front.conf - sed -i "s,QL_ROOT_CONFIG,${rootStr},g" /etc/nginx/conf.d/front.conf - sed -i "s,QL_BASE_URL_LOCATION,${location_url},g" /etc/nginx/conf.d/front.conf - sed -i "s,QL_BASE_URL,${ql_base_url},g" /etc/nginx/conf.d/front.conf - - local ipv6=$(ip a | grep inet6) - local ipv6Str="" - if [[ $ipv6 ]]; then - ipv6Str="listen [::]:${ql_port} ipv6only=on;" - fi - - local ipv4Str="listen ${ql_port};" - sed -i "s,IPV6_CONFIG,${ipv6Str},g" /etc/nginx/conf.d/front.conf - sed -i "s,IPV4_CONFIG,${ipv4Str},g" /etc/nginx/conf.d/front.conf -} - get_env_array() { exported_variables=() while IFS= read -r line; do