add docker

2026-04-24 03:57:22 +08:00 · 2025-04-27 21:09:42 +07:00
parent 996bb78e17
commit b43b1058c6
12 changed files with 393 additions and 6 deletions
@@ -0,0 +1,10 @@
+FROM openresty/openresty:alpine
+
+# 安装基础依赖
+RUN apk add --no-cache gettext bash
+
+# 拷贝 entrypoint
+COPY ./entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+CMD ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
@@ -0,0 +1,57 @@
+#!/bin/sh
+set -e
+
+if [ -z "$DOMAIN" ]; then
+  echo "❌ 错误：必须设置 DOMAIN 环境变量！"
+  exit 1
+fi
+
+echo "当前域名是: $DOMAIN"
+
+# 设定证书目录
+CLOUDFLARE_CERT_DIR="/certs/cloudflare"
+FINAL_CERT_DIR="/certs/live"
+FULLCHAIN="fullchain.pem"
+PRIVATE_KEY="private.key"
+
+# 检查 Cloudflare 证书是否存在
+if [ -f "$FINAL_CERT_DIR/$FULLCHAIN" ] && [ -f "$FINAL_CERT_DIR/$PRIVATE_KEY" ]; then
+    echo "ssl certs already exists at: ${FINAL_CERT_DIR}"
+else
+    if [ -f "$CLOUDFLARE_CERT_DIR/$FULLCHAIN" ] && [ -f "$CLOUDFLARE_CERT_DIR/$PRIVATE_KEY" ]; then
+        echo "⚡️ Cloudflare certs exists at: $CLOUDFLARE_CERT_DIR, copy to: $FINAL_CERT_DIR ..."
+        mkdir -p "$FINAL_CERT_DIR"
+        cp "$CLOUDFLARE_CERT_DIR/$FULLCHAIN" "$FINAL_CERT_DIR/$FULLCHAIN"
+        cp "$CLOUDFLARE_CERT_DIR/$PRIVATE_KEY" "$FINAL_CERT_DIR/$PRIVATE_KEY"
+    else
+        echo "🔍 Cloudflare certs not exists at: $CLOUDFLARE_CERT_DIR，use acme.sh to apply ..."
+
+        # 安装 acme.sh（如果还没装）
+        if [ ! -d "/root/.acme.sh" ]; then
+          curl https://get.acme.sh | sh
+          source ~/.bashrc
+        fi
+
+        # 申请证书
+        ~/.acme.sh/acme.sh --issue --standalone -d "$DOMAIN" --keylength ec-256
+
+        # 安装证书到目标目录
+        ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" --ecc \
+          --key-file "$FINAL_CERT_DIR/$PRIVATE_KEY" \
+          --fullchain-file "$FINAL_CERT_DIR/$FULLCHAIN"
+    fi
+fi
+
+echo "✅ ssl certs done."
+
+# 组合子域名变量
+export PHPMYADMIN_SERVER_NAME="phpmyadmin.${DOMAIN}"
+
+# 清空旧配置
+rm -rf /etc/nginx/conf.d/*.conf
+
+# 生成配置
+envsubst '$DOMAIN' < /etc/nginx/conf.d/sites/app.conf.template > /etc/nginx/conf.d/app.conf
+envsubst '$PHPMYADMIN_SERVER_NAME' < /etc/nginx/conf.d/sites/phpmyadmin.conf.template > /etc/nginx/conf.d/phpmyadmin.conf
+
+exec openresty -g 'daemon off;'
@@ -0,0 +1,41 @@
+server {
+    listen 443 ssl http2;
+    server_name ${DOMAIN};
+
+    root /var/www/html/public;
+    index index.php index.html;
+
+    ssl_certificate     /certs/live/fullchain.pem;
+    ssl_certificate_key /certs/live/privkey.pem;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /nexus.php?$query_string;
+    }
+
+    # Filament
+    location ^~ /filament {
+        try_files $uri $uri/ /nexus.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param REQUEST_ID $request_id;
+    }
+
+    error_log /dev/stderr;
+    access_log /dev/stdout;
+}
@@ -0,0 +1,16 @@
+server {
+    listen 443 ssl http2;
+    server_name ${PHPMYADMIN_SERVER_NAME};
+
+    ssl_certificate     /certs/live/fullchain.pem;
+    ssl_certificate_key /certs/live/privkey.pem;
+
+    location / {
+        proxy_pass http://phpmyadmin:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    error_log /dev/stderr;
+    access_log /dev/stdout;
+}