[#6] 修改打包镜像

src/alert/alertmanager/build/Dockerfile

@@ -19,6 +19,8 @@ RUN wget https://github.com/prometheus/alertmanager/releases/download/v${ALERTMA
     rm alertmanager-${ALERTMANAGER_VERSION}.linux-amd64.tar.gz
 
 ENV ALERTMANAGER_BASE_PATH=/private/argus/alert/alertmanager
+ENV ARGUS_UID=2133
+ENV ARGUS_GID=2015
 
 RUN mkdir -p /usr/share/alertmanager && \
     mkdir -p ${ALERTMANAGER_BASE_PATH} && \
@@ -28,10 +30,10 @@ RUN mkdir -p /usr/share/alertmanager && \
 
 # 创建 alertmanager 用户（可自定义 UID/GID）
 # 创建 alertmanager 用户组
-RUN groupadd -g 2015 alertmanager
+RUN groupadd -g ${ARGUS_GID} alertmanager
 
 # 创建 alertmanager 用户并指定组
-RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 alertmanager
+RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} alertmanager
 
 RUN chown -R alertmanager:alertmanager /usr/share/alertmanager && \
     chown -R alertmanager:alertmanager /alertmanager && \

src/web/build_tools/frontend/Dockerfile

@@ -24,16 +24,18 @@ RUN apt-get update && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 ENV FRONTEND_BASE_PATH=/private/argus/web/frontend
+ENV ARGUS_UID=2133
+ENV ARGUS_GID=2015
 
 RUN mkdir -p ${FRONTEND_BASE_PATH} && \
     mkdir -p /private/argus/etc
 
 # 创建 web 用户（可自定义 UID/GID）
 # 创建 web 用户组
-RUN groupadd -g 2015 web
+RUN groupadd -g ${ARGUS_GID} web
 
 # 创建 web 用户并指定组
-RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 web
+RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} web
 
 RUN chown -R web:web ${FRONTEND_BASE_PATH} && \
     chown -R web:web /private/argus/etc && \

src/web/build_tools/proxy/Dockerfile

@@ -8,16 +8,18 @@ RUN apt-get update && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 ENV FRONTEND_BASE_PATH=/private/argus/web/proxy
+ENV ARGUS_UID=2133
+ENV ARGUS_GID=2015
 
 RUN mkdir -p ${FRONTEND_BASE_PATH} && \
     mkdir -p /private/argus/etc
 
 # 创建 proxy 用户（可自定义 UID/GID）
 # 创建 proxy 用户组
-RUN groupadd -g 2015 web_proxy
+RUN groupadd -g ${ARGUS_GID} web_proxy
 
 # 创建 proxy 用户并指定组
-RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 web_proxy
+RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} web_proxy
 
 RUN chown -R web_proxy:web_proxy ${FRONTEND_BASE_PATH} && \
     chown -R web_proxy:web_proxy /private/argus/etc && \
@@ -40,7 +42,7 @@ RUN if [ "$USE_INTRANET" = "true" ]; then \
 
 
 # 复制 nginx 配置（保证 React 前端路由兼容）
-COPY src/web/build_tools/proxy/nginx.conf /etc/nginx/nginx.conf
+COPY src/web/build_tools/proxy/nginx.conf.template /etc/nginx/nginx.conf.template
 COPY src/web/build_tools/proxy/conf.d/ /etc/nginx/conf.d/
 
 # 复制 supervisor 配置

src/web/build_tools/proxy/conf.d/alert.conf

@@ -3,6 +3,6 @@ server {
     server_name alertmanager.alert.argus.com;
 
     location / {
-        proxy_pass http://alertmanager.alert.argus.com;
+        proxy_pass http://alertmanager.alert.argus.com:9093;
     }
 }

src/web/build_tools/proxy/conf.d/master.conf

@@ -3,24 +3,25 @@ server {
     server_name master.argus.com;
 
     location / {
+        # proxy_pass http://master.argus.com;
         proxy_pass http://master.argus.com;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        # proxy_set_header Host $host;
+        # proxy_set_header X-Real-IP $remote_addr;
+        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # proxy_set_header X-Forwarded-Proto $scheme;
 
-        # CORS 支持
-        add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+        # # CORS 支持
+        # add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always;
+        # add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        # add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
 
-        if ($request_method = OPTIONS) {
-            add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always;
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
-            add_header 'Content-Length' 0;
-            add_header 'Content-Type' 'text/plain';
-            return 204;
-        }
+        # if ($request_method = OPTIONS) {
+        #     add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always;
+        #     add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        #     add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
+        #     add_header 'Content-Length' 0;
+        #     add_header 'Content-Type' 'text/plain';
+        #     return 204;
+        # }
     }
 }

src/web/build_tools/proxy/conf.d/metric.conf

@@ -4,16 +4,16 @@ server {
     server_name prometheus.metric.argus.com;
 
     location / {
-        proxy_pass http://prometheus.metric.argus.com;
+        proxy_pass http://prom.metric.argus.com;
     }
 }
 
-# Grafana
-server {
-    listen 80;
-    server_name grafana.metric.argus.com;
+# # Grafana
+# server {
+#     listen 80;
+#     server_name grafana.metric.argus.com;
 
-    location / {
-        proxy_pass http://grafana.metric.argus.com;
-    }
-}
+#     location / {
+#         proxy_pass http://grafana.metric.argus.com;
+#     }
+# }

src/web/build_tools/proxy/conf.d/web.conf

@@ -3,6 +3,6 @@ server {
     server_name web.argus.com;
 
     location / {
-        proxy_pass http://web.argus.com;
+        proxy_pass http://web.argus.com:80;
     }
 }

src/web/build_tools/proxy/nginx.conf.template

@@ -5,13 +5,22 @@ events {
     worker_connections  1024;
 }
 
+server {
+    listen 80 default_server;
+    server_name _;
+
+    location / {
+        proxy_pass http://web.argus.com:80;
+    }
+}
+
 http {
     include       mime.types;
     default_type  application/octet-stream;
     sendfile      on;
 
     # 使用系统 resolv.conf（由 update-dns.sh 动态更新）
-    resolver $(awk '/^nameserver/ {print $2}' /etc/resolv.conf | tr '\n' ' ') valid=30s ipv6=off;
+    resolver __RESOLVERS__ valid=30s ipv6=off;
 
     # 启用访问日志
     access_log  /var/log/nginx/access.log;

src/web/build_tools/proxy/start-proxy-supervised.sh

@@ -3,9 +3,12 @@ set -euo pipefail
 
 echo "[INFO] Starting proxy under supervisor..."
 
+TEMPLATE="/etc/nginx/nginx.conf.template"
+TARGET="/etc/nginx/nginx.conf"
+DNS_CONF_PRIVATE="/private/argus/etc/dns.conf"
+DNS_CONF_SYSTEM="/etc/resolv.conf"
 DNS_DIR="/private/argus/etc"
 DNS_SCRIPT="${DNS_DIR}/update-dns.sh"
-RUNTIME_USER="${ARGUS_RUNTIME_USER:-argus}"
 RUNTIME_UID="${ARGUS_BUILD_UID:-2133}"
 RUNTIME_GID="${ARGUS_BUILD_GID:-2015}"
 
@@ -20,6 +23,37 @@ else
   echo "[WARN] DNS update script not found or not executable: $DNS_SCRIPT"
 fi
 
+# ========== 读取 DNS ==========
+if [ -f "$DNS_CONF_PRIVATE" ]; then
+  echo "从 $DNS_CONF_PRIVATE 读取 DNS 服务器..."
+  RESOLVERS=$(awk '/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ {print $1}' "$DNS_CONF_PRIVATE" | tr '\n' ' ')
+fi
+
+# 如果 /private 文件不存在则 fallback
+if [ -z "${RESOLVERS:-}" ]; then
+  echo "未在 $DNS_CONF_PRIVATE 中找到有效 DNS，使用系统 /etc/resolv.conf"
+  RESOLVERS=$(awk '/^nameserver/ {print $2}' "$DNS_CONF_SYSTEM" | tr '\n' ' ')
+fi
+
+# 最后兜底：若仍为空，使用公共 DNS
+if [ -z "$RESOLVERS" ]; then
+  echo "警告: 未找到任何 DNS，使用默认 8.8.8.8"
+  RESOLVERS="8.8.8.8"
+fi
+
+echo "检测到 DNS 服务器列表: $RESOLVERS"
+
+# ========== 生成 nginx.conf ==========
+if [ -f "$TEMPLATE" ]; then
+  echo "从模板生成 nginx.conf ..."
+  sed "s|__RESOLVERS__|$RESOLVERS|" "$TEMPLATE" > "$TARGET"
+else
+  echo "错误: 找不到 nginx.conf.template ($TEMPLATE)"
+  exit 1
+fi
+
+# 打印生成结果供排查
+grep resolver "$TARGET" || true
 
 echo "[INFO] Launching nginx..."