From fb4630c3f628addc8a193febad4a8a8d7fea0008 Mon Sep 17 00:00:00 2001 From: "xiuting.xu" Date: Mon, 13 Oct 2025 09:48:36 +0800 Subject: [PATCH] =?UTF-8?q?[#6]=20=E4=BF=AE=E6=94=B9=E6=89=93=E5=8C=85?= =?UTF-8?q?=E9=95=9C=E5=83=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/alert/alertmanager/build/Dockerfile | 6 ++-- src/web/build_tools/frontend/Dockerfile | 6 ++-- src/web/build_tools/proxy/Dockerfile | 8 +++-- src/web/build_tools/proxy/conf.d/alert.conf | 2 +- src/web/build_tools/proxy/conf.d/master.conf | 33 ++++++++--------- src/web/build_tools/proxy/conf.d/metric.conf | 18 +++++----- src/web/build_tools/proxy/conf.d/web.conf | 2 +- .../proxy/{nginx.conf => nginx.conf.template} | 11 +++++- .../proxy/start-proxy-supervised.sh | 36 ++++++++++++++++++- 9 files changed, 86 insertions(+), 36 deletions(-) rename src/web/build_tools/proxy/{nginx.conf => nginx.conf.template} (78%) diff --git a/src/alert/alertmanager/build/Dockerfile b/src/alert/alertmanager/build/Dockerfile index 3fe711b..d986e31 100644 --- a/src/alert/alertmanager/build/Dockerfile +++ b/src/alert/alertmanager/build/Dockerfile @@ -19,6 +19,8 @@ RUN wget https://github.com/prometheus/alertmanager/releases/download/v${ALERTMA rm alertmanager-${ALERTMANAGER_VERSION}.linux-amd64.tar.gz ENV ALERTMANAGER_BASE_PATH=/private/argus/alert/alertmanager +ENV ARGUS_UID=2133 +ENV ARGUS_GID=2015 RUN mkdir -p /usr/share/alertmanager && \ mkdir -p ${ALERTMANAGER_BASE_PATH} && \ @@ -28,10 +30,10 @@ RUN mkdir -p /usr/share/alertmanager && \ # 创建 alertmanager 用户(可自定义 UID/GID) # 创建 alertmanager 用户组 -RUN groupadd -g 2015 alertmanager +RUN groupadd -g ${ARGUS_GID} alertmanager # 创建 alertmanager 用户并指定组 -RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 alertmanager +RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} alertmanager RUN chown -R alertmanager:alertmanager /usr/share/alertmanager && \ chown -R alertmanager:alertmanager /alertmanager && \ diff --git a/src/web/build_tools/frontend/Dockerfile b/src/web/build_tools/frontend/Dockerfile index 4363188..13c8d6a 100644 --- a/src/web/build_tools/frontend/Dockerfile +++ b/src/web/build_tools/frontend/Dockerfile @@ -24,16 +24,18 @@ RUN apt-get update && \ apt-get clean && rm -rf /var/lib/apt/lists/* ENV FRONTEND_BASE_PATH=/private/argus/web/frontend +ENV ARGUS_UID=2133 +ENV ARGUS_GID=2015 RUN mkdir -p ${FRONTEND_BASE_PATH} && \ mkdir -p /private/argus/etc # 创建 web 用户(可自定义 UID/GID) # 创建 web 用户组 -RUN groupadd -g 2015 web +RUN groupadd -g ${ARGUS_GID} web # 创建 web 用户并指定组 -RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 web +RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} web RUN chown -R web:web ${FRONTEND_BASE_PATH} && \ chown -R web:web /private/argus/etc && \ diff --git a/src/web/build_tools/proxy/Dockerfile b/src/web/build_tools/proxy/Dockerfile index ceac538..ba58515 100644 --- a/src/web/build_tools/proxy/Dockerfile +++ b/src/web/build_tools/proxy/Dockerfile @@ -8,16 +8,18 @@ RUN apt-get update && \ apt-get clean && rm -rf /var/lib/apt/lists/* ENV FRONTEND_BASE_PATH=/private/argus/web/proxy +ENV ARGUS_UID=2133 +ENV ARGUS_GID=2015 RUN mkdir -p ${FRONTEND_BASE_PATH} && \ mkdir -p /private/argus/etc # 创建 proxy 用户(可自定义 UID/GID) # 创建 proxy 用户组 -RUN groupadd -g 2015 web_proxy +RUN groupadd -g ${ARGUS_GID} web_proxy # 创建 proxy 用户并指定组 -RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 web_proxy +RUN useradd -M -s /usr/sbin/nologin -u ${ARGUS_UID} -g ${ARGUS_GID} web_proxy RUN chown -R web_proxy:web_proxy ${FRONTEND_BASE_PATH} && \ chown -R web_proxy:web_proxy /private/argus/etc && \ @@ -40,7 +42,7 @@ RUN if [ "$USE_INTRANET" = "true" ]; then \ # 复制 nginx 配置(保证 React 前端路由兼容) -COPY src/web/build_tools/proxy/nginx.conf /etc/nginx/nginx.conf +COPY src/web/build_tools/proxy/nginx.conf.template /etc/nginx/nginx.conf.template COPY src/web/build_tools/proxy/conf.d/ /etc/nginx/conf.d/ # 复制 supervisor 配置 diff --git a/src/web/build_tools/proxy/conf.d/alert.conf b/src/web/build_tools/proxy/conf.d/alert.conf index 1f8987f..4b770cd 100644 --- a/src/web/build_tools/proxy/conf.d/alert.conf +++ b/src/web/build_tools/proxy/conf.d/alert.conf @@ -3,6 +3,6 @@ server { server_name alertmanager.alert.argus.com; location / { - proxy_pass http://alertmanager.alert.argus.com; + proxy_pass http://alertmanager.alert.argus.com:9093; } } diff --git a/src/web/build_tools/proxy/conf.d/master.conf b/src/web/build_tools/proxy/conf.d/master.conf index 1b6e61f..96a19b5 100644 --- a/src/web/build_tools/proxy/conf.d/master.conf +++ b/src/web/build_tools/proxy/conf.d/master.conf @@ -3,24 +3,25 @@ server { server_name master.argus.com; location / { + # proxy_pass http://master.argus.com; proxy_pass http://master.argus.com; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; - # CORS 支持 - add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + # # CORS 支持 + # add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + # add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; - if ($request_method = OPTIONS) { - add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; - add_header 'Content-Length' 0; - add_header 'Content-Type' 'text/plain'; - return 204; - } + # if ($request_method = OPTIONS) { + # add_header 'Access-Control-Allow-Origin' 'http://web.argus.com' always; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + # add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always; + # add_header 'Content-Length' 0; + # add_header 'Content-Type' 'text/plain'; + # return 204; + # } } } diff --git a/src/web/build_tools/proxy/conf.d/metric.conf b/src/web/build_tools/proxy/conf.d/metric.conf index ec0dd4b..beb8c0e 100644 --- a/src/web/build_tools/proxy/conf.d/metric.conf +++ b/src/web/build_tools/proxy/conf.d/metric.conf @@ -4,16 +4,16 @@ server { server_name prometheus.metric.argus.com; location / { - proxy_pass http://prometheus.metric.argus.com; + proxy_pass http://prom.metric.argus.com; } } -# Grafana -server { - listen 80; - server_name grafana.metric.argus.com; +# # Grafana +# server { +# listen 80; +# server_name grafana.metric.argus.com; - location / { - proxy_pass http://grafana.metric.argus.com; - } -} +# location / { +# proxy_pass http://grafana.metric.argus.com; +# } +# } diff --git a/src/web/build_tools/proxy/conf.d/web.conf b/src/web/build_tools/proxy/conf.d/web.conf index cc58b34..c810710 100644 --- a/src/web/build_tools/proxy/conf.d/web.conf +++ b/src/web/build_tools/proxy/conf.d/web.conf @@ -3,6 +3,6 @@ server { server_name web.argus.com; location / { - proxy_pass http://web.argus.com; + proxy_pass http://web.argus.com:80; } } diff --git a/src/web/build_tools/proxy/nginx.conf b/src/web/build_tools/proxy/nginx.conf.template similarity index 78% rename from src/web/build_tools/proxy/nginx.conf rename to src/web/build_tools/proxy/nginx.conf.template index 0e630a0..a7c6a19 100644 --- a/src/web/build_tools/proxy/nginx.conf +++ b/src/web/build_tools/proxy/nginx.conf.template @@ -5,13 +5,22 @@ events { worker_connections 1024; } +server { + listen 80 default_server; + server_name _; + + location / { + proxy_pass http://web.argus.com:80; + } +} + http { include mime.types; default_type application/octet-stream; sendfile on; # 使用系统 resolv.conf(由 update-dns.sh 动态更新) - resolver $(awk '/^nameserver/ {print $2}' /etc/resolv.conf | tr '\n' ' ') valid=30s ipv6=off; + resolver __RESOLVERS__ valid=30s ipv6=off; # 启用访问日志 access_log /var/log/nginx/access.log; diff --git a/src/web/build_tools/proxy/start-proxy-supervised.sh b/src/web/build_tools/proxy/start-proxy-supervised.sh index 3c2fc0f..ac276dd 100644 --- a/src/web/build_tools/proxy/start-proxy-supervised.sh +++ b/src/web/build_tools/proxy/start-proxy-supervised.sh @@ -3,9 +3,12 @@ set -euo pipefail echo "[INFO] Starting proxy under supervisor..." +TEMPLATE="/etc/nginx/nginx.conf.template" +TARGET="/etc/nginx/nginx.conf" +DNS_CONF_PRIVATE="/private/argus/etc/dns.conf" +DNS_CONF_SYSTEM="/etc/resolv.conf" DNS_DIR="/private/argus/etc" DNS_SCRIPT="${DNS_DIR}/update-dns.sh" -RUNTIME_USER="${ARGUS_RUNTIME_USER:-argus}" RUNTIME_UID="${ARGUS_BUILD_UID:-2133}" RUNTIME_GID="${ARGUS_BUILD_GID:-2015}" @@ -20,6 +23,37 @@ else echo "[WARN] DNS update script not found or not executable: $DNS_SCRIPT" fi +# ========== 读取 DNS ========== +if [ -f "$DNS_CONF_PRIVATE" ]; then + echo "从 $DNS_CONF_PRIVATE 读取 DNS 服务器..." + RESOLVERS=$(awk '/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ {print $1}' "$DNS_CONF_PRIVATE" | tr '\n' ' ') +fi + +# 如果 /private 文件不存在则 fallback +if [ -z "${RESOLVERS:-}" ]; then + echo "未在 $DNS_CONF_PRIVATE 中找到有效 DNS,使用系统 /etc/resolv.conf" + RESOLVERS=$(awk '/^nameserver/ {print $2}' "$DNS_CONF_SYSTEM" | tr '\n' ' ') +fi + +# 最后兜底:若仍为空,使用公共 DNS +if [ -z "$RESOLVERS" ]; then + echo "警告: 未找到任何 DNS,使用默认 8.8.8.8" + RESOLVERS="8.8.8.8" +fi + +echo "检测到 DNS 服务器列表: $RESOLVERS" + +# ========== 生成 nginx.conf ========== +if [ -f "$TEMPLATE" ]; then + echo "从模板生成 nginx.conf ..." + sed "s|__RESOLVERS__|$RESOLVERS|" "$TEMPLATE" > "$TARGET" +else + echo "错误: 找不到 nginx.conf.template ($TEMPLATE)" + exit 1 +fi + +# 打印生成结果供排查 +grep resolver "$TARGET" || true echo "[INFO] Launching nginx..."