diff --git a/Dockerfile b/Dockerfile index e4e42318..da6eb724 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,8 +17,8 @@ RUN apk add --no-cache apache2-utils dos2unix supervisor nodejs npm gettext curl # 安装pnpm RUN npm install -g pnpm -# 复制Nginx配置 -COPY docker/nginx.conf /etc/nginx/conf.d/default.conf +# 复制Nginx配置模板 +COPY docker/nginx.conf.template /etc/nginx/conf.d/nginx.conf.template # 复制Web应用 COPY --from=build /app/packages/web/dist /usr/share/nginx/html @@ -41,18 +41,15 @@ WORKDIR /app/mcp-server # 复制并设置启动脚本 COPY docker/generate-config.sh /docker-entrypoint.d/40-generate-config.sh -COPY docker/generate-auth.sh /docker-entrypoint.d/30-generate-auth.sh COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf COPY docker/start-services.sh /start-services.sh # 确保脚本有执行权限 RUN chmod +x /docker-entrypoint.d/40-generate-config.sh -RUN chmod +x /docker-entrypoint.d/30-generate-auth.sh RUN chmod +x /start-services.sh # 转换可能的Windows行尾符为Unix格式 RUN dos2unix /docker-entrypoint.d/40-generate-config.sh -RUN dos2unix /docker-entrypoint.d/30-generate-auth.sh RUN dos2unix /start-services.sh EXPOSE 80 diff --git a/docker/generate-auth.sh b/docker/generate-auth.sh deleted file mode 100644 index bfc58850..00000000 --- a/docker/generate-auth.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# 检查是否设置了ACCESS_PASSWORD环境变量 -if [ -n "$ACCESS_PASSWORD" ]; then - # 检查密码是否为空字符串 - if [ "$ACCESS_PASSWORD" = "" ]; then - echo "警告: 设置了空密码,不安全。不启用Basic认证" - # 创建空的auth配置(禁用认证) - cat > /etc/nginx/conf.d/auth.conf << EOF -# Basic认证未启用 - 密码为空 -auth_basic off; -EOF - exit 0 - fi - - echo "启用Basic认证..." - - # 创建认证文件目录 - mkdir -p /etc/nginx/auth - - # 确定用户名(如果未设置ACCESS_USERNAME则使用默认值"admin") - USERNAME=${ACCESS_USERNAME:-admin} - - # 生成htpasswd文件 - 使用printf避免特殊字符问题 - printf '%s' "$ACCESS_PASSWORD" | htpasswd -i -c /etc/nginx/auth/.htpasswd "$USERNAME" - - # 容器环境中简化权限管理 - 确保所有人都可读取认证文件 - chmod -R a+r /etc/nginx/auth - - # 创建启用认证的配置 - cat > /etc/nginx/conf.d/auth.conf << EOF -# 此文件由generate-auth.sh脚本自动生成 -auth_basic "请输入访问凭据 (Please enter your credentials)"; -auth_basic_user_file /etc/nginx/auth/.htpasswd; -EOF - - echo "Basic认证已配置,用户名: $USERNAME" -else - echo "未设置ACCESS_PASSWORD环境变量,不启用Basic认证" - - # 创建空的auth配置(禁用认证) - cat > /etc/nginx/conf.d/auth.conf << EOF -# Basic认证未启用 -auth_basic off; -EOF -fi \ No newline at end of file diff --git a/docker/generate-config.sh b/docker/generate-config.sh index e280dbf9..a4a54d46 100644 --- a/docker/generate-config.sh +++ b/docker/generate-config.sh @@ -1,10 +1,10 @@ #!/bin/sh -# 配置文件路径 -CONFIG_FILE="/usr/share/nginx/html/config.js" - -# 生成配置文件 -cat > $CONFIG_FILE << EOF +# 生成前端运行时配置文件 +generate_frontend_config() { + CONFIG_FILE="/usr/share/nginx/html/config.js" + + cat > $CONFIG_FILE << EOF window.runtime_config = { OPENAI_API_KEY: "${VITE_OPENAI_API_KEY:-}", GEMINI_API_KEY: "${VITE_GEMINI_API_KEY:-}", @@ -17,4 +17,70 @@ window.runtime_config = { console.log("运行时配置已加载"); EOF -echo "配置文件已生成: $CONFIG_FILE" \ No newline at end of file + echo "配置文件已生成: $CONFIG_FILE" +} + +# 生成认证配置 +generate_auth() { + if [ -n "$ACCESS_PASSWORD" ]; then + if [ "$ACCESS_PASSWORD" = "" ]; then + echo "警告: 设置了空密码,不安全。不启用Basic认证" + create_auth_config "off" + return + fi + + echo "启用Basic认证..." + + mkdir -p /etc/nginx/auth + USERNAME=${ACCESS_USERNAME:-admin} + + printf '%s' "$ACCESS_PASSWORD" | htpasswd -i -c /etc/nginx/auth/.htpasswd "$USERNAME" + chmod -R a+r /etc/nginx/auth + + create_auth_config "on" "$USERNAME" + else + echo "未设置ACCESS_PASSWORD环境变量,不启用Basic认证" + create_auth_config "off" + fi +} + +# 创建认证配置文件 +create_auth_config() { + local auth_enabled=$1 + local username=$2 + + if [ "$auth_enabled" = "on" ]; then + cat > /etc/nginx/conf.d/auth.conf << EOF +# 此文件由启动脚本自动生成 +auth_basic "请输入访问凭据 (Please enter your credentials)"; +auth_basic_user_file /etc/nginx/auth/.htpasswd; +EOF + echo "Basic认证已配置,用户名: $username" + export AUTH_CONFIG="include /etc/nginx/conf.d/auth.conf;" + else + cat > /etc/nginx/conf.d/auth.conf << EOF +# Basic认证未启用 +auth_basic off; +EOF + export AUTH_CONFIG="" + fi +} + +# 生成nginx配置 +generate_nginx_config() { + echo "正在生成nginx配置..." + envsubst '${NGINX_PORT},${AUTH_CONFIG}' < /etc/nginx/conf.d/nginx.conf.template > /etc/nginx/conf.d/default.conf + echo "Nginx配置已生成" +} + +# 主执行流程 +echo "正在生成前端配置文件..." +generate_frontend_config + +echo "正在配置认证..." +generate_auth + +echo "正在生成nginx配置..." +generate_nginx_config + +echo "配置生成完成" \ No newline at end of file diff --git a/docker/nginx.conf b/docker/nginx.conf.template similarity index 98% rename from docker/nginx.conf rename to docker/nginx.conf.template index 50e2f6d9..dd931982 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf.template @@ -60,7 +60,7 @@ server { # SPA应用路由支持 location / { # 引入Basic认证配置 - include /etc/nginx/conf.d/auth.conf; + ${AUTH_CONFIG} try_files $uri $uri/ /index.html; expires -1; diff --git a/docker/start-services.sh b/docker/start-services.sh index 7712b72a..ccd99320 100644 --- a/docker/start-services.sh +++ b/docker/start-services.sh @@ -3,11 +3,7 @@ # 创建日志目录 mkdir -p /var/log/supervisor -# 处理nginx配置文件中的环境变量 -echo "Processing nginx configuration with environment variables..." -envsubst '${NGINX_PORT}' < /etc/nginx/conf.d/default.conf > /tmp/nginx.conf -mv /tmp/nginx.conf /etc/nginx/conf.d/default.conf -echo "Nginx configuration updated with NGINX_PORT=${NGINX_PORT}" +# nginx配置已由generate-config.sh处理 # 运行原有的nginx初始化脚本 echo "Running nginx initialization scripts..."