first commit

.gitignore

@@ -337,29 +337,31 @@ fabric.properties
 # Sonarlint plugin
 .idea/sonarlint
 # ---> macOS
-.DS_Store
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-
-# Thumbnails
-._*
-
-# Files that might appear in the root of a volume
-.DocumentRevisions-V100
-.fseventsd
-.Spotlight-V100
-.TemporaryItems
-.Trashes
-.VolumeIcon.icns
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+yml/*.yml
 

command/Config.php

@@ -0,0 +1,16 @@
+<?php
+namespace Proginn;
+
+class Config
+{
+    const DB_HOST = '172.17.255.24';
+    const DB_PORT = '3306';
+    const DB_NAME = 'docker';
+    const DB_USER = 'docker';
+    const DB_PASS = '93c5e336181722a5bce0a747f5ab767d';
+    const DB_CHAR = 'utf8';
+
+    const REDIS_HOST = '172.17.255.24';
+    const REDIS_PORT = '6379';
+    const REDIS_PASS = 'oTwerSKq79Lp';
+}

command/Start.php

@@ -0,0 +1,237 @@
+<?php
+namespace Proginn;
+
+use Exception;
+use Medoo\Medoo;
+use Proginn\Config;
+use Redis;
+
+class Start
+{
+    const IP_LOCK_KEY = 'docker:ip:';
+    /**
+     * 数据库链接
+     *
+     * @var Medoo $connection
+     *
+     */
+    protected static $connection;
+    /**
+     * 数据库链接
+     *
+     * @var Redis $redis
+     *
+     */
+    protected static $redis;
+    protected $startIP = 180936414; // 10.200.222.222
+    protected $domainSuffix = '.test.proginn.com';
+    protected $containersBasePath = '/workspace/containers/';
+
+    public function __construct($argv)
+    {
+        $params = $this->parseArgs($argv);
+        $action = $params['action'];
+        $proginnBranch = $params['proginn-branch'] ?? 'master';
+        $rooterBranch = $params['rooter-branch'] ?? 'master';
+        $proginnFrontendBranch = $params['proginn-frontend-branch'] ?? 'master';
+        $name = $params['name'];
+
+        switch ($action) {
+            case 'start':
+                $this->start($name, $proginnBranch, $rooterBranch, $proginnFrontendBranch);
+                break;
+            case 'remove':
+                $this->remove($name);
+                break;
+            default:
+                echo "Usage: php index.php --action=start|remove --name=mydev --proginn-branch=dev --rooter-branch=dev --proginn-frontend-branch dev\n";
+                break;
+        }
+    }
+    public function start($name, $proginnBranch, $rooterBranch, $proginnFrontendBranch)
+    {
+        if (preg_match('[^a-zA-Z0-9_]+', $name)) {
+            echo "创建失败，容器名：{$name}只能字母、数字及下划线组成。\n";
+            return;
+        }
+        if (preg_match('[^a-zA-Z0-9_]+', $proginnBranch)) {
+            echo "创建失败，proginn分支名：{$name}只能字母、数字及下划线组成。\n";
+            return;
+        }
+        if (preg_match('[^a-zA-Z0-9_]+', $rooterBranch)) {
+            echo "创建失败，rooter分支名：{$name}只能字母、数字及下划线组成。\n";
+            return;
+        }
+        if (preg_match('[^a-zA-Z0-9_]+', $proginnFrontendBranch)) {
+            echo "创建失败，proginn-frontend分支名：{$name}只能字母、数字及下划线组成。\n";
+            return;
+        }
+
+        $db = $this->getConnection();
+        $row = $db->get('sites', '*', [
+            'name' => $name,
+        ]);
+        if (!empty($row)) {
+            echo "创建失败，容器：{$name}已经存在，请确认。\n";
+            return;
+        }
+        $ip = $this->getIp();
+        $ipv4 = long2ip($ip);
+        $domain = $name;
+        $fullDomain = $name . $this->domainSuffix;
+        $this->getConnection()->query('start transaction');
+        try {
+            $id = $this->getConnection()->insert('sites', [
+                'proginn_branch' => $proginnBranch,
+                'domain' => $domain,
+                'ip' => $ip,
+                'ipv4' => $ipv4,
+                'created_at' => time(),
+                'name' => $name,
+                'rooter_branch' => $rooterBranch,
+                'proginn_frontend_branch' => $proginnFrontendBranch,
+                'full_domain' => $fullDomain,
+            ]);
+            if (!$id) {
+                throw new Exception('创建数据库记录失败');
+            }
+            // 容器存储目录
+            $directory = $this->containersBasePath . $name;
+            // 创建容器存储目录
+            mkdir($directory, 0777, true);
+            // 拷贝项目
+            system("cp -Rf /workpsace/projects/proginn {$directory}");
+            system("cp -Rf /workpsace/projects/proginn-frontend {$directory}");
+            system("cp -Rf /workpsace/projects/boss {$directory}");
+            system("cp -Rf /workpsace/projects/festival {$directory}");
+            // 创建日志相关目录
+            mkdir($directory . 'log/pm2', 0777, true); //
+            mkdir($directory . 'log/proginn_cache', 0777, true); //
+            // 配置存放目录
+            mkdir($directory . 'config', 0777, true); //
+            // yml 文件
+            $template = file_get_contents(ROOT_DIR . 'dockerfile/template.yml');
+            $template = str_replace('<containerName>', $name, $template);
+            $template = str_replace('<ip>', $ipv4, $template);
+            $template = str_replace('<proginn-branch>', $proginnBranch, $template);
+            $template = str_replace('<rooter-branch>', $rooterBranch, $template);
+            $template = str_replace('<proginn-frontend-branch>', $proginnFrontendBranch, $template);
+            $template = str_replace('<domain>', $fullDomain, $template);
+            file_put_contents($directory . 'config/docker.yml', $template);
+            // nginx 配置
+            $proxy = file_get_contents(ROOT_DIR . 'config/nginx/template/proxy.nginx.conf');
+            $proxy = str_replace('{{domain}}', $domain, $proxy);
+            $proxy = str_replace('{{ip}}', $ipv4, $proxy);
+            file_put_contents("/workspace/commonContainers/nginx/conf.d/{$name}.conf", $proxy);
+            $proginn = file_get_contents(ROOT_DIR . 'config/nginx/template/proginn.nginx.conf');
+            $proginn = str_replace('{{domain}}', $domain, $proginn);
+            $proginn = str_replace('{{ip}}', $ipv4, $proginn);
+            file_put_contents("{$directory}config/nginx.conf", $proginn);
+            // 启动容器
+            system("docker-compose -f {$directory}config/docker.yml up -d");
+            // 重载Nginx
+            system("docker exec dockerfile_nginx_1 nginx -s reload");
+            $this->getConnection()->query('commit');
+        } catch (\Throwable $e) {
+            $this->getConnection()->query('rollback');
+            if (file_exists($directory . 'config/docker.yml')) {
+                system("docker-compose -f {$directory}config/docker.yml rm -s -f");
+            }
+            // 容器存储目录
+            $directory = $this->containersBasePath . $name;
+            system("sudo rm -rf {$directory}");
+            system("rm -f /workspace/commonContainers/nginx/conf.d/{$name}.conf");
+            system("docker exec dockerfile_nginx_1 nginx -s reload");
+        }
+    }
+    protected function remove($name)
+    {
+        $db = $this->getConnection();
+        $row = $db->get('sites', '*', [
+            'name' => $name,
+        ]);
+        if (empty($row)) {
+            echo "删除失败，容器：{$name}不存在，请确认。\n";
+            return;
+        }
+        $this->getConnection()->query('start transaction');
+        try {
+            // 容器存储目录
+            $directory = $this->containersBasePath . $name;
+            $db->delete('sites', [
+                'name' => $name,
+            ]);
+            if (file_exists($directory . 'config/docker.yml')) {
+                system("docker-compose -f {$directory}config/docker.yml rm -s -f");
+            }
+            // 容器存储目录
+            $directory = $this->containersBasePath . $name;
+            system("sudo rm -rf {$directory}");
+            system("rm -f /workspace/commonContainers/nginx/conf.d/{$name}.conf");
+            system("docker exec dockerfile_nginx_1 nginx -s reload");
+
+            $redis = $this->getRedis();
+            $lockKey = static::IP_LOCK_KEY . $row['ip'];
+            $redis->del($lockKey);
+
+            $this->getConnection()->query('commit');
+        } catch (\Throwable $e) {
+            $this->getConnection()->query('rollback');
+        }
+    }
+    protected function getIp()
+    {
+        $ip = $this->startIP;
+        $redis = $this->getRedis();
+        while (true) {
+            $ip++;
+            $lockKey = static::IP_LOCK_KEY . $ip;
+            $lock = $redis->setnx($lockKey, $ip);
+            if ($lock) {
+                break;
+            }
+        }
+        return $ip;
+    }
+    protected function parseArgs($argv)
+    {
+        unset($argv[0]);
+        $params = [];
+        foreach ($argv as $i => $arg) {
+            $arg = explode('=', $arg);
+            $key = trim($argv[0], "-");
+            $val = $arg[1] ?? true;
+            $params[$key] = $val;
+        }
+        return $params;
+    }
+    protected function getRedis()
+    {
+        if (static::$redis === null) {
+            static::$redis = new Redis();
+            static::$redis->connect(Config::REDIS_HOST, Config::REDIS_PASS, 3);
+            static::$redis->auth(Config::REDIS_PASS);
+        }
+        return static::$redis;
+    }
+    /**
+     * @return Medoo
+     */
+    protected function getConnection()
+    {
+        if (static::$connection === null) {
+            static::$connection = new Medoo([
+                'database_type' => 'mysql',
+                'database_name' => Config::DB_NAME,
+                'server' => Config::DB_HOST,
+                'username' => Config::DB_USER,
+                'password' => Config::DB_PASS,
+                'charset' => Config::DB_CHAR,
+                'port' => Config::DB_PORT,
+                'prefix' => '',
+                'logging' => true,
+            ]);
+        }
+        return static::$connection;
+    }
+}

command/composer.json

@@ -0,0 +1,26 @@
+{
+  "name": "proginn/docker",
+  "description": "客栈测试环docker管理",
+  "type": "project",
+  "require": {
+    "catfan/medoo": "^1.7"
+  },
+  "license": "Apache-2.0",
+  "authors": [
+    {
+      "name": "lushuncheng",
+      "email": "i@shuncheng.lu"
+    }
+  ],
+  "autoload": {
+    "psr-4": {
+      "Proginn\\": "./"
+    }
+  },
+  "repositories": {
+    "packagist": {
+      "type": "composer",
+      "url": "https://mirrors.aliyun.com/composer/"
+    }
+  }
+}

command/composer.lock

@@ -0,0 +1,78 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "b99b19e06468897e8bb6298a32e18cf1",
+    "packages": [
+        {
+            "name": "catfan/medoo",
+            "version": "v1.7.10",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/catfan/Medoo.git",
+                "reference": "2d675f73e23f63bbaeb9a8aa33318659a3d3c32f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/catfan/Medoo/zipball/2d675f73e23f63bbaeb9a8aa33318659a3d3c32f",
+                "reference": "2d675f73e23f63bbaeb9a8aa33318659a3d3c32f",
+                "shasum": ""
+            },
+            "require": {
+                "ext-pdo": "*",
+                "php": ">=5.4"
+            },
+            "suggest": {
+                "ext-pdo_dblib": "For MSSQL or Sybase database on Linux/UNIX platform",
+                "ext-pdo_mysql": "For MySQL or MariaDB database",
+                "ext-pdo_oci": "For Oracle database",
+                "ext-pdo_oci8": "For Oracle version 8 database",
+                "ext-pdo_pqsql": "For PostgreSQL database",
+                "ext-pdo_sqlite": "For SQLite database",
+                "ext-pdo_sqlsrv": "For MSSQL database on both Window/Liunx platform"
+            },
+            "type": "framework",
+            "autoload": {
+                "psr-4": {
+                    "Medoo\\": "/src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Angel Lai",
+                    "email": "angel@catfan.me"
+                }
+            ],
+            "description": "The lightweight PHP database framework to accelerate development",
+            "homepage": "https://medoo.in",
+            "keywords": [
+                "database",
+                "database library",
+                "lightweight",
+                "mariadb",
+                "mssql",
+                "mysql",
+                "oracle",
+                "php framework",
+                "postgresql",
+                "sql",
+                "sqlite"
+            ],
+            "time": "2020-02-11T08:20:42+00:00"
+        }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "stable",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": [],
+    "platform-dev": []
+}

command/index.php

@@ -0,0 +1,14 @@
+#!/usr/bin/env php
+<?php
+
+use Proginn\Start;
+
+define('ROOT_DIR', dirname(__DIR__));
+define('COMMAND_ROOT_DIR', ROOT_DIR . DIRECTORY_SEPARATOR . 'command');
+define('SHELL_ROOT_DIR', ROOT_DIR . DIRECTORY_SEPARATOR . 'shell');
+define('CONFIG_ROOT_DIR', ROOT_DIR . DIRECTORY_SEPARATOR . 'config');
+define('YML_ROOT_DIR', ROOT_DIR . DIRECTORY_SEPARATOR . 'yml');
+
+require_once COMMAND_ROOT_DIR . '/vendor/autoload.php';
+
+$command = new Start($argv);

config/crontab/container-code-up

@@ -0,0 +1 @@
+*/2 * * * * www-data bash /data/docker/shell/container-code-update.sh

config/nginx/conf.d/git.conf

@@ -0,0 +1,18 @@
+upstream git {
+    server 10.200.200.203:10080;
+}
+# git
+server {
+    listen 80;
+    server_name test-git.proginn.com;
+    location = /robots.txt {
+        alias /code/web/norobots.txt;
+    }
+    location / {
+        proxy_pass http://git/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $http_x_real_ip;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # proxy_set_header X-Forwarded-Proto $scheme;
+    } 
+}

config/nginx/conf.d/yapi.conf

@@ -0,0 +1,49 @@
+server {
+    listen 80;
+    server_name apidoc.proginn.com;
+    location / {
+        limit_req zone=byip burst=10;
+        proxy_pass http://10.200.200.202:3000/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $http_x_real_ip;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # proxy_set_header X-Forwarded-Proto $scheme;
+        # proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://apidoc\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}

config/nginx/nginx.conf

@@ -0,0 +1,90 @@
+include /etc/nginx/modules-enabled/*.conf;
+worker_processes 2;
+pid /run/nginx.pid;
+user  www-data www-data;
+events {
+    worker_connections 768;
+    use epoll;
+    # multi_accept on;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 120;
+    #types_hash_max_size 2048;
+    server_tokens off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    client_header_buffer_size 4k;
+    large_client_header_buffers 4 32k;
+    client_max_body_size 20m;
+    client_body_buffer_size 1024k;
+
+    #open_file_cache max=5000 inactive=60;
+    #reset_timedout_connection on;
+
+    error_log /data/log/nginx_error.log;
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_vary off;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.0;
+    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+    fastcgi_connect_timeout 10;
+    fastcgi_send_timeout 30;
+    fastcgi_read_timeout 30;
+    #fastcgi_buffer_size 128k;
+    #fastcgi_buffers 8 128k;
+    #fastcgi_busy_buffers_size 256k;
+    #fastcgi_temp_file_write_size 256k;
+    #fastcgi_intercept_errors on;
+    #fastcgi_hide_header Pragma;
+    #fastcgi cache
+    #fastcgi_cache_path /data/log/web/fastcgi_cache levels=1:2 keys_zone=cache_voice:128m inactive=30m max_size=4G;
+    
+    limit_req_zone $binary_remote_addr zone=byip:20m rate=20r/s;
+
+    resolver 100.100.2.136 100.100.2.138 ipv6=off;
+    resolver_timeout 1s;
+
+    lua_shared_dict limit 50m;
+    lua_shared_dict waf_rules 10m;
+    lua_shared_dict white_ips 10m;
+    lua_shared_dict black_ips 10m;
+
+    lua_package_path "/etc/nginx/conf/waf/?.lua";
+    init_by_lua_file "/etc/nginx/conf/waf/init.lua";
+    access_by_lua_file "/etc/nginx/conf/waf/access.lua";
+
+    # deny black ip
+    deny 58.22.18.222;
+
+    log_format proginn-logid ' [$time_local] $host $remote_addr $remote_user $request $request_time $request_length $body_bytes_sent $status '
+                        '$server_addr $upstream_addr $upstream_response_time $upstream_status $http_referer" "$http_user_agent" "$http_x_real_ip" "$http_x_forwarded_for" logId=$temp_request_id';
+    access_log off;
+
+    server_names_hash_bucket_size 128;
+    
+    # default
+    server {
+        listen      80 default_server;
+        server_name _;
+        return      444;
+    }
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}

config/nginx/template/proginn.nginx.conf

@@ -0,0 +1,277 @@
+# 技术圈
+server {
+    listen 80;
+    server_name {{domain}}.test-jishuin.proginn.com;
+    root /code/web/phphub/public;
+    index index.php;
+    
+    location / {
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /index.php?s=$1  last;
+            break;
+        }
+    }
+
+    location ~ ^/(composer.json|composer.lock|ThinkPHP/|vendor/|src/|bin/|App/|.git) {
+        deny all;
+    }
+    location ^~ /user/ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /user/quit {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ^~ /topics/create {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ~ /topics/\d+/edit {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ^~ /file/proxyUpload {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location /ajax/getmessage {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location /api {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /.nuxt {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /_nuxt {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php7-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+    access_log /data/log/jishuin.log proginn-logid;
+}
+
+server {
+    listen 80;
+    server_name {{domain}}.test.proginn.com;
+    
+    root /code/web/;
+    index index.php index.html index.htm;
+
+    location / {
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /index.php?s=$1  last;
+            break;
+        }
+    }
+
+    location /community {
+        rewrite ^/community(.*)$ https://{{domain}}.test-jishuin.proginn.com$1 permanent;
+    }
+
+    location /festival {
+        alias /festival/dist;
+        index index.html index.htm;
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /festival/index.html  last;
+            break;
+        }
+    }
+
+    location /oauth2 {
+        alias /code/web/openx/public/oauth2;
+        index index.php;
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /oauth2/index.php  last;
+            break;
+        }
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php7-fpm.sock;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+        }
+    }
+
+    location /openapi {
+        alias /code/web/openx/public/api;
+        index index.php;
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /openapi/index.php  last;
+            break;
+        }
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php7-fpm.sock;
+            fastcgi_index index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+        }
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php7-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+    }
+
+    location ^~ /type/vip {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /cert {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /group {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /setting/check/old_mobile {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /setting/check/real_info {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /setting/check/change_mobile {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /user/register {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /.nuxt {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /_nuxt {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /wo/cash {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /sign/new {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /type/interview {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /type/partners/ {
+         proxy_pass http://127.0.0.1:3000;
+         proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /wo/bills {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /job/ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /recruit/ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /salary/ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /salary/detail {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /credit {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ^~ /otherpage {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /kaifain {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+
+    location ^~ /upload_image {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test-jishuin.proginn.com;
+    }
+    location ^~ /Public/ {
+        # 匹配任何以 /Public/ 开头的地址，匹配符合以后，停止往下搜索正则，采用这一条。
+        expires 1d;
+        access_log off;
+    }
+
+    access_log /data/log/access.log proginn-logid;
+}
+
+# 新后台
+server {
+    listen 80;
+    server_name {{domain}}.test-rooter.proginn.com;
+
+    root /boss/dist;
+    index index.html index.htm;
+
+    location / {
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /index.html  last;
+            break;
+        }
+    }
+    location /api/admin {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /upload_image {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test-jishuin.proginn.com;
+    }
+    access_log /data/log/boss.log proginn-logid;
+}
+# festival
+server {
+    listen 80;
+    server_name {{domain}}.test-festival.proginn.com;
+
+    root /boss/dist;
+    index index.html index.htm;
+
+    location / {
+        if (!-e $request_filename) {
+            rewrite  ^(.*)$  /index.html  last;
+            break;
+        }
+    }
+    location /api {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test.proginn.com;
+    }
+    location ^~ /upload_image {
+        proxy_pass http://127.0.0.1;
+        proxy_set_header Host {{domain}}.test-jishuin.proginn.com;
+    }
+    access_log /data/log/festival.log proginn-logid;
+}

config/nginx/template/proxy.nginx.conf

@@ -0,0 +1,329 @@
+# web proginn
+server {
+    listen 80;
+    server_name {{domain}}.test.proginn.com;
+
+    set $temp_request_id $http_x_request_id;
+    if ($temp_request_id = "") {
+        set $temp_request_id $request_id;
+    }
+    add_header 'X-Request-Id' "$temp_request_id";
+    access_log /data/log/proginn-access.log proginn-logid;
+
+    if ($http_user_agent ~* (SemrushBot|python|MJ12bot|AhrefsBot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|DotBot|Baiduspider|spider)) {
+        return 444;
+    }
+    if ($http_referer ~* (lottery|shishissc)) {
+        return 444;
+    }
+    location = /robots.txt {
+        alias /code/web/norobots.txt;
+    }
+    location / {
+        limit_req zone=byip burst=100;
+        proxy_pass http://{{ip}}/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_set_header X-Request-Id $temp_request_id;
+        proxy_http_version 1.1;
+
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://([0-9a-z\-_]+\.)\.test\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN,Cookie';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}
+# web proginn
+server {
+    listen 80;
+    server_name {{domain}}.test.proginn.com;
+
+    set $temp_request_id $http_x_request_id;
+    if ($temp_request_id = "") {
+        set $temp_request_id $request_id;
+    }
+    add_header 'X-Request-Id' "$temp_request_id";
+    access_log /data/log/proginn-access.log proginn-logid;
+
+    if ($http_user_agent ~* (SemrushBot|python|MJ12bot|AhrefsBot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|DotBot|Baiduspider|spider)) {
+        return 444;
+    }
+    if ($http_referer ~* (lottery|shishissc)) {
+        return 444;
+    }
+    location = /robots.txt {
+        alias /code/web/norobots.txt;
+    }
+    location / {
+        limit_req zone=byip burst=100;
+        proxy_pass http://{{ip}}/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_set_header X-Request-Id $temp_request_id;
+        proxy_http_version 1.1;
+
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://([0-9a-z\-_]+\.)\.test\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN,Cookie';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}
+# web rooter
+server {
+    listen 80;
+    server_name {{domain}}.test-rooter.proginn.com;
+
+    set $temp_request_id $http_x_request_id;
+    if ($temp_request_id = "") {
+        set $temp_request_id $request_id;
+    }
+    add_header 'X-Request-Id' "$temp_request_id";
+    access_log /data/log/rooter-access.log proginn-logid;
+
+    if ($http_user_agent ~* (SemrushBot|python|MJ12bot|AhrefsBot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|DotBot|Baiduspider|spider)) {
+        return 444;
+    }
+    if ($http_referer ~* (lottery|shishissc)) {
+        return 444;
+    }
+    location = /robots.txt {
+        alias /code/web/norobots.txt;
+    }
+    location / {
+        limit_req zone=byip burst=100;
+        proxy_pass http://{{ip}}/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_set_header X-Request-Id $temp_request_id;
+        proxy_http_version 1.1;
+
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://([0-9a-z\-_]+\.)\.test\-rooter\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN,Cookie';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}
+# web jishuin
+server {
+    listen 80;
+    server_name {{domain}}.test-jishuin.proginn.com;
+
+    set $temp_request_id $http_x_request_id;
+    if ($temp_request_id = "") {
+        set $temp_request_id $request_id;
+    }
+    add_header 'X-Request-Id' "$temp_request_id";
+    access_log /data/log/jishuin-access.log proginn-logid;
+
+    if ($http_user_agent ~* (SemrushBot|python|MJ12bot|AhrefsBot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|DotBot|Baiduspider|spider)) {
+        return 444;
+    }
+    if ($http_referer ~* (lottery|shishissc)) {
+        return 444;
+    }
+    location / {
+        limit_req zone=byip burst=100;
+        proxy_pass http://{{ip}}/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_set_header X-Request-Id $temp_request_id;
+        proxy_http_version 1.1;
+
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://([0-9a-z\-_]+\.)\.test\-jishuin\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN,Cookie';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}
+# web festival
+server {
+    listen 80;
+    server_name {{domain}}.test-festival.proginn.com;
+
+    set $temp_request_id $http_x_request_id;
+    if ($temp_request_id = "") {
+        set $temp_request_id $request_id;
+    }
+    add_header 'X-Request-Id' "$temp_request_id";
+    access_log /data/log/jishuin-access.log proginn-logid;
+
+    if ($http_user_agent ~* (SemrushBot|python|MJ12bot|AhrefsBot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|DotBot|Baiduspider|spider)) {
+        return 444;
+    }
+    if ($http_referer ~* (lottery|shishissc)) {
+        return 444;
+    }
+    location / {
+        limit_req zone=byip burst=100;
+        proxy_pass http://{{ip}}/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header Origin $http_origin;
+        proxy_set_header X-Request-Id $temp_request_id;
+        proxy_http_version 1.1;
+
+        #=========================CORS nginx配置=============================
+        if ($http_origin ~* (https?://([0-9a-z\-_]+\.)\.test\-festival\.proginn\.com(:[0-9]+)?)$) {
+            set $cors "true";
+        }
+        if ($request_method = 'OPTIONS') {
+            set $cors "${cors}options";
+        }
+        if ($request_method = 'GET') {
+            set $cors "${cors}get";
+        }
+        if ($request_method = 'POST') {
+            set $cors "${cors}post";
+        }
+        if ($cors = "trueget") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "truepost") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            add_header 'Access-Control-Allow-Credentials' 'true';
+        }
+        if ($cors = "trueoptions") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin";
+            # add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Credentials' 'true';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN,Cookie';
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain charset=UTF-8';
+            # return 204;
+            return 200;
+        }
+    }
+}

dockerfile/common.yml

@@ -0,0 +1,63 @@
+version: "3.5"
+services:
+  nginx:
+    image: "registry.cn-beijing.aliyuncs.com/lscgzwd/ubuntu18.04-php7:latest"
+    restart: always
+    command: /data/docker/shell/nginx-up.sh
+    ports:
+      - "8888:80"
+    networks:
+      proginn:
+        ipv4_address: 10.200.200.200
+    volumes:
+      - ../:/data/docker:ro
+      - /workspace/commonContainers/nginx:/data
+      - /workspace/commonContainers/nginx/conf.d:/etc/nginx/conf.d:ro
+      - /workspace/projects/proginn:/code:ro
+      - /workspace/projects/waf/src:/etc/nginx/conf/waf
+  mongodb:
+    restart: always
+    image: mongo:3.5
+    volumes:
+      - /workspace/commonContainers/mongodb/:/data/
+    networks:
+      proginn:
+        ipv4_address: 10.200.200.201
+  apidoc:
+    restart: always
+    image: branchzero/yapi
+    command: /bin/bash -c "[ ! -e /home/yapi/log/init.lock ] && npm run install-server && touch /home/yapi/log/init.lock; npm run start"
+    volumes:
+      - /workspace/commonContainers/yapi/:/home/yapi
+    networks:
+      proginn:
+        ipv4_address: 10.200.200.202
+  proginnScript:
+    image: registry.cn-beijing.aliyuncs.com/lscgzwd/ubuntu18.04-php7:latest
+    container_name: proginnScript
+    restart: always
+    volumes:
+      - ../:/data/docker
+      - /workspace/commonContainers/proginnScript/proginn:/code:rw
+      - /workspace/commonContainers/proginnScript/log/:/data/log
+      - /workspace/commonContainers/proginnScript:/data
+      - /workspace/proginn2/secrets:/data/secrets:ro
+      - /var/www/.ssh:/var/www/.ssh:ro
+      - /workspace/projects/waf/src:/etc/nginx/conf/waf
+    command: /data/docker/shell/proginn-script-up.sh
+    networks:
+      proginn:
+        ipv4_address: 10.200.200.204
+    ulimits:
+      nofile:
+        soft: "1048576"
+        hard: "1048576"
+    environment:
+      - PROGINN_BRANCH=dev
+      - ROOTER_BRANCH=dev
+      - PROGINN_FRONTEND_BRANCH=dev
+      - HOSTNAME=proginnScript
+networks:
+  proginn:
+    external: true
+    name: proginn

dockerfile/template.yml

@@ -0,0 +1,35 @@
+version: "3.5"
+services:
+  <containerName>:
+    image: registry.cn-beijing.aliyuncs.com/lscgzwd/ubuntu18.04-php7:latest
+    container_name: <containerName>
+    restart: always
+    volumes:
+      - ../:/data/docker
+      - /workspace/containers/<containerName>/proginn:/code:ro
+      - /workspace/containers/<containerName>/boss:/boss:rw
+      - /workspace/containers/<containerName>/proginn-frontend:/proginn-frontend:rw
+      - /workspace/containers/<containerName>/festival:/festival:rw
+      - /workspace/containers/<containerName>/log/:/var/log/nginx
+      - /workspace/containers/<containerName>/log/:/data/log
+      - /workspace/containers/<containerName>/log/pm2:/var/www/.pm2/
+      - /workspace/containers/<containerName>:/data
+      - /workspace/proginn2/secrets:/data/secrets
+      - /workspace/projects/waf/src:/etc/nginx/conf/waf
+    command: /data/docker/shell/container-up.sh
+    networks:
+      defaultbridge:
+        ipv4_address: <ip>
+    ulimits:
+      nofile:
+        soft: "1048576"
+        hard: "1048576"
+    environment:
+      - PROGINN_BRANCH=<proginn-branch>
+      - ROOTER_BRANCH=<rooter-branch>
+      - PROGINN_FRONTEND_BRANCH=<proginn-frontend-branch>
+      - HOSTNAME=<domain>
+networks:
+  proginn:
+    external: true
+    name: proginn

shell/container-code-update.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# 更新代码
+cd /code && git pull || git reset --hard FETCH_HEAD
+cd /code && git checkout $PROGINN_BRANCH
+cd /boss && git pull || git reset --hard FETCH_HEAD
+cd /boss && git checkout $ROOTER_BRANCH
+cd /proginn-frontend && git pull || git reset --hard FETCH_HEAD
+cd /proginn-frontend && git checkout $PROGINN_FRONTEND_BRANCH
+cd /proginn-frontend && current_git_branch_latest_id=`git rev-parse HEAD`
+current_git_branch_last_id=`cat /var/www/.proginn-frontend-commit-id`
+if [[ "$current_git_branch_latest_id" != "$current_git_branch_last_id" ]]; then
+    echo "$current_git_branch_latest_id" > /var/www/.proginn-frontend-commit-id
+    cd /proginn-frontend && npx yarn --registry=https://registry.npm.taobao.org install && npm run build
+    cd /proginn-frontend && pm2 delete all && pm2 start npm --name proginn-frontend -- run start
+fi

shell/container-up.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+echo "Asia/Shanghai" > /etc/timezone
+
+# 写入环境变量
+if grep -q -w "PROGINN_FRONTEND_BRANCH" /etc/environment; then
+else
+    echo "ENV=test" >> /etc/environment
+    echo "PROGINN_BRANCH=$PROGINN_BRANCH" >> /etc/environment
+    echo "ROOTER_BRANCH=$ROOTER_BRANCH" >> /etc/environment
+    echo "PROGINN_FRONTEND_BRANCH=$PROGINN_FRONTEND_BRANCH" >> /etc/environment
+fi
+
+# 同步nginx配置
+ln -f -s /data/docker/config/nginx/nginx.conf /etc/nginx/nginx.conf
+ln -f -s /data/config/nginx.conf /etc/nginx/conf.d/proginn.conf
+
+# 同步phpfpm配置
+ln -f -s /code/config/php7/web/pool.test.branch.conf /etc/php/7.2/fpm/pool.d/www.conf
+
+# sync cron
+cp /data/docker/config/crontab/container-code-up /etc/crontab
+
+# 更新代码
+su -c "cd /code && git pull || git reset --hard FETCH_HEAD" -s /bin/bash - www-data
+su -c "cd /code && git checkout $PROGINN_BRANCH" -s /bin/bash - www-data
+su -c "cd /boss && git pull || git reset --hard FETCH_HEAD" -s /bin/bash - www-data
+su -c "cd /boss && git checkout $ROOTER_BRANCH" -s /bin/bash - www-data
+su -c "cd /proginn-frontend && git pull || git reset --hard FETCH_HEAD" -s /bin/bash - www-data
+su -c "cd /proginn-frontend && git checkout $PROGINN_FRONTEND_BRANCH" -s /bin/bash - www-data
+
+# 初始化目录
+chown -R www-data:www-data /var/www
+if [[ ! -d "/data/phphub" ]]; then
+    mkdir /data/phphub
+fi
+cp -Rf /code/web/phphub/storage/* /data/phphub/
+chmod -R 0755 /data/phphub/
+chown -R www-data:www-data /data/phphub
+
+if [[ ! -d "/data/log" ]]; then
+    mkdir /data/log
+fi
+
+if [[ ! -d "/data/log/tmp" ]]; then
+    mkdir /data/log/tmp
+fi
+
+if [[ ! -d "/data/log/proginn_cache" ]]; then
+    mkdir /data/log/proginn_cache
+fi
+
+chown -R www-data:www-data /boss
+chmod -R 0755 /data/log
+chown -R www-data:www-data /data/log
+
+# ulimit
+ulimit -Hn 1048576
+ulimit -Sn 1048576
+ulimit -Hu 1048576
+ulimit -Su 1048576
+ulimit -S -c unlimited
+if grep -q -w "nofile          1048576" /etc/security/limits.conf; then
+else
+    sed -i "55a *               soft    nofile          1048576\n*               hard    nofile          1048576" /etc/security/limits.conf
+fi
+
+service php7.2-fpm start
+service nginx start
+cd /proginn-frontend
+chown -R www-data:www-data .
+su -c "cd /proginn-frontend && npx yarn --registry=https://registry.npm.taobao.org install && npm run build" -s /bin/bash - www-data
+su -c "cd /proginn-frontend && pm2 start npm --name proginn-frontend -- run start" -s /bin/bash - www-data
+tail -f /dev/null

shell/nginx-up.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+echo "Asia/Shanghai" > /etc/timezone
+echo "ENV=test" >> /etc/environment
+
+ln -f -s /data/docker/config/nginx/nginx.conf /etc/nginx/nginx.conf
+ln -f -s /data/docker/config/nginx/conf.d/yapi.conf /etc/nginx/sites-enabled/yapi.conf
+ln -f -s /data/docker/config/nginx/conf.d/git.conf /etc/nginx/sites-enabled/git.conf
+
+# ulimit
+ulimit -Hn 1048576
+ulimit -Sn 1048576
+ulimit -Hu 1048576
+ulimit -Su 1048576
+ulimit -S -c unlimited
+if grep -q -w "nofile          1048576" /etc/security/limits.conf; then
+else
+    sed -i "55a *               soft    nofile          1048576\n*               hard    nofile          1048576" /etc/security/limits.conf
+fi
+
+service nginx restart
+tail -f /dev/null

shell/proginn-script-up.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+echo "Asia/Shanghai" > /etc/timezone
+# 写入环境变量
+if grep -q -w "PROGINN_BRANCH" /etc/environment; then
+else
+    echo "ENV=test" >> /etc/environment
+    echo "PROGINN_BRANCH=$PROGINN_BRANCH" >> /etc/environment
+    echo "ROOTER_BRANCH=$ROOTER_BRANCH" >> /etc/environment
+    echo "PROGINN_FRONTEND_BRANCH=$PROGINN_FRONTEND_BRANCH" >> /etc/environment
+fi
+
+# 更新代码
+su -c "cd /code && git pull || git reset --hard FETCH_HEAD" -s /bin/bash - www-data
+su -c "cd /code && git checkout $PROGINN_BRANCH" -s /bin/bash - www-data
+# 同步crontab
+cronfile=/code/config/php7/web/cron.test
+cp $cronfile /etc/crontab
+echo "*/2 * * * * www-data bash /data/docker/shell/script-code-update.sh\n" >> /etc/crontab
+
+# ulimit
+ulimit -Hn 1048576
+ulimit -Sn 1048576
+ulimit -Hu 1048576
+ulimit -Su 1048576
+ulimit -S -c unlimited
+if grep -q -w "nofile          1048576" /etc/security/limits.conf; then
+else
+    sed -i "55a *               soft    nofile          1048576\n*               hard    nofile          1048576" /etc/security/limits.conf
+fi
+# 启动定时脚本
+service cron restart
+
+# 队列
+for (( i = 0; i < 5; i++ )); do
+    su -c "QUEUE=highest,high,default,low,lowest COUNT=1 nohup php /code/web/bin/resque.php &" -s /bin/bash - www-data
+done
+php /code/web/bin/queue_check.php &
+tail /dev/null -f

shell/script-code-update.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# 更新代码
+su -c "cd /code && git pull || git reset --hard FETCH_HEAD" -s /bin/bash - www-data
+su -c "cd /code && git checkout $PROGINN_BRANCH" -s /bin/bash - www-data
+cd /code && current_git_branch_latest_id=`git rev-parse HEAD`
+current_git_branch_last_id=`cat /data/.proginn-commit-id`
+if [[ "$current_git_branch_latest_id" != "$current_git_branch_last_id" ]]; then
+    echo "$current_git_branch_latest_id" > /data/.proginn-commit-id
+    # 同步crontab
+    cronfile=/code/config/php7/web/cron.test
+    cp $cronfile /etc/crontab
+    echo "*/2 * * * * root bash /data/docker/shell/script-code-update.sh\n" >> /etc/crontab
+    # 启动定时脚本
+    service cron restart
+
+    # 队列
+    ps axu |grep resque.php | awk '{print $2}'|xargs kill -15
+    ps axu |grep resque.php | awk '{print $2}'|xargs kill -9
+    for (( i = 0; i < 5; i++ )); do
+        su -c "QUEUE=highest,high,default,low,lowest COUNT=1 nohup php /code/web/bin/resque.php &" -s /bin/bash - www-data
+    done
+fi