增加nginxssl证书配置示例

docker/app/Configuration/App.json

@@ -0,0 +1,38 @@
+{
+    "$schema": "https://gitee.com/dotnetchina/Furion/raw/net6/schemas/v3/furion-schema.json",
+
+    "Urls": "http://*:5050", // 配置默认端口
+    //"https_port": 44326,
+
+    "AllowedHosts": "*",
+
+    "AppSettings": {
+        "InjectSpecificationDocument": true // 生产环境是否开启Swagger
+    },
+    "DynamicApiControllerSettings": {
+        "DefaultRoutePrefix": "api", // 默认路由前缀
+        "CamelCaseSeparator": "", // 骆驼(驼峰)/帕斯卡命名分隔符
+        "LowercaseRoute": false, // 小写路由格式
+        "AsLowerCamelCase": true, // 启用小驼峰命名（首字母小写）
+        //"KeepVerb": false // 保留动作谓词
+        //"KeepName": true // 保留默认名称
+    },
+    "FriendlyExceptionSettings": {
+        "DefaultErrorMessage": "系统异常，请联系管理员",
+        "ThrowBah": true, // 是否将 Oops.Oh 默认抛出为业务异常
+        "LogError": false // 是否输出异常日志
+    },
+    "LocalizationSettings": {
+        "SupportedCultures": [ "zh-CN", "en-US" ], // 语言列表
+        "DefaultCulture": "zh-CN" // 默认语言
+    },
+    "CorsAccessorSettings": {
+        "WithExposedHeaders": [ "Content-Disposition", "X-Pagination", "access-token", "x-access-token" ], // 如果前端不代理且是axios请求
+        "SignalRSupport": true // 启用 SignalR 跨域支持
+    },
+    "Cryptogram": {
+        "CryptoType": "SM2", // 密码加密算法 MD5、SM2（国密）
+        "PublicKey": "04F6E0C3345AE42B51E06BF50B98834988D54EBC7460FE135A48171BC0629EAE205EEDE253A530608178A98F1E19BB737302813BA39ED3FA3C51639D7A20C7391A", // 公钥
+        "PrivateKey": "3690655E33D5EA3D9A4AE1A1ADD766FDEA045CDEAA43A9206FB8C430CEFE0D94" // 私钥
+    }
+}

docker/docker-compose.yml

@@ -5,9 +5,11 @@ services:
     image: nginx:1.20.2
     ports:
       - "9100:80"
+      - "9103:443"
     volumes:
       - "./nginx/dist:/usr/share/nginx/html"
       - "./nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "./nginx/key:/etc/nginx/key/"
     links:
       - adminNet
   mysql:

docker/nginx/conf/nginx.conf

@@ -21,10 +21,13 @@ http {
     gzip_disable   "MSIE [1-6]\.";
 
     server {
+	    listen       443 ssl;
         listen       80;
         server_name  localhost;
         charset utf-8;
-
+		ssl_certificate      /etc/nginx/key/server.pem;
+        ssl_certificate_key  /etc/nginx/key/server.key;
+        ssl_session_cache    shared:SSL:1m;
         location / {
             root   /usr/share/nginx/html;
             try_files $uri $uri/ /index.html;

docker/nginx/key/rootCA.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQC/fby+rsUFyQrH
+AFsD1rVmEMwJFZTaLfI1LqFmu9PQeVchHrULBs49NHZHsmZM1DRVGa/F/29HGZlh
+0rvzFZ9ufcWaKZzOuTw7nVSwtNqqaMmttBcdL7aSEH2TyKUNLTQir/NUEm4SI28Z
+q7jR0MnhtGMdht9UBPWTC1jdKRhZ5CvGZMKIFrXuYs9YNkNn63pSwaFXjcUEoots
+cX6i0uNXc20MqRiHkJKm/zdNwO5CVUTKs+T+09IabToc1pNQqAzsPNByn/IETfZQ
+GrwAW82tZFzq89ByzItioxkdzch7jYbXcru7cnbkFCt9lSDUPWqBxf/D6uDASFN+
+11w1vuF7AgMBAAECgf9T03Ldn+h9n9nTqf7YaxQw3jqVezJp6dU/tvbOm9D7YO+h
+Oq3kFMFE1pBGBcGPegA7hPIG/zEdu5+cmYGLPXR8cnBBYY+YqvV/8BtWDF41TBBS
+tcesy/H9/vXG3f2nC0Tpg/qJjt0o8WsXnownb0/f02zlbwMhb06Z7ghfDJ5YEAw+
+LrgMbqVbEKpUHNvlSTjTbvHLyOgvTQLMMLHK/K2Pqh77JbQ8uY9LxkPJaBTGY/nP
+Wwk7BY9OXlqwWLEg3XZDurUmMoJM3YY9Vn6SiGsaaE3oXF0S/aVCn3UE3z4WQs3o
+1HR0LQYNyeKesGn4LzbLfBi7nOjD2gw7m5f+kNECgYEA7Xtwmm/iYGBIuqQ6kVuV
+7TY8smQcjQmEt/vMz7RxehKzXPV9lLWefEREPRO5vUxxkgqyfLf83Qo0scDTXE7f
+9DS9WBr93b/p4mNGLOzTYrMsqi0b9JeK5qkUdo10ySKukQjkIoWGt84TMcpjGzkp
+6QQ4VcqHGMyDzq0yjkYTKPMCgYEAzmw8bezC0Hsd1wo6xayrU5g0cHuZVx4gHsBJ
+3DMuiV4paYh4YSIi+sYFiXfY5GaSo9MLz2irHqax7CF0kBQAnkimhRuLGknHnpL9
+OATZwxI4cUxj9JmSPHEQHke2+ORv4mGXXEFsti9ohQa1hgFERsDx0Hagct9MLh/y
+Qm7tB1kCgYEA3u3+sWsQNeqMu3BJboRsBGbiqY+i4Z6q0M913xEDaVW+vCfTQFMR
+uJOY/0DSHmpxPmf+T2ej3pejCa36e2+reiI8EEYeRBjQ5GzOxoN2l/OcnQ+Fa6EK
+iib0h6mYlOuStaGEDwgLg+XWTOoxCLArsIr+m0JoeZYasVwS1k3f1JMCgYBGVuOQ
+oakQ2aMlb7rvORN4fNkBq1xpLz7Ku8NvYZFuBcQezf4XO0aoJWolmc0ypzE42eWg
+W45T94GRcSUDI43CYgc8PFJ+Nr3q7zOSLzT1H/RTxzAYXWxTZEOVzeIvlcf6YD7v
+lOuyeR0ol0yrySq24XCFFKc//Y87+G7Y7GugoQKBgEtC3URF/I516wB0SBBdDajQ
+6Bv7t+2HRawoCrAr/ypwhfVpqVK/cR5ic1ZnKF+HWI6DAeXewX+oxqJ1qa8moR9f
+kAHccvmD7gNlT0S6Cu/GWXamQ2EbiqduoBIvZjMXXobQzVNUkWlJZcOuK6VP3OK/
+658W86CTTAkOaptkRKJ3
+-----END PRIVATE KEY-----

docker/nginx/key/rootCA.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIULdTDO28ZEBkePNYBqXBRD2Oi/4EwDQYJKoZIhvcNAQEL
+BQAwajELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDTALBgNVBAcMBExlaGkx
+GzAZBgNVBAoMEllvdXIgQ29tcGFueSwgSW5jLjELMAkGA1UECwwCSVQxEzARBgNV
+BAMMCnJvb3RjYS5jb20wIBcNMjMwMjEzMTIwMTA3WhgPMjEyMzAxMjAxMjAxMDda
+MGoxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ0wCwYDVQQHDARMZWhpMRsw
+GQYDVQQKDBJZb3VyIENvbXBhbnksIEluYy4xCzAJBgNVBAsMAklUMRMwEQYDVQQD
+DApyb290Y2EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv328
+vq7FBckKxwBbA9a1ZhDMCRWU2i3yNS6hZrvT0HlXIR61CwbOPTR2R7JmTNQ0VRmv
+xf9vRxmZYdK78xWfbn3Fmimczrk8O51UsLTaqmjJrbQXHS+2khB9k8ilDS00Iq/z
+VBJuEiNvGau40dDJ4bRjHYbfVAT1kwtY3SkYWeQrxmTCiBa17mLPWDZDZ+t6UsGh
+V43FBKKLbHF+otLjV3NtDKkYh5CSpv83TcDuQlVEyrPk/tPSGm06HNaTUKgM7DzQ
+cp/yBE32UBq8AFvNrWRc6vPQcsyLYqMZHc3Ie42G13K7u3J25BQrfZUg1D1qgcX/
+w+rgwEhTftdcNb7hewIDAQABo1MwUTAdBgNVHQ4EFgQUdiQRjsHS0UtFL2GvbO4w
+LdGsBuYwHwYDVR0jBBgwFoAUdiQRjsHS0UtFL2GvbO4wLdGsBuYwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe7m0BcWvIn1XBVcZMnpl3sUbv95d
+PMgP6i6A9Uz10ctqG6ArolkQyhDIDSZC1jTj+X1vqi7WZHCAF1VLXiboXQ7SuOid
+UTfK2SeqqJczZ1HeHvGc0zP692k5hKH/8orTnkGuhirEclKATxzQLq8ted352ntM
+Swf9xDUAauWRDmiVA3FJFsCQ2AkWSxpqgzs3y3Ti2wj3hVkOdVmAqDfMYj6nlh0O
+NP+lci8KGboeC879h1wtB+aob4ro7ysnIaq19PrvYMUUeIEWy6F8plfhp5WSCfR9
+aQ61VG/pSH/hKlJ0Tt9goBzbXOrQqxtNTCxXnyNjy08uOJro5q41GLk6Cw==
+-----END CERTIFICATE-----

docker/nginx/key/server.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICrzCCAZcCAQAwajELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDTALBgNV
+BAcMBExlaGkxGzAZBgNVBAoMEllvdXIgQ29tcGFueSwgSW5jLjELMAkGA1UECwwC
+SVQxEzARBgNVBAMMCnRlc3QtcmVkaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCwBqR84rO6u/68nBt3/N0WB15GzG98aYe/7CPZSeZmTx+2y86mX+G3
+V/ZHr3JqnyZ9M+OC5qfyAzSKCB9GMpmfXYuPefu/QHt/HlDFon3kFT9q9bQqpudC
+i5EElc+XEf0RKtt9buG+bU75gBP0XaJQ/v0GDEFG8VWssCVSh/zRieQPHynNUJrZ
+fF0hEOEwkrvSBgz412WzAMo5jslSTEW2WNYUrsw986IutWCP9REU8L0jQiU53jp7
+QHLIo55jJaCjrpaL6Zb55LIA8G8DxgX5zMRBpiE3S8iXup4pp8KQMj5O/8iZb47Y
++FD8c4VpapNvUXiohVZ2JfNG++lzfoU5AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC
+AQEAmIot1a3AwFUIDy/lYoArLHmIgD24XHTApOuQgIvIp2SNMCZXJ++nVRAuWc8s
+Dwvm8XzHIIY+Dnux0WF61wEKILWdCzkO7X5+DSnVHEJsJmrh69ZlolnDIQ6WWwFn
+HpaatvVM3DoPo0mLQzNsywDdp3XEhSF9WQtXyLrEsxnfwKxjalePT+IucuD7y/xQ
+p+zcodaXId1f9QBfWJK7OJGlgNZA29hhhsfzLi4IDAmu7gz3z4VmK47eSL4QrZPP
+EEyMKGf66bFLnuqeiqIvZMfUW/ZAEeA7bvL3GytEjThX0QxrXiipCJNlTSeGiQVw
+3vMLoVS3B77gk1Q+bFrIea39DA==
+-----END CERTIFICATE REQUEST-----

docker/nginx/key/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwBqR84rO6u/68
+nBt3/N0WB15GzG98aYe/7CPZSeZmTx+2y86mX+G3V/ZHr3JqnyZ9M+OC5qfyAzSK
+CB9GMpmfXYuPefu/QHt/HlDFon3kFT9q9bQqpudCi5EElc+XEf0RKtt9buG+bU75
+gBP0XaJQ/v0GDEFG8VWssCVSh/zRieQPHynNUJrZfF0hEOEwkrvSBgz412WzAMo5
+jslSTEW2WNYUrsw986IutWCP9REU8L0jQiU53jp7QHLIo55jJaCjrpaL6Zb55LIA
+8G8DxgX5zMRBpiE3S8iXup4pp8KQMj5O/8iZb47Y+FD8c4VpapNvUXiohVZ2JfNG
+++lzfoU5AgMBAAECggEALWNBFYyVAFDKMdLkyE8UqMH0nrfHBWLmpGecpMIH3RiI
+2mb53W96sX5GXBySmYh48a6n+tBDvMTzzqWifsS8VNnXiwLOlXVogpIMDLHF2UJb
+TFaXgqnvlnqLRY3lbZQvVzZgSxsErUfdJbtPKeLc4BqnnmAZktPWngT7UqkK2PJS
+ICsM2zKekXlmZM5BsiTE9wpr8sf+il3tZ6Qjbc4zNNZT2A0/o4M1yicRRyvIRafv
+qSn2YwVN0OWTHJl9Og32NDIWxVMTBmodz1ozkKoEsNirO35+EyYfgk3V10nrKDFG
+GNmMQ+Bm5x4rcpGjxZLRi3bR7Vhu7zIOjqT3tGN+WwKBgQDdc8T5ldJcVVnu1Qc6
+aDh0q7ZLUVL6WNHVltSuIdc4Ti9bKB9GaT0fTD8tOZA7AEEcIPS/bDrEuXQNlafK
+vJ4SOA+j3fZHO5/QVQ11oikU4grn1lLtL5AXziuni2j07K+eWAMyQji3ZTqeZ0BF
+az1g0hp9eHRd3tbGGfgiW8GE4wKBgQDLfKovCAfk4GD/1T4NhNkXQhMF78e5AnJn
+VGtzOup1hQsp6kd+H6DdrxHp1F/UjTnFNtiBTpn0z5nfUofQ9foeaW9Zdgd8KyzQ
+QgAnJEerMENqmau6G1F0MuyLuRX98MPYfhAe2hgGFM6WibNY2X+w+E1EdliMETkj
+VVWMVqSEMwKBgQC7waUW65UAXgky+oD3X1fGa7PSZfARe+7kxc4qmVyNS5TRF9J0
+c1O0ToQeBvknXQ7XF4YLKmslUgt4XRN3S7ZFwixYhh+Bw6a7DvGrc8KbBw+yAsAq
+gzILTO0sT4G8b1RyzzJekVDfBT/O/8G5WbQfe+Ojz9XxpLa6HViJYPxRewKBgGzW
++3g4hXBoi7mLZ6t3eV61WtN8E4njwyl9wBNcWfgN95Ct3Rua80Jf1+cIT1GzUEkq
+MtfHIRYOzLDkxfyA9Q27O3HQbeR+e3PROZ+2CheIsyabl3zuC71pV5jMoPS5CSgN
+FbZK1Tq7elyOvr0xaNlRlpKd8nLI65T4mc98sHZ9AoGAP1dNd7HTtujB1asu9BhB
+glmArau0+VK6wj2Z4fkRNQRfUK9aTShh3ncC36Yz/42yhsq4j/DXyFUHmYZSllc+
+aB6O87bu8U1Fl07RsojPl/rr9uUlaRFvl01lDb5ZkFblroJE6fBHs7btMXV5LMRw
+pNnhs3GZTdUSq2QBwnpBJ18=
+-----END PRIVATE KEY-----

docker/nginx/key/server.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkUCFBLO6MbB0GilC6mLepE/DhA/mvLKMA0GCSqGSIb3DQEBCwUAMGox
+CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMQ0wCwYDVQQHDARMZWhpMRswGQYD
+VQQKDBJZb3VyIENvbXBhbnksIEluYy4xCzAJBgNVBAsMAklUMRMwEQYDVQQDDApy
+b290Y2EuY29tMCAXDTIzMDIxMzEyMDEwN1oYDzIxMjMwMTIwMTIwMTA3WjBqMQsw
+CQYDVQQGEwJVUzENMAsGA1UECAwEVXRhaDENMAsGA1UEBwwETGVoaTEbMBkGA1UE
+CgwSWW91ciBDb21wYW55LCBJbmMuMQswCQYDVQQLDAJJVDETMBEGA1UEAwwKdGVz
+dC1yZWRpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAGpHzis7q7
+/rycG3f83RYHXkbMb3xph7/sI9lJ5mZPH7bLzqZf4bdX9kevcmqfJn0z44Lmp/ID
+NIoIH0YymZ9di495+79Ae38eUMWifeQVP2r1tCqm50KLkQSVz5cR/REq231u4b5t
+TvmAE/RdolD+/QYMQUbxVaywJVKH/NGJ5A8fKc1Qmtl8XSEQ4TCSu9IGDPjXZbMA
+yjmOyVJMRbZY1hSuzD3zoi61YI/1ERTwvSNCJTneOntAcsijnmMloKOulovplvnk
+sgDwbwPGBfnMxEGmITdLyJe6nimnwpAyPk7/yJlvjtj4UPxzhWlqk29ReKiFVnYl
+80b76XN+hTkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAvx/cdvUwYsJdxiEOnk4H
+bD8QMcqIuNmHuMimC6Wlz/NMOboV7W6jZqyrCnAg1LV35bhYmhBftbeldnblJcBV
+VLkKVz8RQNEScjzpRcX3QcPciYSSOBfjrlDOT8EM9xzk8SlbyN/tylQSAjXiB6Jc
+PlBulIKxbPRRaaRWYpkyVSJFItHItDeh/HcNK19ouZhgHoG0puFoLqkp5hK1M6Ht
+zhCHCrruU5XJwZtDxWSNO96N0gtRd7dH6uI/Ifm2c5Jfg2Cz4vUduN2Y4FGLUafM
+HhPrz9y5S4xRK8qSKhDiobIBLtCibBDvg2RR/O89lPqzgEFD//iX3tvEFncDLZCV
+bw==
+-----END CERTIFICATE-----

docker/nginx/key/ssl.sh

@@ -0,0 +1,6 @@
+openssl genrsa -out rootCA.key 2048
+openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.pem -subj "/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=rootca.com"
+openssl genrsa -out server.key 2048
+openssl req -new -key server.key -out server.csr -subj "/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=test-redis"
+openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.pem -days 36500 -sha256
+