diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 00fc3c3..46dc66e 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -117,11 +117,12 @@ jobs: mkdir -p ${DEPLOY_PATH}/nginx/ssl # 如果SSL证书不存在,创建自签名证书(仅用于测试) - if [ ! -f ${DEPLOY_PATH}/nginx/ssl/cert.pem ] || [ ! -f ${DEPLOY_PATH}/nginx/ssl/key.pem ]; then + if [ ! -f ${DEPLOY_PATH}/nginx/ssl/fullchain.pem ] || [ ! -f ${DEPLOY_PATH}/nginx/ssl/privkey.pem ]; then echo "SSL证书不存在,创建自签名证书..." - openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -keyout ${DEPLOY_PATH}/nginx/ssl/key.pem \ - -out ${DEPLOY_PATH}/nginx/ssl/cert.pem \ + openssl req -x509 -nodes -days 365 \ + -newkey rsa:2048 \ + -keyout ${DEPLOY_PATH}/nginx/ssl/privkey.pem \ + -out ${DEPLOY_PATH}/nginx/ssl/fullchain.pem \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" echo "自签名证书创建完成" diff --git a/README.md b/README.md index 3de0ed9..e581362 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ API_URL 处理逻辑说明: 项目已集成Nginx服务,可以通过80端口(HTTP)和443端口(HTTPS)访问应用 使用docker-compose启动: -``` +```shell # 克隆仓库 git clone https://github.com/your-username/stock-scanner.git cd stock-scanner @@ -81,9 +81,10 @@ EOL mkdir -p nginx/ssl # 生成自签名SSL证书(仅用于测试环境) -openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -keyout nginx/ssl/key.pem \ - -out nginx/ssl/cert.pem \ +openssl req -x509 -nodes -days 365 \ + -newkey rsa:2048 \ + -keyout nginx/ssl/privkey.pem \ + -out nginx/ssl/fullchain.pem \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" @@ -91,18 +92,16 @@ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ docker-compose up -d ``` -启动后可通过以下方式访问应用: -- HTTP: http://你的域名或ip -- HTTPS: https://你的域名或ip - ### 使用自己的SSL证书 如果您有自己的SSL证书,可以替换自签名证书: 1. 将您的证书文件放在 `nginx/ssl/` 目录下 -2. 确保证书文件命名为 `cert.pem`,私钥文件命名为 `key.pem` +2. 确保证书文件命名为 `fullchain.pem`,私钥文件命名为 `privkey.pem` 3. 重启服务: `docker-compose restart nginx` +相关参考:[免费泛域名 SSL 证书申请及自动续期(使用 1Panel 面板)](https://bronya-zaychik.cn/archives/GenSSL.html) + ## Github Actions 部署 | 环境变量 | 说明 | @@ -120,7 +119,6 @@ docker-compose up -d - 股票分析仅供参考,不构成投资建议 - 使用前请确保网络连接正常 - 建议在实盘前充分测试 -- 使用HTTPS可以提高数据传输的安全性 ## 贡献 (Contributing) 欢迎提交 issues 和 pull requests! diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 5945eb5..929eb6d 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,3 +1,5 @@ +# 用于GitHub Actions自动化部署流程 + version: '3.8' services: diff --git a/docker-compose.yml b/docker-compose.yml index 887c40d..c691ccc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,5 @@ +# 本地开发和手动构建场景 + version: '3.8' services: diff --git a/nginx/nginx.conf b/nginx/nginx.conf index ae27942..671cc64 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -4,8 +4,8 @@ server { server_name localhost; # SSL证书配置 - ssl_certificate /etc/nginx/ssl/cert.pem; - ssl_certificate_key /etc/nginx/ssl/key.pem; + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;