DaseTalentDocs/域名&证书手册.md

证书在文件夹cert中，其中9085819__XXX的过期时间为2024年1月13日星期六 07:59:59

需要一年一换！！！

证书找水杉那边管理的同学要

#### 1天梯证书部署：

/src                                             天梯项目目录

/src/cert                                     证书存放目录

/src/.env									天梯环境变量配置文件



步骤：

​	1.将有效证书放入/src/cert中

​	2.修改/src/.env文件:

```
...
NGINX_PORT=80

SSL_PORT=443


## 修改这两行中的文件名为新的有效证书名
SSL_CERTIFICATE_N=/app/certs/9085819__shuishan.net.cn.pem
SSL_CERTIFICATE_KEY_N=/app/certs/9085819__shuishan.net.cn.key

##

...
```

​	3.sudo docker-compose stop && sudo docker-compose start 重启天梯项目

​	4.访问mladder.shuishan.net.cn，检查是否可以访问





#### 2 校场证书部署：



/jcdata																			校场数据文件夹（以实际为准）

/jcdata/backend/ssl					 								证书存放目录

/jcdata/backend_app/deploy/nginx/nginx.conf	  nginx配置文件



步骤：

​	1.将有效证书放入/jcdata/backend/ssl中

​	2.修改/jcdata/backend_app/deploy/nginx/nginx.conf文件:

```
...
   server {
       listen 1443 ssl http2 default_server;
       server_name _;
       
       
       ssl_certificate /data/ssl/9085819__shuishan.net.cn.pem;
       ssl_certificate_key /data/ssl/9085819__shuishan.net.cn.key;
       这两行修改，/data/ssl是容器内的地址,/jcdata/backend/ssl -> /data/ssl
       修改后面的文件名就行
       
       
       ssl_protocols TLSv1.2;
       ssl_ciphers ...
   }

}
```

校场docker-compose.yml:

```
version: "3"
services:

  oj-redis:
    image: redis:4.0-alpine
    container_name: oj-redis
    restart: always
    volumes:
      - /jcdata/redis:/data
  
  oj-postgres:
    image: postgres:10-alpine
    container_name: oj-postgres
    restart: always
    volumes:
      - /data/jcdb:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=onlinejudge
      - POSTGRES_USER=onlinejudge
      - POSTGRES_PASSWORD=onlinejudge

  judge-server:
    image: dasetalent/judgeserver:v2.1
    container_name: judge-server
    restart: always
    read_only: true
    cap_drop:
      - SETPCAP
      - MKNOD
      - NET_BIND_SERVICE
      - SYS_CHROOT
      - SETFCAP
      - FSETID
    tmpfs:
      - /tmp
    volumes:
      - /jcdata/backend/test_case:/test_case:ro
      - /jcdata/judge_server/log:/log
      - /jcdata/judge_server/run:/judger
    environment:
      - SERVICE_URL=http://judge-server:8080
      - BACKEND_URL=http://oj-backend:8000/api/judge_server_heartbeat/
      - TOKEN=CHANGE_THIS
  
  oj-backend:
    image: registry.cn-shanghai.aliyuncs.com/shuishan-data/shuishan-oj-backend:aliyun
    container_name: oj-backend
    restart: always
    depends_on:
      - oj-redis
      - oj-postgres
      - judge-server
    volumes:
      - /jcdata/backend_app:/app
      - /jcdata/backend:/data
    environment:
      - POSTGRES_DB=onlinejudge
      - POSTGRES_USER=onlinejudge
      - POSTGRES_PASSWORD=onlinejudge
      - JUDGE_SERVER_TOKEN=CHANGE_THIS
      # - FORCE_HTTPS=1
      # - STATIC_CDN_HOST=cdn.oj.com
    ports:
      - "0.0.0.0:80:8000"
      - "0.0.0.0:443:1443"
```

​	3.sudo docker-compose stop && sudo docker-compose start 重启校场

​	4.访问judgefield.shuishan.net.cn，检查是否可以访问