51215903065
/
DaseTalentDocs
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
36 MiB
 
 
 
 
Tree: 8076c39854
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8076c39854'
${ noResults }
DaseTalentDocs/域名&证书手册.md

3.3 KiB
Raw Blame History

证书在文件夹cert中,其中9085819__XXX的过期时间为2024年1月13日星期六 07:59:59

需要一年一换!!!

证书找水杉那边管理的同学要

1天梯证书部署:

/src 天梯项目目录

/src/cert 证书存放目录

/src/.env 天梯环境变量配置文件

步骤:

​ 1.将有效证书放入/src/cert中

​ 2.修改/src/.env文件:

...
NGINX_PORT=80

SSL_PORT=443


## 修改这两行中的文件名为新的有效证书名
SSL_CERTIFICATE_N=/app/certs/9085819__shuishan.net.cn.pem
SSL_CERTIFICATE_KEY_N=/app/certs/9085819__shuishan.net.cn.key

##

...

​ 3.sudo docker-compose stop && sudo docker-compose start 重启天梯项目

​ 4.访问mladder.shuishan.net.cn,检查是否可以访问

2 校场证书部署:

/jcdata 校场数据文件夹(以实际为准)

/jcdata/backend/ssl 证书存放目录

/jcdata/backend_app/deploy/nginx/nginx.conf nginx配置文件

步骤:

​ 1.将有效证书放入/jcdata/backend/ssl中

​ 2.修改/jcdata/backend_app/deploy/nginx/nginx.conf文件:

...
   server {
       listen 1443 ssl http2 default_server;
       server_name _;
       
       
       ssl_certificate /data/ssl/9085819__shuishan.net.cn.pem;
       ssl_certificate_key /data/ssl/9085819__shuishan.net.cn.key;
       这两行修改,/data/ssl是容器内的地址,/jcdata/backend/ssl -> /data/ssl
       修改后面的文件名就行
       
       
       ssl_protocols TLSv1.2;
       ssl_ciphers ...
   }

}

校场docker-compose.yml:

version: "3"
services:

  oj-redis:
    image: redis:4.0-alpine
    container_name: oj-redis
    restart: always
    volumes:
      - /jcdata/redis:/data
  
  oj-postgres:
    image: postgres:10-alpine
    container_name: oj-postgres
    restart: always
    volumes:
      - /data/jcdb:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=onlinejudge
      - POSTGRES_USER=onlinejudge
      - POSTGRES_PASSWORD=onlinejudge

  judge-server:
    image: dasetalent/judgeserver:v2.1
    container_name: judge-server
    restart: always
    read_only: true
    cap_drop:
      - SETPCAP
      - MKNOD
      - NET_BIND_SERVICE
      - SYS_CHROOT
      - SETFCAP
      - FSETID
    tmpfs:
      - /tmp
    volumes:
      - /jcdata/backend/test_case:/test_case:ro
      - /jcdata/judge_server/log:/log
      - /jcdata/judge_server/run:/judger
    environment:
      - SERVICE_URL=http://judge-server:8080
      - BACKEND_URL=http://oj-backend:8000/api/judge_server_heartbeat/
      - TOKEN=CHANGE_THIS
  
  oj-backend:
    image: registry.cn-shanghai.aliyuncs.com/shuishan-data/shuishan-oj-backend:aliyun
    container_name: oj-backend
    restart: always
    depends_on:
      - oj-redis
      - oj-postgres
      - judge-server
    volumes:
      - /jcdata/backend_app:/app
      - /jcdata/backend:/data
    environment:
      - POSTGRES_DB=onlinejudge
      - POSTGRES_USER=onlinejudge
      - POSTGRES_PASSWORD=onlinejudge
      - JUDGE_SERVER_TOKEN=CHANGE_THIS
      # - FORCE_HTTPS=1
      # - STATIC_CDN_HOST=cdn.oj.com
    ports:
      - "0.0.0.0:80:8000"
      - "0.0.0.0:443:1443"

​ 3.sudo docker-compose stop && sudo docker-compose start 重启校场

​ 4.访问judgefield.shuishan.net.cn,检查是否可以访问