From 6df4dc9542187b243123094d11d29e4accf0be01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E9=B8=BF=E5=AE=87?= Date: Mon, 19 May 2025 20:35:50 +0800 Subject: [PATCH 1/5] =?UTF-8?q?feat(dist):=20=E9=80=9A=E8=BF=87=20RPM=20?= =?UTF-8?q?=E5=AE=89=E8=A3=85=20Web=20=E6=9C=8D=E5=8A=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史鸿宇 --- build/linux/euler-copilot-web.spec | 72 +++++++++++++++++-------- build/linux/nginx.conf.local.tmpl | 86 ++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+), 21 deletions(-) create mode 100644 build/linux/nginx.conf.local.tmpl diff --git a/build/linux/euler-copilot-web.spec b/build/linux/euler-copilot-web.spec index 56979ee..5185268 100644 --- a/build/linux/euler-copilot-web.spec +++ b/build/linux/euler-copilot-web.spec @@ -35,6 +35,8 @@ Packager: openEuler BuildRequires: curl BuildRequires: zstd +Requires: nginx + %description openEuler 智能化解决方案 Web 前端 @@ -104,16 +106,31 @@ cat %{_sourcedir}/offline_node_modules-%{_electron_arch}.tar.zst.part0 \ > offline_node_modules-%{_electron_arch}.tar.zst if [ -f offline_node_modules-%{_electron_arch}.tar.zst ]; then - zstd -d offline_node_modules-%{_electron_arch}.tar.zst -c | tar -xf - + zstd -d offline_node_modules-%{_electron_arch}.tar.zst -c | tar -xf - fi # Install pnpm packages # pnpm install --offline -# Build the app +# Build Electron app pnpm run package:linux +# Clear dist directory +rm -rf dist +# Build Web app +pnpm run build + %install +# Web 主包安装 +mkdir -p %{buildroot}/usr/share/nginx/html +mkdir -p %{buildroot}/etc/nginx/conf.d +# 拷贝 dist 和 public 内容到 nginx html 目录 +cp -a %{_builddir}/%{name}-%{version}/dist/* %{buildroot}/usr/share/nginx/html/ +cp -a %{_builddir}/%{name}-%{version}/public/* %{buildroot}/usr/share/nginx/html/ +# 拷贝 nginx 配置到 /etc/nginx/conf.d/euler-copilot-web.conf +cp -a %{_builddir}/%{name}-%{version}/build/linux/nginx.conf.local.tmpl %{buildroot}/etc/nginx/conf.d/euler-copilot-web.conf + +# Electron 客户端安装 mkdir -p %{buildroot}/opt/Intelligence mkdir -p %{buildroot}/usr/share/applications # 创建图标目录 @@ -143,13 +160,18 @@ cp -a %{_builddir}/%{name}-%{version}/build/icons/512x512.png %{buildroot}/usr/s %files -# 主包(暂时留空) +# Web 主包安装内容 +%dir /usr/share/nginx +%dir /usr/share/nginx/html +%attr(0755, root, root) /usr/share/nginx/html +%attr(0644, root, root) /usr/share/nginx/html/** +%config(noreplace) /etc/nginx/conf.d/euler-copilot-web.conf %files -n euler-copilot-desktop # 应用安装目录及其所有内容 %dir /opt/Intelligence -%attr(0755, root, root) /opt/Intelligence/* +%attr(0755, root, root) /opt/Intelligence/** # 桌面与图标 %attr(0644, root, root) /usr/share/applications/euler-copilot-desktop.desktop %attr(0644, root, root) /usr/share/icons/hicolor/16x16/apps/euler-copilot-desktop.png @@ -163,6 +185,14 @@ cp -a %{_builddir}/%{name}-%{version}/build/icons/512x512.png %{buildroot}/usr/s %attr(0644, root, root) /usr/share/icons/hicolor/512x512/apps/euler-copilot-desktop.png +%post +#!/bin/bash +# Web 主包安装后,检测 nginx 服务,若已运行则重启,否则跳过 +if systemctl is-active --quiet nginx; then + systemctl restart nginx +fi + + %post -n euler-copilot-desktop -p /bin/sh #!/bin/bash @@ -203,23 +233,23 @@ fi # Unfortunately, at the moment AppArmor doesn't have a good story for backwards compatibility. # https://askubuntu.com/questions/1517272/writing-a-backwards-compatible-apparmor-profile if apparmor_status --enabled > /dev/null 2>&1; then - APPARMOR_PROFILE_SOURCE='/opt/Intelligence/resources/apparmor-profile' - APPARMOR_PROFILE_TARGET='/etc/apparmor.d/euler-copilot-desktop' - if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then - cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET" - - # Updating the current AppArmor profile is not possible and probably not meaningful in a chroot'ed environment. - # Use cases are for example environments where images for clients are maintained. - # There, AppArmor might correctly be installed, but live updating makes no sense. - if ! { [ -x '/usr/bin/ischroot' ] && /usr/bin/ischroot; } && hash apparmor_parser 2>/dev/null; then - # Extra flags taken from dh_apparmor: - # > By using '-W -T' we ensure that any abstraction updates are also pulled in. - # https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport - apparmor_parser --replace --write-cache --skip-read-cache "$APPARMOR_PROFILE_TARGET" + APPARMOR_PROFILE_SOURCE='/opt/Intelligence/resources/apparmor-profile' + APPARMOR_PROFILE_TARGET='/etc/apparmor.d/euler-copilot-desktop' + if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then + cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET" + + # Updating the current AppArmor profile is not possible and probably not meaningful in a chroot'ed environment. + # Use cases are for example environments where images for clients are maintained. + # There, AppArmor might correctly be installed, but live updating makes no sense. + if ! { [ -x '/usr/bin/ischroot' ] && /usr/bin/ischroot; } && hash apparmor_parser 2>/dev/null; then + # Extra flags taken from dh_apparmor: + # > By using '-W -T' we ensure that any abstraction updates are also pulled in. + # https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport + apparmor_parser --replace --write-cache --skip-read-cache "$APPARMOR_PROFILE_TARGET" + fi + else + echo "Skipping the installation of the AppArmor profile as this version of AppArmor does not seem to support the bundled profile" fi - else - echo "Skipping the installation of the AppArmor profile as this version of AppArmor does not seem to support the bundled profile" - fi fi @@ -237,7 +267,7 @@ APPARMOR_PROFILE_DEST='/etc/apparmor.d/euler-copilot-desktop' # Remove apparmor profile. if [ -f "$APPARMOR_PROFILE_DEST" ]; then - rm -f "$APPARMOR_PROFILE_DEST" + rm -f "$APPARMOR_PROFILE_DEST" fi diff --git a/build/linux/nginx.conf.local.tmpl b/build/linux/nginx.conf.local.tmpl new file mode 100644 index 0000000..7497358 --- /dev/null +++ b/build/linux/nginx.conf.local.tmpl @@ -0,0 +1,86 @@ +server { + listen 8080 default_server; + server_name _; + charset utf-8; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy "no-referrer"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; always"; + add_header Cache-Control "no-cache"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: base64;"; + + limit_conn limitperip 50; + + resolver 8.8.8.8 8.8.4.4 valid=60s; + resolver_timeout 5s; + + if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE)$) { + return 444; + } + + location ~ /\. { + deny all; + return 404; + } + + location / { + limit_req zone=ratelimit burst=50 nodelay; + root /usr/share/nginx/html; + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + return 404; + } + } + + location /copilot { + limit_req zone=ratelimit burst=50 nodelay; + alias /usr/share/nginx/html; + index index.html; + try_files $uri $uri/ /index.html; + } + + location /login { + limit_req zone=ratelimit burst=50 nodelay; + root /usr/share/nginx/html; + try_files $uri $uri/ /index.html; + } + + location /api/health_check { + deny all; + return 404; + } + + location /api/ { + proxy_set_header X-Forwarded-For $http_x_real_ip; + add_header Cache-Control "no-cache,no-store,must-revalidate"; + add_header X-Accel-Buffering no; + proxy_buffering off; + proxy_intercept_errors on; + + error_page 404 /404.html; + limit_req zone=ratelimit burst=15 nodelay; + proxy_read_timeout 500s; + proxy_connect_timeout 500s; + + proxy_pass http://127.0.0.1:8002/api/; + } + + error_page 401 402 403 405 406 407 413 414 /error.html; + error_page 404 /404.html; + error_page 500 501 502 503 504 505 /error.html; + + location = /404 { + return 404; + } + + location = /404.html { + root /usr/share/nginx/html; + internal; + } + + location = /error.html { + root /usr/share/nginx/html; + internal; + } +} -- Gitee From c03931be4f3bfb83abf7fe54894ddee14acc17ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E9=B8=BF=E5=AE=87?= Date: Mon, 19 May 2025 21:03:45 +0800 Subject: [PATCH 2/5] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20warning:=20File?= =?UTF-8?q?=20listed=20twice:=20/usr/share/nginx/html/*?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史鸿宇 --- build/linux/euler-copilot-web.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/build/linux/euler-copilot-web.spec b/build/linux/euler-copilot-web.spec index 5185268..a75a903 100644 --- a/build/linux/euler-copilot-web.spec +++ b/build/linux/euler-copilot-web.spec @@ -163,7 +163,6 @@ cp -a %{_builddir}/%{name}-%{version}/build/icons/512x512.png %{buildroot}/usr/s # Web 主包安装内容 %dir /usr/share/nginx %dir /usr/share/nginx/html -%attr(0755, root, root) /usr/share/nginx/html %attr(0644, root, root) /usr/share/nginx/html/** %config(noreplace) /etc/nginx/conf.d/euler-copilot-web.conf -- Gitee From 7d7372a5105c43dfd7df91b27f8672dc20ec6e84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E9=B8=BF=E5=AE=87?= Date: Tue, 20 May 2025 09:35:27 +0800 Subject: [PATCH 3/5] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0=20nginx=20?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=92=8C=E5=AE=89=E8=A3=85=E8=B7=AF=E5=BE=84?= =?UTF-8?q?=EF=BC=8C=E4=BF=AE=E5=A4=8D=20RPM=20=E6=96=87=E4=BB=B6=E5=86=B2?= =?UTF-8?q?=E7=AA=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史鸿宇 --- build/linux/euler-copilot-web.spec | 13 ++++++------- build/linux/nginx.conf.local.tmpl | 14 +++++++------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/build/linux/euler-copilot-web.spec b/build/linux/euler-copilot-web.spec index a75a903..d15956e 100644 --- a/build/linux/euler-copilot-web.spec +++ b/build/linux/euler-copilot-web.spec @@ -122,11 +122,11 @@ pnpm run build %install # Web 主包安装 -mkdir -p %{buildroot}/usr/share/nginx/html +mkdir -p %{buildroot}/usr/share/euler-copilot-web mkdir -p %{buildroot}/etc/nginx/conf.d -# 拷贝 dist 和 public 内容到 nginx html 目录 -cp -a %{_builddir}/%{name}-%{version}/dist/* %{buildroot}/usr/share/nginx/html/ -cp -a %{_builddir}/%{name}-%{version}/public/* %{buildroot}/usr/share/nginx/html/ +# 拷贝 dist 和 public 内容到 euler-copilot-web 目录 +cp -a %{_builddir}/%{name}-%{version}/dist/* %{buildroot}/usr/share/euler-copilot-web/ +cp -a %{_builddir}/%{name}-%{version}/public/* %{buildroot}/usr/share/euler-copilot-web/ # 拷贝 nginx 配置到 /etc/nginx/conf.d/euler-copilot-web.conf cp -a %{_builddir}/%{name}-%{version}/build/linux/nginx.conf.local.tmpl %{buildroot}/etc/nginx/conf.d/euler-copilot-web.conf @@ -161,9 +161,8 @@ cp -a %{_builddir}/%{name}-%{version}/build/icons/512x512.png %{buildroot}/usr/s %files # Web 主包安装内容 -%dir /usr/share/nginx -%dir /usr/share/nginx/html -%attr(0644, root, root) /usr/share/nginx/html/** +%dir /usr/share/euler-copilot-web +%attr(0644, root, root) /usr/share/euler-copilot-web/** %config(noreplace) /etc/nginx/conf.d/euler-copilot-web.conf diff --git a/build/linux/nginx.conf.local.tmpl b/build/linux/nginx.conf.local.tmpl index 7497358..1dd03a3 100644 --- a/build/linux/nginx.conf.local.tmpl +++ b/build/linux/nginx.conf.local.tmpl @@ -26,23 +26,23 @@ server { location / { limit_req zone=ratelimit burst=50 nodelay; - root /usr/share/nginx/html; + root /usr/share/euler-copilot-web; try_files $uri $uri/ /index.html; - if (!-e $request_filename){ + if (!-e $request_filename) { return 404; } } location /copilot { limit_req zone=ratelimit burst=50 nodelay; - alias /usr/share/nginx/html; + alias /usr/share/euler-copilot-web; index index.html; try_files $uri $uri/ /index.html; } location /login { limit_req zone=ratelimit burst=50 nodelay; - root /usr/share/nginx/html; + root /usr/share/euler-copilot-web; try_files $uri $uri/ /index.html; } @@ -59,7 +59,7 @@ server { proxy_intercept_errors on; error_page 404 /404.html; - limit_req zone=ratelimit burst=15 nodelay; + limit_req zone=ratelimit burst=15 nodelay; proxy_read_timeout 500s; proxy_connect_timeout 500s; @@ -75,12 +75,12 @@ server { } location = /404.html { - root /usr/share/nginx/html; + root /usr/share/euler-copilot-web; internal; } location = /error.html { - root /usr/share/nginx/html; + root /usr/share/euler-copilot-web; internal; } } -- Gitee From 8dea914feae919d989948070dba9fc9bc66abe63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E9=B8=BF=E5=AE=87?= Date: Tue, 20 May 2025 09:47:18 +0800 Subject: [PATCH 4/5] fix(nginx): zero size shared memory zone MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史鸿宇 --- build/linux/nginx.conf.local.tmpl | 2 -- 1 file changed, 2 deletions(-) diff --git a/build/linux/nginx.conf.local.tmpl b/build/linux/nginx.conf.local.tmpl index 1dd03a3..a875735 100644 --- a/build/linux/nginx.conf.local.tmpl +++ b/build/linux/nginx.conf.local.tmpl @@ -10,8 +10,6 @@ server { add_header Cache-Control "no-cache"; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: base64;"; - limit_conn limitperip 50; - resolver 8.8.8.8 8.8.4.4 valid=60s; resolver_timeout 5s; -- Gitee From f58b3a045f8b80aae3f377ff81adba35a16f15e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E9=B8=BF=E5=AE=87?= Date: Tue, 20 May 2025 10:11:37 +0800 Subject: [PATCH 5/5] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0=20euler-copilot-w?= =?UTF-8?q?eb.spec=20=E5=92=8C=20nginx=20=E9=85=8D=E7=BD=AE=EF=BC=8C?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=96=87=E4=BB=B6=E6=8B=B7=E8=B4=9D=E5=92=8C?= =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=99=90=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史鸿宇 --- build/linux/euler-copilot-web.spec | 12 +++++------- build/linux/nginx.conf.local.tmpl | 10 ++++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/build/linux/euler-copilot-web.spec b/build/linux/euler-copilot-web.spec index d15956e..2a99210 100644 --- a/build/linux/euler-copilot-web.spec +++ b/build/linux/euler-copilot-web.spec @@ -114,8 +114,6 @@ fi # Build Electron app pnpm run package:linux -# Clear dist directory -rm -rf dist # Build Web app pnpm run build @@ -124,10 +122,8 @@ pnpm run build # Web 主包安装 mkdir -p %{buildroot}/usr/share/euler-copilot-web mkdir -p %{buildroot}/etc/nginx/conf.d -# 拷贝 dist 和 public 内容到 euler-copilot-web 目录 -cp -a %{_builddir}/%{name}-%{version}/dist/* %{buildroot}/usr/share/euler-copilot-web/ -cp -a %{_builddir}/%{name}-%{version}/public/* %{buildroot}/usr/share/euler-copilot-web/ -# 拷贝 nginx 配置到 /etc/nginx/conf.d/euler-copilot-web.conf +cp -a %{_builddir}/%{name}-%{version}/dist/. %{buildroot}/usr/share/euler-copilot-web/ +chmod -R a+rX %{buildroot}/usr/share/euler-copilot-web cp -a %{_builddir}/%{name}-%{version}/build/linux/nginx.conf.local.tmpl %{buildroot}/etc/nginx/conf.d/euler-copilot-web.conf # Electron 客户端安装 @@ -162,7 +158,9 @@ cp -a %{_builddir}/%{name}-%{version}/build/icons/512x512.png %{buildroot}/usr/s %files # Web 主包安装内容 %dir /usr/share/euler-copilot-web -%attr(0644, root, root) /usr/share/euler-copilot-web/** +%dir /usr/share/euler-copilot-web/assets +%attr(0644, root, root) /usr/share/euler-copilot-web/*.* +%attr(0644, root, root) /usr/share/euler-copilot-web/assets/* %config(noreplace) /etc/nginx/conf.d/euler-copilot-web.conf diff --git a/build/linux/nginx.conf.local.tmpl b/build/linux/nginx.conf.local.tmpl index a875735..a7a3d14 100644 --- a/build/linux/nginx.conf.local.tmpl +++ b/build/linux/nginx.conf.local.tmpl @@ -23,7 +23,6 @@ server { } location / { - limit_req zone=ratelimit burst=50 nodelay; root /usr/share/euler-copilot-web; try_files $uri $uri/ /index.html; if (!-e $request_filename) { @@ -32,14 +31,12 @@ server { } location /copilot { - limit_req zone=ratelimit burst=50 nodelay; alias /usr/share/euler-copilot-web; index index.html; try_files $uri $uri/ /index.html; } location /login { - limit_req zone=ratelimit burst=50 nodelay; root /usr/share/euler-copilot-web; try_files $uri $uri/ /index.html; } @@ -57,7 +54,6 @@ server { proxy_intercept_errors on; error_page 404 /404.html; - limit_req zone=ratelimit burst=15 nodelay; proxy_read_timeout 500s; proxy_connect_timeout 500s; @@ -81,4 +77,10 @@ server { root /usr/share/euler-copilot-web; internal; } + + location /assets/ { + alias /usr/share/euler-copilot-web/assets/; + expires 30d; + add_header Cache-Control public; + } } -- Gitee