feat(traefik): 添加HTTPS支持并更新服务路由配置

- 在traefik配置中添加TLS证书支持
- 开放443端口用于HTTPS通信
- 更新各微服务的路由规则，使用PathPrefix代替Host匹配
- 为API路由添加路径前缀剥离中间件
- 添加SSL证书文件到项目

consul/config/prod/data-service.json

@@ -9,8 +9,11 @@
     "id": "data-service-1",
     "tags": [
       "traefik.enable=true",
-        "traefik.http.routers.data-service.rule=Host(\"data.aristockai.com\")",
-        "traefik.http.routers.data-service.entrypoints=web"
+      "traefik.http.routers.data-service.rule=PathPrefix(`/api/data`) || PathPrefix(`/api/public`)",
+      "traefik.http.routers.data-service.priority=100",
+      "traefik.http.routers.data-service.entrypoints=web",
+      "traefik.http.middlewares.data-service-stripprefix.stripprefix.prefixes=/api/data,/api/public",
+      "traefik.http.routers.data-service.middlewares=data-service-stripprefix@consulcatalog"
     ],
     "name": "data-service",
     "port": 8000

consul/config/prod/emotion-service.json

@@ -9,8 +9,10 @@
     "id": "emotion-service-1",
     "tags": [
         "traefik.enable=true",
-        "traefik.http.routers.emotion-service.rule=Host(\"emotion.aristockai.com\")",
-        "traefik.http.routers.emotion-service.entrypoints=web"
+        "traefik.http.routers.emotion-service.rule=PathPrefix(`/api/emotion`) || PathPrefix(`/api/sentiment`)",
+        "traefik.http.routers.emotion-service.entrypoints=web",
+        "traefik.http.middlewares.emotion-service-stripprefix.stripprefix.prefixes=/api/emotion,/api/sentiment",
+        "traefik.http.routers.emotion-service.middlewares=emotion-service-stripprefix@consulcatalog"
       ],
     "name": "emotion-service",
     "port": 8002

consul/config/prod/frontend.json

@@ -9,7 +9,8 @@
     "id": "frontend-1",
     "tags": [
         "traefik.enable=true",
-        "traefik.http.routers.frontend.rule=Host(\"aristockai.com\") || Host(\"www.aristockai.com\")",
+        "traefik.http.routers.frontend.rule=PathPrefix(`/`) || PathPrefix(`/index.html`) || PathPrefix(`/static`)",
+        "traefik.http.routers.frontend.priority=10",
         "traefik.http.routers.frontend.entrypoints=web"
       ],
     "name": "frontend",

consul/config/prod/quant-service.json

@@ -9,8 +9,10 @@
     "id": "quant-service-1",
     "tags": [
         "traefik.enable=true",
-        "traefik.http.routers.quant-service.rule=Host(\"quant.aristockai.com\")",
-        "traefik.http.routers.quant-service.entrypoints=web"
+        "traefik.http.routers.quant-service.rule=PathPrefix(`/api/quant`) || PathPrefix(`/api/strategy`)",
+        "traefik.http.routers.quant-service.entrypoints=web",
+        "traefik.http.middlewares.quant-service-stripprefix.stripprefix.prefixes=/api/quant,/api/strategy",
+        "traefik.http.routers.quant-service.middlewares=quant-service-stripprefix@consulcatalog"
       ],
     "name": "quant-service",
     "port": 8001

consul/config/prod/recommend-service.json

@@ -9,8 +9,10 @@
     "id": "recommend-service-1",
     "tags": [
         "traefik.enable=true",
-        "traefik.http.routers.recommend-service.rule=Host(\"recommend.aristockai.com\")",
-        "traefik.http.routers.recommend-service.entrypoints=web"
+        "traefik.http.routers.recommend-service.rule=PathPrefix(`/api/recommend`) || PathPrefix(`/api/suggest`)",
+        "traefik.http.routers.recommend-service.entrypoints=web",
+        "traefik.http.middlewares.recommend-service-stripprefix.stripprefix.prefixes=/api/recommend,/api/suggest",
+        "traefik.http.routers.recommend-service.middlewares=recommend-service-stripprefix@consulcatalog"
       ],
     "name": "recommend-service",
     "port": 8003

consul/config/prod/user-service.json

@@ -9,8 +9,10 @@
     "id": "user-service-1",
     "tags": [
         "traefik.enable=true",
-        "traefik.http.routers.user-service.rule=Host(\"user.aristockai.com\")",
-        "traefik.http.routers.user-service.entrypoints=web"
+        "traefik.http.routers.user-service.rule=PathPrefix(`/api/user`) || PathPrefix(`/api/auth`)",
+        "traefik.http.routers.user-service.entrypoints=web",
+        "traefik.http.middlewares.user-service-stripprefix.stripprefix.prefixes=/api/user,/api/auth",
+        "traefik.http.routers.user-service.middlewares=user-service-stripprefix@consulcatalog"
       ],
     "name": "user-service",
     "port": 8004

docker-compose.yml

@@ -30,10 +30,12 @@ services:
       - --configFile=/etc/traefik/traefik.yml
     ports:
       - "80:80"
+      - "443:443"
       - "8080:8080" # Traefik dashboard
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik/config/${TRAEFIK_CONFIG_DIR}/traefik.yml:/etc/traefik/traefik.yml
+      - ./traefik/certs:/etc/traefik/certs
     networks:
       - microservice-network
 

traefik/certs/cert.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIULhNAPQNIE+da1BmK/iUIJHMEpdcwDQYJKoZIhvcNAQEL
+BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
+MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MB4XDTI1MDcxNzAxNDcwMFoXDTQwMDcxMzAxNDcwMFowYjEZMBcGA1UEChMQQ2xv
+dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
+BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA299gig6KEga4cEjyJ2OFvcodXDvG2+GZ50P7
+vJgI2tX4yCJeynq8rkB7hPGJj7nUCyPO2gOZCdzWrapYLFe9udPoePMk2rQTW/pv
+nrX7wmdV+ETa9KmeJA+oShLSPOfT9eYJ+6DcrF2F9Rj+GpijGstJNmmXgAczJbZV
+F32tJOWANT+7n9gQOPJJYr1oY9yrYLuTGQasVZx0ikXPexvCfncYfwcZH9+MQXSK
+2oSMeMjx4+jRe/4CCP8G3/q1KiEz8PXL9N6urJ111OeGxiWG2yBCxegZxVOmECNU
+oklDjJmKlwBIoXUcco9TNYkEIGSN3Qpr6RHB3i6bvsv1aGepbwIDAQABo4IBKjCC
+ASYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRK+tCx63O5SsPB1nQg+hrgtfMXHjAf
+BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
+MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
+YTArBgNVHREEJDAighAqLmFyaXN0b2NrYWkuY29tgg5hcmlzdG9ja2FpLmNvbTA4
+BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29tL29yaWdp
+bl9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAHXxDKrOIY57/9ro/PzFFiOgDFdf
+vtVbxUeNsZZo433sV27ZbUSSlu5qpuaY9SRI8q/aEhXIXhsUgBfbU9gkESx6Zpt3
+s7QR0a87lNKnu7BdBsK8WNMgIxVKKYhxwn0qxY0ko4Nro5r4eu+0zbJbZpB0EjR+
+30wkKwNdPCrYwuwrqf0Hvx7oHH7OSOPRpGOPf7KdF3hOZH+geyut26TGxzPQOku3
+Lif12iUSQL9M8TJgnNuBkGrLJivnrPcKBC3+OiY4+N2jHd0NV0B025rhy2JLlZ6n
+GWLSslvSJ+VYcixYCd7q6RZh6QHbmTqhVdacYIiEnt9MfmxGHFYuoDJAYVQ=
+-----END CERTIFICATE-----

traefik/certs/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDb32CKDooSBrhw
+SPInY4W9yh1cO8bb4ZnnQ/u8mAja1fjIIl7KeryuQHuE8YmPudQLI87aA5kJ3Nat
+qlgsV7250+h48yTatBNb+m+etfvCZ1X4RNr0qZ4kD6hKEtI859P15gn7oNysXYX1
+GP4amKMay0k2aZeABzMltlUXfa0k5YA1P7uf2BA48klivWhj3Ktgu5MZBqxVnHSK
+Rc97G8J+dxh/Bxkf34xBdIrahIx4yPHj6NF7/gII/wbf+rUqITPw9cv03q6snXXU
+54bGJYbbIELF6BnFU6YQI1SiSUOMmYqXAEihdRxyj1M1iQQgZI3dCmvpEcHeLpu+
+y/VoZ6lvAgMBAAECggEAN5ODbfIV4U+UkEFIAD/OPvZXLIipj8u7ILNU7stJNbNv
+MntJlYmnpq4C6sw41r0EhZpT/1R4ev84vmX36qF1AgM32FaxQpzQ5edsDmR2kiGX
+n+0boUs8f2X7xllyjdWVhKrUbCexj9oF8bmTBTr+w1eOFnRjSIfJXGd1o73vJYtr
+DWP4yIOR84aVnfv9R555FsJrrHfiCi1IqMmwGqTnjPxlAUGaNiM40o1BORnwCEqd
+Rya7a+6Poh0EtxdSNvJQefLt+Od41kAg4Mnmgz04FlNTEnxp0vOKNq4F3wBqRE3G
+rSdEXXs4V1FTAM2h693nEsieREEDb2iiczp0Bta7MQKBgQD8W+ms3RZSdFTbxSZH
+Rj2TsNjxP0SUSOmb9dcSwLLFfriRpivhbDnhwdWlEbHTjNAtjOKmhWPUwoUWo4rF
+kSlCXfhCPISoVv8+cLDwJSR6RFwLPwad14WoWTa46mp3NFMMwH/+oWtuAMQLhZzp
+z+sE19S6TTZOxRdzKTxxqbxq3wKBgQDfC3nEypYfmsXyI3z6OXsTAD6zBYHMWx8m
+GFFUjoF2zr23LywAupZAX3200EbwzJcs06S3CrFFhQXz2b+qRINWkYYS1C9Qfmqn
+G7kNb4R2mfGPWJbSbQuwFjF8LzM9y6kYSMhrXmmy2yHiy4k/wkl5jlIW4SvClfqz
+2SouGmAjcQKBgBKp/ZNSWqdIgUorv5P/5uf4aWMWSc0pw1VMjlaNt+sRXzcucgpf
+BbzjqBhoQZ2iyXbE97JXJTYEGPG+sLHB9ao55vWHIkyM+p20mfF43cTJL4GJbMTZ
+vsHfr0Nn2u3sCcRkrFK5v4dIOTec7yj/vqMCD3Kj6UNUIlLbFuRVKGFDAoGBAJRT
+D1Ec36R4ynXxv6SvIPdLzGZEnUKGvjoZJcyzT8jwRx1Qk1SQwGZimjfp4aM0irvW
+qszGoYh3o7O79EeIdEbXU2+mByjiSI6EUxVqOY6dZRRMd0/MEF+zAolw4gSQMQzj
+KdSs3mGAdBJcBBOQYkghqtloOC+YiTWcjv5Fr/UhAoGAHZNnuX6+OvAxf9l0fmAS
+zzeDIGNb3pMnPL1jiPzd4olA7rOsDtDhHe4bWsQZ7JgNlC8M1vRD2OH6rXqla+kk
+6QcRA4YIVkARXSVQUBeiaX+Pb0s+ryVk1ZtG2DHnrXdvrVNg21AdxrvB6eP9Y5C8
+PP2F6VN5eyIxyzORR5FVl/8=
+-----END PRIVATE KEY-----

traefik/config/prod/traefik.yml

@@ -8,6 +8,11 @@ entryPoints:
           scheme: https
   websecure:
     address: ":443"
+    http:
+      tls:
+        certificates:
+          - certFile: /etc/traefik/certs/cert.pem
+            keyFile: /etc/traefik/certs/key.pem
 
 
 providers: