config for reverse proxy deployment environment

certifications/sso.gzncloud.com.key

+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAnhfCjvqZMp3xaE2bPDnVtjAopPx+IwmJvBK5bkEoX726bPVe
+5HXwGnweMNbpVlEMQiswCEXAeM40xcovX08+qk+P+504QO3/F7yP3Do2jG1G2bzo
+QvlYaNNkxwg/e/pBZJz24RGFVbr0ggr5zeG9b0BmG7DhpznAp+RmwkgNRNaOvhN1
+Hvs3OUgy57wqNo8WSDPkz+0qnn4JQaU5RjwCNoLWbk/blgLG5WaHkVvDYmx/gNS8
+X95ejvqgzE1yirVq9gFKLxhGDTUTCcFB2+yI+VT+t0L1zPCqiAsckk2bQ7trZu7g
+uzgrn5pOIYTpobcmh8uR9H6AHzFU9T7+vHSKkwIDAQABAoIBABhO9PaBJ981k/IC
+xNTM28SIwSclP8vpYolNo7+FO00FYk3wqKeeTs3zubyuvvArxCPEej07ZG3u3wRu
+ozwXdj4/v5bjxMuPDMM8li45sTuEbfl654esyWBM6NkFtqU8hKOQ0xEmXYciGQiJ
+4YE7raIWl9y4JOpOogXuw7Ip3AhyazS0dEZdmPPgqrUiTiiuENvDEg4fvPRr4Dbi
+YAvU2q2/kxYxDo37Jzb35GS/sKKOMk+/2h7LedcYlabs3idqJ1IPKIHVlh3zxvGt
+atNhIsTEY5AAq85YDyOzaPB8REbYw6W15MvcGL8iEhzMbu5zBA6VNTeSt9Ne+t4c
+VXKoPpECgYEA2LQ5eGdH1ocv7xClu1nssDmvYJaihx2ipaZy6mBCYUP6GsU8/OIT
+RVPe3j73ZBwFuMzeeWW/mc73Se0x1zrrP3/ILTwMc5/HkQpJHASIWqD9R2Zbnf2c
+706DRWHnZT2HgJX8wUgbXs4Nh13lgnlxA581VebRR5jpoMCieFOKfbsCgYEAusKz
+1I7NiUEhktPV5gJAp4C2UFFUUNVbNTLSAH7Cdns6iuPUlbcRVvzV2M/PuKqzx771
+OS4OmGEkbBi8uCNzharZTHsvl7RIhYsBpiOA/GCLVFSh12psnYh5N3/vZpgzZYhg
+ivef3w2VyerozZc93fiivRZ+XW9RyI1YBUeQ7QkCgYEAoCGtRhersg77kMDQdv0g
+Naiqu8kUGJwBkD7LM/4ljxJYQmf1hTjZ3KT5T2lgDg3W/JQG4dYaG2IgwfQQnGbh
+Z27ZUPPKj7ZGFhtvotCGodHM13H/yWObEAsIXcDW6Kzq8E3lFD5gW1IQFTOBYUS0
+CmUfWHbTtwB7w1oVtKym7fkCgYAUArSd+8cOA8qDHut2P5uJ1wKxzGUKXDHvm0hh
+ATP42e9F3m9yszDKb0DCgFGzaablqhJAVC0AKrhqVKQz3qiME+hAh5pr2MdEd8Zv
+dLJnWDjVilPk7uRAZNUIG08dYQVwxZICkdGxZpU8E01qaeAZHoDhXb2gaUMMCAj8
+V9SxcQKBgQC9UnmzPx61mYL9Ppw1kSasQ15fdo4U2ggX0pl2+NYitY3DX9c3R4aH
+2iruN+bO8K3vmduRPtYleXh5J644d+ygwaJV/nDQJf0K3hX3QQBc+1XlFebPpa+m
+xMO1hz37JJEogKnGgoLeqRhzY5Tw31tQtfdpPl++s6juG0iCvvp19Q==
+-----END RSA PRIVATE KEY-----

certifications/sso.gzncloud.com.pem

+-----BEGIN CERTIFICATE-----
+MIIFiDCCBHCgAwIBAgIQB6dYU3Q678lJf5Y7PeAkQTANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzEwHhcNMjAwMzAyMDAwMDAwWhcNMjEwMzAyMTIwMDAwWjAb
+MRkwFwYDVQQDExBzc28uZ3puY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnhfCjvqZMp3xaE2bPDnVtjAopPx+IwmJvBK5bkEoX726bPVe
+5HXwGnweMNbpVlEMQiswCEXAeM40xcovX08+qk+P+504QO3/F7yP3Do2jG1G2bzo
+QvlYaNNkxwg/e/pBZJz24RGFVbr0ggr5zeG9b0BmG7DhpznAp+RmwkgNRNaOvhN1
+Hvs3OUgy57wqNo8WSDPkz+0qnn4JQaU5RjwCNoLWbk/blgLG5WaHkVvDYmx/gNS8
+X95ejvqgzE1yirVq9gFKLxhGDTUTCcFB2+yI+VT+t0L1zPCqiAsckk2bQ7trZu7g
+uzgrn5pOIYTpobcmh8uR9H6AHzFU9T7+vHSKkwIDAQABo4ICczCCAm8wHwYDVR0j
+BBgwFoAUVXRPsnJP9WC6UNHX5lFcmgGHGtcwHQYDVR0OBBYEFLKBn2zWirPPo0uW
+C69hdD2XEKBoMBsGA1UdEQQUMBKCEHNzby5nem5jbG91ZC5jb20wDgYDVR0PAQH/
+BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBD
+MDcGCWCGSAGG/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
+dC5jb20vQ1BTMAgGBmeBDAECATCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9j
+YWNlcnRzLmRpZ2ljZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0Et
+RzEuY3J0MAkGA1UdEwQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQD2XJQv
+0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXCZgizyAAAEAwBGMEQCIFQN
+wEdGtezrMAx2OCpM0OR+vx65Dvmlbor8UoE9U6d3AiAytjLhemUIgioXUSRPSLE9
+zGWm2SjH4FSI4cOZ8AfcGgB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2
+xw7KAAABcJmCLUMAAAQDAEcwRQIhANMkLSl+sYsI+CIFvcYlcDePk9T2uih7XDqm
+3ARpqnctAiBI30AgjbOsA5s6YF8UQs7EPDAIqXljlitGaCadbdpYWTANBgkqhkiG
+9w0BAQsFAAOCAQEAoncwP3mYkflk1Fb7U99KUaYdgBU+gEiuEbklGvBff8oSEX4o
+AAlXEbUFaJ6sMFUV9X6+EFfjqHnzUhPjcxGP0DIiSwkHLEGNAJOwQbwmJ4wnHdnl
+SYqXoOrjKMISr7ueZaNc4ZN4+iYMl/u87o+RGd05PCAEV6Otn1yVD6yl9mBWGb27
+BjJvcgP00X5HCGaPVdT/OQEQ3mF6fnJ0Gqt58DbVOCZIhyjshmg8gaMLwnthTzFG
+LY7YWUuUpslzuR2jMp9KX8X7WyGYJEUK15QYUnGO+IOC1mkeaq1dOoELZHp3mJUH
++FNtPmMHQsud5Qhk1m+G3IrKrHNQkchsGD+ckg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
+oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
+lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
+pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
+yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
+wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
+pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
+BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
+SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
+M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
+4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
+sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
+rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
+-----END CERTIFICATE-----

certifications/ziti.gzncloud.com.key

+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAu12I59QzBBBLsgV4JGM78qIgbQ2DIb0y/XhNlxoB46D9pDxo
+NU5bIEdc5D4RcGbQUbZNWFgOT/NfQzzZplVOioY6YW4QhKwVT8P0i7HJhtrZ1RMj
+CmQ0WYWgqTCgeIvsBpXfKWltoLBykIHNEN2DTX3BJixxxzp2swsyN/qU0VlYyvVr
+R/D14p4Ut8O1Fax3y5r8AGefEs/uu7FzeN5pSToRRIrHWIVhoWwvqe/neH6oawvI
+JR/joD1tVfvFPZr6S7DH6qXY6k36eI1BDNaTcAyeB9rNqePl+wCGfZPpkvmShdD9
+Q9k9pnlAgzqLwRRFFfp+6EGOvwXxh7OyNmixuQIDAQABAoIBAQCN+5hmjYBHYQ3r
+jod3k5d3C3LlEOtBIv3D5Glvyq6Jz5LF5VzWoFUfxdRXxc0zT0Yn1a0Q+FGINpYG
+/tK0YErPYF5XPK/ZygmwU386aPSdc7TE6eaQ1lRxTnjsHURNdULbzrC40gLYVT3L
+0gES+bmpfFVk1yM1ZVFT5nUcxJAHf42dFNQI3OqVFEGd43rmZIxLZbBS3kRr3z+h
+k/JNuAGToVYT7pP70gcZLoUjbjZuMEGowPWcRagd5Izm6ZykkSnSD+DIC7c+/gSt
+xX6teILIGIugw9wq/b7PugKYGT/65vHUhnywR3KB7YV2YoBnGVeBKDLk2MyIp1Gf
+M65DuYEBAoGBAPnq8usVsgMoZHYnpSgenqMW50OIQpt62YgE7a/9my3LN+pIITea
+NdzoorrbKbMIQODEPTFCnENEtKI2b/x2JIAKC2CrDSCrCc6SwVQ1laAvvZS5nUub
+89qVX7AWp1iEGF5jYEEnrBxut6SpVT4aQVS2lz6N7zsFyDEwZgp0DVgZAoGBAL/s
+3lrokHKPV/Y2peETXeFoTb2XGygb7PXWFPoo2ibEUc4MwTFL0DuYdqi989cqnNgt
+egN+etc4yGTLRg2f/nKHPzthx76zzvrnJB2HDiTM9ZkLRcGGiywgjj4hYImib0Jq
+eJrg7p/biv4GEnHLKo5g3Q1zEjM4efurYCng19qhAoGBAMYd475Kr5hjP+iOmxWH
+2HgvItvdO/gnViTGy2nVYFvYGpZl4bdDT2m1HbOFI7RiWZQU3PGc/WUyJQPmpbX8
+Lgk2bTiPwNNh419X5VyNMfUPg3lP/4q9sX1ZJsbf3n+EEBFbNCXSflT3zCsDdajK
+hXnTWWhkef5PIhkkZe/ped6ZAoGAN6K8mnHMXck74H3a/DIXBt6rmogRMUFXIbSb
+hCEPjClg5XBBGL83b+80hpn586fAq9ITCqxBg95MCRv8BLsakayvIdGoi5moKIeU
+qpKaAQUBNQpVgFI2SeZuFYiraXqS8hfXOl52DhUgZ57u/dm9TmS578opvntisRfu
+2nT5XcECgYEAg067FlPJUNxd1brKk82fuQ782B5wyTe8EQNrYnhLEvs2JiavunK/
+48+XCEmUrz2K/2m839y1G0c4MnoyJYjqNskNlTk9EvDrS1CqmiLU5hxf8v4DM+JW
+5mfS0c/fVSm7h53wRW8Q6TJoVIxYr0Tbe3kH/YGbuE5RvnAsKY7sOv8=
+-----END RSA PRIVATE KEY-----

certifications/ziti.gzncloud.com.pem

+-----BEGIN CERTIFICATE-----
+MIIFjDCCBHSgAwIBAgIQAh1+RDt5WwAdeXBrkrarcDANBgkqhkiG9w0BAQsFADBu
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+RFYgVExTIENBIC0gRzEwHhcNMjAwMjI1MDAwMDAwWhcNMjEwMjI0MTIwMDAwWjAc
+MRowGAYDVQQDExF6aXRpLmd6bmNsb3VkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALtdiOfUMwQQS7IFeCRjO/KiIG0NgyG9Mv14TZcaAeOg/aQ8
+aDVOWyBHXOQ+EXBm0FG2TVhYDk/zX0M82aZVToqGOmFuEISsFU/D9IuxyYba2dUT
+IwpkNFmFoKkwoHiL7AaV3ylpbaCwcpCBzRDdg019wSYsccc6drMLMjf6lNFZWMr1
+a0fw9eKeFLfDtRWsd8ua/ABnnxLP7ruxc3jeaUk6EUSKx1iFYaFsL6nv53h+qGsL
+yCUf46A9bVX7xT2a+kuwx+ql2OpN+niNQQzWk3AMngfazanj5fsAhn2T6ZL5koXQ
+/UPZPaZ5QIM6i8EURRX6fuhBjr8F8YezsjZosbkCAwEAAaOCAnYwggJyMB8GA1Ud
+IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSoBhBGl2XLp2d/
+lsCE64UXSotPuTAcBgNVHREEFTATghF6aXRpLmd6bmNsb3VkLmNvbTAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARF
+MEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
+ZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUH
+MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBKBggrBgEFBQcwAoY+aHR0cDov
+L2NhY2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25FdmVyeXdoZXJlRFZUTFND
+QS1HMS5jcnQwCQYDVR0TBAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALvZ
+37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABcHuUNEwAAAQDAEcwRQIg
+XG4V2zS8x81/RQJ2bP2a7A3g8VZspb6iXkiekjgyKZECIQC7K1Rjen5UFQ/8SD+e
+6rZTJjLVGUGOViKdHNrtQtuHqwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5Sy
+Xub2xw7KAAABcHuUNHgAAAQDAEgwRgIhANNbTiVSlxQSaw+7+OmtgIiSTf+sGNHi
+THuAnJsNm5KqAiEAmyPUGPNWCS+6nx9VrLMEU6VcdmiOGyGdku/UKtFVPvwwDQYJ
+KoZIhvcNAQELBQADggEBAIKwCGs4pg6ChqzRkUWvcXzndGNJI77mrxmdPUnZ9tUb
+s2x27iPacoLGzJO7qU/2ET4SQbegZj4zRgAkX6JBxLOttWgqW3eudaeT/RYLWlwd
+PuqCju8gkwCIesPoBUqHd3lON4Wm4k4ECPWU+AUA71K5jWP4suTrFmeeTCUMzHlK
+MPl5BxBsE6kCEUP4PMqAKFI3d4B6CUO7uOOG/CQE/CyI46NgvECHDEPr0WeaHv7I
+iBUD/jwpuPRQ9YN8TtewtsvH8zAAHsxuQYRo8QgzKvugJLf2zpvlp1t8FnE6uCt4
+LsndeNrut1ChxviAdR1gwW2S8I/xkdoiYmWxUqWyMmg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
+oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
+lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
+pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
+yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
+wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
+pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
+BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
+SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
+M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
+4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
+sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
+rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
+-----END CERTIFICATE-----

docker-compose.seeding.yml

@@ -80,14 +80,14 @@ services:
     depends_on:
       - "mysql"
     environment:
+      - ALLOWED_HOSTS=["sso.gzncloud.com"]
       - SECRET_KEY=1gboig1%1%ljuz_h0&8m%s84ybxz42z3w0pu50qi%mobo%poae
-      - ALLOWED_HOSTS=["sso.gzego.com"]
       - DB_NAME=sso
       - DB_USERNAME=sso
       - DB_PASSWORD=123456
       - DB_HOST=mysql
       - DB_PORT=3306
-      - CAS_SERVICES=["http://carbinet.gzego.com:8080/api/cas", "http://carbinet.gzego.com:8080/api/cas/logout"]
+      - CAS_SERVICES=["https://ziti.gzncloud.com/api/cas", "https://ziti.gzncloud.com/api/cas/logout"]
     networks:
       - ego
     command: ["./wait-for-it.sh", "mysql:3306", "--", "python", "./manage.py", "migrate"]
@@ -103,13 +103,13 @@ services:
       - "mysql"
     environment:
       - SECRET_KEY=1gboig1%1%ljuz_h0&8m%s84ybxz42z3w0pu50qi%mobo%poae
-      - ALLOWED_HOSTS=["sso.gzego.com"]
+      - ALLOWED_HOSTS=["sso.gzncloud.com"]
       - DB_NAME=sso
       - DB_USERNAME=sso
       - DB_PASSWORD=123456
       - DB_HOST=mysql
       - DB_PORT=3306
-      - CAS_SERVICES=["http://carbinet.gzego.com:8080/api/cas", "http://carbinet.gzego.com:8080/api/cas/logout"]
+      - CAS_SERVICES=["https://ziti.gzncloud.com/api/cas", "https://ziti.gzncloud.com/api/cas/logout"]
     networks:
       - ego
     command: ["./wait-for-it.sh", "mysql:3306", "--", "python", "./manage.py", "createsuperuser"]

docker-compose.yml

@@ -22,15 +22,13 @@ services:
       - DATABASE_URL=mysql+pymysql://carbinet:123456@mysql/carbinet
       - REDIS_HOST=redis
       - ALI_IOT_AMQP_CLIENT_ID=carbinet
-      - CAS_SERVER=http://sso.gzego.com:8080
-      - CAS_REDIRECT_FRONTEND=http://carbinet.gzego.com:8080/#/cas_user
-    extra_hosts:
-      - "sso.gzego.com:192.168.43.52"
-    links:
-      - sso_production:sso
+      - CAS_SERVER=https://sso.gzncloud.com
+      - CAS_REDIRECT_FRONTEND=https://ziti.gzncloud.com/#/cas_user
+    # links:
+      # - nginx:sso.gzncloud.com
     networks:
       - ego
-    command: ["./wait-for-it.sh", "mysql:3306", "--", "gunicorn", "--log-file=-", "--worker-tmp-dir", "/dev/shm", "-w", "4", "-b", "0.0.0.0:80", "carbinet:create_app()"]
+    command: ["./wait-for-it.sh", "mysql:3306", "--", "gunicorn", "--log-level=debug", "--log-file=-", "--worker-tmp-dir", "/dev/shm", "-w", "4", "-b", "0.0.0.0:80", "carbinet:create_app()"]
   sso_production:
     build: ./sso
     ports:
@@ -39,22 +37,21 @@ services:
     image: gzego/sso:latest
     links:
       - mysql:mysql
-    extra_hosts:
-      - "carbinet.gzego.com:192.168.43.52"
+      # - carbinet_production:ziti.gzncloud.com
     depends_on:
       - "mysql"
     environment:
       - SECRET_KEY=1gboig1%1%ljuz_h0&8m%s84ybxz42z3w0pu50qi%mobo%poae
-      - ALLOWED_HOSTS=["sso.gzego.com"]
+      - ALLOWED_HOSTS=["sso.gzncloud.com"]
       - DB_NAME=sso
       - DB_USERNAME=sso
       - DB_PASSWORD=123456
       - DB_HOST=mysql
       - DB_PORT=3306
-      - CAS_SERVICES=["http://carbinet.gzego.com:8080/api/cas", "http://carbinet.gzego.com:8080/api/cas/logout"]
+      - CAS_SERVICES=["https://ziti.gzncloud.com/api/cas", "https://ziti.gzncloud.com/api/cas/logout"]
     networks:
       - ego
-    command: ["./wait-for-it.sh", "mysql:3306", "--", "gunicorn", "-w", "4", "-b", "0.0.0.0:80", "account.wsgi"]
+    command: ["./wait-for-it.sh", "mysql:3306", "--", "gunicorn", "--log-level=debug", "--log-file=-", "--worker-tmp-dir", "/dev/shm", "-w", "4", "-b", "0.0.0.0:80", "account.wsgi"]
   mysql:
     image: mysql:5.7
     container_name: ego-mysql
@@ -82,9 +79,13 @@ services:
       - carbinet_production:carbinet
       - sso_production:sso
     networks:
-      - ego
+      ego:
+        aliases:
+          - ziti.gzncloud.com
+          - sso.gzncloud.com
     ports: 
       - "443:443"
+      - "80:80"
 
 networks:
   ego:

nginx.conf

@@ -39,104 +39,106 @@ http {
     # for a TCP configuration
     # server 192.168.0.7:8000 fail_timeout=0;
   }
+
+  server {
+	  listen 80;
+	  listen [::]:80;
+	  server_name _;
+	  return 301 https://$host$request_uri$is_args$args;
+  }
   
   server {
      # use 'listen 80 deferred;' for Linux
      # use 'listen 80 accept_filter=httpready;' for FreeBSD
-     listen 443;
-     client_max_body_size 4G;
-
-     # ssl_certificate     /etc/nginx/cert/sso.gzncloud.com_chain.crt;
-     # ssl_certificate_key /etc/nginx/cert/sso.gzncloud.com.key;
-
-     # set the correct host(s) for your site
-     server_name sso.gzncloud.com;
-     keepalive_timeout 5;
-
-     # path for static files
-     root /usr/share/nginx/html/sso;
-     location ~ /static/* {
-         root /usr/share/nginx/html/sso;
-     }
-
-     location / {
-       # checks for static file, if not found proxy to app
-       try_files $uri @proxy_to_app;
-     }
-     location @proxy_to_app {
-       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-       proxy_set_header X-Forwarded-Proto $scheme;
-       proxy_set_header Host $http_host;
-       # we don't want nginx trying to do something clever with
-       # redirects, we set the Host: header above already.
-       proxy_redirect off;
-       proxy_pass http://sso;
-     }
-     error_page 500 502 503 504 /500.html;
-     location = /500.html {
-       root /usr/share/nginx/html/cas;
-     }
+    listen 443 ssl;
+    client_max_body_size 4G;
+
+    charset utf-8;
+    server_name sso.gzncloud.com;
+    ssl_certificate     /etc/nginx/cert/sso.gzncloud.com.pem;
+    ssl_certificate_key /etc/nginx/cert/sso.gzncloud.com.key;
+
+    ssl_session_timeout  5m;    #缓存有效期
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
+    ssl_prefer_server_ciphers on;
+    
+    # set the correct host(s) for your site
+    keepalive_timeout 5;
+
+    # path for static files
+    root /usr/share/nginx/html/sso;
+    location ~ /static/* {
+        root /usr/share/nginx/html/sso;
+    }
+
+    location / {
+      # checks for static file, if not found proxy to app
+      try_files $uri @proxy_to_app;
+    }
+    location @proxy_to_app {
+      proxy_set_header   Host                 $host;
+      proxy_set_header   X-Real-IP            $remote_addr;
+      proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+      proxy_set_header   X-Forwarded-Proto    $scheme;
+
+      # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      # proxy_set_header X-Forwarded-Proto $scheme;
+      # proxy_set_header Host $http_host;
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+      proxy_pass http://sso;
+    }
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /usr/share/nginx/html/cas;
+    }
   }
 
   server {
-      listen       443;
-      server_name  ziti.gzncloud.com;
-
-      # ssl_certificate     /etc/nginx/cert/ziti.gzncloud.com.pem;
-      # ssl_certificate_key /etc/nginx/cert/ziti.gzncloud.com.key;
-      #charset koi8-r;
-      #access_log  /var/log/nginx/host.access.log  main;
-      root   /usr/share/nginx/html/carbinet;
-
-      location / {
-          index  index.html index.htm;
-      }
-
-      location ~ /static/* {
-      }
-
-      location = /cas_user {
-          try_files $uri /index.html;
-      }
-
-      #error_page  404              /404.html;
-
-      # redirect server error pages to the static page /50x.html
-      #
-      error_page   500 502 503 504  /50x.html;
-      location = /50x.html {
-      }
-
-      # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-      #
-      location ~ /api/* {
-          try_files $uri @proxy_to_api;
-      }
-
-      location @proxy_to_api {
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $http_host;
-        # we don't want nginx trying to do something clever with
-        # redirects, we set the Host: header above already.
-        proxy_redirect off;
-        proxy_pass http://carbinet;
-      }
-      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-      #
-      #location ~ \.php$ {
-      #    root           html;
-      #    fastcgi_pass   127.0.0.1:9000;
-      #    fastcgi_index  index.php;
-      #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-      #    include        fastcgi_params;
-      #}
-
-      # deny access to .htaccess files, if Apache's document root
-      # concurs with nginx's one
-      #
-      #location ~ /\.ht {
-      #    deny  all;
-      #}
+    listen       443 ssl;
+    server_name  ziti.gzncloud.com;
+
+    charset utf-8;
+
+    ssl_certificate     /etc/nginx/cert/ziti.gzncloud.com.pem;
+    ssl_certificate_key /etc/nginx/cert/ziti.gzncloud.com.key;
+    ssl_session_timeout  5m;    #缓存有效期
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
+    ssl_prefer_server_ciphers on;
+    root   /usr/share/nginx/html/carbinet;
+
+    location / {
+        index  index.html index.htm;
+    }
+
+    location ~ /static/* {
+    }
+
+    location = /cas_user {
+        try_files $uri /index.html;
+    }
+
+    #error_page  404              /404.html;
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+    }
+
+    location ~ /api/* {
+        try_files $uri @proxy_to_api;
+    }
+
+    location @proxy_to_api {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+      proxy_pass http://carbinet;
+    }
   }
 }

pipeline.sh

@@ -47,6 +47,17 @@ seed() {
     docker-compose -f ./docker-compose.yml -f ./docker-compose.seeding.yml run sso_seed
 }
 
+down() {
+    docker-compose -f ./docker-compose.yml -f ./docker-compose.seeding.yml down
+}
+
+reset() {
+    down
+    migrate
+    seed
+    docker-compose up -d
+}
+
 if [ "$1" == "build" ]; then
     build
 elif [ "$1" == "migrate" ]; then
@@ -55,6 +66,10 @@ elif [ "$1" == "seed" ]; then
     seed
 elif [ "$1" == "deploy" ]; then
     docker-compose up -d
+elif [ "$1" == "reset" ]; then
+    reset
+elif [ "$1" == "down" ]; then
+    down
 elif [ "$1" == "all" ]; then
     build
     migrate