改用新版方式注册，云端使用通配符证书

docker/registrar.sh

@@ -1,71 +1,82 @@
 #!/bin/sh
 set -eu
 
-: "${CONSUL_HTTP_ADDR:?need CONSUL_HTTP_ADDR}"
 : "${SERVICE_NAME:?need SERVICE_NAME}"
 : "${SERVICE_ADDR:?need SERVICE_ADDR}"
 : "${SERVICE_PORT:?need SERVICE_PORT}"
+: "${ROUTE_HOST:?need ROUTE_HOST}"
 
-SERVICE_ID="${SERVICE_ID:-${SERVICE_NAME}-${SERVICE_ADDR}-${SERVICE_PORT}}"
-SERVICE_TAGS="${SERVICE_TAGS:-}"
-CHECK_TYPE="${CHECK_TYPE:-tcp}"          # tcp|http
-CHECK_PATH="${CHECK_PATH:-/healthz}"     # http 模式才用
+CONSUL="${CONSUL_HTTP_ADDR:?need CONSUL_HTTP_ADDR}"
+SERVICE_PROTOCOL="${SERVICE_PROTOCOL:-http}"          # http | tcp
+CHECK_TYPE="${CHECK_TYPE:-tcp}"                       # http | tcp
+CHECK_PATH="${CHECK_PATH:-/}"
 CHECK_INTERVAL="${CHECK_INTERVAL:-10s}"
 CHECK_TIMEOUT="${CHECK_TIMEOUT:-2s}"
 DEREG_AFTER="${DEREG_AFTER:-1m}"
+TRAEFIK_HTTP_ENTRYPOINT="${TRAEFIK_HTTP_ENTRYPOINT:-websecure}"
+TRAEFIK_TCP_ENTRYPOINT="${TRAEFIK_TCP_ENTRYPOINT:-tcp}"
+# TRAEFIK_CERT_RESOLVER="${TRAEFIK_CERT_RESOLVER:-cf}"
 
-# 组装 Tags 的 JSON 数组
-if [ -n "$SERVICE_TAGS" ]; then
-  # 逗号分隔转 JSON 数组
-  TAGS_JSON=$(printf '%s' "$SERVICE_TAGS" | awk -F, '
-    BEGIN{printf "["}
-    {for(i=1;i<=NF;i++){gsub(/^ *| *$/, "", $i); printf "%s\"%s\"", (i>1?",":""), $i}}
-    END{printf "]"}
-  ')
+echo "[registrar] consul: $CONSUL, service: $SERVICE_NAME@$SERVICE_ADDR:$SERVICE_PORT"
+
+# 等云端 Consul Server 可用
+for i in $(seq 1 90); do
+  if wget -qO- "$CONSUL/v1/status/leader" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+
+ID="${SERVICE_NAME}-${SERVICE_ADDR}-${SERVICE_PORT}"
+
+# 组装 Traefik tags（ConsulCatalog）
+TAGS="traefik.enable=true"
+if [ "$SERVICE_PROTOCOL" = "http" ]; then
+  TAGS="$TAGS,traefik.http.routers.${SERVICE_NAME}.rule=Host(\`${ROUTE_HOST}\`)"
+  TAGS="$TAGS,traefik.http.routers.${SERVICE_NAME}.entrypoints=${TRAEFIK_HTTP_ENTRYPOINT}"
+  TAGS="$TAGS,traefik.http.routers.${SERVICE_NAME}.tls=true"
+  TAGS="$TAGS,traefik.http.services.${SERVICE_NAME}.loadbalancer.server.scheme=http"
+  TAGS="$TAGS,traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${SERVICE_PORT}"
+  # 可选：应用云端 dynamic.yml 的中间件
+  TAGS="$TAGS,traefik.http.routers.${SERVICE_NAME}.middlewares=gzip-all@file,security-headers@file"
+elif [ "$SERVICE_PROTOCOL" = "tcp" ]; then
+  TAGS="$TAGS,traefik.tcp.routers.${SERVICE_NAME}.rule=HostSNI(\`${ROUTE_HOST}\`)"
+  TAGS="$TAGS,traefik.tcp.routers.${SERVICE_NAME}.entrypoints=${TRAEFIK_TCP_ENTRYPOINT}"
+  TAGS="$TAGS,traefik.tcp.services.${SERVICE_NAME}.loadbalancer.server.port=${SERVICE_PORT}"
 else
-  TAGS_JSON="[]"
+  echo "unsupported SERVICE_PROTOCOL=$SERVICE_PROTOCOL" >&2; exit 2
 fi
 
-# 组装 Check JSON
+# 转 JSON 数组（按逗号拆分）
+to_json_array() { echo "$1" | awk -v RS=, 'NF{print "\""$0"\""}' | paste -sd, - | sed 's/^/[/' | sed 's/$/]/'; }
+TAGS_JSON="$(to_json_array "$TAGS")"
+
+# 健康检查 JSON
 if [ "$CHECK_TYPE" = "http" ]; then
   CHECK_JSON=$(cat <<EOF
-{
-  "Name": "http-${SERVICE_PORT}",
-  "HTTP": "http://${SERVICE_ADDR}:${SERVICE_PORT}${CHECK_PATH}",
-  "Method": "GET",
-  "Interval": "${CHECK_INTERVAL}",
-  "Timeout": "${CHECK_TIMEOUT}",
-  "DeregisterCriticalServiceAfter": "${DEREG_AFTER}"
-}
+{"Name":"http","HTTP":"http://${SERVICE_ADDR}:${SERVICE_PORT}${CHECK_PATH}","Interval":"${CHECK_INTERVAL}","Timeout":"${CHECK_TIMEOUT}","DeregisterCriticalServiceAfter":"${DEREG_AFTER}"}
 EOF
 )
 else
   CHECK_JSON=$(cat <<EOF
-{
-  "Name": "tcp-${SERVICE_PORT}",
-  "TCP": "${SERVICE_ADDR}:${SERVICE_PORT}",
-  "Interval": "${CHECK_INTERVAL}",
-  "Timeout": "${CHECK_TIMEOUT}",
-  "DeregisterCriticalServiceAfter": "${DEREG_AFTER}"
-}
+{"Name":"tcp","TCP":"${SERVICE_ADDR}:${SERVICE_PORT}","Interval":"${CHECK_INTERVAL}","Timeout":"${CHECK_TIMEOUT}","DeregisterCriticalServiceAfter":"${DEREG_AFTER}"}
 EOF
 )
 fi
 
-# 注册 payload
-cat > /tmp/service.json <<JSON
-{
-  "Name": "${SERVICE_NAME}",
-  "ID": "${SERVICE_ID}",
-  "Address": "${SERVICE_ADDR}",
-  "Port": ${SERVICE_PORT},
-  "Tags": ${TAGS_JSON},
-  "Checks": [ ${CHECK_JSON} ]
-}
-JSON
+# 写 service 定义并注册到"云端" Consul Server
+cat > /tmp/svc.json <<EOF
+{"service":{"id":"${ID}","name":"${SERVICE_NAME}","address":"${SERVICE_ADDR}","port":${SERVICE_PORT},"tags":${TAGS_JSON},"checks":[${CHECK_JSON}]}}
+EOF
 
-echo "[registrar] registering ${SERVICE_ID} -> ${SERVICE_ADDR}:${SERVICE_PORT} ..."
-curl -fsS -X PUT -d @/tmp/service.json "${CONSUL_HTTP_ADDR}/v1/agent/service/register"
-echo "[registrar] done."
-# 阻塞防退出（可选）
-tail -f /dev/null
+echo "[registrar] register ${ID} -\u003e ${CONSUL}"
+consul services register -http-addr="$CONSUL" /tmp/svc.json
+
+term() {
+  echo "[registrar] deregister ${ID}"
+  consul services deregister -http-addr="$CONSUL" /tmp/svc.json || true
+  exit 0
+}
+trap term TERM INT
+
+tail -f /dev/null