feat(infra): migrate MinIO object storage to gateway server

将 MinIO 对象存储从内网服务器（192.168.1.222）迁移至入口网关服务器（192.168.1.200 / 14.215.128.96），作为独立基础设施部署。变更内容： backend/docker-compose.yml - 移除 minio 和 minio-init 服务（不再随后端栈启动） - admin-service 的 MINIO_ENDPOINT 改为 192.168.1.200，端口改为 9100 - 移除 admin-service 对 minio 服务的 depends_on 依赖 - 删除 minio_data docker volume 声明 infrastructure/minio/docker-compose.yml（新增） - MinIO 独立部署配置 - S3 API : 9100（映射容器内 9000） - Console : 9101（映射容器内 9001） - 数据持久化到宿主机 /data/minio infrastructure/minio/deploy.sh（新增） - 支持 up / down / status / init / logs 命令 - up 时自动创建全部 7 个 bucket： app-releases, kyc-documents, coupon-images, issuer-documents, sar-reports, avatars, exports - coupon-images / avatars 设为匿名可下载部署说明： # 在网关服务器上首次部署 cd infrastructure/minio && ./deploy.sh up # 查看状态 ./deploy.sh status 服务器现状： genex-minio 已在 14.215.128.96 上运行，所有 bucket 已初始化。 admin-service 已重启并指向新地址，文件上传恢复正常。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 00:03:01 -08:00 · 2026-03-07 00:03:01 -08:00 · 3b60fed078
parent 9ed0d7e739
commit 3b60fed078
3 changed files with 96 additions and 50 deletions
--- a/backend/docker-compose.yml
+++ b/backend/docker-compose.yml
@ -89,51 +89,9 @@ services:
    networks:
      - genex-network

-  # MinIO Object Storage (S3-compatible, multi-region replication support)
-  minio:
-    image: minio/minio:latest
-    container_name: genex-minio
-    environment:
-      MINIO_ROOT_USER: genex-admin
-      MINIO_ROOT_PASSWORD: genex-minio-secret
-    ports:
-      - "127.0.0.1:49000:9000"     # S3 API
-      - "127.0.0.1:49001:9001"     # Console UI
-    volumes:
-      - minio_data:/data
-    command: server /data --console-address ":9001"
-    healthcheck:
-      test: ["CMD", "mc", "ready", "local"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    restart: unless-stopped
-    networks:
-      - genex-network
-
-  # MinIO bucket initialization
-  minio-init:
-    image: minio/mc:latest
-    container_name: genex-minio-init
-    depends_on:
-      minio:
-        condition: service_healthy
-    entrypoint: >
-      /bin/sh -c "
-      mc alias set genex http://minio:9000 genex-admin genex-minio-secret;
-      mc mb --ignore-existing genex/kyc-documents;
-      mc mb --ignore-existing genex/coupon-images;
-      mc mb --ignore-existing genex/issuer-documents;
-      mc mb --ignore-existing genex/sar-reports;
-      mc mb --ignore-existing genex/avatars;
-      mc mb --ignore-existing genex/exports;
-      mc mb --ignore-existing genex/app-releases;
-      mc anonymous set download genex/coupon-images;
-      mc anonymous set download genex/avatars;
-      echo 'MinIO buckets initialized';
-      "
-    networks:
-      - genex-network
+  # MinIO has been migrated to the gateway server (192.168.1.200).
+  # Deployment: infrastructure/minio/deploy.sh
+  # API endpoint: 192.168.1.200:9100  Console: 192.168.1.200:9101

  # Debezium Kafka Connect (CDC - Change Data Capture)
  # 版本说明: 必须使用 2.5.1+ (修复 DBZ-7316: searchWalPosition 不推进 confirmed_flush_lsn, 导致 WAL 无限积压)
@ -395,8 +353,8 @@ services:
      - DB_USERNAME=genex
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_NAME=genex
-      - MINIO_ENDPOINT=minio
-      - MINIO_PORT=9000
+      - MINIO_ENDPOINT=192.168.1.200   # Gateway server — MinIO runs on 192.168.1.200:9100
+      - MINIO_PORT=9100
      - MINIO_ACCESS_KEY=genex-admin
      - MINIO_SECRET_KEY=genex-minio-secret
      - MINIO_BUCKET=app-releases
@ -404,8 +362,6 @@ services:
    depends_on:
      postgres:
        condition: service_healthy
-      minio:
-        condition: service_healthy
    networks:
      - genex-network

@ -601,7 +557,6 @@ volumes:
  postgres_data:
  redis_data:
  kafka_data:
-  minio_data:

 networks:
  genex-network:
--- a/infrastructure/minio/deploy.sh
+++ b/infrastructure/minio/deploy.sh
@ -0,0 +1,72 @@
+#!/bin/bash
+# MinIO deployment script
+# Target server: gateway server (192.168.1.200 / 14.215.128.96)
+# API port  : 9100 (S3-compatible)
+# Console   : 9101
+#
+# Usage: ./deploy.sh [up|down|status|init|logs]
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# All buckets used by backend microservices
+BUCKETS=(
+  app-releases       # admin-service  — APK/IPA packages
+  kyc-documents      # compliance-service — KYC verification files
+  coupon-images      # issuer-service — coupon artwork
+  issuer-documents   # issuer-service — prospectus / legal docs
+  sar-reports        # compliance-service — SAR export files
+  avatars            # user-service — profile pictures
+  exports            # clearing-service — finance report exports
+)
+
+# Buckets that should be publicly readable (no auth needed for download)
+PUBLIC_BUCKETS=(coupon-images avatars)
+
+_init_buckets() {
+  local user="${MINIO_ROOT_USER:-genex-admin}"
+  local pass="${MINIO_ROOT_PASSWORD:-genex-minio-secret}"
+
+  docker exec genex-minio mc alias set local http://localhost:9000 "$user" "$pass"
+
+  for bucket in "${BUCKETS[@]}"; do
+    docker exec genex-minio mc mb --ignore-existing "local/${bucket}"
+    echo "  bucket ready: ${bucket}"
+  done
+
+  for bucket in "${PUBLIC_BUCKETS[@]}"; do
+    docker exec genex-minio mc anonymous set download "local/${bucket}"
+    echo "  public download enabled: ${bucket}"
+  done
+}
+
+case "${1:-up}" in
+  up)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" up -d
+    echo "Waiting for MinIO to be ready..."
+    sleep 4
+    _init_buckets
+    echo ""
+    echo "MinIO is running:"
+    echo "  S3 API  : http://192.168.1.200:9100"
+    echo "  Console : http://192.168.1.200:9101"
+    ;;
+  down)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" down
+    ;;
+  status)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" ps
+    ;;
+  init)
+    # Re-create buckets without restarting the container
+    _init_buckets
+    ;;
+  logs)
+    docker compose -f "$SCRIPT_DIR/docker-compose.yml" logs -f
+    ;;
+  *)
+    echo "Usage: $0 [up|down|status|init|logs]"
+    exit 1
+    ;;
+esac
--- a/infrastructure/minio/docker-compose.yml
+++ b/infrastructure/minio/docker-compose.yml
@ -0,0 +1,19 @@
+services:
+  minio:
+    image: minio/minio
+    container_name: genex-minio
+    restart: unless-stopped
+    ports:
+      - "9100:9000"   # S3 API
+      - "9101:9001"   # Console
+    volumes:
+      - /data/minio:/data
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-genex-admin}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-genex-minio-secret}
+    command: server /data --console-address ':9001'
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 30s
+      timeout: 10s
+      retries: 3