 hailin
|
e761b65b6e
|
feat: add deployment scripts with SSL support for production
Backend deploy script (deploy/docker/deploy.sh):
- install: auto-generate .env with secure secrets (JWT, DB passwords, vault keys)
- up/down/restart: manage all services (infra + app + gateway)
- build/build-no-cache: Docker image management
- status/health: health checks for all 9 services + infrastructure
- migrate: TypeORM migration commands (run/generate/revert/schema-sync)
- infra-*: standalone infrastructure management (PostgreSQL + Redis)
- voice-*: voice service with GPU support (docker-compose.voice.yml overlay)
- start-svc/stop-svc/rebuild-svc: individual service operations
- ssl-init: obtain Let's Encrypt certificates for both domains independently
- ssl-up/ssl-down: start/stop with Nginx SSL reverse proxy
- ssl-renew/ssl-status: certificate renewal and status checks
Web Admin deploy script (it0-web-admin/deploy.sh):
- build/start/stop/restart/logs/status/clean commands
- auto-generates Dockerfile (Next.js multi-stage standalone build)
- auto-generates docker-compose.yml
- configurable API domain (default: it0api.szaiai.com)
SSL / Nginx configuration:
- nginx.conf: reverse proxy for both domains with HTTP->HTTPS redirect
- it0api.szaiai.com -> api-gateway:8000 (with WebSocket support)
- it0.szaiai.com -> web-admin:3000 (with Next.js HMR support)
- nginx-init.conf: HTTP-only config for initial ACME challenge verification
- ssl-params.conf: TLS 1.2/1.3, HSTS, security headers (Mozilla Intermediate)
- docker-compose.ssl.yml: Nginx + Certbot overlay with auto-renewal (12h cycle)
Domain plan:
- https://it0api.szaiai.com — API endpoint (backend services)
- https://it0.szaiai.com — Web Admin dashboard (frontend)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-02-09 17:44:27 -08:00 |