hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(mobile-upgrade): 添加 Docker 和 Nginx 自动化部署配置 

- 添加 Dockerfile 多阶段构建配置
- 添加 docker-compose.yml 容器编排
- 添加 nginx 配置(域名: update.szaiai.com)
- 添加 scripts 运维脚本(deploy/build/start/stop/restart/logs/status/clean/health)
- 添加健康检查 API 端点 /api/health
- 添加 .env.production 生产环境配置

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Developer 2025-12-02 23:33:11 -08:00
parent 46379afd18
commit 1d602b819a
20 changed files with 1227 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
frontend/mobile-upgrade/.dockerignore Normal file
View File

@ -0,0 +1,56 @@
# 依赖目录
node_modules
.pnp
.pnp.js
# 构建产物
.next
out
build
dist
# 测试
coverage
.nyc_output
# 开发环境
.env.local
.env.development
.env.development.local
.env.test.local
# 编辑器和IDE
.idea
.vscode
*.swp
*.swo
*~
# 系统文件
.DS_Store
Thumbs.db
# Git
.git
.gitignore
# Docker
Dockerfile
docker-compose*.yml
.dockerignore
# 日志
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# 文档
README.md
CHANGELOG.md
docs
# 其他
.claude
temp_backup
nul

6
frontend/mobile-upgrade/.env.production Normal file
View File

@ -0,0 +1,6 @@
# API Configuration
NEXT_PUBLIC_API_URL=https://api.rwadurian.com/api
# Application Info
NEXT_PUBLIC_APP_NAME=RWADurian Mobile Upgrade
NEXT_PUBLIC_VERSION=1.0.0

56
frontend/mobile-upgrade/Dockerfile Normal file
View File

@ -0,0 +1,56 @@
# 阶段1: 依赖安装
FROM node:20-alpine AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
# 复制依赖文件
COPY package.json package-lock.json ./
# 安装依赖
RUN npm ci --only=production=false
# 阶段2: 构建
FROM node:20-alpine AS builder
WORKDIR /app
# 复制依赖
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# 设置环境变量
ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_ENV=production
# 构建应用
RUN npm run build
# 阶段3: 生产运行
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
# 安装 curl 用于健康检查
RUN apk add --no-cache curl
# 创建非 root 用户
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
# 复制构建产物
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
# 设置权限
USER nextjs
# 暴露端口
EXPOSE 3020
ENV PORT=3020
ENV HOSTNAME="0.0.0.0"
# 启动应用
CMD ["node", "server.js"]

216
frontend/mobile-upgrade/deploy.sh Normal file
View File

@ -0,0 +1,216 @@
#!/bin/bash
# RWADurian Mobile Upgrade 一键部署脚本
# 使用方法: ./deploy.sh [命令]
# 命令:
# build - 仅构建镜像
# start - 构建并启动服务
# stop - 停止服务
# restart - 重启服务
# logs - 查看日志
# clean - 清理容器和镜像
set -e
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 项目信息
PROJECT_NAME="rwadurian-mobile-upgrade"
IMAGE_NAME="rwadurian-mobile-upgrade"
CONTAINER_NAME="rwadurian-mobile-upgrade"
DEFAULT_PORT=3020
# 日志函数
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# 检查 Docker 是否安装
check_docker() {
if ! command -v docker &> /dev/null; then
log_error "Docker 未安装,请先安装 Docker"
exit 1
fi
if ! docker info &> /dev/null; then
log_error "Docker 服务未运行,请启动 Docker"
exit 1
fi
log_success "Docker 检查通过"
}
# 检查 Docker Compose 是否安装
check_docker_compose() {
if docker compose version &> /dev/null; then
COMPOSE_CMD="docker compose"
elif command -v docker-compose &> /dev/null; then
COMPOSE_CMD="docker-compose"
else
log_error "Docker Compose 未安装"
exit 1
fi
log_success "Docker Compose 检查通过 ($COMPOSE_CMD)"
}
# 构建镜像
build() {
log_info "开始构建 Docker 镜像..."
$COMPOSE_CMD build --no-cache
log_success "镜像构建完成"
}
# 启动服务
start() {
log_info "开始部署服务..."
# 检查端口是否被占用
PORT=${PORT:-$DEFAULT_PORT}
if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null 2>&1; then
log_warn "端口 $PORT 已被占用,尝试停止旧服务..."
stop
fi
# 构建并启动
$COMPOSE_CMD up -d --build
# 等待服务启动
log_info "等待服务启动..."
sleep 5
# 检查服务状态
if docker ps | grep -q $CONTAINER_NAME; then
log_success "服务部署成功!"
log_info "访问地址: http://localhost:$PORT"
else
log_error "服务启动失败,请查看日志: ./deploy.sh logs"
exit 1
fi
}
# 停止服务
stop() {
log_info "停止服务..."
$COMPOSE_CMD down
log_success "服务已停止"
}
# 重启服务
restart() {
log_info "重启服务..."
stop
start
}
# 查看日志
logs() {
$COMPOSE_CMD logs -f
}
# 清理
clean() {
log_info "清理容器和镜像..."
# 停止并删除容器
$COMPOSE_CMD down --rmi local --volumes --remove-orphans
# 删除悬空镜像
docker image prune -f
log_success "清理完成"
}
# 显示状态
status() {
log_info "服务状态:"
docker ps -a --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
}
# 显示帮助
show_help() {
echo ""
echo "RWADurian Mobile Upgrade 部署脚本"
echo ""
echo "使用方法: ./deploy.sh [命令]"
echo ""
echo "命令:"
echo " build 仅构建 Docker 镜像"
echo " start 构建并启动服务 (默认)"
echo " stop 停止服务"
echo " restart 重启服务"
echo " logs 查看服务日志"
echo " status 查看服务状态"
echo " clean 清理容器和镜像"
echo " help 显示此帮助信息"
echo ""
echo "环境变量:"
echo " PORT 服务端口 (默认: 3020)"
echo ""
echo "示例:"
echo " ./deploy.sh start # 默认端口 3020 启动"
echo " PORT=8080 ./deploy.sh start # 指定端口 8080 启动"
echo ""
}
# 主函数
main() {
# 切换到脚本所在目录
cd "$(dirname "$0")"
# 检查环境
check_docker
check_docker_compose
# 执行命令
case "${1:-start}" in
build)
build
;;
start)
start
;;
stop)
stop
;;
restart)
restart
;;
logs)
logs
;;
status)
status
;;
clean)
clean
;;
help|--help|-h)
show_help
;;
*)
log_error "未知命令: $1"
show_help
exit 1
;;
esac
}
main "$@"

25
frontend/mobile-upgrade/docker-compose.yml Normal file
View File

@ -0,0 +1,25 @@
services:
mobile-upgrade:
build:
context: .
dockerfile: Dockerfile
image: rwadurian-mobile-upgrade:latest
container_name: rwadurian-mobile-upgrade
restart: unless-stopped
ports:
- "${PORT:-3020}:3020"
environment:
- NODE_ENV=production
- NEXT_TELEMETRY_DISABLED=1
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3020/api/health"]
interval: 30s
timeout: 3s
retries: 3
start_period: 40s
networks:
- rwadurian-network
networks:
rwadurian-network:
driver: bridge

166
frontend/mobile-upgrade/nginx/README.md Normal file
View File

@ -0,0 +1,166 @@
# Nginx 配置说明
## 快速部署
### 前提条件
1. 一台 Ubuntu/Debian 服务器
2. 域名 `update.szaiai.com` 的 DNS A 记录已指向服务器 IP
3. 防火墙开放 80 和 443 端口
### 一键安装
```bash
# 1. 上传项目到服务器
scp -r ./mobile-upgrade user@server:/opt/
# 2. SSH 登录服务器
ssh user@server
# 3. 运行 Nginx 安装脚本
cd /opt/mobile-upgrade/nginx
sudo chmod +x install.sh
sudo ./install.sh
```
## 手动安装步骤
### 1. 安装 Nginx 和 Certbot
```bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx certbot python3-certbot-nginx
```
### 2. 配置防火墙
```bash
sudo ufw allow 'Nginx Full'
sudo ufw allow OpenSSH
sudo ufw enable
```
### 3. 创建 Nginx 配置
```bash
# 复制配置文件
sudo cp update.szaiai.com.conf /etc/nginx/sites-available/update.szaiai.com
# 启用站点
sudo ln -s /etc/nginx/sites-available/update.szaiai.com /etc/nginx/sites-enabled/
# 删除默认站点 (可选)
sudo rm /etc/nginx/sites-enabled/default
# 测试配置
sudo nginx -t
```
### 4. 申请 SSL 证书
```bash
# 创建验证目录
sudo mkdir -p /var/www/certbot
# 先创建临时 HTTP 配置用于验证
# (或使用 certbot --nginx 自动配置)
# 申请证书
sudo certbot certonly --webroot -w /var/www/certbot -d update.szaiai.com
# 或使用 Nginx 插件自动配置
sudo certbot --nginx -d update.szaiai.com
```
### 5. 重载 Nginx
```bash
sudo nginx -t && sudo systemctl reload nginx
```
## 证书管理
### 查看证书
```bash
sudo certbot certificates
```
### 手动续期
```bash
sudo certbot renew
```
### 测试续期
```bash
sudo certbot renew --dry-run
```
### 自动续期
Certbot 会自动创建 systemd timer 进行证书续期:
```bash
# 查看 timer 状态
sudo systemctl status certbot.timer
# 查看续期日志
sudo journalctl -u certbot
```
## 常用命令
```bash
# Nginx 状态
sudo systemctl status nginx
# 启动/停止/重启
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
# 重载配置 (不中断服务)
sudo systemctl reload nginx
# 测试配置语法
sudo nginx -t
# 查看访问日志
sudo tail -f /var/log/nginx/update.szaiai.com.access.log
# 查看错误日志
sudo tail -f /var/log/nginx/update.szaiai.com.error.log
```
## 文件结构
```
nginx/
├── README.md # 本文档
├── install.sh # 一键安装脚本
├── setup-ssl.sh # SSL 配置脚本
└── update.szaiai.com.conf # Nginx 站点配置
```
## 故障排除
### 1. 证书申请失败
- 确认域名 DNS 已正确解析到服务器 IP
- 确认 80 端口可访问
- 检查 `/var/www/certbot` 目录权限
### 2. 502 Bad Gateway
- 确认 Docker 容器正在运行: `docker ps`
- 确认应用监听 3020 端口: `curl localhost:3020`
### 3. 证书过期
```bash
# 手动续期
sudo certbot renew --force-renewal
sudo systemctl reload nginx
```

305
frontend/mobile-upgrade/nginx/install.sh Normal file
View File

@ -0,0 +1,305 @@
#!/bin/bash
# RWADurian Mobile Upgrade - Nginx 完整安装脚本
# 适用于全新 Ubuntu/Debian 服务器
set -e
DOMAIN="update.szaiai.com"
EMAIL="admin@szaiai.com" # 修改为你的邮箱
APP_PORT=3020
# 颜色
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# 检查 root 权限
check_root() {
if [ "$EUID" -ne 0 ]; then
log_error "请使用 root 权限运行: sudo ./install.sh"
exit 1
fi
}
# 步骤 1: 更新系统
update_system() {
log_info "步骤 1/6: 更新系统包..."
apt update && apt upgrade -y
log_success "系统更新完成"
}
# 步骤 2: 安装 Nginx
install_nginx() {
log_info "步骤 2/6: 安装 Nginx..."
apt install -y nginx
systemctl enable nginx
systemctl start nginx
log_success "Nginx 安装完成"
}
# 步骤 3: 安装 Certbot
install_certbot() {
log_info "步骤 3/6: 安装 Certbot..."
apt install -y certbot python3-certbot-nginx
log_success "Certbot 安装完成"
}
# 步骤 4: 配置 Nginx (HTTP)
configure_nginx_http() {
log_info "步骤 4/6: 配置 Nginx (HTTP 临时配置用于证书申请)..."
# 创建 certbot webroot 目录
mkdir -p /var/www/certbot
# 创建临时 HTTP 配置
cat > /etc/nginx/sites-available/$DOMAIN << EOF
# 临时 HTTP 配置 - 用于 Let's Encrypt 验证
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
# Let's Encrypt 验证目录
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 临时代理到应用
location / {
proxy_pass http://127.0.0.1:$APP_PORT;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
# 启用站点
ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/
# 删除默认站点 (可选)
rm -f /etc/nginx/sites-enabled/default
# 测试并重载
nginx -t && systemctl reload nginx
log_success "Nginx HTTP 配置完成"
}
# 步骤 5: 申请 SSL 证书
obtain_ssl_certificate() {
log_info "步骤 5/6: 申请 Let's Encrypt SSL 证书..."
# 检查域名解析
log_info "检查域名 $DOMAIN 解析..."
if ! host $DOMAIN > /dev/null 2>&1; then
log_warn "无法解析域名 $DOMAIN,请确保 DNS 已正确配置"
log_warn "继续尝试申请证书..."
fi
# 申请证书
certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email $EMAIL \
--agree-tos \
--no-eff-email \
-d $DOMAIN
log_success "SSL 证书申请成功"
}
# 步骤 6: 配置 Nginx (HTTPS)
configure_nginx_https() {
log_info "步骤 6/6: 配置 Nginx (HTTPS)..."
# 复制完整的 HTTPS 配置
cat > /etc/nginx/sites-available/$DOMAIN << 'NGINX_CONF'
# RWADurian Mobile Upgrade Nginx 配置
# 域名: update.szaiai.com
# HTTP 重定向到 HTTPS
server {
listen 80;
listen [::]:80;
server_name update.szaiai.com;
# Let's Encrypt 验证目录
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 重定向到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS 配置
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name update.szaiai.com;
# SSL 证书 (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/update.szaiai.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/update.szaiai.com/privkey.pem;
# SSL 配置优化
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# 现代加密套件
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
# 日志
access_log /var/log/nginx/update.szaiai.com.access.log;
error_log /var/log/nginx/update.szaiai.com.error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 反向代理到 Docker 容器
location / {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 健康检查端点
location /api/health {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
access_log off;
}
# 静态资源缓存
location /_next/static {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
add_header Cache-Control "public, max-age=31536000, immutable";
}
}
NGINX_CONF
# 测试并重载
nginx -t && systemctl reload nginx
log_success "Nginx HTTPS 配置完成"
}
# 配置证书自动续期
setup_auto_renewal() {
log_info "配置证书自动续期..."
# Certbot 会自动创建 systemd timer 或 cron job
# 测试续期
certbot renew --dry-run
log_success "证书自动续期已配置"
}
# 配置防火墙
configure_firewall() {
log_info "配置防火墙..."
if command -v ufw &> /dev/null; then
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw --force enable
log_success "UFW 防火墙已配置"
else
log_warn "未检测到 UFW请手动配置防火墙开放 80 和 443 端口"
fi
}
# 显示完成信息
show_completion() {
echo ""
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} 安装完成!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo -e "访问地址: ${BLUE}https://$DOMAIN${NC}"
echo ""
echo "常用命令:"
echo " 查看 Nginx 状态: systemctl status nginx"
echo " 重载 Nginx: systemctl reload nginx"
echo " 查看证书: certbot certificates"
echo " 手动续期: certbot renew"
echo " 查看日志: tail -f /var/log/nginx/$DOMAIN.access.log"
echo ""
}
# 主函数
main() {
echo ""
echo "============================================"
echo " RWADurian Mobile Upgrade - Nginx 安装脚本"
echo " 域名: $DOMAIN"
echo "============================================"
echo ""
check_root
update_system
install_nginx
install_certbot
configure_firewall
configure_nginx_http
echo ""
log_warn "请确保以下条件已满足:"
echo " 1. 域名 $DOMAIN 的 DNS A 记录已指向本服务器 IP"
echo " 2. Docker 应用已在端口 $APP_PORT 运行"
echo ""
read -p "是否继续申请 SSL 证书? (y/n): " confirm
if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
obtain_ssl_certificate
configure_nginx_https
setup_auto_renewal
show_completion
else
log_info "已跳过 SSL 配置,当前为 HTTP 模式"
log_info "稍后可运行: certbot --nginx -d $DOMAIN"
fi
}
main "$@"

201
frontend/mobile-upgrade/nginx/setup-ssl.sh Normal file
View File

@ -0,0 +1,201 @@
#!/bin/bash
# RWADurian Mobile Upgrade SSL 证书配置脚本
# 使用 Let's Encrypt 申请 SSL 证书
set -e
DOMAIN="update.szaiai.com"
EMAIL="admin@szaiai.com" # 修改为你的邮箱
NGINX_CONF="/etc/nginx/sites-available/$DOMAIN"
NGINX_ENABLED="/etc/nginx/sites-enabled/$DOMAIN"
CERTBOT_WEBROOT="/var/www/certbot"
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# 检查是否为 root
check_root() {
if [ "$EUID" -ne 0 ]; then
log_error "请使用 root 权限运行此脚本"
exit 1
fi
}
# 安装 Certbot
install_certbot() {
log_info "检查 Certbot 安装..."
if command -v certbot &> /dev/null; then
log_success "Certbot 已安装"
return
fi
log_info "安装 Certbot..."
# Ubuntu/Debian
if command -v apt &> /dev/null; then
apt update
apt install -y certbot python3-certbot-nginx
# CentOS/RHEL
elif command -v yum &> /dev/null; then
yum install -y epel-release
yum install -y certbot python3-certbot-nginx
else
log_error "不支持的系统,请手动安装 certbot"
exit 1
fi
log_success "Certbot 安装完成"
}
# 配置 Nginx (首次,无 SSL)
setup_nginx_initial() {
log_info "配置 Nginx (HTTP only用于证书申请)..."
# 创建临时配置文件(仅 HTTP
cat > "$NGINX_CONF" << 'EOF'
server {
listen 80;
listen [::]:80;
server_name update.szaiai.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
EOF
# 创建 certbot webroot 目录
mkdir -p "$CERTBOT_WEBROOT"
# 启用站点
ln -sf "$NGINX_CONF" "$NGINX_ENABLED"
# 测试并重载 Nginx
nginx -t && systemctl reload nginx
log_success "Nginx HTTP 配置完成"
}
# 申请 SSL 证书
obtain_certificate() {
log_info "申请 Let's Encrypt SSL 证书..."
certbot certonly \
--webroot \
--webroot-path="$CERTBOT_WEBROOT" \
--email "$EMAIL" \
--agree-tos \
--no-eff-email \
-d "$DOMAIN"
log_success "SSL 证书申请成功"
}
# 配置 Nginx (完整 HTTPS)
setup_nginx_ssl() {
log_info "配置 Nginx (HTTPS)..."
# 获取脚本所在目录
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# 复制完整配置
cp "$SCRIPT_DIR/update.szaiai.com.conf" "$NGINX_CONF"
# 测试并重载 Nginx
nginx -t && systemctl reload nginx
log_success "Nginx HTTPS 配置完成"
}
# 设置自动续期
setup_auto_renewal() {
log_info "配置证书自动续期..."
# 测试续期
certbot renew --dry-run
log_success "自动续期配置完成 (cron job 已由 certbot 自动创建)"
}
# 显示帮助
show_help() {
echo ""
echo "RWADurian Mobile Upgrade SSL 配置脚本"
echo ""
echo "使用方法: sudo ./setup-ssl.sh [命令]"
echo ""
echo "命令:"
echo " install 完整安装 (默认)"
echo " renew 手动续期证书"
echo " status 查看证书状态"
echo " help 显示帮助"
echo ""
echo "注意: 运行前请确保:"
echo " 1. 域名 DNS 已指向本服务器"
echo " 2. 防火墙已开放 80 和 443 端口"
echo " 3. Docker 应用已启动在 3020 端口"
echo ""
}
# 完整安装
full_install() {
check_root
install_certbot
setup_nginx_initial
obtain_certificate
setup_nginx_ssl
setup_auto_renewal
echo ""
log_success "=========================================="
log_success "SSL 配置完成!"
log_success "访问地址: https://$DOMAIN"
log_success "=========================================="
}
# 主函数
main() {
case "${1:-install}" in
install)
full_install
;;
renew)
check_root
certbot renew
systemctl reload nginx
;;
status)
certbot certificates
;;
help|--help|-h)
show_help
;;
*)
log_error "未知命令: $1"
show_help
exit 1
;;
esac
}
main "$@"

106
frontend/mobile-upgrade/nginx/update.szaiai.com.conf Normal file
View File

@ -0,0 +1,106 @@
# RWADurian Mobile Upgrade Nginx 配置
# 域名: update.szaiai.com
# 放置路径: /etc/nginx/sites-available/update.szaiai.com
# 启用: ln -s /etc/nginx/sites-available/update.szaiai.com /etc/nginx/sites-enabled/
# HTTP 重定向到 HTTPS
server {
listen 80;
listen [::]:80;
server_name update.szaiai.com;
# Let's Encrypt 验证目录
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 重定向到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS 配置
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name update.szaiai.com;
# SSL 证书 (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/update.szaiai.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/update.szaiai.com/privkey.pem;
# SSL 配置优化
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# 现代加密套件
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (可选,启用后请谨慎)
# add_header Strict-Transport-Security "max-age=63072000" always;
# 日志
access_log /var/log/nginx/update.szaiai.com.access.log;
error_log /var/log/nginx/update.szaiai.com.error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 反向代理到 Docker 容器
location / {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 健康检查端点
location /api/health {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
access_log off;
}
# 静态资源缓存
location /_next/static {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
add_header Cache-Control "public, max-age=31536000, immutable";
}
# 图片等静态资源
location ~* \.(ico|css|js|gif|jpeg|jpg|png|woff|woff2|ttf|svg|eot)$ {
proxy_pass http://127.0.0.1:3020;
proxy_http_version 1.1;
proxy_set_header Host $host;
expires 30d;
add_header Cache-Control "public, no-transform";
}
}

0
frontend/mobile-upgrade/public/.gitkeep Normal file
View File

7
frontend/mobile-upgrade/scripts/build.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# 构建 Docker 镜像
set -e
cd "$(dirname "$0")/.."
echo "构建 Docker 镜像..."
docker compose build --no-cache
echo "构建完成"

8
frontend/mobile-upgrade/scripts/clean.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# 清理容器、镜像和卷
set -e
cd "$(dirname "$0")/.."
echo "清理容器和镜像..."
docker compose down --rmi local --volumes --remove-orphans
docker image prune -f
echo "清理完成"

15
frontend/mobile-upgrade/scripts/deploy.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# 一键部署 (构建 + 启动)
set -e
cd "$(dirname "$0")/.."
echo "开始一键部署..."
echo ""
echo "步骤 1/2: 构建镜像..."
docker compose build --no-cache
echo ""
echo "步骤 2/2: 启动服务..."
docker compose up -d
echo ""
echo "部署完成!"
echo "访问地址: http://localhost:${PORT:-3020}"
echo "查看日志: ./scripts/logs.sh"

12
frontend/mobile-upgrade/scripts/health.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# 健康检查
cd "$(dirname "$0")/.."
echo "健康检查..."
response=$(curl -s http://localhost:${PORT:-3020}/api/health)
if [ $? -eq 0 ]; then
echo "服务健康"
echo "$response" | python3 -m json.tool 2>/dev/null || echo "$response"
else
echo "服务不可用"
exit 1
fi

5
frontend/mobile-upgrade/scripts/logs.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# 查看实时日志
cd "$(dirname "$0")/.."
echo "查看日志 (Ctrl+C 退出)..."
docker compose logs -f

7
frontend/mobile-upgrade/scripts/restart.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# 重启服务
set -e
cd "$(dirname "$0")/.."
echo "重启服务..."
docker compose restart
echo "服务已重启"

8
frontend/mobile-upgrade/scripts/start.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# 启动服务
set -e
cd "$(dirname "$0")/.."
echo "启动服务..."
docker compose up -d
echo "服务已启动"
echo "访问地址: http://localhost:${PORT:-3020}"

5
frontend/mobile-upgrade/scripts/status.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# 查看服务状态
cd "$(dirname "$0")/.."
echo "服务状态:"
docker compose ps

7
frontend/mobile-upgrade/scripts/stop.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# 停止服务
set -e
cd "$(dirname "$0")/.."
echo "停止服务..."
docker compose down
echo "服务已停止"

16
frontend/mobile-upgrade/src/app/api/health/route.ts Normal file
View File

@ -0,0 +1,16 @@
import { NextResponse } from 'next/server';
/**
* API
* Docker
*/
export async function GET() {
return NextResponse.json(
{
status: 'ok',
timestamp: new Date().toISOString(),
service: 'rwadurian-mobile-upgrade',
},
{ status: 200 }
);
}