refactor: 重组 identity-service 文档目录结构

文档重组:
- 创建 docs/ 目录，移动所有 .md 文档
- 添加 docs/README.md 文档索引

Nginx 配置更新:
- 改用 sites-available/sites-enabled 标准结构
- 添加 snippets/ 目录存放可复用配置
  - proxy-params.conf - 代理参数
  - ssl-params.conf - SSL 安全参数
- 更新部署步骤，包含站点启用/禁用命令

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/services/identity-service/docs/DEPLOYMENT_GUIDE.md

@@ -118,19 +118,28 @@
 
 ### 3.1 目录结构
 
-在 Nginx 服务器上创建以下目录结构：
+在 Nginx 服务器上使用 `sites-available` / `sites-enabled` 标准结构：
 
 ```
 /etc/nginx/
-├── nginx.conf                    # 主配置文件
-├── conf.d/
-│   ├── rwaapi.conf              # API 网关配置
-│   └── proxy_params.conf        # 代理参数配置
+├── nginx.conf                         # 主配置文件
+├── sites-available/                   # 可用站点配置
+│   └── rwaapi.szaiai.com.conf        # API 网关配置
+├── sites-enabled/                     # 已启用站点 (软链接)
+│   └── rwaapi.szaiai.com.conf → ../sites-available/rwaapi.szaiai.com.conf
+├── snippets/                          # 可复用配置片段
+│   ├── proxy-params.conf             # 代理参数
+│   └── ssl-params.conf               # SSL 安全参数
 └── ssl/
-    ├── rwaapi.szaiai.com.pem    # SSL 证书
-    └── rwaapi.szaiai.com.key    # SSL 私钥
+    ├── rwaapi.szaiai.com.pem         # SSL 证书
+    └── rwaapi.szaiai.com.key         # SSL 私钥
 ```
 
+**使用 `sites-available/sites-enabled` 的优势：**
+- 快速启用/禁用站点：`ln -s` / `rm` 软链接
+- 保留配置历史，方便回滚
+- 多站点管理更清晰
+
 ### 3.2 主配置文件 `/etc/nginx/nginx.conf`
 
 ```nginx
@@ -176,11 +185,12 @@ http {
     limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
     limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
 
-    include /etc/nginx/conf.d/*.conf;
+    # 加载已启用的站点配置
+    include /etc/nginx/sites-enabled/*.conf;
 }
 ```
 
-### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf`
+### 3.3 代理参数配置 `/etc/nginx/snippets/proxy-params.conf`
 
 ```nginx
 proxy_http_version 1.1;
@@ -200,7 +210,24 @@ proxy_buffers 8 4k;
 proxy_busy_buffers_size 8k;
 ```
 
-### 3.4 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf`
+### 3.4 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
+
+```nginx
+# SSL 会话配置
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+# 现代 SSL 协议配置
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# HSTS
+add_header Strict-Transport-Security "max-age=63072000" always;
+```
+
+### 3.5 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
 
 ```nginx
 # ============================================
@@ -257,20 +284,12 @@ server {
     listen 443 ssl http2;
     server_name rwaapi.szaiai.com;
 
-    # SSL 证书配置
+    # SSL 证书
     ssl_certificate /etc/nginx/ssl/rwaapi.szaiai.com.pem;
     ssl_certificate_key /etc/nginx/ssl/rwaapi.szaiai.com.key;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_tickets off;
 
-    # 现代 SSL 配置
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
-
-    # HSTS
-    add_header Strict-Transport-Security "max-age=63072000" always;
+    # 引入 SSL 安全参数
+    include snippets/ssl-params.conf;
 
     # 安全头
     add_header X-Frame-Options "SAMEORIGIN" always;
@@ -315,12 +334,12 @@ server {
     # ============================================
     location /api/v1/user {
         proxy_pass http://identity_service/api/v1/user;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     location /api/v1/auth {
         proxy_pass http://identity_service/api/v1/auth;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -330,19 +349,19 @@ server {
     # ============================================
     location /api/v1/wallet {
         proxy_pass http://wallet_service/api/v1/wallet;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # Trading - 交易
     location /api/v1/trading {
         proxy_pass http://wallet_service/api/v1/trading;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # Deposit - 充值
     location /api/v1/deposit {
         proxy_pass http://wallet_service/api/v1/deposit;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -352,7 +371,7 @@ server {
     # ============================================
     location /api/v1/planting {
         proxy_pass http://planting_service/api/v1/planting;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -362,12 +381,12 @@ server {
     # ============================================
     location /api/v1/referral {
         proxy_pass http://referral_service/api/v1/referral;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     location /api/v1/community {
         proxy_pass http://referral_service/api/v1/community;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -378,12 +397,12 @@ server {
     # ============================================
     location /api/v1/mining {
         proxy_pass http://reward_service/api/v1/mining;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     location /api/v1/reward {
         proxy_pass http://reward_service/api/v1/reward;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -393,12 +412,12 @@ server {
     # ============================================
     location /api/v1/ranking {
         proxy_pass http://leaderboard_service/api/ranking;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     location /api/v1/leaderboard {
         proxy_pass http://leaderboard_service/api/leaderboard;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -409,12 +428,12 @@ server {
     # ============================================
     location /api/v1/telemetry {
         proxy_pass http://reporting_service/api/v1/telemetry;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     location /api/v1/report {
         proxy_pass http://reporting_service/api/v1/report;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
     }
 
     # ============================================
@@ -910,22 +929,43 @@ WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt
 # 1. 安装 Nginx
 apt update && apt install -y nginx
 
-# 2. 创建配置目录
+# 2. 创建目录结构
+mkdir -p /etc/nginx/sites-available
+mkdir -p /etc/nginx/sites-enabled
+mkdir -p /etc/nginx/snippets
 mkdir -p /etc/nginx/ssl
 
 # 3. 复制配置文件
-# 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录
+# 将上面的配置文件复制到对应目录:
+# - nginx.conf → /etc/nginx/nginx.conf
+# - proxy-params.conf → /etc/nginx/snippets/proxy-params.conf
+# - ssl-params.conf → /etc/nginx/snippets/ssl-params.conf
+# - rwaapi.szaiai.com.conf → /etc/nginx/sites-available/rwaapi.szaiai.com.conf
 
-# 4. 安装 SSL 证书 (Let's Encrypt 示例)
+# 4. 启用站点 (创建软链接)
+ln -s /etc/nginx/sites-available/rwaapi.szaiai.com.conf /etc/nginx/sites-enabled/
+
+# 5. 禁用默认站点 (如果存在)
+rm -f /etc/nginx/sites-enabled/default
+
+# 6. 安装 SSL 证书 (Let's Encrypt)
 apt install -y certbot python3-certbot-nginx
-certbot --nginx -d rwaapi.szaiai.com
+certbot certonly --nginx -d rwaapi.szaiai.com
+# 证书会自动保存到 /etc/letsencrypt/live/rwaapi.szaiai.com/
+# 然后创建软链接到 /etc/nginx/ssl/:
+ln -s /etc/letsencrypt/live/rwaapi.szaiai.com/fullchain.pem /etc/nginx/ssl/rwaapi.szaiai.com.pem
+ln -s /etc/letsencrypt/live/rwaapi.szaiai.com/privkey.pem /etc/nginx/ssl/rwaapi.szaiai.com.key
 
-# 5. 测试配置
+# 7. 测试配置
 nginx -t
 
-# 6. 重启 Nginx
+# 8. 重启 Nginx
 systemctl restart nginx
 systemctl enable nginx
+
+# 9. 站点管理命令
+# 禁用站点: rm /etc/nginx/sites-enabled/rwaapi.szaiai.com.conf && nginx -s reload
+# 启用站点: ln -s /etc/nginx/sites-available/rwaapi.szaiai.com.conf /etc/nginx/sites-enabled/ && nginx -s reload
 ```
 
 ### 6.2 后端服务器 (192.168.1.111) 配置

backend/services/identity-service/docs/README.md

@@ -0,0 +1,54 @@
+# Identity Service 文档
+
+本目录包含 Identity Service 及整个 RWA Durian 系统的相关文档。
+
+## 文档索引
+
+### 部署相关
+
+| 文档 | 说明 |
+|------|------|
+| [DEPLOYMENT_GUIDE.md](./DEPLOYMENT_GUIDE.md) | **完整部署指南** - Nginx、MPC-System、微服务部署 |
+| [DEPLOYMENT.md](./DEPLOYMENT.md) | Identity Service 单服务部署 |
+
+### 测试相关
+
+| 文档 | 说明 |
+|------|------|
+| [TESTING_GUIDE.md](./TESTING_GUIDE.md) | 测试指南 |
+| [TESTING_STRATEGY.md](./TESTING_STRATEGY.md) | 测试策略 |
+| [TEST-STRATEGY.md](./TEST-STRATEGY.md) | 测试策略补充 |
+| [TEST_AUTOMATION_GUIDE.md](./TEST_AUTOMATION_GUIDE.md) | 自动化测试指南 |
+| [AUTOMATED_TESTS_README.md](./AUTOMATED_TESTS_README.md) | 自动化测试说明 |
+| [E2E_TEST_SETUP.md](./E2E_TEST_SETUP.md) | E2E 测试环境配置 |
+| [测试完成总结.md](./测试完成总结.md) | 测试完成报告 |
+
+### 其他
+
+| 文档 | 说明 |
+|------|------|
+| [FIXES_APPLIED.md](./FIXES_APPLIED.md) | 已修复问题记录 |
+| [REMAINING_STEPS.md](./REMAINING_STEPS.md) | 待完成步骤 |
+
+## 快速开始
+
+1. **本地开发**: 参考根目录 `README.md`
+2. **生产部署**: 参考 [DEPLOYMENT_GUIDE.md](./DEPLOYMENT_GUIDE.md)
+3. **运行测试**: 参考 [TESTING_GUIDE.md](./TESTING_GUIDE.md)
+
+## 系统架构
+
+```
+192.168.1.100 (公网)          192.168.1.111 (内网)
+┌─────────────────┐          ┌─────────────────────────┐
+│ Nginx (80/443)  │          │ Identity Service :3000  │
+│ MPC-System:4000 │◄────────►│ MPC Service :3001       │
+└─────────────────┘          │ Wallet Service :3002    │
+                             │ ... 其他微服务          │
+                             │ PostgreSQL/Redis/Kafka  │
+                             └─────────────────────────┘
+```
+
+## 维护者
+
+RWA Team