refactor: 重组 identity-service 文档目录结构

文档重组: - 创建 docs/ 目录，移动所有 .md 文档 - 添加 docs/README.md 文档索引 Nginx 配置更新: - 改用 sites-available/sites-enabled 标准结构 - 添加 snippets/ 目录存放可复用配置 - proxy-params.conf - 代理参数 - ssl-params.conf - SSL 安全参数 - 更新部署步骤，包含站点启用/禁用命令 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 20:58:40 -08:00 · 2025-12-01 20:58:40 -08:00 · 2ece6328ba
parent 3f612448ff
commit 2ece6328ba
12 changed files with 135 additions and 41 deletions
--- a/backend/services/identity-service/docs/AUTOMATED_TESTS_README.md
+++ b/backend/services/identity-service/docs/AUTOMATED_TESTS_README.md
--- a/backend/services/identity-service/docs/DEPLOYMENT.md
+++ b/backend/services/identity-service/docs/DEPLOYMENT.md
--- a/backend/services/identity-service/docs/DEPLOYMENT_GUIDE.md
+++ b/backend/services/identity-service/docs/DEPLOYMENT_GUIDE.md
@ -118,19 +118,28 @@
 ### 3.1 目录结构
-在 Nginx 服务器上创建以下目录结构：
+在 Nginx 服务器上使用 `sites-available` / `sites-enabled` 标准结构：
 ```
 /etc/nginx/
-├── nginx.conf                    # 主配置文件
+├── nginx.conf                         # 主配置文件
-├── conf.d/
+├── sites-available/                   # 可用站点配置
-│   ├── rwaapi.conf              # API 网关配置
+│   └── rwaapi.szaiai.com.conf        # API 网关配置
-│   └── proxy_params.conf        # 代理参数配置
+├── sites-enabled/                     # 已启用站点 (软链接)
 │   └── rwaapi.szaiai.com.conf → ../sites-available/rwaapi.szaiai.com.conf
 ├── snippets/                          # 可复用配置片段
 │   ├── proxy-params.conf             # 代理参数
 │   └── ssl-params.conf               # SSL 安全参数
 └── ssl/
-    ├── rwaapi.szaiai.com.pem    # SSL 证书
+    ├── rwaapi.szaiai.com.pem         # SSL 证书
-    └── rwaapi.szaiai.com.key    # SSL 私钥
+    └── rwaapi.szaiai.com.key         # SSL 私钥
 ```
 **使用 `sites-available/sites-enabled` 的优势：**
 - 快速启用/禁用站点：`ln -s` / `rm` 软链接
 - 保留配置历史，方便回滚
 - 多站点管理更清晰
 ### 3.2 主配置文件 `/etc/nginx/nginx.conf`
 ```nginx
@ -176,11 +185,12 @@ http {
    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
    limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
-    include /etc/nginx/conf.d/*.conf;
+    # 加载已启用的站点配置
    include /etc/nginx/sites-enabled/*.conf;
 }
 ```
-### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf`
+### 3.3 代理参数配置 `/etc/nginx/snippets/proxy-params.conf`
 ```nginx
 proxy_http_version 1.1;
@ -200,7 +210,24 @@ proxy_buffers 8 4k;
 proxy_busy_buffers_size 8k;
 ```
-### 3.4 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf`
+### 3.4 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
 ```nginx
 # SSL 会话配置
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
 # 现代 SSL 协议配置
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
 ssl_prefer_server_ciphers off;
 # HSTS
 add_header Strict-Transport-Security "max-age=63072000" always;
 ```
 ### 3.5 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
 ```nginx
 # ============================================
@ -257,20 +284,12 @@ server {
    listen 443 ssl http2;
    server_name rwaapi.szaiai.com;
-    # SSL 证书配置
+    # SSL 证书
    ssl_certificate /etc/nginx/ssl/rwaapi.szaiai.com.pem;
    ssl_certificate_key /etc/nginx/ssl/rwaapi.szaiai.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
-    # 现代 SSL 配置
+    # 引入 SSL 安全参数
-    ssl_protocols TLSv1.2 TLSv1.3;
+    include snippets/ssl-params.conf;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;
    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
@ -315,12 +334,12 @@ server {
    # ============================================
    location /api/v1/user {
        proxy_pass http://identity_service/api/v1/user;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    location /api/v1/auth {
        proxy_pass http://identity_service/api/v1/auth;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -330,19 +349,19 @@ server {
    # ============================================
    location /api/v1/wallet {
        proxy_pass http://wallet_service/api/v1/wallet;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # Trading - 交易
    location /api/v1/trading {
        proxy_pass http://wallet_service/api/v1/trading;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # Deposit - 充值
    location /api/v1/deposit {
        proxy_pass http://wallet_service/api/v1/deposit;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -352,7 +371,7 @@ server {
    # ============================================
    location /api/v1/planting {
        proxy_pass http://planting_service/api/v1/planting;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -362,12 +381,12 @@ server {
    # ============================================
    location /api/v1/referral {
        proxy_pass http://referral_service/api/v1/referral;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    location /api/v1/community {
        proxy_pass http://referral_service/api/v1/community;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -378,12 +397,12 @@ server {
    # ============================================
    location /api/v1/mining {
        proxy_pass http://reward_service/api/v1/mining;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    location /api/v1/reward {
        proxy_pass http://reward_service/api/v1/reward;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -393,12 +412,12 @@ server {
    # ============================================
    location /api/v1/ranking {
        proxy_pass http://leaderboard_service/api/ranking;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    location /api/v1/leaderboard {
        proxy_pass http://leaderboard_service/api/leaderboard;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -409,12 +428,12 @@ server {
    # ============================================
    location /api/v1/telemetry {
        proxy_pass http://reporting_service/api/v1/telemetry;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    location /api/v1/report {
        proxy_pass http://reporting_service/api/v1/report;
-        include /etc/nginx/conf.d/proxy_params.conf;
+        include snippets/proxy-params.conf;
    }
    # ============================================
@ -910,22 +929,43 @@ WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt
 # 1. 安装 Nginx
 apt update && apt install -y nginx
-# 2. 创建配置目录
+# 2. 创建目录结构
 mkdir -p /etc/nginx/sites-available
 mkdir -p /etc/nginx/sites-enabled
 mkdir -p /etc/nginx/snippets
 mkdir -p /etc/nginx/ssl
 # 3. 复制配置文件
-# 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录
+# 将上面的配置文件复制到对应目录:
 # - nginx.conf → /etc/nginx/nginx.conf
 # - proxy-params.conf → /etc/nginx/snippets/proxy-params.conf
 # - ssl-params.conf → /etc/nginx/snippets/ssl-params.conf
 # - rwaapi.szaiai.com.conf → /etc/nginx/sites-available/rwaapi.szaiai.com.conf
-# 4. 安装 SSL 证书 (Let's Encrypt 示例)
+# 4. 启用站点 (创建软链接)
 ln -s /etc/nginx/sites-available/rwaapi.szaiai.com.conf /etc/nginx/sites-enabled/
 # 5. 禁用默认站点 (如果存在)
 rm -f /etc/nginx/sites-enabled/default
 # 6. 安装 SSL 证书 (Let's Encrypt)
 apt install -y certbot python3-certbot-nginx
-certbot --nginx -d rwaapi.szaiai.com
+certbot certonly --nginx -d rwaapi.szaiai.com
 # 证书会自动保存到 /etc/letsencrypt/live/rwaapi.szaiai.com/
 # 然后创建软链接到 /etc/nginx/ssl/:
 ln -s /etc/letsencrypt/live/rwaapi.szaiai.com/fullchain.pem /etc/nginx/ssl/rwaapi.szaiai.com.pem
 ln -s /etc/letsencrypt/live/rwaapi.szaiai.com/privkey.pem /etc/nginx/ssl/rwaapi.szaiai.com.key
-# 5. 测试配置
+# 7. 测试配置
 nginx -t
-# 6. 重启 Nginx
+# 8. 重启 Nginx
 systemctl restart nginx
 systemctl enable nginx
 # 9. 站点管理命令
 # 禁用站点: rm /etc/nginx/sites-enabled/rwaapi.szaiai.com.conf && nginx -s reload
 # 启用站点: ln -s /etc/nginx/sites-available/rwaapi.szaiai.com.conf /etc/nginx/sites-enabled/ && nginx -s reload
 ```
 ### 6.2 后端服务器 (192.168.1.111) 配置
--- a/backend/services/identity-service/docs/E2E_TEST_SETUP.md
+++ b/backend/services/identity-service/docs/E2E_TEST_SETUP.md
--- a/backend/services/identity-service/docs/FIXES_APPLIED.md
+++ b/backend/services/identity-service/docs/FIXES_APPLIED.md
--- a/backend/services/identity-service/docs/README.md
+++ b/backend/services/identity-service/docs/README.md
@ -0,0 +1,54 @@
 # Identity Service 文档
 本目录包含 Identity Service 及整个 RWA Durian 系统的相关文档。
 ## 文档索引
 ### 部署相关
 | 文档 | 说明 |
 |------|------|
 | [DEPLOYMENT_GUIDE.md](./DEPLOYMENT_GUIDE.md) | **完整部署指南** - Nginx、MPC-System、微服务部署 |
 | [DEPLOYMENT.md](./DEPLOYMENT.md) | Identity Service 单服务部署 |
 ### 测试相关
 | 文档 | 说明 |
 |------|------|
 | [TESTING_GUIDE.md](./TESTING_GUIDE.md) | 测试指南 |
 | [TESTING_STRATEGY.md](./TESTING_STRATEGY.md) | 测试策略 |
 | [TEST-STRATEGY.md](./TEST-STRATEGY.md) | 测试策略补充 |
 | [TEST_AUTOMATION_GUIDE.md](./TEST_AUTOMATION_GUIDE.md) | 自动化测试指南 |
 | [AUTOMATED_TESTS_README.md](./AUTOMATED_TESTS_README.md) | 自动化测试说明 |
 | [E2E_TEST_SETUP.md](./E2E_TEST_SETUP.md) | E2E 测试环境配置 |
 | [测试完成总结.md](./测试完成总结.md) | 测试完成报告 |
 ### 其他
 | 文档 | 说明 |
 |------|------|
 | [FIXES_APPLIED.md](./FIXES_APPLIED.md) | 已修复问题记录 |
 | [REMAINING_STEPS.md](./REMAINING_STEPS.md) | 待完成步骤 |
 ## 快速开始
 1. **本地开发**: 参考根目录 `README.md`
 2. **生产部署**: 参考 [DEPLOYMENT_GUIDE.md](./DEPLOYMENT_GUIDE.md)
 3. **运行测试**: 参考 [TESTING_GUIDE.md](./TESTING_GUIDE.md)
 ## 系统架构
 ```
 192.168.1.100 (公网)          192.168.1.111 (内网)
 ┌─────────────────┐          ┌─────────────────────────┐
 │ Nginx (80/443)  │          │ Identity Service :3000  │
 │ MPC-System:4000 │◄────────►│ MPC Service :3001       │
 └─────────────────┘          │ Wallet Service :3002    │
                             │ ... 其他微服务          │
                             │ PostgreSQL/Redis/Kafka  │
                             └─────────────────────────┘
 ```
 ## 维护者
 RWA Team
--- a/backend/services/identity-service/docs/REMAINING_STEPS.md
+++ b/backend/services/identity-service/docs/REMAINING_STEPS.md
--- a/backend/services/identity-service/docs/TEST-STRATEGY.md
+++ b/backend/services/identity-service/docs/TEST-STRATEGY.md
--- a/backend/services/identity-service/docs/TESTING_GUIDE.md
+++ b/backend/services/identity-service/docs/TESTING_GUIDE.md
--- a/backend/services/identity-service/docs/TESTING_STRATEGY.md
+++ b/backend/services/identity-service/docs/TESTING_STRATEGY.md
--- a/backend/services/identity-service/docs/TEST_AUTOMATION_GUIDE.md
+++ b/backend/services/identity-service/docs/TEST_AUTOMATION_GUIDE.md
--- a/backend/services/identity-service/docs/测试完成总结.md
+++ b/backend/services/identity-service/docs/测试完成总结.md