feat(admin-web): 添加 Docker 一键部署方案

- 添加多阶段构建 Dockerfile，优化镜像大小 - 添加 docker-compose.yml 编排文件 - 添加 .dockerignore 优化构建上下文 - 添加 deploy.sh 一键部署脚本 - 添加健康检查 API (/api/health) - 添加 Nginx 反向代理配置 (rwaadmin.szaiai.com) - 添加 Let's Encrypt SSL 证书配置脚本 - 更新 next.config.ts 启用 standalone 输出模式 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 08:21:41 -08:00 · 2025-12-02 08:21:41 -08:00 · 40e0caaad5
parent 3c00f71f88
commit 40e0caaad5
8 changed files with 674 additions and 0 deletions
--- a/frontend/admin-web/.dockerignore
+++ b/frontend/admin-web/.dockerignore
@ -0,0 +1,56 @@
+# 依赖目录
+node_modules
+.pnp
+.pnp.js
+
+# 构建产物
+.next
+out
+build
+dist
+
+# 测试
+coverage
+.nyc_output
+
+# 开发环境
+.env.local
+.env.development
+.env.development.local
+.env.test.local
+
+# 编辑器和IDE
+.idea
+.vscode
+*.swp
+*.swo
+*~
+
+# 系统文件
+.DS_Store
+Thumbs.db
+
+# Git
+.git
+.gitignore
+
+# Docker
+Dockerfile
+docker-compose*.yml
+.dockerignore
+
+# 日志
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# 文档
+README.md
+CHANGELOG.md
+docs
+
+# 其他
+.claude
+temp_backup
+nul
--- a/frontend/admin-web/Dockerfile
+++ b/frontend/admin-web/Dockerfile
@ -0,0 +1,53 @@
+# 阶段1: 依赖安装
+FROM node:20-alpine AS deps
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# 复制依赖文件
+COPY package.json package-lock.json ./
+
+# 安装依赖
+RUN npm ci --only=production=false
+
+# 阶段2: 构建
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+# 复制依赖
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# 设置环境变量
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV NODE_ENV=production
+
+# 构建应用
+RUN npm run build
+
+# 阶段3: 生产运行
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+# 创建非 root 用户
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# 复制构建产物
+COPY --from=builder /app/public ./public
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
+
+# 设置权限
+USER nextjs
+
+# 暴露端口
+EXPOSE 3000
+
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+# 启动应用
+CMD ["node", "server.js"]
--- a/frontend/admin-web/deploy.sh
+++ b/frontend/admin-web/deploy.sh
@ -0,0 +1,216 @@
+#!/bin/bash
+
+# RWADurian Admin Web 一键部署脚本
+# 使用方法: ./deploy.sh [命令]
+# 命令:
+#   build   - 仅构建镜像
+#   start   - 构建并启动服务
+#   stop    - 停止服务
+#   restart - 重启服务
+#   logs    - 查看日志
+#   clean   - 清理容器和镜像
+
+set -e
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# 项目信息
+PROJECT_NAME="rwadurian-admin-web"
+IMAGE_NAME="rwadurian-admin-web"
+CONTAINER_NAME="rwadurian-admin-web"
+DEFAULT_PORT=3000
+
+# 日志函数
+log_info() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+log_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# 检查 Docker 是否安装
+check_docker() {
+    if ! command -v docker &> /dev/null; then
+        log_error "Docker 未安装，请先安装 Docker"
+        exit 1
+    fi
+
+    if ! docker info &> /dev/null; then
+        log_error "Docker 服务未运行，请启动 Docker"
+        exit 1
+    fi
+
+    log_success "Docker 检查通过"
+}
+
+# 检查 Docker Compose 是否安装
+check_docker_compose() {
+    if docker compose version &> /dev/null; then
+        COMPOSE_CMD="docker compose"
+    elif command -v docker-compose &> /dev/null; then
+        COMPOSE_CMD="docker-compose"
+    else
+        log_error "Docker Compose 未安装"
+        exit 1
+    fi
+
+    log_success "Docker Compose 检查通过 ($COMPOSE_CMD)"
+}
+
+# 构建镜像
+build() {
+    log_info "开始构建 Docker 镜像..."
+    $COMPOSE_CMD build --no-cache
+    log_success "镜像构建完成"
+}
+
+# 启动服务
+start() {
+    log_info "开始部署服务..."
+
+    # 检查端口是否被占用
+    PORT=${PORT:-$DEFAULT_PORT}
+    if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null 2>&1; then
+        log_warn "端口 $PORT 已被占用，尝试停止旧服务..."
+        stop
+    fi
+
+    # 构建并启动
+    $COMPOSE_CMD up -d --build
+
+    # 等待服务启动
+    log_info "等待服务启动..."
+    sleep 5
+
+    # 检查服务状态
+    if docker ps | grep -q $CONTAINER_NAME; then
+        log_success "服务部署成功!"
+        log_info "访问地址: http://localhost:$PORT"
+    else
+        log_error "服务启动失败，请查看日志: ./deploy.sh logs"
+        exit 1
+    fi
+}
+
+# 停止服务
+stop() {
+    log_info "停止服务..."
+    $COMPOSE_CMD down
+    log_success "服务已停止"
+}
+
+# 重启服务
+restart() {
+    log_info "重启服务..."
+    stop
+    start
+}
+
+# 查看日志
+logs() {
+    $COMPOSE_CMD logs -f
+}
+
+# 清理
+clean() {
+    log_info "清理容器和镜像..."
+
+    # 停止并删除容器
+    $COMPOSE_CMD down --rmi local --volumes --remove-orphans
+
+    # 删除悬空镜像
+    docker image prune -f
+
+    log_success "清理完成"
+}
+
+# 显示状态
+status() {
+    log_info "服务状态:"
+    docker ps -a --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+}
+
+# 显示帮助
+show_help() {
+    echo ""
+    echo "RWADurian Admin Web 部署脚本"
+    echo ""
+    echo "使用方法: ./deploy.sh [命令]"
+    echo ""
+    echo "命令:"
+    echo "  build    仅构建 Docker 镜像"
+    echo "  start    构建并启动服务 (默认)"
+    echo "  stop     停止服务"
+    echo "  restart  重启服务"
+    echo "  logs     查看服务日志"
+    echo "  status   查看服务状态"
+    echo "  clean    清理容器和镜像"
+    echo "  help     显示此帮助信息"
+    echo ""
+    echo "环境变量:"
+    echo "  PORT     服务端口 (默认: 3000)"
+    echo ""
+    echo "示例:"
+    echo "  ./deploy.sh start          # 默认端口 3000 启动"
+    echo "  PORT=8080 ./deploy.sh start # 指定端口 8080 启动"
+    echo ""
+}
+
+# 主函数
+main() {
+    # 切换到脚本所在目录
+    cd "$(dirname "$0")"
+
+    # 检查环境
+    check_docker
+    check_docker_compose
+
+    # 执行命令
+    case "${1:-start}" in
+        build)
+            build
+            ;;
+        start)
+            start
+            ;;
+        stop)
+            stop
+            ;;
+        restart)
+            restart
+            ;;
+        logs)
+            logs
+            ;;
+        status)
+            status
+            ;;
+        clean)
+            clean
+            ;;
+        help|--help|-h)
+            show_help
+            ;;
+        *)
+            log_error "未知命令: $1"
+            show_help
+            exit 1
+            ;;
+    esac
+}
+
+main "$@"
--- a/frontend/admin-web/docker-compose.yml
+++ b/frontend/admin-web/docker-compose.yml
@ -0,0 +1,25 @@
+services:
+  admin-web:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: rwadurian-admin-web:latest
+    container_name: rwadurian-admin-web
+    restart: unless-stopped
+    ports:
+      - "${PORT:-3000}:3000"
+    environment:
+      - NODE_ENV=production
+      - NEXT_TELEMETRY_DISABLED=1
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    networks:
+      - rwadurian-network
+
+networks:
+  rwadurian-network:
+    driver: bridge
--- a/frontend/admin-web/next.config.ts
+++ b/frontend/admin-web/next.config.ts
@ -1,6 +1,7 @@
 import type { NextConfig } from 'next';

 const nextConfig: NextConfig = {
+  output: 'standalone',
  reactStrictMode: true,
  sassOptions: {
    silenceDeprecations: ['legacy-js-api'],
--- a/frontend/admin-web/nginx/rwaadmin.szaiai.com.conf
+++ b/frontend/admin-web/nginx/rwaadmin.szaiai.com.conf
@ -0,0 +1,106 @@
+# RWADurian Admin Web Nginx 配置
+# 域名: rwaadmin.szaiai.com
+# 放置路径: /etc/nginx/sites-available/rwaadmin.szaiai.com
+# 启用: ln -s /etc/nginx/sites-available/rwaadmin.szaiai.com /etc/nginx/sites-enabled/
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name rwaadmin.szaiai.com;
+
+    # Let's Encrypt 验证目录
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # 重定向到 HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name rwaadmin.szaiai.com;
+
+    # SSL 证书 (Let's Encrypt)
+    ssl_certificate /etc/letsencrypt/live/rwaadmin.szaiai.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/rwaadmin.szaiai.com/privkey.pem;
+
+    # SSL 配置优化
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+    # 现代加密套件
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (可选，启用后请谨慎)
+    # add_header Strict-Transport-Security "max-age=63072000" always;
+
+    # 日志
+    access_log /var/log/nginx/rwaadmin.szaiai.com.access.log;
+    error_log /var/log/nginx/rwaadmin.szaiai.com.error.log;
+
+    # Gzip 压缩
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+    # 安全头
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+    # 反向代理到 Docker 容器
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # 超时设置
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    # 健康检查端点
+    location /api/health {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        access_log off;
+    }
+
+    # 静态资源缓存
+    location /_next/static {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        add_header Cache-Control "public, max-age=31536000, immutable";
+    }
+
+    # 图片等静态资源
+    location ~* \.(ico|css|js|gif|jpeg|jpg|png|woff|woff2|ttf|svg|eot)$ {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        expires 30d;
+        add_header Cache-Control "public, no-transform";
+    }
+}
--- a/frontend/admin-web/nginx/setup-ssl.sh
+++ b/frontend/admin-web/nginx/setup-ssl.sh
@ -0,0 +1,201 @@
+#!/bin/bash
+
+# RWADurian Admin Web SSL 证书配置脚本
+# 使用 Let's Encrypt 申请 SSL 证书
+
+set -e
+
+DOMAIN="rwaadmin.szaiai.com"
+EMAIL="admin@szaiai.com"  # 修改为你的邮箱
+NGINX_CONF="/etc/nginx/sites-available/$DOMAIN"
+NGINX_ENABLED="/etc/nginx/sites-enabled/$DOMAIN"
+CERTBOT_WEBROOT="/var/www/certbot"
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
+
+# 检查是否为 root
+check_root() {
+    if [ "$EUID" -ne 0 ]; then
+        log_error "请使用 root 权限运行此脚本"
+        exit 1
+    fi
+}
+
+# 安装 Certbot
+install_certbot() {
+    log_info "检查 Certbot 安装..."
+
+    if command -v certbot &> /dev/null; then
+        log_success "Certbot 已安装"
+        return
+    fi
+
+    log_info "安装 Certbot..."
+
+    # Ubuntu/Debian
+    if command -v apt &> /dev/null; then
+        apt update
+        apt install -y certbot python3-certbot-nginx
+    # CentOS/RHEL
+    elif command -v yum &> /dev/null; then
+        yum install -y epel-release
+        yum install -y certbot python3-certbot-nginx
+    else
+        log_error "不支持的系统，请手动安装 certbot"
+        exit 1
+    fi
+
+    log_success "Certbot 安装完成"
+}
+
+# 配置 Nginx (首次，无 SSL)
+setup_nginx_initial() {
+    log_info "配置 Nginx (HTTP only，用于证书申请)..."
+
+    # 创建临时配置文件（仅 HTTP）
+    cat > "$NGINX_CONF" << 'EOF'
+server {
+    listen 80;
+    listen [::]:80;
+    server_name rwaadmin.szaiai.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+EOF
+
+    # 创建 certbot webroot 目录
+    mkdir -p "$CERTBOT_WEBROOT"
+
+    # 启用站点
+    ln -sf "$NGINX_CONF" "$NGINX_ENABLED"
+
+    # 测试并重载 Nginx
+    nginx -t && systemctl reload nginx
+
+    log_success "Nginx HTTP 配置完成"
+}
+
+# 申请 SSL 证书
+obtain_certificate() {
+    log_info "申请 Let's Encrypt SSL 证书..."
+
+    certbot certonly \
+        --webroot \
+        --webroot-path="$CERTBOT_WEBROOT" \
+        --email "$EMAIL" \
+        --agree-tos \
+        --no-eff-email \
+        -d "$DOMAIN"
+
+    log_success "SSL 证书申请成功"
+}
+
+# 配置 Nginx (完整 HTTPS)
+setup_nginx_ssl() {
+    log_info "配置 Nginx (HTTPS)..."
+
+    # 获取脚本所在目录
+    SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+    # 复制完整配置
+    cp "$SCRIPT_DIR/rwaadmin.szaiai.com.conf" "$NGINX_CONF"
+
+    # 测试并重载 Nginx
+    nginx -t && systemctl reload nginx
+
+    log_success "Nginx HTTPS 配置完成"
+}
+
+# 设置自动续期
+setup_auto_renewal() {
+    log_info "配置证书自动续期..."
+
+    # 测试续期
+    certbot renew --dry-run
+
+    log_success "自动续期配置完成 (cron job 已由 certbot 自动创建)"
+}
+
+# 显示帮助
+show_help() {
+    echo ""
+    echo "RWADurian Admin Web SSL 配置脚本"
+    echo ""
+    echo "使用方法: sudo ./setup-ssl.sh [命令]"
+    echo ""
+    echo "命令:"
+    echo "  install     完整安装 (默认)"
+    echo "  renew       手动续期证书"
+    echo "  status      查看证书状态"
+    echo "  help        显示帮助"
+    echo ""
+    echo "注意: 运行前请确保:"
+    echo "  1. 域名 DNS 已指向本服务器"
+    echo "  2. 防火墙已开放 80 和 443 端口"
+    echo "  3. Docker 应用已启动在 3000 端口"
+    echo ""
+}
+
+# 完整安装
+full_install() {
+    check_root
+    install_certbot
+    setup_nginx_initial
+    obtain_certificate
+    setup_nginx_ssl
+    setup_auto_renewal
+
+    echo ""
+    log_success "=========================================="
+    log_success "SSL 配置完成!"
+    log_success "访问地址: https://$DOMAIN"
+    log_success "=========================================="
+}
+
+# 主函数
+main() {
+    case "${1:-install}" in
+        install)
+            full_install
+            ;;
+        renew)
+            check_root
+            certbot renew
+            systemctl reload nginx
+            ;;
+        status)
+            certbot certificates
+            ;;
+        help|--help|-h)
+            show_help
+            ;;
+        *)
+            log_error "未知命令: $1"
+            show_help
+            exit 1
+            ;;
+    esac
+}
+
+main "$@"
--- a/frontend/admin-web/src/app/api/health/route.ts
+++ b/frontend/admin-web/src/app/api/health/route.ts
@ -0,0 +1,16 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * 健康检查 API
+ * 用于 Docker 容器健康检查和负载均衡器探测
+ */
+export async function GET() {
+  return NextResponse.json(
+    {
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+      service: 'rwadurian-admin-web',
+    },
+    { status: 200 }
+  );
+}