From 40e0caaad542369c2a39b6391f3dd96c498fe24e Mon Sep 17 00:00:00 2001 From: Developer Date: Tue, 2 Dec 2025 08:21:41 -0800 Subject: [PATCH] =?UTF-8?q?feat(admin-web):=20=E6=B7=BB=E5=8A=A0=20Docker?= =?UTF-8?q?=20=E4=B8=80=E9=94=AE=E9=83=A8=E7=BD=B2=E6=96=B9=E6=A1=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 添加多阶段构建 Dockerfile,优化镜像大小 - 添加 docker-compose.yml 编排文件 - 添加 .dockerignore 优化构建上下文 - 添加 deploy.sh 一键部署脚本 - 添加健康检查 API (/api/health) - 添加 Nginx 反向代理配置 (rwaadmin.szaiai.com) - 添加 Let's Encrypt SSL 证书配置脚本 - 更新 next.config.ts 启用 standalone 输出模式 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- frontend/admin-web/.dockerignore | 56 +++++ frontend/admin-web/Dockerfile | 53 +++++ frontend/admin-web/deploy.sh | 216 ++++++++++++++++++ frontend/admin-web/docker-compose.yml | 25 ++ frontend/admin-web/next.config.ts | 1 + .../admin-web/nginx/rwaadmin.szaiai.com.conf | 106 +++++++++ frontend/admin-web/nginx/setup-ssl.sh | 201 ++++++++++++++++ .../admin-web/src/app/api/health/route.ts | 16 ++ 8 files changed, 674 insertions(+) create mode 100644 frontend/admin-web/.dockerignore create mode 100644 frontend/admin-web/Dockerfile create mode 100644 frontend/admin-web/deploy.sh create mode 100644 frontend/admin-web/docker-compose.yml create mode 100644 frontend/admin-web/nginx/rwaadmin.szaiai.com.conf create mode 100644 frontend/admin-web/nginx/setup-ssl.sh create mode 100644 frontend/admin-web/src/app/api/health/route.ts diff --git a/frontend/admin-web/.dockerignore b/frontend/admin-web/.dockerignore new file mode 100644 index 00000000..8629f016 --- /dev/null +++ b/frontend/admin-web/.dockerignore @@ -0,0 +1,56 @@ +# 依赖目录 +node_modules +.pnp +.pnp.js + +# 构建产物 +.next +out +build +dist + +# 测试 +coverage +.nyc_output + +# 开发环境 +.env.local +.env.development +.env.development.local +.env.test.local + +# 编辑器和IDE +.idea +.vscode +*.swp +*.swo +*~ + +# 系统文件 +.DS_Store +Thumbs.db + +# Git +.git +.gitignore + +# Docker +Dockerfile +docker-compose*.yml +.dockerignore + +# 日志 +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# 文档 +README.md +CHANGELOG.md +docs + +# 其他 +.claude +temp_backup +nul diff --git a/frontend/admin-web/Dockerfile b/frontend/admin-web/Dockerfile new file mode 100644 index 00000000..20b24f56 --- /dev/null +++ b/frontend/admin-web/Dockerfile @@ -0,0 +1,53 @@ +# 阶段1: 依赖安装 +FROM node:20-alpine AS deps +RUN apk add --no-cache libc6-compat +WORKDIR /app + +# 复制依赖文件 +COPY package.json package-lock.json ./ + +# 安装依赖 +RUN npm ci --only=production=false + +# 阶段2: 构建 +FROM node:20-alpine AS builder +WORKDIR /app + +# 复制依赖 +COPY --from=deps /app/node_modules ./node_modules +COPY . . + +# 设置环境变量 +ENV NEXT_TELEMETRY_DISABLED=1 +ENV NODE_ENV=production + +# 构建应用 +RUN npm run build + +# 阶段3: 生产运行 +FROM node:20-alpine AS runner +WORKDIR /app + +ENV NODE_ENV=production +ENV NEXT_TELEMETRY_DISABLED=1 + +# 创建非 root 用户 +RUN addgroup --system --gid 1001 nodejs +RUN adduser --system --uid 1001 nextjs + +# 复制构建产物 +COPY --from=builder /app/public ./public +COPY --from=builder /app/.next/standalone ./ +COPY --from=builder /app/.next/static ./.next/static + +# 设置权限 +USER nextjs + +# 暴露端口 +EXPOSE 3000 + +ENV PORT=3000 +ENV HOSTNAME="0.0.0.0" + +# 启动应用 +CMD ["node", "server.js"] diff --git a/frontend/admin-web/deploy.sh b/frontend/admin-web/deploy.sh new file mode 100644 index 00000000..103c2e79 --- /dev/null +++ b/frontend/admin-web/deploy.sh @@ -0,0 +1,216 @@ +#!/bin/bash + +# RWADurian Admin Web 一键部署脚本 +# 使用方法: ./deploy.sh [命令] +# 命令: +# build - 仅构建镜像 +# start - 构建并启动服务 +# stop - 停止服务 +# restart - 重启服务 +# logs - 查看日志 +# clean - 清理容器和镜像 + +set -e + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# 项目信息 +PROJECT_NAME="rwadurian-admin-web" +IMAGE_NAME="rwadurian-admin-web" +CONTAINER_NAME="rwadurian-admin-web" +DEFAULT_PORT=3000 + +# 日志函数 +log_info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +log_success() { + echo -e "${GREEN}[SUCCESS]${NC} $1" +} + +log_warn() { + echo -e "${YELLOW}[WARN]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# 检查 Docker 是否安装 +check_docker() { + if ! command -v docker &> /dev/null; then + log_error "Docker 未安装,请先安装 Docker" + exit 1 + fi + + if ! docker info &> /dev/null; then + log_error "Docker 服务未运行,请启动 Docker" + exit 1 + fi + + log_success "Docker 检查通过" +} + +# 检查 Docker Compose 是否安装 +check_docker_compose() { + if docker compose version &> /dev/null; then + COMPOSE_CMD="docker compose" + elif command -v docker-compose &> /dev/null; then + COMPOSE_CMD="docker-compose" + else + log_error "Docker Compose 未安装" + exit 1 + fi + + log_success "Docker Compose 检查通过 ($COMPOSE_CMD)" +} + +# 构建镜像 +build() { + log_info "开始构建 Docker 镜像..." + $COMPOSE_CMD build --no-cache + log_success "镜像构建完成" +} + +# 启动服务 +start() { + log_info "开始部署服务..." + + # 检查端口是否被占用 + PORT=${PORT:-$DEFAULT_PORT} + if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null 2>&1; then + log_warn "端口 $PORT 已被占用,尝试停止旧服务..." + stop + fi + + # 构建并启动 + $COMPOSE_CMD up -d --build + + # 等待服务启动 + log_info "等待服务启动..." + sleep 5 + + # 检查服务状态 + if docker ps | grep -q $CONTAINER_NAME; then + log_success "服务部署成功!" + log_info "访问地址: http://localhost:$PORT" + else + log_error "服务启动失败,请查看日志: ./deploy.sh logs" + exit 1 + fi +} + +# 停止服务 +stop() { + log_info "停止服务..." + $COMPOSE_CMD down + log_success "服务已停止" +} + +# 重启服务 +restart() { + log_info "重启服务..." + stop + start +} + +# 查看日志 +logs() { + $COMPOSE_CMD logs -f +} + +# 清理 +clean() { + log_info "清理容器和镜像..." + + # 停止并删除容器 + $COMPOSE_CMD down --rmi local --volumes --remove-orphans + + # 删除悬空镜像 + docker image prune -f + + log_success "清理完成" +} + +# 显示状态 +status() { + log_info "服务状态:" + docker ps -a --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" +} + +# 显示帮助 +show_help() { + echo "" + echo "RWADurian Admin Web 部署脚本" + echo "" + echo "使用方法: ./deploy.sh [命令]" + echo "" + echo "命令:" + echo " build 仅构建 Docker 镜像" + echo " start 构建并启动服务 (默认)" + echo " stop 停止服务" + echo " restart 重启服务" + echo " logs 查看服务日志" + echo " status 查看服务状态" + echo " clean 清理容器和镜像" + echo " help 显示此帮助信息" + echo "" + echo "环境变量:" + echo " PORT 服务端口 (默认: 3000)" + echo "" + echo "示例:" + echo " ./deploy.sh start # 默认端口 3000 启动" + echo " PORT=8080 ./deploy.sh start # 指定端口 8080 启动" + echo "" +} + +# 主函数 +main() { + # 切换到脚本所在目录 + cd "$(dirname "$0")" + + # 检查环境 + check_docker + check_docker_compose + + # 执行命令 + case "${1:-start}" in + build) + build + ;; + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + logs) + logs + ;; + status) + status + ;; + clean) + clean + ;; + help|--help|-h) + show_help + ;; + *) + log_error "未知命令: $1" + show_help + exit 1 + ;; + esac +} + +main "$@" diff --git a/frontend/admin-web/docker-compose.yml b/frontend/admin-web/docker-compose.yml new file mode 100644 index 00000000..489d44bf --- /dev/null +++ b/frontend/admin-web/docker-compose.yml @@ -0,0 +1,25 @@ +services: + admin-web: + build: + context: . + dockerfile: Dockerfile + image: rwadurian-admin-web:latest + container_name: rwadurian-admin-web + restart: unless-stopped + ports: + - "${PORT:-3000}:3000" + environment: + - NODE_ENV=production + - NEXT_TELEMETRY_DISABLED=1 + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + networks: + - rwadurian-network + +networks: + rwadurian-network: + driver: bridge diff --git a/frontend/admin-web/next.config.ts b/frontend/admin-web/next.config.ts index 445c7e0a..3fa51653 100644 --- a/frontend/admin-web/next.config.ts +++ b/frontend/admin-web/next.config.ts @@ -1,6 +1,7 @@ import type { NextConfig } from 'next'; const nextConfig: NextConfig = { + output: 'standalone', reactStrictMode: true, sassOptions: { silenceDeprecations: ['legacy-js-api'], diff --git a/frontend/admin-web/nginx/rwaadmin.szaiai.com.conf b/frontend/admin-web/nginx/rwaadmin.szaiai.com.conf new file mode 100644 index 00000000..264370bf --- /dev/null +++ b/frontend/admin-web/nginx/rwaadmin.szaiai.com.conf @@ -0,0 +1,106 @@ +# RWADurian Admin Web Nginx 配置 +# 域名: rwaadmin.szaiai.com +# 放置路径: /etc/nginx/sites-available/rwaadmin.szaiai.com +# 启用: ln -s /etc/nginx/sites-available/rwaadmin.szaiai.com /etc/nginx/sites-enabled/ + +# HTTP 重定向到 HTTPS +server { + listen 80; + listen [::]:80; + server_name rwaadmin.szaiai.com; + + # Let's Encrypt 验证目录 + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + # 重定向到 HTTPS + location / { + return 301 https://$host$request_uri; + } +} + +# HTTPS 配置 +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name rwaadmin.szaiai.com; + + # SSL 证书 (Let's Encrypt) + ssl_certificate /etc/letsencrypt/live/rwaadmin.szaiai.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rwaadmin.szaiai.com/privkey.pem; + + # SSL 配置优化 + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + + # 现代加密套件 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # HSTS (可选,启用后请谨慎) + # add_header Strict-Transport-Security "max-age=63072000" always; + + # 日志 + access_log /var/log/nginx/rwaadmin.szaiai.com.access.log; + error_log /var/log/nginx/rwaadmin.szaiai.com.error.log; + + # Gzip 压缩 + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; + + # 安全头 + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + # 反向代理到 Docker 容器 + location / { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + + # 超时设置 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + + # 健康检查端点 + location /api/health { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + access_log off; + } + + # 静态资源缓存 + location /_next/static { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Host $host; + add_header Cache-Control "public, max-age=31536000, immutable"; + } + + # 图片等静态资源 + location ~* \.(ico|css|js|gif|jpeg|jpg|png|woff|woff2|ttf|svg|eot)$ { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Host $host; + expires 30d; + add_header Cache-Control "public, no-transform"; + } +} diff --git a/frontend/admin-web/nginx/setup-ssl.sh b/frontend/admin-web/nginx/setup-ssl.sh new file mode 100644 index 00000000..1bed3aaa --- /dev/null +++ b/frontend/admin-web/nginx/setup-ssl.sh @@ -0,0 +1,201 @@ +#!/bin/bash + +# RWADurian Admin Web SSL 证书配置脚本 +# 使用 Let's Encrypt 申请 SSL 证书 + +set -e + +DOMAIN="rwaadmin.szaiai.com" +EMAIL="admin@szaiai.com" # 修改为你的邮箱 +NGINX_CONF="/etc/nginx/sites-available/$DOMAIN" +NGINX_ENABLED="/etc/nginx/sites-enabled/$DOMAIN" +CERTBOT_WEBROOT="/var/www/certbot" + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } +log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; } +log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } +log_error() { echo -e "${RED}[ERROR]${NC} $1"; } + +# 检查是否为 root +check_root() { + if [ "$EUID" -ne 0 ]; then + log_error "请使用 root 权限运行此脚本" + exit 1 + fi +} + +# 安装 Certbot +install_certbot() { + log_info "检查 Certbot 安装..." + + if command -v certbot &> /dev/null; then + log_success "Certbot 已安装" + return + fi + + log_info "安装 Certbot..." + + # Ubuntu/Debian + if command -v apt &> /dev/null; then + apt update + apt install -y certbot python3-certbot-nginx + # CentOS/RHEL + elif command -v yum &> /dev/null; then + yum install -y epel-release + yum install -y certbot python3-certbot-nginx + else + log_error "不支持的系统,请手动安装 certbot" + exit 1 + fi + + log_success "Certbot 安装完成" +} + +# 配置 Nginx (首次,无 SSL) +setup_nginx_initial() { + log_info "配置 Nginx (HTTP only,用于证书申请)..." + + # 创建临时配置文件(仅 HTTP) + cat > "$NGINX_CONF" << 'EOF' +server { + listen 80; + listen [::]:80; + server_name rwaadmin.szaiai.com; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +EOF + + # 创建 certbot webroot 目录 + mkdir -p "$CERTBOT_WEBROOT" + + # 启用站点 + ln -sf "$NGINX_CONF" "$NGINX_ENABLED" + + # 测试并重载 Nginx + nginx -t && systemctl reload nginx + + log_success "Nginx HTTP 配置完成" +} + +# 申请 SSL 证书 +obtain_certificate() { + log_info "申请 Let's Encrypt SSL 证书..." + + certbot certonly \ + --webroot \ + --webroot-path="$CERTBOT_WEBROOT" \ + --email "$EMAIL" \ + --agree-tos \ + --no-eff-email \ + -d "$DOMAIN" + + log_success "SSL 证书申请成功" +} + +# 配置 Nginx (完整 HTTPS) +setup_nginx_ssl() { + log_info "配置 Nginx (HTTPS)..." + + # 获取脚本所在目录 + SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + + # 复制完整配置 + cp "$SCRIPT_DIR/rwaadmin.szaiai.com.conf" "$NGINX_CONF" + + # 测试并重载 Nginx + nginx -t && systemctl reload nginx + + log_success "Nginx HTTPS 配置完成" +} + +# 设置自动续期 +setup_auto_renewal() { + log_info "配置证书自动续期..." + + # 测试续期 + certbot renew --dry-run + + log_success "自动续期配置完成 (cron job 已由 certbot 自动创建)" +} + +# 显示帮助 +show_help() { + echo "" + echo "RWADurian Admin Web SSL 配置脚本" + echo "" + echo "使用方法: sudo ./setup-ssl.sh [命令]" + echo "" + echo "命令:" + echo " install 完整安装 (默认)" + echo " renew 手动续期证书" + echo " status 查看证书状态" + echo " help 显示帮助" + echo "" + echo "注意: 运行前请确保:" + echo " 1. 域名 DNS 已指向本服务器" + echo " 2. 防火墙已开放 80 和 443 端口" + echo " 3. Docker 应用已启动在 3000 端口" + echo "" +} + +# 完整安装 +full_install() { + check_root + install_certbot + setup_nginx_initial + obtain_certificate + setup_nginx_ssl + setup_auto_renewal + + echo "" + log_success "==========================================" + log_success "SSL 配置完成!" + log_success "访问地址: https://$DOMAIN" + log_success "==========================================" +} + +# 主函数 +main() { + case "${1:-install}" in + install) + full_install + ;; + renew) + check_root + certbot renew + systemctl reload nginx + ;; + status) + certbot certificates + ;; + help|--help|-h) + show_help + ;; + *) + log_error "未知命令: $1" + show_help + exit 1 + ;; + esac +} + +main "$@" diff --git a/frontend/admin-web/src/app/api/health/route.ts b/frontend/admin-web/src/app/api/health/route.ts new file mode 100644 index 00000000..d705a1ba --- /dev/null +++ b/frontend/admin-web/src/app/api/health/route.ts @@ -0,0 +1,16 @@ +import { NextResponse } from 'next/server'; + +/** + * 健康检查 API + * 用于 Docker 容器健康检查和负载均衡器探测 + */ +export async function GET() { + return NextResponse.json( + { + status: 'ok', + timestamp: new Date().toISOString(), + service: 'rwadurian-admin-web', + }, + { status: 200 } + ); +}