hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(api-gateway): 添加 standalone 模式 (up2) 支持 2.0 服务与 Kong 同机部署 

- 新增 kong-standalone.yml: 2.0 服务通过 host.docker.internal 访问本机端口
  1.0 服务仍走 192.168.1.111, CORS 已添加 mapi.szaiai.com
- 新增 docker-compose.standalone.yml: compose override 添加 extra_hosts
- deploy.sh 新增 up2/sync2 命令

用法:
  ./deploy.sh up2    # 启动 Kong (standalone)
  ./deploy.sh sync2  # 重新同步 standalone 配置

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-02-01 21:44:20 -08:00
parent 42cf189749
commit 981b11f746
3 changed files with 454 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
backend/api-gateway/deploy.sh
View File

@ -120,6 +120,45 @@ cmd_up() {
fi
}
# 启动服务 (2.0 standalone 模式)
# 使用 docker-compose.standalone.yml override:
# - Kong 加 extra_hosts: host.docker.internal (访问同机 2.0 服务)
# - kong-config 加载 kong-standalone.yml (2.0 → localhost, 1.0 → 192.168.1.111)
cmd_up2() {
log_info "启动 Kong API Gateway (standalone 模式)..."
check_backend
local STANDALONE="$COMPOSE_CMD -f docker-compose.yml -f docker-compose.standalone.yml"
$STANDALONE up -d
log_info "等待 Kong 启动..."
sleep 10
if docker ps | grep -q rwa-kong; then
log_success "Kong API Gateway (standalone) 启动成功!"
echo ""
echo "模式: standalone (2.0 → host.docker.internal, 1.0 → 192.168.1.111)"
echo "服务地址:"
echo " Proxy: http://localhost:8000"
echo " Admin API: http://localhost:8001"
echo " Admin GUI: http://localhost:8002"
echo ""
else
log_error "Kong 启动失败,查看日志: $STANDALONE logs"
exit 1
fi
}
# 重新同步 standalone 配置
cmd_sync2() {
log_info "同步 kong-standalone.yml 到 Kong..."
local STANDALONE="$COMPOSE_CMD -f docker-compose.yml -f docker-compose.standalone.yml"
$STANDALONE run --rm kong-config
log_success "standalone 配置同步完成"
echo ""
echo "查看路由: ./deploy.sh routes"
}
# 停止服务
cmd_down() {
log_info "停止 Kong API Gateway..."
@ -410,6 +449,10 @@ show_help() {
echo " test 测试 API 路由"
echo " clean 清理容器和数据"
echo ""
echo "Standalone 模式 (2.0 服务与 Kong 同机):"
echo " up2 启动 Kong (standalone, 2.0 → host.docker.internal)"
echo " sync2 重新同步 kong-standalone.yml 配置"
echo ""
echo "Nginx 命令:"
echo " nginx install [domain] 安装 Nginx + SSL 证书 (默认: mapi.szaiai.com)"
echo " nginx ssl [domain] 申请/续期 SSL 证书"
@ -468,6 +511,12 @@ main() {
clean)
cmd_clean
;;
up2)
cmd_up2
;;
sync2)
cmd_sync2
;;
nginx)
case "${2:-install}" in
install)

15
backend/api-gateway/docker-compose.standalone.yml Normal file
View File

@ -0,0 +1,15 @@
# =============================================================================
# Kong Standalone Override - 2.0 服务与 Kong 同机部署
# =============================================================================
# 用法: ./deploy.sh up2
# 等价于: docker compose -f docker-compose.yml -f docker-compose.standalone.yml up -d
# =============================================================================
services:
kong:
extra_hosts:
- "host.docker.internal:host-gateway"
kong-config:
volumes:
- ./kong-standalone.yml:/etc/kong/kong.yml:ro

390
backend/api-gateway/kong-standalone.yml Normal file
View File

@ -0,0 +1,390 @@
# =============================================================================
# Kong API Gateway - 2.0 Standalone 声明式配置
# =============================================================================
# 部署说明:
# - Kong + 2.0 服务: 同一台物理机 (192.168.1.10)
# - 1.0 后端服务器: 192.168.1.111
# - 2.0 服务通过 host.docker.internal 访问宿主机端口 (无需走局域网)
#
# 使用方法:
# ./deploy.sh up2 # 启动 Kong 并加载此配置
# ./deploy.sh sync2 # 仅重新同步此配置
# =============================================================================
_format_version: "3.0"
_transform: true
# =============================================================================
# Services
# =============================================================================
services:
# ===========================================================================
# 1.0 Services → 192.168.1.111 (通过局域网)
# ===========================================================================
- name: identity-service
url: http://192.168.1.111:3000
routes:
- name: identity-auth
paths:
- /api/v1/auth
strip_path: false
- name: identity-me
paths:
- /api/v1/me
strip_path: false
- name: identity-user
paths:
- /api/v1/user
strip_path: false
- name: identity-users
paths:
- /api/v1/users
strip_path: false
- name: identity-health
paths:
- /api/v1/identity/health
strip_path: true
- name: identity-admin-pending-actions
paths:
- /api/v1/admin/pending-actions
strip_path: false
- name: wallet-service
url: http://192.168.1.111:3001
routes:
- name: wallet-api
paths:
- /api/v1/wallets
strip_path: false
- name: wallet-main
paths:
- /api/v1/wallet
strip_path: false
- name: wallet-health
paths:
- /api/v1/wallet-service/health
strip_path: true
- name: backup-service
url: http://192.168.1.111:3002
routes:
- name: backup-api
paths:
- /api/v1/backups
strip_path: false
- name: backup-share-api
paths:
- /api/v1/backup-share
strip_path: false
- name: planting-service
url: http://192.168.1.111:3003
routes:
- name: planting-api
paths:
- /api/v1/planting
strip_path: false
- name: referral-service
url: http://192.168.1.111:3004
routes:
- name: referral-api
paths:
- /api/v1/referral
strip_path: false
- name: referral-referrals
paths:
- /api/v1/referrals
strip_path: false
- name: referral-team-statistics
paths:
- /api/v1/team-statistics
strip_path: false
- name: reward-service
url: http://192.168.1.111:3005
routes:
- name: reward-api
paths:
- /api/v1/rewards
strip_path: false
- name: mpc-service
url: http://192.168.1.111:3006
routes:
- name: mpc-api
paths:
- /api/v1/mpc
strip_path: false
- name: mpc-party-api
paths:
- /api/v1/mpc-party
strip_path: false
- name: leaderboard-service
url: http://192.168.1.111:3007
routes:
- name: leaderboard-api
paths:
- /api/v1/leaderboard
strip_path: false
- name: leaderboard-virtual-accounts
paths:
- /api/v1/virtual-accounts
strip_path: false
- name: reporting-service
url: http://192.168.1.111:3008
routes:
- name: reporting-dashboard
paths:
- /api/v1/dashboard
strip_path: false
- name: reporting-api
paths:
- /api/v1/reports
strip_path: false
- name: reporting-export
paths:
- /api/v1/export
strip_path: false
- name: reporting-system-accounts
paths:
- /api/v1/system-account-reports
strip_path: false
- name: authorization-service
url: http://192.168.1.111:3009
routes:
- name: authorization-api
paths:
- /api/v1/authorizations
strip_path: false
- name: authorization-admin
paths:
- /api/v1/admin/authorizations
strip_path: false
- name: admin-service
url: http://192.168.1.111:3010
routes:
- name: admin-versions
paths:
- /api/v1/versions
strip_path: false
- name: admin-api
paths:
- /api/v1/admin
strip_path: false
- name: admin-mobile-version
paths:
- /api/app/version
strip_path: false
- name: admin-downloads
paths:
- /downloads
strip_path: false
- name: admin-mobile-notifications
paths:
- /api/v1/mobile/notifications
strip_path: false
- name: admin-mobile-system
paths:
- /api/v1/mobile/system
strip_path: false
- name: presence-service
url: http://192.168.1.111:3011
routes:
- name: presence-api
paths:
- /api/v1/presence
strip_path: false
- name: presence-analytics
paths:
- /api/v1/analytics
strip_path: false
- name: blockchain-service
url: http://192.168.1.111:3012
routes:
- name: blockchain-deposit
paths:
- /api/v1/deposit
strip_path: false
- name: blockchain-balance
paths:
- /api/v1/balance
strip_path: false
- name: mpc-account-service
url: http://192.168.1.111:4000
routes:
- name: mpc-co-managed
paths:
- /api/v1/co-managed
strip_path: false
# ===========================================================================
# 2.0 Services → host.docker.internal (同一台物理机,通过宿主机端口)
# ===========================================================================
- name: contribution-service-v2
url: http://host.docker.internal:3020
routes:
- name: contribution-v2-api
paths:
- /api/v2/contribution
strip_path: false
- name: contribution-v2-health
paths:
- /api/v2/contribution/health
strip_path: false
- name: mining-service-v2
url: http://host.docker.internal:3021
routes:
- name: mining-v2-api
paths:
- /api/v2/mining
strip_path: false
- name: mining-v2-health
paths:
- /api/v2/mining/health
strip_path: false
- name: trading-service-v2
url: http://host.docker.internal:3022/api/v2
routes:
- name: trading-v2-api
paths:
- /api/v2/trading
strip_path: true
- name: trading-v2-health
paths:
- /api/v2/trading/health
strip_path: true
- name: trading-ws-service
url: http://host.docker.internal:3022
routes:
- name: trading-ws-price
paths:
- /ws/price
strip_path: true
protocols:
- http
- https
- name: mining-admin-service
url: http://host.docker.internal:3023/api/v2
routes:
- name: mining-admin-api
paths:
- /api/v2/mining-admin
strip_path: true
- name: mining-admin-health
paths:
- /api/v2/mining-admin/health
strip_path: true
- name: mining-admin-upgrade-service
url: http://host.docker.internal:3023
routes:
- name: mining-admin-upgrade
paths:
- /mining-admin
strip_path: true
- name: auth-service-v2
url: http://host.docker.internal:3024
routes:
- name: auth-v2-api
paths:
- /api/v2/auth
strip_path: false
- name: auth-v2-health
paths:
- /api/v2/auth/health
strip_path: false
- name: mining-wallet-service
url: http://host.docker.internal:3025/api/v2
routes:
- name: mining-wallet-api
paths:
- /api/v2/mining-wallet
strip_path: true
- name: mining-wallet-health
paths:
- /api/v2/mining-wallet/health
strip_path: true
- name: mining-blockchain-service
url: http://host.docker.internal:3026
routes:
- name: mining-blockchain-api
paths:
- /api/v1/mining-blockchain
strip_path: false
# =============================================================================
# Plugins
# =============================================================================
plugins:
- name: cors
config:
origins:
- "https://rwaadmin.szaiai.com"
- "https://madmin.szaiai.com"
- "https://mapi.szaiai.com"
- "https://update.szaiai.com"
- "https://app.rwadurian.com"
- "http://localhost:3000"
- "http://localhost:3020"
- "http://localhost:3100"
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
headers:
- Accept
- Accept-Version
- Content-Length
- Content-MD5
- Content-Type
- Date
- Authorization
- X-Auth-Token
exposed_headers:
- X-Auth-Token
credentials: true
max_age: 3600
- name: rate-limiting
config:
minute: 10000
hour: 500000
policy: local
- name: file-log
config:
path: /tmp/kong-access.log
reopen: true
- name: request-size-limiting
config:
allowed_payload_size: 500
size_unit: megabytes
- name: prometheus
config:
per_consumer: true
status_code_metrics: true
latency_metrics: true
bandwidth_metrics: true
upstream_health_metrics: true