diff --git a/backend/api-gateway/deploy.sh b/backend/api-gateway/deploy.sh index f0168c53..49e456e4 100755 --- a/backend/api-gateway/deploy.sh +++ b/backend/api-gateway/deploy.sh @@ -120,6 +120,45 @@ cmd_up() { fi } +# 启动服务 (2.0 standalone 模式) +# 使用 docker-compose.standalone.yml override: +# - Kong 加 extra_hosts: host.docker.internal (访问同机 2.0 服务) +# - kong-config 加载 kong-standalone.yml (2.0 → localhost, 1.0 → 192.168.1.111) +cmd_up2() { + log_info "启动 Kong API Gateway (standalone 模式)..." + check_backend + + local STANDALONE="$COMPOSE_CMD -f docker-compose.yml -f docker-compose.standalone.yml" + $STANDALONE up -d + + log_info "等待 Kong 启动..." + sleep 10 + + if docker ps | grep -q rwa-kong; then + log_success "Kong API Gateway (standalone) 启动成功!" + echo "" + echo "模式: standalone (2.0 → host.docker.internal, 1.0 → 192.168.1.111)" + echo "服务地址:" + echo " Proxy: http://localhost:8000" + echo " Admin API: http://localhost:8001" + echo " Admin GUI: http://localhost:8002" + echo "" + else + log_error "Kong 启动失败,查看日志: $STANDALONE logs" + exit 1 + fi +} + +# 重新同步 standalone 配置 +cmd_sync2() { + log_info "同步 kong-standalone.yml 到 Kong..." + local STANDALONE="$COMPOSE_CMD -f docker-compose.yml -f docker-compose.standalone.yml" + $STANDALONE run --rm kong-config + log_success "standalone 配置同步完成" + echo "" + echo "查看路由: ./deploy.sh routes" +} + # 停止服务 cmd_down() { log_info "停止 Kong API Gateway..." @@ -410,6 +449,10 @@ show_help() { echo " test 测试 API 路由" echo " clean 清理容器和数据" echo "" + echo "Standalone 模式 (2.0 服务与 Kong 同机):" + echo " up2 启动 Kong (standalone, 2.0 → host.docker.internal)" + echo " sync2 重新同步 kong-standalone.yml 配置" + echo "" echo "Nginx 命令:" echo " nginx install [domain] 安装 Nginx + SSL 证书 (默认: mapi.szaiai.com)" echo " nginx ssl [domain] 申请/续期 SSL 证书" @@ -468,6 +511,12 @@ main() { clean) cmd_clean ;; + up2) + cmd_up2 + ;; + sync2) + cmd_sync2 + ;; nginx) case "${2:-install}" in install) diff --git a/backend/api-gateway/docker-compose.standalone.yml b/backend/api-gateway/docker-compose.standalone.yml new file mode 100644 index 00000000..b162e0bd --- /dev/null +++ b/backend/api-gateway/docker-compose.standalone.yml @@ -0,0 +1,15 @@ +# ============================================================================= +# Kong Standalone Override - 2.0 服务与 Kong 同机部署 +# ============================================================================= +# 用法: ./deploy.sh up2 +# 等价于: docker compose -f docker-compose.yml -f docker-compose.standalone.yml up -d +# ============================================================================= + +services: + kong: + extra_hosts: + - "host.docker.internal:host-gateway" + + kong-config: + volumes: + - ./kong-standalone.yml:/etc/kong/kong.yml:ro diff --git a/backend/api-gateway/kong-standalone.yml b/backend/api-gateway/kong-standalone.yml new file mode 100644 index 00000000..efad6c72 --- /dev/null +++ b/backend/api-gateway/kong-standalone.yml @@ -0,0 +1,390 @@ +# ============================================================================= +# Kong API Gateway - 2.0 Standalone 声明式配置 +# ============================================================================= +# 部署说明: +# - Kong + 2.0 服务: 同一台物理机 (192.168.1.10) +# - 1.0 后端服务器: 192.168.1.111 +# - 2.0 服务通过 host.docker.internal 访问宿主机端口 (无需走局域网) +# +# 使用方法: +# ./deploy.sh up2 # 启动 Kong 并加载此配置 +# ./deploy.sh sync2 # 仅重新同步此配置 +# ============================================================================= + +_format_version: "3.0" +_transform: true + +# ============================================================================= +# Services +# ============================================================================= +services: + # =========================================================================== + # 1.0 Services → 192.168.1.111 (通过局域网) + # =========================================================================== + + - name: identity-service + url: http://192.168.1.111:3000 + routes: + - name: identity-auth + paths: + - /api/v1/auth + strip_path: false + - name: identity-me + paths: + - /api/v1/me + strip_path: false + - name: identity-user + paths: + - /api/v1/user + strip_path: false + - name: identity-users + paths: + - /api/v1/users + strip_path: false + - name: identity-health + paths: + - /api/v1/identity/health + strip_path: true + - name: identity-admin-pending-actions + paths: + - /api/v1/admin/pending-actions + strip_path: false + + - name: wallet-service + url: http://192.168.1.111:3001 + routes: + - name: wallet-api + paths: + - /api/v1/wallets + strip_path: false + - name: wallet-main + paths: + - /api/v1/wallet + strip_path: false + - name: wallet-health + paths: + - /api/v1/wallet-service/health + strip_path: true + + - name: backup-service + url: http://192.168.1.111:3002 + routes: + - name: backup-api + paths: + - /api/v1/backups + strip_path: false + - name: backup-share-api + paths: + - /api/v1/backup-share + strip_path: false + + - name: planting-service + url: http://192.168.1.111:3003 + routes: + - name: planting-api + paths: + - /api/v1/planting + strip_path: false + + - name: referral-service + url: http://192.168.1.111:3004 + routes: + - name: referral-api + paths: + - /api/v1/referral + strip_path: false + - name: referral-referrals + paths: + - /api/v1/referrals + strip_path: false + - name: referral-team-statistics + paths: + - /api/v1/team-statistics + strip_path: false + + - name: reward-service + url: http://192.168.1.111:3005 + routes: + - name: reward-api + paths: + - /api/v1/rewards + strip_path: false + + - name: mpc-service + url: http://192.168.1.111:3006 + routes: + - name: mpc-api + paths: + - /api/v1/mpc + strip_path: false + - name: mpc-party-api + paths: + - /api/v1/mpc-party + strip_path: false + + - name: leaderboard-service + url: http://192.168.1.111:3007 + routes: + - name: leaderboard-api + paths: + - /api/v1/leaderboard + strip_path: false + - name: leaderboard-virtual-accounts + paths: + - /api/v1/virtual-accounts + strip_path: false + + - name: reporting-service + url: http://192.168.1.111:3008 + routes: + - name: reporting-dashboard + paths: + - /api/v1/dashboard + strip_path: false + - name: reporting-api + paths: + - /api/v1/reports + strip_path: false + - name: reporting-export + paths: + - /api/v1/export + strip_path: false + - name: reporting-system-accounts + paths: + - /api/v1/system-account-reports + strip_path: false + + - name: authorization-service + url: http://192.168.1.111:3009 + routes: + - name: authorization-api + paths: + - /api/v1/authorizations + strip_path: false + - name: authorization-admin + paths: + - /api/v1/admin/authorizations + strip_path: false + + - name: admin-service + url: http://192.168.1.111:3010 + routes: + - name: admin-versions + paths: + - /api/v1/versions + strip_path: false + - name: admin-api + paths: + - /api/v1/admin + strip_path: false + - name: admin-mobile-version + paths: + - /api/app/version + strip_path: false + - name: admin-downloads + paths: + - /downloads + strip_path: false + - name: admin-mobile-notifications + paths: + - /api/v1/mobile/notifications + strip_path: false + - name: admin-mobile-system + paths: + - /api/v1/mobile/system + strip_path: false + + - name: presence-service + url: http://192.168.1.111:3011 + routes: + - name: presence-api + paths: + - /api/v1/presence + strip_path: false + - name: presence-analytics + paths: + - /api/v1/analytics + strip_path: false + + - name: blockchain-service + url: http://192.168.1.111:3012 + routes: + - name: blockchain-deposit + paths: + - /api/v1/deposit + strip_path: false + - name: blockchain-balance + paths: + - /api/v1/balance + strip_path: false + + - name: mpc-account-service + url: http://192.168.1.111:4000 + routes: + - name: mpc-co-managed + paths: + - /api/v1/co-managed + strip_path: false + + # =========================================================================== + # 2.0 Services → host.docker.internal (同一台物理机,通过宿主机端口) + # =========================================================================== + + - name: contribution-service-v2 + url: http://host.docker.internal:3020 + routes: + - name: contribution-v2-api + paths: + - /api/v2/contribution + strip_path: false + - name: contribution-v2-health + paths: + - /api/v2/contribution/health + strip_path: false + + - name: mining-service-v2 + url: http://host.docker.internal:3021 + routes: + - name: mining-v2-api + paths: + - /api/v2/mining + strip_path: false + - name: mining-v2-health + paths: + - /api/v2/mining/health + strip_path: false + + - name: trading-service-v2 + url: http://host.docker.internal:3022/api/v2 + routes: + - name: trading-v2-api + paths: + - /api/v2/trading + strip_path: true + - name: trading-v2-health + paths: + - /api/v2/trading/health + strip_path: true + + - name: trading-ws-service + url: http://host.docker.internal:3022 + routes: + - name: trading-ws-price + paths: + - /ws/price + strip_path: true + protocols: + - http + - https + + - name: mining-admin-service + url: http://host.docker.internal:3023/api/v2 + routes: + - name: mining-admin-api + paths: + - /api/v2/mining-admin + strip_path: true + - name: mining-admin-health + paths: + - /api/v2/mining-admin/health + strip_path: true + + - name: mining-admin-upgrade-service + url: http://host.docker.internal:3023 + routes: + - name: mining-admin-upgrade + paths: + - /mining-admin + strip_path: true + + - name: auth-service-v2 + url: http://host.docker.internal:3024 + routes: + - name: auth-v2-api + paths: + - /api/v2/auth + strip_path: false + - name: auth-v2-health + paths: + - /api/v2/auth/health + strip_path: false + + - name: mining-wallet-service + url: http://host.docker.internal:3025/api/v2 + routes: + - name: mining-wallet-api + paths: + - /api/v2/mining-wallet + strip_path: true + - name: mining-wallet-health + paths: + - /api/v2/mining-wallet/health + strip_path: true + + - name: mining-blockchain-service + url: http://host.docker.internal:3026 + routes: + - name: mining-blockchain-api + paths: + - /api/v1/mining-blockchain + strip_path: false + +# ============================================================================= +# Plugins +# ============================================================================= +plugins: + - name: cors + config: + origins: + - "https://rwaadmin.szaiai.com" + - "https://madmin.szaiai.com" + - "https://mapi.szaiai.com" + - "https://update.szaiai.com" + - "https://app.rwadurian.com" + - "http://localhost:3000" + - "http://localhost:3020" + - "http://localhost:3100" + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + headers: + - Accept + - Accept-Version + - Content-Length + - Content-MD5 + - Content-Type + - Date + - Authorization + - X-Auth-Token + exposed_headers: + - X-Auth-Token + credentials: true + max_age: 3600 + + - name: rate-limiting + config: + minute: 10000 + hour: 500000 + policy: local + + - name: file-log + config: + path: /tmp/kong-access.log + reopen: true + + - name: request-size-limiting + config: + allowed_payload_size: 500 + size_unit: megabytes + + - name: prometheus + config: + per_consumer: true + status_code_metrics: true + latency_metrics: true + bandwidth_metrics: true + upstream_health_metrics: true