hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: 更新部署指南,添加完整 Nginx 配置 

更新内容:
- 明确后端服务部署在 192.168.1.111 服务器
- 添加完整的 Nginx 配置文件结构
  - nginx.conf 主配置
  - proxy_params.conf 代理参数
  - rwaapi.conf API 网关配置
- 所有 upstream 指向 192.168.1.111 内网地址
- 添加 Docker Compose 完整配置 (10个微服务)
- 添加数据库初始化脚本
- 添加环境变量配置示例
- 添加部署步骤和验证命令
- 添加监控运维和常见问题

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Developer 2025-12-01 20:41:50 -08:00
parent 2d50ad32a9
commit a9dc2b441e
1 changed files with 364 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

637
backend/services/identity-service/DEPLOYMENT_GUIDE.md
View File

@ -12,48 +12,85 @@
┌─────────────────────────────────────────────────────────────────────────────┐
│ Nginx 服务器 (公网) │
│ https://rwaapi.szaiai.com │
│ (Nginx 反向代理) │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ /identity │ │ /wallet │ │ /planting │ │ /referral │ ... │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
└─────────┼───────────────┼───────────────┼───────────────┼───────────────────┘
│ │ │ │
▼ ▼ ▼ ▼
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ /etc/nginx/conf.d/rwaapi.conf │ │
│ │ │ │
│ │ /api/v1/user/* → 192.168.1.111:3000 (Identity) │ │
│ │ /api/v1/auth/* → 192.168.1.111:3000 (Identity) │ │
│ │ /api/v1/wallet/* → 192.168.1.111:3002 (Wallet) │ │
│ │ /api/v1/trading/* → 192.168.1.111:3002 (Wallet) │ │
│ │ /api/v1/planting/* → 192.168.1.111:3003 (Planting) │ │
│ │ /api/v1/referral/* → 192.168.1.111:3004 (Referral) │ │
│ │ /api/v1/mining/* → 192.168.1.111:3005 (Reward) │ │
│ │ /api/v1/ranking/* → 192.168.1.111:3007 (Leaderboard) │ │
│ │ /api/v1/telemetry/*→ 192.168.1.111:3008 (Reporting) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────┬───────────────────────────────────────────┘
│ 内网
┌─────────────────────────────────────────────────────────────────────────────┐
│ Docker Network │
后端服务器 192.168.1.111
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Identity │ │ Wallet │ │ Planting │ │ Referral │ ... │
│ │ :3000 │ │ :3002 │ │ :3003 │ │ :3004 │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ Identity │ │ MPC │ │ Wallet │ │ Planting │ │
│ │ :3000 │ │ :3001 │ │ :3002 │ │ :3003 │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ PostgreSQL │ │ Redis │ │ Kafka │ │
│ │ :5432 │ │ :6379 │ │ :9092 │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ Referral │ │ Reward │ │ Authorization │ │ Leaderboard │ │
│ │ :3004 │ │ :3005 │ │ :3006 │ │ :3007 │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ │
│ │ Reporting │ │ Backup │ │
│ │ :3008 │ │ :3009 │ │
│ └───────────────┘ └───────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ PostgreSQL │ │ Redis │ │ Kafka │ │
│ │ :5432 │ │ :6379 │ │ :9092 │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
```
## 2. 后端服务端口规划
所有后端服务部署在 **192.168.1.111** 服务器上:
| 服务名称 | 端口 | API 前缀 | 说明 |
|---------|------|----------|------|
| Identity Service | 3000 | `/api/v1` | 用户身份、认证、钱包创建 |
| MPC Service | 3001 | `/api/v1` | MPC 密钥分片管理 |
| Wallet Service | 3002 | `/api/v1` | 钱包余额、交易 |
| MPC Service | 3001 | `/api/v1` | MPC 密钥分片管理 (内部) |
| Wallet Service | 3002 | `/api/v1` | 钱包余额、交易、充值 |
| Planting Service | 3003 | `/api/v1` | 认种业务 |
| Referral Service | 3004 | `/api/v1` | 推荐关系、分享 |
| Referral Service | 3004 | `/api/v1` | 推荐关系、分享链接 |
| Reward Service | 3005 | `/api/v1` | 挖矿奖励、收益 |
| Authorization Service | 3006 | `/api/v1` | 权限管理 |
| Authorization Service | 3006 | `/api/v1` | 权限管理 (内部) |
| Leaderboard Service | 3007 | `/api` | 排行榜 |
| Reporting Service | 3008 | `/api/v1` | 遥测统计、报表 |
| Backup Service | 3009 | - | MPC 备份 (内部服务) |
## 3. Nginx 配置
## 3. Nginx 配置文件
### 3.1 主配置文件 `/etc/nginx/nginx.conf`
### 3.1 目录结构
在 Nginx 服务器上创建以下目录结构:
```
/etc/nginx/
├── nginx.conf # 主配置文件
├── conf.d/
│ ├── rwaapi.conf # API 网关配置
│ └── proxy_params.conf # 代理参数配置
└── ssl/
├── rwaapi.szaiai.com.pem # SSL 证书
└── rwaapi.szaiai.com.key # SSL 私钥
```
### 3.2 主配置文件 `/etc/nginx/nginx.conf`
```nginx
user nginx;
@ -84,6 +121,7 @@ http {
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 10m;
# Gzip 压缩
gzip on;
@ -101,53 +139,79 @@ http {
}
```
### 3.2 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf`
### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf`
```nginx
# 上游服务定义
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
```
### 3.4 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf`
```nginx
# ============================================
# 后端服务器地址 (192.168.1.111)
# ============================================
upstream identity_service {
server identity-service:3000;
server 192.168.1.111:3000;
keepalive 32;
}
upstream wallet_service {
server wallet-service:3002;
server 192.168.1.111:3002;
keepalive 32;
}
upstream planting_service {
server planting-service:3003;
server 192.168.1.111:3003;
keepalive 32;
}
upstream referral_service {
server referral-service:3004;
server 192.168.1.111:3004;
keepalive 32;
}
upstream reward_service {
server reward-service:3005;
server 192.168.1.111:3005;
keepalive 32;
}
upstream leaderboard_service {
server leaderboard-service:3007;
server 192.168.1.111:3007;
keepalive 32;
}
upstream reporting_service {
server reporting-service:3008;
server 192.168.1.111:3008;
keepalive 32;
}
# ============================================
# HTTP -> HTTPS 重定向
# ============================================
server {
listen 80;
server_name rwaapi.szaiai.com;
# 强制 HTTPS 重定向
return 301 https://$server_name$request_uri;
}
# ============================================
# HTTPS 服务器
# ============================================
server {
listen 443 ssl http2;
server_name rwaapi.szaiai.com;
@ -193,15 +257,20 @@ server {
limit_req zone=api_limit burst=20 nodelay;
limit_conn conn_limit 10;
# ============================================
# 健康检查端点
# ============================================
location /health {
access_log off;
return 200 'OK';
add_header Content-Type text/plain;
return 200 '{"status":"ok","timestamp":"$time_iso8601"}';
add_header Content-Type application/json;
}
# ============================================
# Identity Service - 用户身份认证
# POST /api/v1/user/auto-create - 自动创建用户
# POST /api/v1/user/login - 用户登录
# GET /api/v1/user/profile - 获取用户信息
# ============================================
location /api/v1/user {
proxy_pass http://identity_service/api/v1/user;
@ -215,17 +284,21 @@ server {
# ============================================
# Wallet Service - 钱包操作
# GET /api/v1/wallet/balance - 查询余额
# POST /api/v1/wallet/create - 创建钱包
# ============================================
location /api/v1/wallet {
proxy_pass http://wallet_service/api/v1/wallet;
include /etc/nginx/conf.d/proxy_params.conf;
}
# Trading - 交易
location /api/v1/trading {
proxy_pass http://wallet_service/api/v1/trading;
include /etc/nginx/conf.d/proxy_params.conf;
}
# Deposit - 充值
location /api/v1/deposit {
proxy_pass http://wallet_service/api/v1/deposit;
include /etc/nginx/conf.d/proxy_params.conf;
@ -233,6 +306,8 @@ server {
# ============================================
# Planting Service - 认种业务
# GET /api/v1/planting/price - 认种价格
# POST /api/v1/planting/submit - 提交认种
# ============================================
location /api/v1/planting {
proxy_pass http://planting_service/api/v1/planting;
@ -241,6 +316,8 @@ server {
# ============================================
# Referral Service - 推荐系统
# GET /api/v1/referral/generate-link - 生成推荐链接
# GET /api/v1/community/referrals - 获取推荐列表
# ============================================
location /api/v1/referral {
proxy_pass http://referral_service/api/v1/referral;
@ -254,6 +331,9 @@ server {
# ============================================
# Reward Service - 挖矿奖励
# GET /api/v1/mining/status - 挖矿状态
# POST /api/v1/mining/start - 开始挖矿
# POST /api/v1/mining/claim - 领取奖励
# ============================================
location /api/v1/mining {
proxy_pass http://reward_service/api/v1/mining;
@ -267,6 +347,8 @@ server {
# ============================================
# Leaderboard Service - 排行榜
# GET /api/v1/ranking/daily - 日榜
# GET /api/v1/ranking/weekly - 周榜
# ============================================
location /api/v1/ranking {
proxy_pass http://leaderboard_service/api/ranking;
@ -280,6 +362,9 @@ server {
# ============================================
# Reporting Service - 遥测统计
# POST /api/v1/telemetry/session - 上报会话
# POST /api/v1/telemetry/heartbeat - 心跳
# POST /api/v1/telemetry/events - 事件上报
# ============================================
location /api/v1/telemetry {
proxy_pass http://reporting_service/api/v1/telemetry;
@ -291,167 +376,38 @@ server {
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# 默认 404
# ============================================
location / {
return 404 '{"error": "Not Found", "message": "API endpoint not found"}';
return 404 '{"error":"Not Found","message":"API endpoint not found"}';
add_header Content-Type application/json;
}
}
```
### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf`
## 4. 后端服务器配置 (192.168.1.111)
```nginx
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
### 4.1 Docker Compose 部署文件
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
```
## 4. 前端配置修改
### 4.1 修改 API 端点配置
文件: `frontend/mobile-app/lib/core/constants/api_endpoints.dart`
```dart
class ApiEndpoints {
ApiEndpoints._();
// Base URL - 生产环境
static const String baseUrl = 'https://rwaapi.szaiai.com';
// Base URL - 开发环境 (可选)
static const String baseUrlDev = 'https://rwaapi-dev.szaiai.com';
// API 版本前缀
static const String apiPrefix = '/api/v1';
// Auth & User (-> Identity Service)
static const String user = '$apiPrefix/user';
static const String auth = '$apiPrefix/auth';
static const String autoCreate = '$user/auto-create';
static const String login = '$auth/login';
static const String refreshToken = '$auth/refresh';
static const String logout = '$auth/logout';
static const String profile = '$user/profile';
// Wallet (-> Wallet Service)
static const String wallet = '$apiPrefix/wallet';
static const String balance = '$wallet/balance';
static const String createWallet = '$wallet/create';
static const String importWallet = '$wallet/import';
// Trading (-> Wallet Service)
static const String trading = '$apiPrefix/trading';
static const String exchange = '$trading/exchange';
static const String settlement = '$trading/settlement';
static const String transactions = '$trading/transactions';
// Deposit (-> Wallet Service)
static const String deposit = '$apiPrefix/deposit';
static const String depositAddress = '$deposit/address';
static const String confirmDeposit = '$deposit/confirm';
// Mining & Reward (-> Reward Service)
static const String mining = '$apiPrefix/mining';
static const String miningStatus = '$mining/status';
static const String startMining = '$mining/start';
static const String stopMining = '$mining/stop';
static const String claimReward = '$mining/claim';
static const String hashPower = '$mining/hash-power';
// Ranking (-> Leaderboard Service)
static const String ranking = '$apiPrefix/ranking';
static const String dailyRanking = '$ranking/daily';
static const String weeklyRanking = '$ranking/weekly';
static const String monthlyRanking = '$ranking/monthly';
// Planting (-> Planting Service)
static const String planting = '$apiPrefix/planting';
static const String plantingPrice = '$planting/price';
static const String submitPlanting = '$planting/submit';
// Community & Referral (-> Referral Service)
static const String community = '$apiPrefix/community';
static const String referral = '$apiPrefix/referral';
static const String referralList = '$community/referrals';
static const String earnings = '$community/earnings';
static const String generateReferralLink = '$referral/generate-link';
// Telemetry (-> Reporting Service)
static const String telemetry = '$apiPrefix/telemetry';
static const String telemetrySession = '$telemetry/session';
static const String telemetryHeartbeat = '$telemetry/heartbeat';
static const String telemetryEvents = '$telemetry/events';
}
```
### 4.2 修改 API 客户端默认 URL
文件: `frontend/mobile-app/lib/core/network/api_client.dart`
```dart
// 修改默认 Base URL
static const String _defaultBaseUrl = 'https://rwaapi.szaiai.com';
// 开发模式可使用本地地址
// static const String _defaultBaseUrl = 'http://10.0.2.2:3000'; // Android 模拟器
// static const String _defaultBaseUrl = 'http://localhost:3000'; // iOS 模拟器
```
## 5. Docker Compose 部署
### 5.1 主部署文件 `docker-compose.prod.yml`
在 192.168.1.111 服务器上创建 `/opt/rwadurian/docker-compose.yml`:
```yaml
services:
# ============================================
# Nginx API Gateway
# ============================================
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
- ./nginx/logs:/var/log/nginx
depends_on:
- identity-service
- wallet-service
- planting-service
- referral-service
- reward-service
- leaderboard-service
- reporting-service
networks:
- rwa-network
restart: unless-stopped
# ============================================
# Identity Service
# 微服务
# ============================================
identity-service:
build: ./services/identity-service
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_identity
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- MPC_SERVICE_URL=http://mpc-service:3001
- BACKUP_SERVICE_URL=http://backup-service:3009
- APP_ENV=production
depends_on:
postgres:
@ -462,36 +418,50 @@ services:
- rwa-network
restart: unless-stopped
# ============================================
# Wallet Service
# ============================================
mpc-service:
build: ./services/mpc-service
ports:
- "3001:3001"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_mpc
- REDIS_HOST=redis
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
wallet-service:
build: ./services/wallet-service
ports:
- "3002:3002"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_wallet
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
# ============================================
# Planting Service
# ============================================
planting-service:
build: ./services/planting-service
ports:
- "3003:3003"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_planting
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- WALLET_SERVICE_URL=http://wallet-service:3002
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
@ -500,16 +470,17 @@ services:
- rwa-network
restart: unless-stopped
# ============================================
# Referral Service
# ============================================
referral-service:
build: ./services/referral-service
ports:
- "3004:3004"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_referral
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- PLANTING_SERVICE_URL=http://planting-service:3003
- APP_ENV=production
depends_on:
postgres:
@ -518,16 +489,35 @@ services:
- rwa-network
restart: unless-stopped
# ============================================
# Reward Service
# ============================================
reward-service:
build: ./services/reward-service
ports:
- "3005:3005"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reward
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- WALLET_SERVICE_URL=http://wallet-service:3002
- REFERRAL_SERVICE_URL=http://referral-service:3004
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
authorization-service:
build: ./services/authorization-service
ports:
- "3006:3006"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_authorization
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
@ -536,16 +526,17 @@ services:
- rwa-network
restart: unless-stopped
# ============================================
# Leaderboard Service
# ============================================
leaderboard-service:
build: ./services/leaderboard-service
ports:
- "3007:3007"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_leaderboard
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- REFERRAL_SERVICE_URL=http://referral-service:3004
- APP_ENV=production
depends_on:
postgres:
@ -556,11 +547,10 @@ services:
- rwa-network
restart: unless-stopped
# ============================================
# Reporting Service
# ============================================
reporting-service:
build: ./services/reporting-service
ports:
- "3008:3008"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reporting
- JWT_SECRET=${JWT_SECRET}
@ -574,6 +564,18 @@ services:
- rwa-network
restart: unless-stopped
backup-service:
build: ./services/backup-service
ports:
- "3009:3009"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres-backup:5432/rwa_backup
- SERVICE_JWT_SECRET=${SERVICE_JWT_SECRET}
- APP_ENV=production
networks:
- rwa-network
restart: unless-stopped
# ============================================
# 基础设施
# ============================================
@ -582,10 +584,9 @@ services:
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_MULTIPLE_DATABASES=rwa_identity,rwa_wallet,rwa_planting,rwa_referral,rwa_reward,rwa_leaderboard,rwa_reporting
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/init-multi-db.sh:/docker-entrypoint-initdb.d/init-multi-db.sh
- ./scripts/init-databases.sql:/docker-entrypoint-initdb.d/init.sql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
@ -629,6 +630,7 @@ services:
KAFKA_LISTENERS: PLAINTEXT_INTERNAL://0.0.0.0:29092
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT_INTERNAL
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
networks:
- rwa-network
restart: unless-stopped
@ -642,138 +644,227 @@ volumes:
redis_data:
```
### 5.2 环境变量文件 `.env.prod`
### 4.2 数据库初始化脚本
在 192.168.1.111 服务器上创建 `/opt/rwadurian/scripts/init-databases.sql`:
```sql
-- 创建所有微服务数据库
CREATE DATABASE rwa_identity;
CREATE DATABASE rwa_mpc;
CREATE DATABASE rwa_wallet;
CREATE DATABASE rwa_planting;
CREATE DATABASE rwa_referral;
CREATE DATABASE rwa_reward;
CREATE DATABASE rwa_authorization;
CREATE DATABASE rwa_leaderboard;
CREATE DATABASE rwa_reporting;
CREATE DATABASE rwa_backup;
```
### 4.3 环境变量文件
在 192.168.1.111 服务器上创建 `/opt/rwadurian/.env`:
```bash
# Database
DB_PASSWORD=your_secure_database_password
DB_PASSWORD=your_secure_database_password_here
# JWT
JWT_SECRET=your_super_secure_jwt_secret_at_least_32_chars
# JWT (所有服务共享)
JWT_SECRET=your_super_secure_jwt_secret_at_least_32_characters
# Redis
REDIS_PASSWORD=your_secure_redis_password
# Service JWT (服务间通信)
SERVICE_JWT_SECRET=your_service_jwt_secret_for_internal_calls
# Wallet Encryption
WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt
# Service JWT (for inter-service communication)
SERVICE_JWT_SECRET=your_service_jwt_secret
```
## 6. 部署步骤
## 5. 部署步骤
### 6.1 服务器准备
### 5.1 Nginx 服务器配置
```bash
# 1. 安装 Docker 和 Docker Compose
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# 1. 安装 Nginx
apt update && apt install -y nginx
# 2. 创建部署目录
# 2. 创建配置目录
mkdir -p /etc/nginx/ssl
# 3. 复制配置文件
# 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录
# 4. 安装 SSL 证书 (Let's Encrypt 示例)
apt install -y certbot python3-certbot-nginx
certbot --nginx -d rwaapi.szaiai.com
# 5. 测试配置
nginx -t
# 6. 重启 Nginx
systemctl restart nginx
systemctl enable nginx
```
### 5.2 后端服务器 (192.168.1.111) 配置
```bash
# 1. 安装 Docker
curl -fsSL https://get.docker.com | sh
usermod -aG docker $USER
# 2. 安装 Docker Compose
apt install -y docker-compose-plugin
# 3. 创建部署目录
mkdir -p /opt/rwadurian
cd /opt/rwadurian
# 3. 克隆代码
# 4. 克隆代码
git clone https://github.com/your-org/rwadurian.git .
# 4. 创建 Nginx 配置目录
mkdir -p nginx/{conf.d,ssl,logs}
# 5. 配置环境变量
cp .env.example .env
vim .env # 修改为生产环境配置
# 5. 复制 Nginx 配置
cp docs/nginx/* nginx/
# 6. 创建数据库初始化脚本
mkdir -p scripts
# 将上面的 init-databases.sql 复制到 scripts/
# 6. 安装 SSL 证书 (使用 Let's Encrypt 或购买的证书)
# 将证书放到 nginx/ssl/ 目录
# 7. 启动所有服务
docker compose up -d
# 8. 查看服务状态
docker compose ps
# 9. 运行数据库迁移
docker compose exec identity-service npx prisma migrate deploy
docker compose exec wallet-service npx prisma migrate deploy
docker compose exec planting-service npx prisma migrate deploy
docker compose exec referral-service npx prisma migrate deploy
docker compose exec reward-service npx prisma migrate deploy
docker compose exec leaderboard-service npx prisma migrate deploy
docker compose exec reporting-service npx prisma migrate deploy
```
### 6.2 启动服务
### 5.3 验证部署
```bash
# 1. 复制并配置环境变量
cp .env.example .env.prod
vim .env.prod # 修改为生产环境配置
# 从 Nginx 服务器测试
curl -k https://rwaapi.szaiai.com/health
# 2. 启动所有服务
docker compose -f docker-compose.prod.yml --env-file .env.prod up -d
# 测试 API 端点
curl -k https://rwaapi.szaiai.com/api/v1/user/auto-create \
-H "Content-Type: application/json" \
-d '{"deviceId": "test-device-123"}'
# 3. 查看服务状态
docker compose -f docker-compose.prod.yml ps
# 4. 查看日志
docker compose -f docker-compose.prod.yml logs -f
# 5. 运行数据库迁移
docker compose -f docker-compose.prod.yml exec identity-service npx prisma migrate deploy
docker compose -f docker-compose.prod.yml exec wallet-service npx prisma migrate deploy
# ... 其他服务
```
### 6.3 验证部署
```bash
# 健康检查
curl https://rwaapi.szaiai.com/health
# 测试 API
curl https://rwaapi.szaiai.com/api/v1/user/auto-create \
# 从后端服务器直接测试
curl http://localhost:3000/api/v1/user/auto-create \
-H "Content-Type: application/json" \
-d '{"deviceId": "test-device-123"}'
```
## 7. API 端点对照表
## 6. API 端点对照表
| 前端调用 | Nginx 路由 | 后端服务 | 服务端口 |
|---------|-----------|---------|---------|
| `/api/v1/user/*` | `/api/v1/user` | Identity Service | 3000 |
| `/api/v1/auth/*` | `/api/v1/auth` | Identity Service | 3000 |
| `/api/v1/wallet/*` | `/api/v1/wallet` | Wallet Service | 3002 |
| `/api/v1/trading/*` | `/api/v1/trading` | Wallet Service | 3002 |
| `/api/v1/deposit/*` | `/api/v1/deposit` | Wallet Service | 3002 |
| `/api/v1/mining/*` | `/api/v1/mining` | Reward Service | 3005 |
| `/api/v1/ranking/*` | `/api/v1/ranking` | Leaderboard Service | 3007 |
| `/api/v1/planting/*` | `/api/v1/planting` | Planting Service | 3003 |
| `/api/v1/referral/*` | `/api/v1/referral` | Referral Service | 3004 |
| `/api/v1/community/*` | `/api/v1/community` | Referral Service | 3004 |
| `/api/v1/telemetry/*` | `/api/v1/telemetry` | Reporting Service | 3008 |
| 前端调用路径 | Nginx 转发 | 后端服务 | 端口 |
|-------------|-----------|---------|------|
| `/api/v1/user/*` | → | Identity Service | 3000 |
| `/api/v1/auth/*` | → | Identity Service | 3000 |
| `/api/v1/wallet/*` | → | Wallet Service | 3002 |
| `/api/v1/trading/*` | → | Wallet Service | 3002 |
| `/api/v1/deposit/*` | → | Wallet Service | 3002 |
| `/api/v1/mining/*` | → | Reward Service | 3005 |
| `/api/v1/reward/*` | → | Reward Service | 3005 |
| `/api/v1/ranking/*` | → | Leaderboard Service | 3007 |
| `/api/v1/leaderboard/*` | → | Leaderboard Service | 3007 |
| `/api/v1/planting/*` | → | Planting Service | 3003 |
| `/api/v1/referral/*` | → | Referral Service | 3004 |
| `/api/v1/community/*` | → | Referral Service | 3004 |
| `/api/v1/telemetry/*` | → | Reporting Service | 3008 |
| `/api/v1/report/*` | → | Reporting Service | 3008 |
## 8. 监控与日志
## 7. 监控与运维
### 8.1 Nginx 日志
### 7.1 查看 Nginx 日志
```bash
# 访问日志
tail -f /opt/rwadurian/nginx/logs/access.log
tail -f /var/log/nginx/access.log
# 错误日志
tail -f /opt/rwadurian/nginx/logs/error.log
tail -f /var/log/nginx/error.log
# 过滤特定服务请求
grep "/api/v1/user" /var/log/nginx/access.log | tail -100
```
### 8.2 服务日志
### 7.2 查看服务日志
```bash
# 查看特定服务日志
docker compose -f docker-compose.prod.yml logs -f identity-service
# 在 192.168.1.111 上执行
# 查看所有服务日志
docker compose -f docker-compose.prod.yml logs -f
docker compose logs -f
# 查看特定服务日志
docker compose logs -f identity-service
docker compose logs -f wallet-service
# 查看最近 100 行
docker compose logs --tail=100 identity-service
```
## 9. 常见问题
### 7.3 服务健康检查
```bash
# 检查所有服务状态
docker compose ps
# 检查特定服务健康
curl http://192.168.1.111:3000/health # Identity
curl http://192.168.1.111:3002/health # Wallet
curl http://192.168.1.111:3003/health # Planting
curl http://192.168.1.111:3004/health # Referral
curl http://192.168.1.111:3005/health # Reward
curl http://192.168.1.111:3007/health # Leaderboard
curl http://192.168.1.111:3008/health # Reporting
```
### 7.4 重启服务
```bash
# 重启单个服务
docker compose restart identity-service
# 重启所有服务
docker compose restart
# 重建并重启
docker compose up -d --build identity-service
```
## 8. 常见问题
### Q1: 502 Bad Gateway
- 检查后端服务是否正常运行
- 检查 Nginx upstream 配置的服务名是否正确
- 检查 Docker 网络是否正确连接
- 检查后端服务是否运行: `docker compose ps`
- 检查 Nginx 到 192.168.1.111 网络是否通: `ping 192.168.1.111`
- 检查端口是否开放: `telnet 192.168.1.111 3000`
### Q2: CORS 错误
- 确认 Nginx 配置中 CORS 头已正确设置
- 确认 OPTIONS 预检请求处理正确
- 检查 OPTIONS 预检请求是否返回 204
### Q3: SSL 证书问题
- 检查证书文件路径和权限
- 确认证书未过期
- 使用 `openssl s_client -connect rwaapi.szaiai.com:443` 测试
- 检查证书路径: `ls -la /etc/nginx/ssl/`
- 测试 SSL: `openssl s_client -connect rwaapi.szaiai.com:443`
- 检查证书有效期: `openssl x509 -in /etc/nginx/ssl/rwaapi.szaiai.com.pem -noout -dates`
### Q4: 服务间通信失败
- 检查 Docker 网络: `docker network inspect rwa-network`
- 检查服务名解析: `docker compose exec identity-service ping wallet-service`
---