From a9dc2b441ef1b6e9d75a85d2edcfbeae1f35d9ae Mon Sep 17 00:00:00 2001 From: Developer Date: Mon, 1 Dec 2025 20:41:50 -0800 Subject: [PATCH] =?UTF-8?q?docs:=20=E6=9B=B4=E6=96=B0=E9=83=A8=E7=BD=B2?= =?UTF-8?q?=E6=8C=87=E5=8D=97=EF=BC=8C=E6=B7=BB=E5=8A=A0=E5=AE=8C=E6=95=B4?= =?UTF-8?q?=20Nginx=20=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 更新内容: - 明确后端服务部署在 192.168.1.111 服务器 - 添加完整的 Nginx 配置文件结构 - nginx.conf 主配置 - proxy_params.conf 代理参数 - rwaapi.conf API 网关配置 - 所有 upstream 指向 192.168.1.111 内网地址 - 添加 Docker Compose 完整配置 (10个微服务) - 添加数据库初始化脚本 - 添加环境变量配置示例 - 添加部署步骤和验证命令 - 添加监控运维和常见问题 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../identity-service/DEPLOYMENT_GUIDE.md | 637 ++++++++++-------- 1 file changed, 364 insertions(+), 273 deletions(-) diff --git a/backend/services/identity-service/DEPLOYMENT_GUIDE.md b/backend/services/identity-service/DEPLOYMENT_GUIDE.md index 44d93dc6..9ed88b61 100644 --- a/backend/services/identity-service/DEPLOYMENT_GUIDE.md +++ b/backend/services/identity-service/DEPLOYMENT_GUIDE.md @@ -12,48 +12,85 @@ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────┐ +│ Nginx 服务器 (公网) │ │ https://rwaapi.szaiai.com │ -│ (Nginx 反向代理) │ │ │ -│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ -│ │ /identity │ │ /wallet │ │ /planting │ │ /referral │ ... │ -│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ -└─────────┼───────────────┼───────────────┼───────────────┼───────────────────┘ - │ │ │ │ - ▼ ▼ ▼ ▼ +│ ┌──────────────────────────────────────────────────────────────────┐ │ +│ │ /etc/nginx/conf.d/rwaapi.conf │ │ +│ │ │ │ +│ │ /api/v1/user/* → 192.168.1.111:3000 (Identity) │ │ +│ │ /api/v1/auth/* → 192.168.1.111:3000 (Identity) │ │ +│ │ /api/v1/wallet/* → 192.168.1.111:3002 (Wallet) │ │ +│ │ /api/v1/trading/* → 192.168.1.111:3002 (Wallet) │ │ +│ │ /api/v1/planting/* → 192.168.1.111:3003 (Planting) │ │ +│ │ /api/v1/referral/* → 192.168.1.111:3004 (Referral) │ │ +│ │ /api/v1/mining/* → 192.168.1.111:3005 (Reward) │ │ +│ │ /api/v1/ranking/* → 192.168.1.111:3007 (Leaderboard) │ │ +│ │ /api/v1/telemetry/*→ 192.168.1.111:3008 (Reporting) │ │ +│ └──────────────────────────────────────────────────────────────────┘ │ +└─────────────────────────────────┬───────────────────────────────────────────┘ + │ 内网 + ▼ ┌─────────────────────────────────────────────────────────────────────────────┐ -│ Docker Network │ +│ 后端服务器 192.168.1.111 │ │ │ -│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ -│ │ Identity │ │ Wallet │ │ Planting │ │ Referral │ ... │ -│ │ :3000 │ │ :3002 │ │ :3003 │ │ :3004 │ │ -│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │ Identity │ │ MPC │ │ Wallet │ │ Planting │ │ +│ │ :3000 │ │ :3001 │ │ :3002 │ │ :3003 │ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ │ │ -│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ -│ │ PostgreSQL │ │ Redis │ │ Kafka │ │ -│ │ :5432 │ │ :6379 │ │ :9092 │ │ -│ └─────────────┘ └─────────────┘ └─────────────┘ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │ Referral │ │ Reward │ │ Authorization │ │ Leaderboard │ │ +│ │ :3004 │ │ :3005 │ │ :3006 │ │ :3007 │ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ +│ │ +│ ┌───────────────┐ ┌───────────────┐ │ +│ │ Reporting │ │ Backup │ │ +│ │ :3008 │ │ :3009 │ │ +│ └───────────────┘ └───────────────┘ │ +│ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │ PostgreSQL │ │ Redis │ │ Kafka │ │ +│ │ :5432 │ │ :6379 │ │ :9092 │ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ │ └─────────────────────────────────────────────────────────────────────────────┘ ``` ## 2. 后端服务端口规划 +所有后端服务部署在 **192.168.1.111** 服务器上: + | 服务名称 | 端口 | API 前缀 | 说明 | |---------|------|----------|------| | Identity Service | 3000 | `/api/v1` | 用户身份、认证、钱包创建 | -| MPC Service | 3001 | `/api/v1` | MPC 密钥分片管理 | -| Wallet Service | 3002 | `/api/v1` | 钱包余额、交易 | +| MPC Service | 3001 | `/api/v1` | MPC 密钥分片管理 (内部) | +| Wallet Service | 3002 | `/api/v1` | 钱包余额、交易、充值 | | Planting Service | 3003 | `/api/v1` | 认种业务 | -| Referral Service | 3004 | `/api/v1` | 推荐关系、分享 | +| Referral Service | 3004 | `/api/v1` | 推荐关系、分享链接 | | Reward Service | 3005 | `/api/v1` | 挖矿奖励、收益 | -| Authorization Service | 3006 | `/api/v1` | 权限管理 | +| Authorization Service | 3006 | `/api/v1` | 权限管理 (内部) | | Leaderboard Service | 3007 | `/api` | 排行榜 | | Reporting Service | 3008 | `/api/v1` | 遥测统计、报表 | | Backup Service | 3009 | - | MPC 备份 (内部服务) | -## 3. Nginx 配置 +## 3. Nginx 配置文件 -### 3.1 主配置文件 `/etc/nginx/nginx.conf` +### 3.1 目录结构 + +在 Nginx 服务器上创建以下目录结构: + +``` +/etc/nginx/ +├── nginx.conf # 主配置文件 +├── conf.d/ +│ ├── rwaapi.conf # API 网关配置 +│ └── proxy_params.conf # 代理参数配置 +└── ssl/ + ├── rwaapi.szaiai.com.pem # SSL 证书 + └── rwaapi.szaiai.com.key # SSL 私钥 +``` + +### 3.2 主配置文件 `/etc/nginx/nginx.conf` ```nginx user nginx; @@ -84,6 +121,7 @@ http { tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; + client_max_body_size 10m; # Gzip 压缩 gzip on; @@ -101,53 +139,79 @@ http { } ``` -### 3.2 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf` +### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf` ```nginx -# 上游服务定义 +proxy_http_version 1.1; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header Connection ""; + +proxy_connect_timeout 60s; +proxy_send_timeout 60s; +proxy_read_timeout 60s; + +proxy_buffering on; +proxy_buffer_size 4k; +proxy_buffers 8 4k; +proxy_busy_buffers_size 8k; +``` + +### 3.4 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf` + +```nginx +# ============================================ +# 后端服务器地址 (192.168.1.111) +# ============================================ upstream identity_service { - server identity-service:3000; + server 192.168.1.111:3000; keepalive 32; } upstream wallet_service { - server wallet-service:3002; + server 192.168.1.111:3002; keepalive 32; } upstream planting_service { - server planting-service:3003; + server 192.168.1.111:3003; keepalive 32; } upstream referral_service { - server referral-service:3004; + server 192.168.1.111:3004; keepalive 32; } upstream reward_service { - server reward-service:3005; + server 192.168.1.111:3005; keepalive 32; } upstream leaderboard_service { - server leaderboard-service:3007; + server 192.168.1.111:3007; keepalive 32; } upstream reporting_service { - server reporting-service:3008; + server 192.168.1.111:3008; keepalive 32; } +# ============================================ +# HTTP -> HTTPS 重定向 +# ============================================ server { listen 80; server_name rwaapi.szaiai.com; - - # 强制 HTTPS 重定向 return 301 https://$server_name$request_uri; } +# ============================================ +# HTTPS 服务器 +# ============================================ server { listen 443 ssl http2; server_name rwaapi.szaiai.com; @@ -193,15 +257,20 @@ server { limit_req zone=api_limit burst=20 nodelay; limit_conn conn_limit 10; + # ============================================ # 健康检查端点 + # ============================================ location /health { access_log off; - return 200 'OK'; - add_header Content-Type text/plain; + return 200 '{"status":"ok","timestamp":"$time_iso8601"}'; + add_header Content-Type application/json; } # ============================================ # Identity Service - 用户身份认证 + # POST /api/v1/user/auto-create - 自动创建用户 + # POST /api/v1/user/login - 用户登录 + # GET /api/v1/user/profile - 获取用户信息 # ============================================ location /api/v1/user { proxy_pass http://identity_service/api/v1/user; @@ -215,17 +284,21 @@ server { # ============================================ # Wallet Service - 钱包操作 + # GET /api/v1/wallet/balance - 查询余额 + # POST /api/v1/wallet/create - 创建钱包 # ============================================ location /api/v1/wallet { proxy_pass http://wallet_service/api/v1/wallet; include /etc/nginx/conf.d/proxy_params.conf; } + # Trading - 交易 location /api/v1/trading { proxy_pass http://wallet_service/api/v1/trading; include /etc/nginx/conf.d/proxy_params.conf; } + # Deposit - 充值 location /api/v1/deposit { proxy_pass http://wallet_service/api/v1/deposit; include /etc/nginx/conf.d/proxy_params.conf; @@ -233,6 +306,8 @@ server { # ============================================ # Planting Service - 认种业务 + # GET /api/v1/planting/price - 认种价格 + # POST /api/v1/planting/submit - 提交认种 # ============================================ location /api/v1/planting { proxy_pass http://planting_service/api/v1/planting; @@ -241,6 +316,8 @@ server { # ============================================ # Referral Service - 推荐系统 + # GET /api/v1/referral/generate-link - 生成推荐链接 + # GET /api/v1/community/referrals - 获取推荐列表 # ============================================ location /api/v1/referral { proxy_pass http://referral_service/api/v1/referral; @@ -254,6 +331,9 @@ server { # ============================================ # Reward Service - 挖矿奖励 + # GET /api/v1/mining/status - 挖矿状态 + # POST /api/v1/mining/start - 开始挖矿 + # POST /api/v1/mining/claim - 领取奖励 # ============================================ location /api/v1/mining { proxy_pass http://reward_service/api/v1/mining; @@ -267,6 +347,8 @@ server { # ============================================ # Leaderboard Service - 排行榜 + # GET /api/v1/ranking/daily - 日榜 + # GET /api/v1/ranking/weekly - 周榜 # ============================================ location /api/v1/ranking { proxy_pass http://leaderboard_service/api/ranking; @@ -280,6 +362,9 @@ server { # ============================================ # Reporting Service - 遥测统计 + # POST /api/v1/telemetry/session - 上报会话 + # POST /api/v1/telemetry/heartbeat - 心跳 + # POST /api/v1/telemetry/events - 事件上报 # ============================================ location /api/v1/telemetry { proxy_pass http://reporting_service/api/v1/telemetry; @@ -291,167 +376,38 @@ server { include /etc/nginx/conf.d/proxy_params.conf; } + # ============================================ # 默认 404 + # ============================================ location / { - return 404 '{"error": "Not Found", "message": "API endpoint not found"}'; + return 404 '{"error":"Not Found","message":"API endpoint not found"}'; add_header Content-Type application/json; } } ``` -### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf` +## 4. 后端服务器配置 (192.168.1.111) -```nginx -proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header Connection ""; +### 4.1 Docker Compose 部署文件 -proxy_connect_timeout 60s; -proxy_send_timeout 60s; -proxy_read_timeout 60s; - -proxy_buffering on; -proxy_buffer_size 4k; -proxy_buffers 8 4k; -proxy_busy_buffers_size 8k; -``` - -## 4. 前端配置修改 - -### 4.1 修改 API 端点配置 - -文件: `frontend/mobile-app/lib/core/constants/api_endpoints.dart` - -```dart -class ApiEndpoints { - ApiEndpoints._(); - - // Base URL - 生产环境 - static const String baseUrl = 'https://rwaapi.szaiai.com'; - - // Base URL - 开发环境 (可选) - static const String baseUrlDev = 'https://rwaapi-dev.szaiai.com'; - - // API 版本前缀 - static const String apiPrefix = '/api/v1'; - - // Auth & User (-> Identity Service) - static const String user = '$apiPrefix/user'; - static const String auth = '$apiPrefix/auth'; - static const String autoCreate = '$user/auto-create'; - static const String login = '$auth/login'; - static const String refreshToken = '$auth/refresh'; - static const String logout = '$auth/logout'; - static const String profile = '$user/profile'; - - // Wallet (-> Wallet Service) - static const String wallet = '$apiPrefix/wallet'; - static const String balance = '$wallet/balance'; - static const String createWallet = '$wallet/create'; - static const String importWallet = '$wallet/import'; - - // Trading (-> Wallet Service) - static const String trading = '$apiPrefix/trading'; - static const String exchange = '$trading/exchange'; - static const String settlement = '$trading/settlement'; - static const String transactions = '$trading/transactions'; - - // Deposit (-> Wallet Service) - static const String deposit = '$apiPrefix/deposit'; - static const String depositAddress = '$deposit/address'; - static const String confirmDeposit = '$deposit/confirm'; - - // Mining & Reward (-> Reward Service) - static const String mining = '$apiPrefix/mining'; - static const String miningStatus = '$mining/status'; - static const String startMining = '$mining/start'; - static const String stopMining = '$mining/stop'; - static const String claimReward = '$mining/claim'; - static const String hashPower = '$mining/hash-power'; - - // Ranking (-> Leaderboard Service) - static const String ranking = '$apiPrefix/ranking'; - static const String dailyRanking = '$ranking/daily'; - static const String weeklyRanking = '$ranking/weekly'; - static const String monthlyRanking = '$ranking/monthly'; - - // Planting (-> Planting Service) - static const String planting = '$apiPrefix/planting'; - static const String plantingPrice = '$planting/price'; - static const String submitPlanting = '$planting/submit'; - - // Community & Referral (-> Referral Service) - static const String community = '$apiPrefix/community'; - static const String referral = '$apiPrefix/referral'; - static const String referralList = '$community/referrals'; - static const String earnings = '$community/earnings'; - static const String generateReferralLink = '$referral/generate-link'; - - // Telemetry (-> Reporting Service) - static const String telemetry = '$apiPrefix/telemetry'; - static const String telemetrySession = '$telemetry/session'; - static const String telemetryHeartbeat = '$telemetry/heartbeat'; - static const String telemetryEvents = '$telemetry/events'; -} -``` - -### 4.2 修改 API 客户端默认 URL - -文件: `frontend/mobile-app/lib/core/network/api_client.dart` - -```dart -// 修改默认 Base URL -static const String _defaultBaseUrl = 'https://rwaapi.szaiai.com'; - -// 开发模式可使用本地地址 -// static const String _defaultBaseUrl = 'http://10.0.2.2:3000'; // Android 模拟器 -// static const String _defaultBaseUrl = 'http://localhost:3000'; // iOS 模拟器 -``` - -## 5. Docker Compose 部署 - -### 5.1 主部署文件 `docker-compose.prod.yml` +在 192.168.1.111 服务器上创建 `/opt/rwadurian/docker-compose.yml`: ```yaml services: # ============================================ - # Nginx API Gateway - # ============================================ - nginx: - image: nginx:alpine - ports: - - "80:80" - - "443:443" - volumes: - - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - ./nginx/conf.d:/etc/nginx/conf.d:ro - - ./nginx/ssl:/etc/nginx/ssl:ro - - ./nginx/logs:/var/log/nginx - depends_on: - - identity-service - - wallet-service - - planting-service - - referral-service - - reward-service - - leaderboard-service - - reporting-service - networks: - - rwa-network - restart: unless-stopped - - # ============================================ - # Identity Service + # 微服务 # ============================================ identity-service: build: ./services/identity-service + ports: + - "3000:3000" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_identity - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - MPC_SERVICE_URL=http://mpc-service:3001 + - BACKUP_SERVICE_URL=http://backup-service:3009 - APP_ENV=production depends_on: postgres: @@ -462,36 +418,50 @@ services: - rwa-network restart: unless-stopped - # ============================================ - # Wallet Service - # ============================================ + mpc-service: + build: ./services/mpc-service + ports: + - "3001:3001" + environment: + - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_mpc + - REDIS_HOST=redis + - APP_ENV=production + depends_on: + postgres: + condition: service_healthy + networks: + - rwa-network + restart: unless-stopped + wallet-service: build: ./services/wallet-service + ports: + - "3002:3002" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_wallet - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: condition: service_healthy - redis: - condition: service_healthy networks: - rwa-network restart: unless-stopped - # ============================================ - # Planting Service - # ============================================ planting-service: build: ./services/planting-service + ports: + - "3003:3003" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_planting - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - WALLET_SERVICE_URL=http://wallet-service:3002 + - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: @@ -500,16 +470,17 @@ services: - rwa-network restart: unless-stopped - # ============================================ - # Referral Service - # ============================================ referral-service: build: ./services/referral-service + ports: + - "3004:3004" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_referral - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - IDENTITY_SERVICE_URL=http://identity-service:3000 + - PLANTING_SERVICE_URL=http://planting-service:3003 - APP_ENV=production depends_on: postgres: @@ -518,16 +489,35 @@ services: - rwa-network restart: unless-stopped - # ============================================ - # Reward Service - # ============================================ reward-service: build: ./services/reward-service + ports: + - "3005:3005" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reward - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - IDENTITY_SERVICE_URL=http://identity-service:3000 + - WALLET_SERVICE_URL=http://wallet-service:3002 + - REFERRAL_SERVICE_URL=http://referral-service:3004 + - APP_ENV=production + depends_on: + postgres: + condition: service_healthy + networks: + - rwa-network + restart: unless-stopped + + authorization-service: + build: ./services/authorization-service + ports: + - "3006:3006" + environment: + - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_authorization + - JWT_SECRET=${JWT_SECRET} + - REDIS_HOST=redis + - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: @@ -536,16 +526,17 @@ services: - rwa-network restart: unless-stopped - # ============================================ - # Leaderboard Service - # ============================================ leaderboard-service: build: ./services/leaderboard-service + ports: + - "3007:3007" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_leaderboard - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 + - IDENTITY_SERVICE_URL=http://identity-service:3000 + - REFERRAL_SERVICE_URL=http://referral-service:3004 - APP_ENV=production depends_on: postgres: @@ -556,11 +547,10 @@ services: - rwa-network restart: unless-stopped - # ============================================ - # Reporting Service - # ============================================ reporting-service: build: ./services/reporting-service + ports: + - "3008:3008" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reporting - JWT_SECRET=${JWT_SECRET} @@ -574,6 +564,18 @@ services: - rwa-network restart: unless-stopped + backup-service: + build: ./services/backup-service + ports: + - "3009:3009" + environment: + - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres-backup:5432/rwa_backup + - SERVICE_JWT_SECRET=${SERVICE_JWT_SECRET} + - APP_ENV=production + networks: + - rwa-network + restart: unless-stopped + # ============================================ # 基础设施 # ============================================ @@ -582,10 +584,9 @@ services: environment: - POSTGRES_USER=postgres - POSTGRES_PASSWORD=${DB_PASSWORD} - - POSTGRES_MULTIPLE_DATABASES=rwa_identity,rwa_wallet,rwa_planting,rwa_referral,rwa_reward,rwa_leaderboard,rwa_reporting volumes: - postgres_data:/var/lib/postgresql/data - - ./scripts/init-multi-db.sh:/docker-entrypoint-initdb.d/init-multi-db.sh + - ./scripts/init-databases.sql:/docker-entrypoint-initdb.d/init.sql healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s @@ -629,6 +630,7 @@ services: KAFKA_LISTENERS: PLAINTEXT_INTERNAL://0.0.0.0:29092 KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT_INTERNAL KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 + KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true" networks: - rwa-network restart: unless-stopped @@ -642,138 +644,227 @@ volumes: redis_data: ``` -### 5.2 环境变量文件 `.env.prod` +### 4.2 数据库初始化脚本 + +在 192.168.1.111 服务器上创建 `/opt/rwadurian/scripts/init-databases.sql`: + +```sql +-- 创建所有微服务数据库 +CREATE DATABASE rwa_identity; +CREATE DATABASE rwa_mpc; +CREATE DATABASE rwa_wallet; +CREATE DATABASE rwa_planting; +CREATE DATABASE rwa_referral; +CREATE DATABASE rwa_reward; +CREATE DATABASE rwa_authorization; +CREATE DATABASE rwa_leaderboard; +CREATE DATABASE rwa_reporting; +CREATE DATABASE rwa_backup; +``` + +### 4.3 环境变量文件 + +在 192.168.1.111 服务器上创建 `/opt/rwadurian/.env`: ```bash # Database -DB_PASSWORD=your_secure_database_password +DB_PASSWORD=your_secure_database_password_here -# JWT -JWT_SECRET=your_super_secure_jwt_secret_at_least_32_chars +# JWT (所有服务共享) +JWT_SECRET=your_super_secure_jwt_secret_at_least_32_characters # Redis REDIS_PASSWORD=your_secure_redis_password +# Service JWT (服务间通信) +SERVICE_JWT_SECRET=your_service_jwt_secret_for_internal_calls + # Wallet Encryption WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt - -# Service JWT (for inter-service communication) -SERVICE_JWT_SECRET=your_service_jwt_secret ``` -## 6. 部署步骤 +## 5. 部署步骤 -### 6.1 服务器准备 +### 5.1 Nginx 服务器配置 ```bash -# 1. 安装 Docker 和 Docker Compose -curl -fsSL https://get.docker.com | sh -sudo usermod -aG docker $USER +# 1. 安装 Nginx +apt update && apt install -y nginx -# 2. 创建部署目录 +# 2. 创建配置目录 +mkdir -p /etc/nginx/ssl + +# 3. 复制配置文件 +# 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录 + +# 4. 安装 SSL 证书 (Let's Encrypt 示例) +apt install -y certbot python3-certbot-nginx +certbot --nginx -d rwaapi.szaiai.com + +# 5. 测试配置 +nginx -t + +# 6. 重启 Nginx +systemctl restart nginx +systemctl enable nginx +``` + +### 5.2 后端服务器 (192.168.1.111) 配置 + +```bash +# 1. 安装 Docker +curl -fsSL https://get.docker.com | sh +usermod -aG docker $USER + +# 2. 安装 Docker Compose +apt install -y docker-compose-plugin + +# 3. 创建部署目录 mkdir -p /opt/rwadurian cd /opt/rwadurian -# 3. 克隆代码 +# 4. 克隆代码 git clone https://github.com/your-org/rwadurian.git . -# 4. 创建 Nginx 配置目录 -mkdir -p nginx/{conf.d,ssl,logs} +# 5. 配置环境变量 +cp .env.example .env +vim .env # 修改为生产环境配置 -# 5. 复制 Nginx 配置 -cp docs/nginx/* nginx/ +# 6. 创建数据库初始化脚本 +mkdir -p scripts +# 将上面的 init-databases.sql 复制到 scripts/ -# 6. 安装 SSL 证书 (使用 Let's Encrypt 或购买的证书) -# 将证书放到 nginx/ssl/ 目录 +# 7. 启动所有服务 +docker compose up -d + +# 8. 查看服务状态 +docker compose ps + +# 9. 运行数据库迁移 +docker compose exec identity-service npx prisma migrate deploy +docker compose exec wallet-service npx prisma migrate deploy +docker compose exec planting-service npx prisma migrate deploy +docker compose exec referral-service npx prisma migrate deploy +docker compose exec reward-service npx prisma migrate deploy +docker compose exec leaderboard-service npx prisma migrate deploy +docker compose exec reporting-service npx prisma migrate deploy ``` -### 6.2 启动服务 +### 5.3 验证部署 ```bash -# 1. 复制并配置环境变量 -cp .env.example .env.prod -vim .env.prod # 修改为生产环境配置 +# 从 Nginx 服务器测试 +curl -k https://rwaapi.szaiai.com/health -# 2. 启动所有服务 -docker compose -f docker-compose.prod.yml --env-file .env.prod up -d +# 测试 API 端点 +curl -k https://rwaapi.szaiai.com/api/v1/user/auto-create \ + -H "Content-Type: application/json" \ + -d '{"deviceId": "test-device-123"}' -# 3. 查看服务状态 -docker compose -f docker-compose.prod.yml ps - -# 4. 查看日志 -docker compose -f docker-compose.prod.yml logs -f - -# 5. 运行数据库迁移 -docker compose -f docker-compose.prod.yml exec identity-service npx prisma migrate deploy -docker compose -f docker-compose.prod.yml exec wallet-service npx prisma migrate deploy -# ... 其他服务 -``` - -### 6.3 验证部署 - -```bash -# 健康检查 -curl https://rwaapi.szaiai.com/health - -# 测试 API -curl https://rwaapi.szaiai.com/api/v1/user/auto-create \ +# 从后端服务器直接测试 +curl http://localhost:3000/api/v1/user/auto-create \ -H "Content-Type: application/json" \ -d '{"deviceId": "test-device-123"}' ``` -## 7. API 端点对照表 +## 6. API 端点对照表 -| 前端调用 | Nginx 路由 | 后端服务 | 服务端口 | -|---------|-----------|---------|---------| -| `/api/v1/user/*` | `/api/v1/user` | Identity Service | 3000 | -| `/api/v1/auth/*` | `/api/v1/auth` | Identity Service | 3000 | -| `/api/v1/wallet/*` | `/api/v1/wallet` | Wallet Service | 3002 | -| `/api/v1/trading/*` | `/api/v1/trading` | Wallet Service | 3002 | -| `/api/v1/deposit/*` | `/api/v1/deposit` | Wallet Service | 3002 | -| `/api/v1/mining/*` | `/api/v1/mining` | Reward Service | 3005 | -| `/api/v1/ranking/*` | `/api/v1/ranking` | Leaderboard Service | 3007 | -| `/api/v1/planting/*` | `/api/v1/planting` | Planting Service | 3003 | -| `/api/v1/referral/*` | `/api/v1/referral` | Referral Service | 3004 | -| `/api/v1/community/*` | `/api/v1/community` | Referral Service | 3004 | -| `/api/v1/telemetry/*` | `/api/v1/telemetry` | Reporting Service | 3008 | +| 前端调用路径 | Nginx 转发 | 后端服务 | 端口 | +|-------------|-----------|---------|------| +| `/api/v1/user/*` | → | Identity Service | 3000 | +| `/api/v1/auth/*` | → | Identity Service | 3000 | +| `/api/v1/wallet/*` | → | Wallet Service | 3002 | +| `/api/v1/trading/*` | → | Wallet Service | 3002 | +| `/api/v1/deposit/*` | → | Wallet Service | 3002 | +| `/api/v1/mining/*` | → | Reward Service | 3005 | +| `/api/v1/reward/*` | → | Reward Service | 3005 | +| `/api/v1/ranking/*` | → | Leaderboard Service | 3007 | +| `/api/v1/leaderboard/*` | → | Leaderboard Service | 3007 | +| `/api/v1/planting/*` | → | Planting Service | 3003 | +| `/api/v1/referral/*` | → | Referral Service | 3004 | +| `/api/v1/community/*` | → | Referral Service | 3004 | +| `/api/v1/telemetry/*` | → | Reporting Service | 3008 | +| `/api/v1/report/*` | → | Reporting Service | 3008 | -## 8. 监控与日志 +## 7. 监控与运维 -### 8.1 Nginx 日志 +### 7.1 查看 Nginx 日志 ```bash # 访问日志 -tail -f /opt/rwadurian/nginx/logs/access.log +tail -f /var/log/nginx/access.log # 错误日志 -tail -f /opt/rwadurian/nginx/logs/error.log +tail -f /var/log/nginx/error.log + +# 过滤特定服务请求 +grep "/api/v1/user" /var/log/nginx/access.log | tail -100 ``` -### 8.2 服务日志 +### 7.2 查看服务日志 ```bash -# 查看特定服务日志 -docker compose -f docker-compose.prod.yml logs -f identity-service +# 在 192.168.1.111 上执行 # 查看所有服务日志 -docker compose -f docker-compose.prod.yml logs -f +docker compose logs -f + +# 查看特定服务日志 +docker compose logs -f identity-service +docker compose logs -f wallet-service + +# 查看最近 100 行 +docker compose logs --tail=100 identity-service ``` -## 9. 常见问题 +### 7.3 服务健康检查 + +```bash +# 检查所有服务状态 +docker compose ps + +# 检查特定服务健康 +curl http://192.168.1.111:3000/health # Identity +curl http://192.168.1.111:3002/health # Wallet +curl http://192.168.1.111:3003/health # Planting +curl http://192.168.1.111:3004/health # Referral +curl http://192.168.1.111:3005/health # Reward +curl http://192.168.1.111:3007/health # Leaderboard +curl http://192.168.1.111:3008/health # Reporting +``` + +### 7.4 重启服务 + +```bash +# 重启单个服务 +docker compose restart identity-service + +# 重启所有服务 +docker compose restart + +# 重建并重启 +docker compose up -d --build identity-service +``` + +## 8. 常见问题 ### Q1: 502 Bad Gateway -- 检查后端服务是否正常运行 -- 检查 Nginx upstream 配置的服务名是否正确 -- 检查 Docker 网络是否正确连接 +- 检查后端服务是否运行: `docker compose ps` +- 检查 Nginx 到 192.168.1.111 网络是否通: `ping 192.168.1.111` +- 检查端口是否开放: `telnet 192.168.1.111 3000` ### Q2: CORS 错误 - 确认 Nginx 配置中 CORS 头已正确设置 -- 确认 OPTIONS 预检请求处理正确 +- 检查 OPTIONS 预检请求是否返回 204 ### Q3: SSL 证书问题 -- 检查证书文件路径和权限 -- 确认证书未过期 -- 使用 `openssl s_client -connect rwaapi.szaiai.com:443` 测试 +- 检查证书路径: `ls -la /etc/nginx/ssl/` +- 测试 SSL: `openssl s_client -connect rwaapi.szaiai.com:443` +- 检查证书有效期: `openssl x509 -in /etc/nginx/ssl/rwaapi.szaiai.com.pem -noout -dates` + +### Q4: 服务间通信失败 +- 检查 Docker 网络: `docker network inspect rwa-network` +- 检查服务名解析: `docker compose exec identity-service ping wallet-service` ---