diff --git a/backend/api-gateway/README.md b/backend/api-gateway/README.md index 684dee54..e0424369 100644 --- a/backend/api-gateway/README.md +++ b/backend/api-gateway/README.md @@ -2,48 +2,58 @@ RWADurian 项目的 API 网关,基于 Kong 实现。 -## 架构概览 +## 分布式部署架构 ``` - ┌─────────────────────────────────────┐ - │ RWA Backend │ - └─────────────────────────────────────┘ - │ - ┌───────────────────────────────┼───────────────────────────────┐ - │ │ │ - ▼ ▼ ▼ - ┌───────────────────┐ ┌───────────────────┐ ┌───────────────────┐ - │ rwaadmin.szaiai │ │ rwaapi.szaiai │ │ update.szaiai │ - │ (Admin Web) │ │ (API Gateway) │ │ (Mobile Upgrade) │ - │ :443 │ │ :443 │ │ :443 │ - └─────────┬─────────┘ └─────────┬─────────┘ └─────────┬─────────┘ - │ │ │ - │ Nginx │ Nginx │ Nginx - │ │ │ - ▼ ▼ ▼ - ┌───────────────────┐ ┌───────────────────┐ ┌───────────────────┐ - │ Admin Web │ │ Kong Gateway │ │ Mobile Upgrade │ - │ (Next.js) │ │ │ │ (Next.js) │ - │ :3000 │ │ :8000 │ │ :3020 │ - └───────────────────┘ └─────────┬─────────┘ └───────────────────┘ - │ - ┌─────────────────────────────┼─────────────────────────────┐ - │ │ │ - ▼ ▼ ▼ - ┌───────────────────┐ ┌───────────────────┐ ┌───────────────────┐ - │ identity-service │ │ admin-service │ │ presence-service │ - │ :3000 │ │ :3010 │ │ :3011 │ - └───────────────────┘ └───────────────────┘ └───────────────────┘ - │ │ │ - └───────────────────────────┼───────────────────────────┘ - │ - ┌─────────────┴─────────────┐ - │ Infrastructure │ - │ PostgreSQL / Redis / │ - │ Kafka / Zookeeper │ - └───────────────────────────┘ +┌─────────────────────────────────────────────────────────────────────────────────┐ +│ 服务器 192.168.1.100 (网关服务器) │ +│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ +│ │ Nginx │ │ Nginx │ │ Nginx │ │ +│ │ rwaadmin:443 │ │ rwaapi:443 │ │ update:443 │ │ +│ └────────┬────────┘ └────────┬────────┘ └────────┬────────┘ │ +│ │ │ │ │ +│ ▼ ▼ ▼ │ +│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ +│ │ Admin Web │ │ Kong Gateway │ │ Mobile Upgrade │ │ +│ │ (Next.js) │ │ │ │ (Next.js) │ │ +│ │ :3000 │ │ :8000 │ │ :3020 │ │ +│ └─────────────────┘ └────────┬────────┘ └─────────────────┘ │ +└─────────────────────────────────┼───────────────────────────────────────────────┘ + │ + 通过外部 IP (192.168.1.111) 访问 + │ + ▼ +┌─────────────────────────────────────────────────────────────────────────────────┐ +│ 服务器 192.168.1.111 (后端服务器) │ +│ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │identity-service│ │wallet-service │ │backup-service │ │planting-service│ │ +│ │ :3000 │ │ :3001 │ │ :3002 │ │ :3003 │ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ +│ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │referral-service│ │reward-service │ │ mpc-service │ │leaderboard │ │ +│ │ :3004 │ │ :3005 │ │ :3006 │ │ :3007 │ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ +│ │ +│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ +│ │reporting-svc │ │authorization │ │ admin-service │ ┌───────────────┐ │ +│ │ :3008 │ │ :3009 │ │ :3010 │ │presence-service│ │ +│ └───────────────┘ └───────────────┘ └───────────────┘ │ :3011 │ │ +│ └───────────────┘ │ +│ ┌─────────────────────────────────────────────────────────────────────┐ │ +│ │ Infrastructure │ │ +│ │ PostgreSQL / Redis / Kafka / Zookeeper │ │ +│ └─────────────────────────────────────────────────────────────────────┘ │ +└─────────────────────────────────────────────────────────────────────────────────┘ ``` +## 特点 + +- **与后端服务解耦**: Kong 独立部署,不依赖后端服务的 Docker 网络 +- **分布式支持**: Kong 通过外部 IP 地址访问后端服务,支持跨服务器部署 +- **可选部署**: 不部署 Kong 也不影响后端服务运行 + ## 目录结构 ``` @@ -141,43 +151,73 @@ sudo ./install.sh ## 生产环境部署 -### 完整部署流程 +### 分布式部署流程 + +**服务器规划:** +- 192.168.1.100: 网关服务器 (Nginx + Kong + 前端) +- 192.168.1.111: 后端服务器 (微服务 + 基础设施) + +**步骤 1: 在后端服务器 (192.168.1.111) 部署微服务** ```bash -# 1. 克隆代码到服务器 +# 克隆代码 git clone /opt/rwadurian cd /opt/rwadurian -# 2. 配置环境变量 +# 配置环境变量 cp backend/services/.env.example backend/services/.env -# 编辑 .env 文件,设置数据库密码、JWT 密钥等 +# 编辑 .env 文件 -# 3. 启动基础设施和微服务 +# 启动基础设施和微服务 cd backend/services ./deploy.sh up -# 4. 启动 Kong API Gateway -cd ../api-gateway +# 确保防火墙开放端口 3000-3011 +``` + +**步骤 2: 在网关服务器 (192.168.1.100) 部署 Kong** + +```bash +# 克隆代码 +git clone /opt/rwadurian +cd /opt/rwadurian + +# 修改 kong.yml 中的后端服务器 IP(如有变化) +# 默认配置为 192.168.1.111 + +# 启动 Kong API Gateway +cd backend/api-gateway ./deploy.sh up -# 5. 配置 Nginx + SSL +# 配置 Nginx + SSL cd nginx sudo ./install.sh -# 6. 验证 +# 验证 curl https://rwaapi.szaiai.com/api/v1/versions ``` +### 修改后端服务器 IP + +如果后端服务器 IP 不是 192.168.1.111,需要修改 `kong.yml`: + +```bash +# 批量替换 IP 地址 +sed -i 's/192.168.1.111/YOUR_BACKEND_IP/g' kong.yml +``` + ### 服务依赖关系 ``` -1. Infrastructure (PostgreSQL, Redis, Kafka) - ↓ -2. Application Services (identity, wallet, admin, etc.) - ↓ -3. Kong API Gateway - ↓ -4. Nginx (SSL 终结) +后端服务器 (192.168.1.111): + 1. Infrastructure (PostgreSQL, Redis, Kafka) + ↓ + 2. Application Services (identity, wallet, admin, etc.) + +网关服务器 (192.168.1.100): + 3. Kong API Gateway (通过 IP 访问后端) + ↓ + 4. Nginx (SSL 终结) ``` ## 管理命令 diff --git a/backend/api-gateway/deploy.sh b/backend/api-gateway/deploy.sh index 3fb75fb7..7c67fe18 100644 --- a/backend/api-gateway/deploy.sh +++ b/backend/api-gateway/deploy.sh @@ -61,19 +61,22 @@ check_docker_compose() { fi } -# 检查 services 网络是否存在 -check_network() { - if ! docker network inspect services_rwa-network &> /dev/null; then - log_warn "services_rwa-network 网络不存在" - log_info "请先启动后端服务: cd ../services && ./deploy.sh up" - exit 1 +# 检查后端服务连通性(可选) +check_backend() { + local BACKEND_IP="${BACKEND_SERVER_IP:-192.168.1.111}" + log_info "检查后端服务器 $BACKEND_IP 连通性..." + if ping -c 1 -W 2 $BACKEND_IP &> /dev/null; then + log_success "后端服务器可达" + else + log_warn "无法 ping 通后端服务器 $BACKEND_IP" + log_warn "请确保后端服务已启动且网络可达" fi } # 启动服务 cmd_up() { log_info "启动 Kong API Gateway..." - check_network + check_backend $COMPOSE_CMD up -d log_info "等待 Kong 启动..." diff --git a/backend/api-gateway/docker-compose.yml b/backend/api-gateway/docker-compose.yml index a32e554b..04969257 100644 --- a/backend/api-gateway/docker-compose.yml +++ b/backend/api-gateway/docker-compose.yml @@ -99,9 +99,8 @@ volumes: driver: local # =========================================================================== -# Networks - 使用外部网络连接到 services +# Networks - 独立网络(分布式部署,Kong 通过外部 IP 访问后端服务) # =========================================================================== networks: rwa-network: - external: true - name: services_rwa-network + driver: bridge diff --git a/backend/api-gateway/kong.yml b/backend/api-gateway/kong.yml index 9c9e795f..5c0eba30 100644 --- a/backend/api-gateway/kong.yml +++ b/backend/api-gateway/kong.yml @@ -1,25 +1,32 @@ # ============================================================================= -# Kong API Gateway - Mn +# Kong API Gateway - 声明式配置 # ============================================================================= -# (: -# 1. / Kong: docker compose up -d kong kong-db -# 2. Mnꨠ} +# 分布式部署说明: +# - Kong 服务器: 192.168.1.100 +# - 后端服务器: 192.168.1.111 # -# c: https://docs.konghq.com/gateway/latest/ +# 使用方法: +# 1. 启动 Kong: ./deploy.sh up +# 2. 配置会自动加载 +# +# 文档: https://docs.konghq.com/gateway/latest/ # ============================================================================= _format_version: "3.0" _transform: true # ============================================================================= -# Services -  I +# Services - 后端微服务定义 +# ============================================================================= +# 注意: 使用外部 IP 地址,因为 Kong 和后端服务在不同服务器上 +# 后端服务器 IP: 192.168.1.111 # ============================================================================= services: # --------------------------------------------------------------------------- - # Identity Service - + # Identity Service - 身份认证服务 # --------------------------------------------------------------------------- - name: identity-service - url: http://identity-service:3000 + url: http://192.168.1.111:3000 routes: - name: identity-auth paths: @@ -35,10 +42,10 @@ services: strip_path: true # --------------------------------------------------------------------------- - # Wallet Service -  + # Wallet Service - 钱包服务 # --------------------------------------------------------------------------- - name: wallet-service - url: http://wallet-service:3001 + url: http://192.168.1.111:3001 routes: - name: wallet-api paths: @@ -50,10 +57,10 @@ services: strip_path: true # --------------------------------------------------------------------------- - # Backup Service -  + # Backup Service - 备份服务 # --------------------------------------------------------------------------- - name: backup-service - url: http://backup-service:3002 + url: http://192.168.1.111:3002 routes: - name: backup-api paths: @@ -61,10 +68,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Planting Service - + # Planting Service - 种植服务 # --------------------------------------------------------------------------- - name: planting-service - url: http://planting-service:3003 + url: http://192.168.1.111:3003 routes: - name: planting-api paths: @@ -73,10 +80,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Referral Service - P + # Referral Service - 推荐服务 # --------------------------------------------------------------------------- - name: referral-service - url: http://referral-service:3004 + url: http://192.168.1.111:3004 routes: - name: referral-api paths: @@ -84,10 +91,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Reward Service - V + # Reward Service - 奖励服务 # --------------------------------------------------------------------------- - name: reward-service - url: http://reward-service:3005 + url: http://192.168.1.111:3005 routes: - name: reward-api paths: @@ -95,10 +102,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # MPC Service -  + # MPC Service - 多方计算服务 # --------------------------------------------------------------------------- - name: mpc-service - url: http://mpc-service:3006 + url: http://192.168.1.111:3006 routes: - name: mpc-api paths: @@ -106,10 +113,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Leaderboard Service - L + # Leaderboard Service - 排行榜服务 # --------------------------------------------------------------------------- - name: leaderboard-service - url: http://leaderboard-service:3007 + url: http://192.168.1.111:3007 routes: - name: leaderboard-api paths: @@ -117,10 +124,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Reporting Service - h + # Reporting Service - 报表服务 # --------------------------------------------------------------------------- - name: reporting-service - url: http://reporting-service:3008 + url: http://192.168.1.111:3008 routes: - name: reporting-api paths: @@ -129,10 +136,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Authorization Service - C + # Authorization Service - 授权服务 # --------------------------------------------------------------------------- - name: authorization-service - url: http://authorization-service:3009 + url: http://192.168.1.111:3009 routes: - name: authorization-api paths: @@ -142,10 +149,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Admin Service -  (+H,) + # Admin Service - 管理服务 (包含版本管理) # --------------------------------------------------------------------------- - name: admin-service - url: http://admin-service:3010 + url: http://192.168.1.111:3010 routes: - name: admin-versions paths: @@ -157,10 +164,10 @@ services: strip_path: false # --------------------------------------------------------------------------- - # Presence Service - ( + # Presence Service - 在线状态服务 # --------------------------------------------------------------------------- - name: presence-service - url: http://presence-service:3011 + url: http://192.168.1.111:3011 routes: - name: presence-api paths: @@ -168,10 +175,10 @@ services: strip_path: false # ============================================================================= -# Plugins - h@Mn +# Plugins - 全局插件配置 # ============================================================================= plugins: - # CORS Mn + # CORS 跨域配置 - name: cors config: origins: @@ -201,20 +208,20 @@ plugins: credentials: true max_age: 3600 - # BPA + # 请求限流 - name: rate-limiting config: minute: 100 hour: 5000 policy: local - # B + # 请求日志 - name: file-log config: path: /tmp/kong-access.log reopen: true - # B/͔'P6 + # 请求/响应大小限制 - name: request-size-limiting config: allowed_payload_size: 50