hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
268 Commits 1 Branch 9 Tags 177 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
hailin 747e4ae8ef refactor(mpc-system): migrate to party-driven architecture with PartyID-based routing 
- Remove Address field from PartyEndpoint (parties connect to router themselves)
- Update K8s Discovery to only manage PartyID and Role labels
- Add Party registration and SessionEvent protobuf definitions
- Implement PartyRegistry and SessionEventBroadcaster domain logic
- Add RegisterParty and SubscribeSessionEvents gRPC handlers
- Prepare infrastructure for party-driven MPC coordination

This is the first phase of migrating from coordinator-driven to party-driven
architecture following international MPC system design patterns.
 2025-12-05 08:11:28 -08:00
hailin 746cd8e35e fix(api-gateway): add Grafana 10+ CORS configuration for reverse proxy access 
添加 Grafana 10+ 的 CORS/跨域配置,解决通过 Nginx 反向代理访问时的 "origin not allowed" 错误。

Changes:
- docker-compose.monitoring.yml: 添加 Grafana 安全配置
  - GF_SECURITY_ALLOW_EMBEDDING=true: 允许嵌入和反向代理访问
  - GF_SECURITY_COOKIE_SAMESITE=none: 允许跨域 Cookie
  - GF_SECURITY_COOKIE_SECURE=true: HTTPS 下安全传输 Cookie
  - GF_AUTH_ANONYMOUS_ENABLED=false: 保持安全性,禁用匿名访问

- .env.example: 添加重启提示说明
  - 强调修改 GRAFANA_ROOT_URL 后必须重启监控服务

- README.md: 新增 "Grafana 通过 Nginx/域名访问配置" 章节
  - 详细说明配置步骤
  - 提供验证方法
  - 列出常见错误和解决方案

问题根因:
Grafana 10+ 引入了更严格的安全策略,要求显式配置 CORS 相关参数才能通过反向代理访问。
仅配置 GF_SERVER_ROOT_URL 不足以解决跨域问题。

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-04 22:23:04 -08:00
hailin 2556fea841 refactor: separate configuration from code following 12-Factor App principles 
- Created .env.example files with comprehensive security warnings
- Removed hardcoded IP addresses and credentials from docker-compose files
- Made database passwords mandatory (fail-fast on missing config)
- Removed Chinese mirror sources from all Dockerfiles
- Enhanced deploy.sh scripts with .env validation and auto-creation
- Added comprehensive README.md deployment guides
- Changed ALLOWED_IPS default to enable cross-server deployment
- Updated all docker-compose files to use environment variables

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-04 21:46:35 -08:00
Developer 8932d87df7 fix(monitoring): 修复 Prometheus 端口冲突问题 
- 将 Prometheus 端口从 9090 改为 9099,避免与已有服务冲突
- 同步更新 install-monitor.sh 和 deploy.sh 中的端口配置

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 06:09:18 -08:00
Developer 90bfa4afac feat(api-gateway): 添加 Kong 监控栈一键安装脚本 
- 添加 scripts/install-monitor.sh 一键安装脚本
  - 自动检查依赖和 DNS 解析
  - 自动生成 Nginx 配置
  - 自动申请 Let's Encrypt SSL 证书
  - 自动启动 Prometheus + Grafana
- 添加 prometheus 插件到 kong.yml 配置
- 添加 docker-compose.monitoring.yml 监控服务编排
- 添加 Grafana 预配置仪表盘
- 扩展 deploy.sh 支持 monitoring install/up/down 命令

使用方式:
  ./deploy.sh monitoring install             # 使用默认域名安装
  ./deploy.sh monitoring install mydomain.com # 自定义域名
  ./deploy.sh monitoring up                   # 仅启动服务
  ./deploy.sh metrics                         # 查看指标

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-12-03 06:01:22 -08:00