错误: libssl.so.1.1: No such file or directory
解决: 在 production stage 安装 openssl1.1-compat
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
问题:Dockerfile 中的 test stage 放在最后,导致 docker build 默认使用
test stage 而不是 production stage。容器启动时运行 npm test 而不是
node dist/src/main.js。
修复:删除 test stage,只保留 builder 和 production stages。
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
mpc-service错误配置为mysql,与项目统一使用的postgresql不一致,
导致服务启动时Prisma验证DATABASE_URL失败。
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
These services build to dist/main.js (no src subdirectory).
Added build verification steps.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
NestJS with tsconfig outDir: ./dist builds to dist/main.js, not dist/src/main.js.
Added build verification step to catch this earlier.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Alpine 3.22 removed openssl1.1-compat package which Prisma needs.
Switched production stage from node:20-alpine to node:20-slim (Debian)
which has proper OpenSSL support.
Changes:
- Use node:20-slim for production stage (keep Alpine for build)
- Install openssl and wget via apt-get
- Update user creation from Alpine (addgroup/adduser) to Debian (groupadd/useradd)
Validated identity-service build and startup in WSL2:
- Build passes successfully
- NestJS starts and loads all routes
- Prisma client connects without OpenSSL errors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Prisma engine requires libssl.so.1.1 which is not available in Alpine
Linux by default (Alpine uses OpenSSL 3.x). Added openssl1.1-compat
package to all service Dockerfiles.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add .dockerignore to exclude unnecessary files from Docker context
- Explicitly copy tsconfig, nest-cli.json, and src directory
- Add build verification step (test -f dist/main.js)
- Change CMD from npm run to direct node command
- Add health check and non-root user for security
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fix build failure caused by missing DATABASE_URL environment variable
during prisma:generate step. Changed from npm run prisma:generate to
direct npx prisma generate with dummy DATABASE_URL.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add dummy DATABASE_URL environment variable prefix to all npx prisma
generate commands in Dockerfiles. Prisma requires DATABASE_URL at
build time to generate the client, but the actual value is only used
at runtime.
Services updated:
- authorization-service (postgresql)
- backup-service (postgresql)
- leaderboard-service (postgresql)
- mpc-service (mysql)
- planting-service (postgresql)
- referral-service (postgresql)
- reporting-service (postgresql)
- reward-service (postgresql)
- wallet-service (postgresql + npm install fix)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
wallet-service doesn't have package-lock.json, npm ci requires it.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Comment out admin-service in docker-compose.yml
- Simplify admin-service Dockerfile to placeholder
- Fixes build error due to missing source files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Script to enable/disable transparent proxy on 192.168.1.100, allowing
192.168.1.111 to access internet through Clash proxy without any
client-side configuration.
Usage:
sudo bash scripts/tproxy.sh on # Enable
sudo bash scripts/tproxy.sh off # Disable
sudo bash scripts/tproxy.sh status # Check status
sudo bash scripts/tproxy.sh config # Show required Clash config
Features:
- Redirects TCP traffic from specified clients to Clash redir port
- Optional DNS redirect to Clash DNS
- Bypasses local/private networks
- Easy on/off switching
Prerequisites:
- Clash running with redir-port and allow-lan enabled
- 192.168.1.100 configured as gateway for 192.168.1.111
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Problem: message-router and other services were using wrong ports (50051/8080)
instead of their configured ports (50052/8082) because mpc.env contained:
MPC_SERVER_HTTP_PORT=8080
MPC_SERVER_GRPC_PORT=50051
These global settings in mpc.env were overriding the per-service Environment=
settings in systemd unit files, causing port conflicts.
Solution:
- Remove MPC_SERVER_HTTP_PORT and MPC_SERVER_GRPC_PORT from mpc.env template
- Add fix-ports command to remove these settings from existing installations
- Add comments explaining per-service port configuration
Port assignments:
- session-coordinator: gRPC 50051, HTTP 8081
- message-router: gRPC 50052, HTTP 8082
- server-party-1/2/3: HTTP 8083/8084/8085
- account-service: HTTP 8080
To fix existing installation:
sudo bash scripts/deploy.sh fix-ports
sudo bash scripts/deploy.sh restart
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed sed patterns from matching specific placeholder strings to
matching entire lines (^KEY=.*), ensuring keys are properly replaced
regardless of current value.
Tested in WSL2 - generates valid 64-char hex master key.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Developer