# RWA Durian 系统部署指南 本文档描述了 RWA Durian 系统的完整部署架构,包括前端 API 调用、Nginx 反向代理配置和后端服务部署。 ## 1. 系统架构概览 ``` ┌─────────────────────────────────────────────────────────────────────────────┐ │ 用户设备 │ │ (Android/iOS App) │ └─────────────────────────────────┬───────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────┐ │ Nginx 服务器 (公网) │ │ https://rwaapi.szaiai.com │ │ │ │ ┌──────────────────────────────────────────────────────────────────┐ │ │ │ /etc/nginx/conf.d/rwaapi.conf │ │ │ │ │ │ │ │ /api/v1/user/* → 192.168.1.111:3000 (Identity) │ │ │ │ /api/v1/auth/* → 192.168.1.111:3000 (Identity) │ │ │ │ /api/v1/wallet/* → 192.168.1.111:3002 (Wallet) │ │ │ │ /api/v1/trading/* → 192.168.1.111:3002 (Wallet) │ │ │ │ /api/v1/planting/* → 192.168.1.111:3003 (Planting) │ │ │ │ /api/v1/referral/* → 192.168.1.111:3004 (Referral) │ │ │ │ /api/v1/mining/* → 192.168.1.111:3005 (Reward) │ │ │ │ /api/v1/ranking/* → 192.168.1.111:3007 (Leaderboard) │ │ │ │ /api/v1/telemetry/*→ 192.168.1.111:3008 (Reporting) │ │ │ └──────────────────────────────────────────────────────────────────┘ │ └─────────────────────────────────┬───────────────────────────────────────────┘ │ 内网 ▼ ┌─────────────────────────────────────────────────────────────────────────────┐ │ 后端服务器 192.168.1.111 │ │ │ │ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ │ │ Identity │ │ MPC │ │ Wallet │ │ Planting │ │ │ │ :3000 │ │ :3001 │ │ :3002 │ │ :3003 │ │ │ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ │ │ │ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ │ │ Referral │ │ Reward │ │ Authorization │ │ Leaderboard │ │ │ │ :3004 │ │ :3005 │ │ :3006 │ │ :3007 │ │ │ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │ │ │ │ ┌───────────────┐ ┌───────────────┐ │ │ │ Reporting │ │ Backup │ │ │ │ :3008 │ │ :3009 │ │ │ └───────────────┘ └───────────────┘ │ │ │ │ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ │ │ PostgreSQL │ │ Redis │ │ Kafka │ │ │ │ :5432 │ │ :6379 │ │ :9092 │ │ │ └───────────────┘ └───────────────┘ └───────────────┘ │ └─────────────────────────────────────────────────────────────────────────────┘ ``` ## 2. 后端服务端口规划 所有后端服务部署在 **192.168.1.111** 服务器上: | 服务名称 | 端口 | API 前缀 | 说明 | |---------|------|----------|------| | Identity Service | 3000 | `/api/v1` | 用户身份、认证、钱包创建 | | MPC Service | 3001 | `/api/v1` | MPC 密钥分片管理 (内部) | | Wallet Service | 3002 | `/api/v1` | 钱包余额、交易、充值 | | Planting Service | 3003 | `/api/v1` | 认种业务 | | Referral Service | 3004 | `/api/v1` | 推荐关系、分享链接 | | Reward Service | 3005 | `/api/v1` | 挖矿奖励、收益 | | Authorization Service | 3006 | `/api/v1` | 权限管理 (内部) | | Leaderboard Service | 3007 | `/api` | 排行榜 | | Reporting Service | 3008 | `/api/v1` | 遥测统计、报表 | | Backup Service | 3009 | - | MPC 备份 (内部服务) | ## 3. Nginx 配置文件 ### 3.1 目录结构 在 Nginx 服务器上创建以下目录结构: ``` /etc/nginx/ ├── nginx.conf # 主配置文件 ├── conf.d/ │ ├── rwaapi.conf # API 网关配置 │ └── proxy_params.conf # 代理参数配置 └── ssl/ ├── rwaapi.szaiai.com.pem # SSL 证书 └── rwaapi.szaiai.com.key # SSL 私钥 ``` ### 3.2 主配置文件 `/etc/nginx/nginx.conf` ```nginx user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' 'rt=$request_time uct="$upstream_connect_time" ' 'uht="$upstream_header_time" urt="$upstream_response_time"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 10m; # Gzip 压缩 gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss text/javascript; # 限流配置 limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s; limit_conn_zone $binary_remote_addr zone=conn_limit:10m; include /etc/nginx/conf.d/*.conf; } ``` ### 3.3 代理参数配置 `/etc/nginx/conf.d/proxy_params.conf` ```nginx proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; ``` ### 3.4 API 网关配置 `/etc/nginx/conf.d/rwaapi.conf` ```nginx # ============================================ # 后端服务器地址 (192.168.1.111) # ============================================ upstream identity_service { server 192.168.1.111:3000; keepalive 32; } upstream wallet_service { server 192.168.1.111:3002; keepalive 32; } upstream planting_service { server 192.168.1.111:3003; keepalive 32; } upstream referral_service { server 192.168.1.111:3004; keepalive 32; } upstream reward_service { server 192.168.1.111:3005; keepalive 32; } upstream leaderboard_service { server 192.168.1.111:3007; keepalive 32; } upstream reporting_service { server 192.168.1.111:3008; keepalive 32; } # ============================================ # HTTP -> HTTPS 重定向 # ============================================ server { listen 80; server_name rwaapi.szaiai.com; return 301 https://$server_name$request_uri; } # ============================================ # HTTPS 服务器 # ============================================ server { listen 443 ssl http2; server_name rwaapi.szaiai.com; # SSL 证书配置 ssl_certificate /etc/nginx/ssl/rwaapi.szaiai.com.pem; ssl_certificate_key /etc/nginx/ssl/rwaapi.szaiai.com.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # 现代 SSL 配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS add_header Strict-Transport-Security "max-age=63072000" always; # 安全头 add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # CORS 配置 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; # 处理 OPTIONS 预检请求 if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } # 限流 limit_req zone=api_limit burst=20 nodelay; limit_conn conn_limit 10; # ============================================ # 健康检查端点 # ============================================ location /health { access_log off; return 200 '{"status":"ok","timestamp":"$time_iso8601"}'; add_header Content-Type application/json; } # ============================================ # Identity Service - 用户身份认证 # POST /api/v1/user/auto-create - 自动创建用户 # POST /api/v1/user/login - 用户登录 # GET /api/v1/user/profile - 获取用户信息 # ============================================ location /api/v1/user { proxy_pass http://identity_service/api/v1/user; include /etc/nginx/conf.d/proxy_params.conf; } location /api/v1/auth { proxy_pass http://identity_service/api/v1/auth; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Wallet Service - 钱包操作 # GET /api/v1/wallet/balance - 查询余额 # POST /api/v1/wallet/create - 创建钱包 # ============================================ location /api/v1/wallet { proxy_pass http://wallet_service/api/v1/wallet; include /etc/nginx/conf.d/proxy_params.conf; } # Trading - 交易 location /api/v1/trading { proxy_pass http://wallet_service/api/v1/trading; include /etc/nginx/conf.d/proxy_params.conf; } # Deposit - 充值 location /api/v1/deposit { proxy_pass http://wallet_service/api/v1/deposit; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Planting Service - 认种业务 # GET /api/v1/planting/price - 认种价格 # POST /api/v1/planting/submit - 提交认种 # ============================================ location /api/v1/planting { proxy_pass http://planting_service/api/v1/planting; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Referral Service - 推荐系统 # GET /api/v1/referral/generate-link - 生成推荐链接 # GET /api/v1/community/referrals - 获取推荐列表 # ============================================ location /api/v1/referral { proxy_pass http://referral_service/api/v1/referral; include /etc/nginx/conf.d/proxy_params.conf; } location /api/v1/community { proxy_pass http://referral_service/api/v1/community; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Reward Service - 挖矿奖励 # GET /api/v1/mining/status - 挖矿状态 # POST /api/v1/mining/start - 开始挖矿 # POST /api/v1/mining/claim - 领取奖励 # ============================================ location /api/v1/mining { proxy_pass http://reward_service/api/v1/mining; include /etc/nginx/conf.d/proxy_params.conf; } location /api/v1/reward { proxy_pass http://reward_service/api/v1/reward; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Leaderboard Service - 排行榜 # GET /api/v1/ranking/daily - 日榜 # GET /api/v1/ranking/weekly - 周榜 # ============================================ location /api/v1/ranking { proxy_pass http://leaderboard_service/api/ranking; include /etc/nginx/conf.d/proxy_params.conf; } location /api/v1/leaderboard { proxy_pass http://leaderboard_service/api/leaderboard; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # Reporting Service - 遥测统计 # POST /api/v1/telemetry/session - 上报会话 # POST /api/v1/telemetry/heartbeat - 心跳 # POST /api/v1/telemetry/events - 事件上报 # ============================================ location /api/v1/telemetry { proxy_pass http://reporting_service/api/v1/telemetry; include /etc/nginx/conf.d/proxy_params.conf; } location /api/v1/report { proxy_pass http://reporting_service/api/v1/report; include /etc/nginx/conf.d/proxy_params.conf; } # ============================================ # 默认 404 # ============================================ location / { return 404 '{"error":"Not Found","message":"API endpoint not found"}'; add_header Content-Type application/json; } } ``` ## 4. 后端服务器配置 (192.168.1.111) ### 4.1 Docker Compose 部署文件 在 192.168.1.111 服务器上创建 `/opt/rwadurian/docker-compose.yml`: ```yaml services: # ============================================ # 微服务 # ============================================ identity-service: build: ./services/identity-service ports: - "3000:3000" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_identity - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - MPC_SERVICE_URL=http://mpc-service:3001 - BACKUP_SERVICE_URL=http://backup-service:3009 - APP_ENV=production depends_on: postgres: condition: service_healthy redis: condition: service_healthy networks: - rwa-network restart: unless-stopped mpc-service: build: ./services/mpc-service ports: - "3001:3001" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_mpc - REDIS_HOST=redis - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped wallet-service: build: ./services/wallet-service ports: - "3002:3002" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_wallet - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped planting-service: build: ./services/planting-service ports: - "3003:3003" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_planting - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - WALLET_SERVICE_URL=http://wallet-service:3002 - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped referral-service: build: ./services/referral-service ports: - "3004:3004" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_referral - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - IDENTITY_SERVICE_URL=http://identity-service:3000 - PLANTING_SERVICE_URL=http://planting-service:3003 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped reward-service: build: ./services/reward-service ports: - "3005:3005" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reward - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - IDENTITY_SERVICE_URL=http://identity-service:3000 - WALLET_SERVICE_URL=http://wallet-service:3002 - REFERRAL_SERVICE_URL=http://referral-service:3004 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped authorization-service: build: ./services/authorization-service ports: - "3006:3006" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_authorization - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - IDENTITY_SERVICE_URL=http://identity-service:3000 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped leaderboard-service: build: ./services/leaderboard-service ports: - "3007:3007" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_leaderboard - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - IDENTITY_SERVICE_URL=http://identity-service:3000 - REFERRAL_SERVICE_URL=http://referral-service:3004 - APP_ENV=production depends_on: postgres: condition: service_healthy redis: condition: service_healthy networks: - rwa-network restart: unless-stopped reporting-service: build: ./services/reporting-service ports: - "3008:3008" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reporting - JWT_SECRET=${JWT_SECRET} - REDIS_HOST=redis - KAFKA_BROKERS=kafka:29092 - APP_ENV=production depends_on: postgres: condition: service_healthy networks: - rwa-network restart: unless-stopped backup-service: build: ./services/backup-service ports: - "3009:3009" environment: - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres-backup:5432/rwa_backup - SERVICE_JWT_SECRET=${SERVICE_JWT_SECRET} - APP_ENV=production networks: - rwa-network restart: unless-stopped # ============================================ # 基础设施 # ============================================ postgres: image: postgres:16-alpine environment: - POSTGRES_USER=postgres - POSTGRES_PASSWORD=${DB_PASSWORD} volumes: - postgres_data:/var/lib/postgresql/data - ./scripts/init-databases.sql:/docker-entrypoint-initdb.d/init.sql healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s timeout: 5s retries: 10 networks: - rwa-network restart: unless-stopped redis: image: redis:7-alpine command: redis-server --requirepass ${REDIS_PASSWORD} volumes: - redis_data:/data healthcheck: test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] interval: 5s timeout: 5s retries: 10 networks: - rwa-network restart: unless-stopped zookeeper: image: confluentinc/cp-zookeeper:7.5.0 environment: ZOOKEEPER_CLIENT_PORT: 2181 networks: - rwa-network restart: unless-stopped kafka: image: confluentinc/cp-kafka:7.5.0 depends_on: - zookeeper environment: KAFKA_BROKER_ID: 1 KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_ADVERTISED_LISTENERS: PLAINTEXT_INTERNAL://kafka:29092 KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT_INTERNAL:PLAINTEXT KAFKA_LISTENERS: PLAINTEXT_INTERNAL://0.0.0.0:29092 KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT_INTERNAL KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true" networks: - rwa-network restart: unless-stopped networks: rwa-network: driver: bridge volumes: postgres_data: redis_data: ``` ### 4.2 数据库初始化脚本 在 192.168.1.111 服务器上创建 `/opt/rwadurian/scripts/init-databases.sql`: ```sql -- 创建所有微服务数据库 CREATE DATABASE rwa_identity; CREATE DATABASE rwa_mpc; CREATE DATABASE rwa_wallet; CREATE DATABASE rwa_planting; CREATE DATABASE rwa_referral; CREATE DATABASE rwa_reward; CREATE DATABASE rwa_authorization; CREATE DATABASE rwa_leaderboard; CREATE DATABASE rwa_reporting; CREATE DATABASE rwa_backup; ``` ### 4.3 环境变量文件 在 192.168.1.111 服务器上创建 `/opt/rwadurian/.env`: ```bash # Database DB_PASSWORD=your_secure_database_password_here # JWT (所有服务共享) JWT_SECRET=your_super_secure_jwt_secret_at_least_32_characters # Redis REDIS_PASSWORD=your_secure_redis_password # Service JWT (服务间通信) SERVICE_JWT_SECRET=your_service_jwt_secret_for_internal_calls # Wallet Encryption WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt ``` ## 5. 部署步骤 ### 5.1 Nginx 服务器配置 ```bash # 1. 安装 Nginx apt update && apt install -y nginx # 2. 创建配置目录 mkdir -p /etc/nginx/ssl # 3. 复制配置文件 # 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录 # 4. 安装 SSL 证书 (Let's Encrypt 示例) apt install -y certbot python3-certbot-nginx certbot --nginx -d rwaapi.szaiai.com # 5. 测试配置 nginx -t # 6. 重启 Nginx systemctl restart nginx systemctl enable nginx ``` ### 5.2 后端服务器 (192.168.1.111) 配置 ```bash # 1. 安装 Docker curl -fsSL https://get.docker.com | sh usermod -aG docker $USER # 2. 安装 Docker Compose apt install -y docker-compose-plugin # 3. 创建部署目录 mkdir -p /opt/rwadurian cd /opt/rwadurian # 4. 克隆代码 git clone https://github.com/your-org/rwadurian.git . # 5. 配置环境变量 cp .env.example .env vim .env # 修改为生产环境配置 # 6. 创建数据库初始化脚本 mkdir -p scripts # 将上面的 init-databases.sql 复制到 scripts/ # 7. 启动所有服务 docker compose up -d # 8. 查看服务状态 docker compose ps # 9. 运行数据库迁移 docker compose exec identity-service npx prisma migrate deploy docker compose exec wallet-service npx prisma migrate deploy docker compose exec planting-service npx prisma migrate deploy docker compose exec referral-service npx prisma migrate deploy docker compose exec reward-service npx prisma migrate deploy docker compose exec leaderboard-service npx prisma migrate deploy docker compose exec reporting-service npx prisma migrate deploy ``` ### 5.3 验证部署 ```bash # 从 Nginx 服务器测试 curl -k https://rwaapi.szaiai.com/health # 测试 API 端点 curl -k https://rwaapi.szaiai.com/api/v1/user/auto-create \ -H "Content-Type: application/json" \ -d '{"deviceId": "test-device-123"}' # 从后端服务器直接测试 curl http://localhost:3000/api/v1/user/auto-create \ -H "Content-Type: application/json" \ -d '{"deviceId": "test-device-123"}' ``` ## 6. API 端点对照表 | 前端调用路径 | Nginx 转发 | 后端服务 | 端口 | |-------------|-----------|---------|------| | `/api/v1/user/*` | → | Identity Service | 3000 | | `/api/v1/auth/*` | → | Identity Service | 3000 | | `/api/v1/wallet/*` | → | Wallet Service | 3002 | | `/api/v1/trading/*` | → | Wallet Service | 3002 | | `/api/v1/deposit/*` | → | Wallet Service | 3002 | | `/api/v1/mining/*` | → | Reward Service | 3005 | | `/api/v1/reward/*` | → | Reward Service | 3005 | | `/api/v1/ranking/*` | → | Leaderboard Service | 3007 | | `/api/v1/leaderboard/*` | → | Leaderboard Service | 3007 | | `/api/v1/planting/*` | → | Planting Service | 3003 | | `/api/v1/referral/*` | → | Referral Service | 3004 | | `/api/v1/community/*` | → | Referral Service | 3004 | | `/api/v1/telemetry/*` | → | Reporting Service | 3008 | | `/api/v1/report/*` | → | Reporting Service | 3008 | ## 7. 监控与运维 ### 7.1 查看 Nginx 日志 ```bash # 访问日志 tail -f /var/log/nginx/access.log # 错误日志 tail -f /var/log/nginx/error.log # 过滤特定服务请求 grep "/api/v1/user" /var/log/nginx/access.log | tail -100 ``` ### 7.2 查看服务日志 ```bash # 在 192.168.1.111 上执行 # 查看所有服务日志 docker compose logs -f # 查看特定服务日志 docker compose logs -f identity-service docker compose logs -f wallet-service # 查看最近 100 行 docker compose logs --tail=100 identity-service ``` ### 7.3 服务健康检查 ```bash # 检查所有服务状态 docker compose ps # 检查特定服务健康 curl http://192.168.1.111:3000/health # Identity curl http://192.168.1.111:3002/health # Wallet curl http://192.168.1.111:3003/health # Planting curl http://192.168.1.111:3004/health # Referral curl http://192.168.1.111:3005/health # Reward curl http://192.168.1.111:3007/health # Leaderboard curl http://192.168.1.111:3008/health # Reporting ``` ### 7.4 重启服务 ```bash # 重启单个服务 docker compose restart identity-service # 重启所有服务 docker compose restart # 重建并重启 docker compose up -d --build identity-service ``` ## 8. 常见问题 ### Q1: 502 Bad Gateway - 检查后端服务是否运行: `docker compose ps` - 检查 Nginx 到 192.168.1.111 网络是否通: `ping 192.168.1.111` - 检查端口是否开放: `telnet 192.168.1.111 3000` ### Q2: CORS 错误 - 确认 Nginx 配置中 CORS 头已正确设置 - 检查 OPTIONS 预检请求是否返回 204 ### Q3: SSL 证书问题 - 检查证书路径: `ls -la /etc/nginx/ssl/` - 测试 SSL: `openssl s_client -connect rwaapi.szaiai.com:443` - 检查证书有效期: `openssl x509 -in /etc/nginx/ssl/rwaapi.szaiai.com.pem -noout -dates` ### Q4: 服务间通信失败 - 检查 Docker 网络: `docker network inspect rwa-network` - 检查服务名解析: `docker compose exec identity-service ping wallet-service` --- **最后更新**: 2025-12-01 **维护者**: RWA Team