29 KiB
29 KiB
RWA Durian 系统部署指南
本文档描述了 RWA Durian 系统的完整部署架构,包括前端 API 调用、Nginx 反向代理配置和后端服务部署。
1. 系统架构概览
┌─────────────────────────────────────────────────────────────────────────────┐
│ 用户设备 │
│ (Android/iOS App) │
└─────────────────────────────────┬───────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ Nginx 服务器 (公网) │
│ https://rwaapi.szaiai.com │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ /etc/nginx/conf.d/rwaapi.conf │ │
│ │ │ │
│ │ /api/v1/user/* → 192.168.1.111:3000 (Identity) │ │
│ │ /api/v1/auth/* → 192.168.1.111:3000 (Identity) │ │
│ │ /api/v1/wallet/* → 192.168.1.111:3002 (Wallet) │ │
│ │ /api/v1/trading/* → 192.168.1.111:3002 (Wallet) │ │
│ │ /api/v1/planting/* → 192.168.1.111:3003 (Planting) │ │
│ │ /api/v1/referral/* → 192.168.1.111:3004 (Referral) │ │
│ │ /api/v1/mining/* → 192.168.1.111:3005 (Reward) │ │
│ │ /api/v1/ranking/* → 192.168.1.111:3007 (Leaderboard) │ │
│ │ /api/v1/telemetry/*→ 192.168.1.111:3008 (Reporting) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────┬───────────────────────────────────────────┘
│ 内网
▼
┌─────────────────────────────────────────────────────────────────────────────┐
│ 后端服务器 192.168.1.111 │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ Identity │ │ MPC │ │ Wallet │ │ Planting │ │
│ │ :3000 │ │ :3001 │ │ :3002 │ │ :3003 │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ Referral │ │ Reward │ │ Authorization │ │ Leaderboard │ │
│ │ :3004 │ │ :3005 │ │ :3006 │ │ :3007 │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ └───────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ │
│ │ Reporting │ │ Backup │ │
│ │ :3008 │ │ :3009 │ │
│ └───────────────┘ └───────────────┘ │
│ │
│ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │
│ │ PostgreSQL │ │ Redis │ │ Kafka │ │
│ │ :5432 │ │ :6379 │ │ :9092 │ │
│ └───────────────┘ └───────────────┘ └───────────────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
2. 后端服务端口规划
所有后端服务部署在 192.168.1.111 服务器上:
| 服务名称 | 端口 | API 前缀 | 说明 |
|---|---|---|---|
| Identity Service | 3000 | /api/v1 |
用户身份、认证、钱包创建 |
| MPC Service | 3001 | /api/v1 |
MPC 密钥分片管理 (内部) |
| Wallet Service | 3002 | /api/v1 |
钱包余额、交易、充值 |
| Planting Service | 3003 | /api/v1 |
认种业务 |
| Referral Service | 3004 | /api/v1 |
推荐关系、分享链接 |
| Reward Service | 3005 | /api/v1 |
挖矿奖励、收益 |
| Authorization Service | 3006 | /api/v1 |
权限管理 (内部) |
| Leaderboard Service | 3007 | /api |
排行榜 |
| Reporting Service | 3008 | /api/v1 |
遥测统计、报表 |
| Backup Service | 3009 | - | MPC 备份 (内部服务) |
3. Nginx 配置文件
3.1 目录结构
在 Nginx 服务器上创建以下目录结构:
/etc/nginx/
├── nginx.conf # 主配置文件
├── conf.d/
│ ├── rwaapi.conf # API 网关配置
│ └── proxy_params.conf # 代理参数配置
└── ssl/
├── rwaapi.szaiai.com.pem # SSL 证书
└── rwaapi.szaiai.com.key # SSL 私钥
3.2 主配置文件 /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 10m;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript
application/xml application/xml+rss text/javascript;
# 限流配置
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
include /etc/nginx/conf.d/*.conf;
}
3.3 代理参数配置 /etc/nginx/conf.d/proxy_params.conf
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
3.4 API 网关配置 /etc/nginx/conf.d/rwaapi.conf
# ============================================
# 后端服务器地址 (192.168.1.111)
# ============================================
upstream identity_service {
server 192.168.1.111:3000;
keepalive 32;
}
upstream wallet_service {
server 192.168.1.111:3002;
keepalive 32;
}
upstream planting_service {
server 192.168.1.111:3003;
keepalive 32;
}
upstream referral_service {
server 192.168.1.111:3004;
keepalive 32;
}
upstream reward_service {
server 192.168.1.111:3005;
keepalive 32;
}
upstream leaderboard_service {
server 192.168.1.111:3007;
keepalive 32;
}
upstream reporting_service {
server 192.168.1.111:3008;
keepalive 32;
}
# ============================================
# HTTP -> HTTPS 重定向
# ============================================
server {
listen 80;
server_name rwaapi.szaiai.com;
return 301 https://$server_name$request_uri;
}
# ============================================
# HTTPS 服务器
# ============================================
server {
listen 443 ssl http2;
server_name rwaapi.szaiai.com;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/rwaapi.szaiai.com.pem;
ssl_certificate_key /etc/nginx/ssl/rwaapi.szaiai.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# 现代 SSL 配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# CORS 配置
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# 处理 OPTIONS 预检请求
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# 限流
limit_req zone=api_limit burst=20 nodelay;
limit_conn conn_limit 10;
# ============================================
# 健康检查端点
# ============================================
location /health {
access_log off;
return 200 '{"status":"ok","timestamp":"$time_iso8601"}';
add_header Content-Type application/json;
}
# ============================================
# Identity Service - 用户身份认证
# POST /api/v1/user/auto-create - 自动创建用户
# POST /api/v1/user/login - 用户登录
# GET /api/v1/user/profile - 获取用户信息
# ============================================
location /api/v1/user {
proxy_pass http://identity_service/api/v1/user;
include /etc/nginx/conf.d/proxy_params.conf;
}
location /api/v1/auth {
proxy_pass http://identity_service/api/v1/auth;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Wallet Service - 钱包操作
# GET /api/v1/wallet/balance - 查询余额
# POST /api/v1/wallet/create - 创建钱包
# ============================================
location /api/v1/wallet {
proxy_pass http://wallet_service/api/v1/wallet;
include /etc/nginx/conf.d/proxy_params.conf;
}
# Trading - 交易
location /api/v1/trading {
proxy_pass http://wallet_service/api/v1/trading;
include /etc/nginx/conf.d/proxy_params.conf;
}
# Deposit - 充值
location /api/v1/deposit {
proxy_pass http://wallet_service/api/v1/deposit;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Planting Service - 认种业务
# GET /api/v1/planting/price - 认种价格
# POST /api/v1/planting/submit - 提交认种
# ============================================
location /api/v1/planting {
proxy_pass http://planting_service/api/v1/planting;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Referral Service - 推荐系统
# GET /api/v1/referral/generate-link - 生成推荐链接
# GET /api/v1/community/referrals - 获取推荐列表
# ============================================
location /api/v1/referral {
proxy_pass http://referral_service/api/v1/referral;
include /etc/nginx/conf.d/proxy_params.conf;
}
location /api/v1/community {
proxy_pass http://referral_service/api/v1/community;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Reward Service - 挖矿奖励
# GET /api/v1/mining/status - 挖矿状态
# POST /api/v1/mining/start - 开始挖矿
# POST /api/v1/mining/claim - 领取奖励
# ============================================
location /api/v1/mining {
proxy_pass http://reward_service/api/v1/mining;
include /etc/nginx/conf.d/proxy_params.conf;
}
location /api/v1/reward {
proxy_pass http://reward_service/api/v1/reward;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Leaderboard Service - 排行榜
# GET /api/v1/ranking/daily - 日榜
# GET /api/v1/ranking/weekly - 周榜
# ============================================
location /api/v1/ranking {
proxy_pass http://leaderboard_service/api/ranking;
include /etc/nginx/conf.d/proxy_params.conf;
}
location /api/v1/leaderboard {
proxy_pass http://leaderboard_service/api/leaderboard;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# Reporting Service - 遥测统计
# POST /api/v1/telemetry/session - 上报会话
# POST /api/v1/telemetry/heartbeat - 心跳
# POST /api/v1/telemetry/events - 事件上报
# ============================================
location /api/v1/telemetry {
proxy_pass http://reporting_service/api/v1/telemetry;
include /etc/nginx/conf.d/proxy_params.conf;
}
location /api/v1/report {
proxy_pass http://reporting_service/api/v1/report;
include /etc/nginx/conf.d/proxy_params.conf;
}
# ============================================
# 默认 404
# ============================================
location / {
return 404 '{"error":"Not Found","message":"API endpoint not found"}';
add_header Content-Type application/json;
}
}
4. 后端服务器配置 (192.168.1.111)
4.1 Docker Compose 部署文件
在 192.168.1.111 服务器上创建 /opt/rwadurian/docker-compose.yml:
services:
# ============================================
# 微服务
# ============================================
identity-service:
build: ./services/identity-service
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_identity
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- MPC_SERVICE_URL=http://mpc-service:3001
- BACKUP_SERVICE_URL=http://backup-service:3009
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
mpc-service:
build: ./services/mpc-service
ports:
- "3001:3001"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_mpc
- REDIS_HOST=redis
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
wallet-service:
build: ./services/wallet-service
ports:
- "3002:3002"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_wallet
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
planting-service:
build: ./services/planting-service
ports:
- "3003:3003"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_planting
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- WALLET_SERVICE_URL=http://wallet-service:3002
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
referral-service:
build: ./services/referral-service
ports:
- "3004:3004"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_referral
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- PLANTING_SERVICE_URL=http://planting-service:3003
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
reward-service:
build: ./services/reward-service
ports:
- "3005:3005"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reward
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- WALLET_SERVICE_URL=http://wallet-service:3002
- REFERRAL_SERVICE_URL=http://referral-service:3004
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
authorization-service:
build: ./services/authorization-service
ports:
- "3006:3006"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_authorization
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- IDENTITY_SERVICE_URL=http://identity-service:3000
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
leaderboard-service:
build: ./services/leaderboard-service
ports:
- "3007:3007"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_leaderboard
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- IDENTITY_SERVICE_URL=http://identity-service:3000
- REFERRAL_SERVICE_URL=http://referral-service:3004
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
reporting-service:
build: ./services/reporting-service
ports:
- "3008:3008"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres:5432/rwa_reporting
- JWT_SECRET=${JWT_SECRET}
- REDIS_HOST=redis
- KAFKA_BROKERS=kafka:29092
- APP_ENV=production
depends_on:
postgres:
condition: service_healthy
networks:
- rwa-network
restart: unless-stopped
backup-service:
build: ./services/backup-service
ports:
- "3009:3009"
environment:
- DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@postgres-backup:5432/rwa_backup
- SERVICE_JWT_SECRET=${SERVICE_JWT_SECRET}
- APP_ENV=production
networks:
- rwa-network
restart: unless-stopped
# ============================================
# 基础设施
# ============================================
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=${DB_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/init-databases.sql:/docker-entrypoint-initdb.d/init.sql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 10
networks:
- rwa-network
restart: unless-stopped
redis:
image: redis:7-alpine
command: redis-server --requirepass ${REDIS_PASSWORD}
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
interval: 5s
timeout: 5s
retries: 10
networks:
- rwa-network
restart: unless-stopped
zookeeper:
image: confluentinc/cp-zookeeper:7.5.0
environment:
ZOOKEEPER_CLIENT_PORT: 2181
networks:
- rwa-network
restart: unless-stopped
kafka:
image: confluentinc/cp-kafka:7.5.0
depends_on:
- zookeeper
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT_INTERNAL://kafka:29092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT_INTERNAL:PLAINTEXT
KAFKA_LISTENERS: PLAINTEXT_INTERNAL://0.0.0.0:29092
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT_INTERNAL
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
networks:
- rwa-network
restart: unless-stopped
networks:
rwa-network:
driver: bridge
volumes:
postgres_data:
redis_data:
4.2 数据库初始化脚本
在 192.168.1.111 服务器上创建 /opt/rwadurian/scripts/init-databases.sql:
-- 创建所有微服务数据库
CREATE DATABASE rwa_identity;
CREATE DATABASE rwa_mpc;
CREATE DATABASE rwa_wallet;
CREATE DATABASE rwa_planting;
CREATE DATABASE rwa_referral;
CREATE DATABASE rwa_reward;
CREATE DATABASE rwa_authorization;
CREATE DATABASE rwa_leaderboard;
CREATE DATABASE rwa_reporting;
CREATE DATABASE rwa_backup;
4.3 环境变量文件
在 192.168.1.111 服务器上创建 /opt/rwadurian/.env:
# Database
DB_PASSWORD=your_secure_database_password_here
# JWT (所有服务共享)
JWT_SECRET=your_super_secure_jwt_secret_at_least_32_characters
# Redis
REDIS_PASSWORD=your_secure_redis_password
# Service JWT (服务间通信)
SERVICE_JWT_SECRET=your_service_jwt_secret_for_internal_calls
# Wallet Encryption
WALLET_ENCRYPTION_SALT=your_wallet_encryption_salt
5. 部署步骤
5.1 Nginx 服务器配置
# 1. 安装 Nginx
apt update && apt install -y nginx
# 2. 创建配置目录
mkdir -p /etc/nginx/ssl
# 3. 复制配置文件
# 将上面的 nginx.conf, proxy_params.conf, rwaapi.conf 复制到对应目录
# 4. 安装 SSL 证书 (Let's Encrypt 示例)
apt install -y certbot python3-certbot-nginx
certbot --nginx -d rwaapi.szaiai.com
# 5. 测试配置
nginx -t
# 6. 重启 Nginx
systemctl restart nginx
systemctl enable nginx
5.2 后端服务器 (192.168.1.111) 配置
# 1. 安装 Docker
curl -fsSL https://get.docker.com | sh
usermod -aG docker $USER
# 2. 安装 Docker Compose
apt install -y docker-compose-plugin
# 3. 创建部署目录
mkdir -p /opt/rwadurian
cd /opt/rwadurian
# 4. 克隆代码
git clone https://github.com/your-org/rwadurian.git .
# 5. 配置环境变量
cp .env.example .env
vim .env # 修改为生产环境配置
# 6. 创建数据库初始化脚本
mkdir -p scripts
# 将上面的 init-databases.sql 复制到 scripts/
# 7. 启动所有服务
docker compose up -d
# 8. 查看服务状态
docker compose ps
# 9. 运行数据库迁移
docker compose exec identity-service npx prisma migrate deploy
docker compose exec wallet-service npx prisma migrate deploy
docker compose exec planting-service npx prisma migrate deploy
docker compose exec referral-service npx prisma migrate deploy
docker compose exec reward-service npx prisma migrate deploy
docker compose exec leaderboard-service npx prisma migrate deploy
docker compose exec reporting-service npx prisma migrate deploy
5.3 验证部署
# 从 Nginx 服务器测试
curl -k https://rwaapi.szaiai.com/health
# 测试 API 端点
curl -k https://rwaapi.szaiai.com/api/v1/user/auto-create \
-H "Content-Type: application/json" \
-d '{"deviceId": "test-device-123"}'
# 从后端服务器直接测试
curl http://localhost:3000/api/v1/user/auto-create \
-H "Content-Type: application/json" \
-d '{"deviceId": "test-device-123"}'
6. API 端点对照表
| 前端调用路径 | Nginx 转发 | 后端服务 | 端口 |
|---|---|---|---|
/api/v1/user/* |
→ | Identity Service | 3000 |
/api/v1/auth/* |
→ | Identity Service | 3000 |
/api/v1/wallet/* |
→ | Wallet Service | 3002 |
/api/v1/trading/* |
→ | Wallet Service | 3002 |
/api/v1/deposit/* |
→ | Wallet Service | 3002 |
/api/v1/mining/* |
→ | Reward Service | 3005 |
/api/v1/reward/* |
→ | Reward Service | 3005 |
/api/v1/ranking/* |
→ | Leaderboard Service | 3007 |
/api/v1/leaderboard/* |
→ | Leaderboard Service | 3007 |
/api/v1/planting/* |
→ | Planting Service | 3003 |
/api/v1/referral/* |
→ | Referral Service | 3004 |
/api/v1/community/* |
→ | Referral Service | 3004 |
/api/v1/telemetry/* |
→ | Reporting Service | 3008 |
/api/v1/report/* |
→ | Reporting Service | 3008 |
7. 监控与运维
7.1 查看 Nginx 日志
# 访问日志
tail -f /var/log/nginx/access.log
# 错误日志
tail -f /var/log/nginx/error.log
# 过滤特定服务请求
grep "/api/v1/user" /var/log/nginx/access.log | tail -100
7.2 查看服务日志
# 在 192.168.1.111 上执行
# 查看所有服务日志
docker compose logs -f
# 查看特定服务日志
docker compose logs -f identity-service
docker compose logs -f wallet-service
# 查看最近 100 行
docker compose logs --tail=100 identity-service
7.3 服务健康检查
# 检查所有服务状态
docker compose ps
# 检查特定服务健康
curl http://192.168.1.111:3000/health # Identity
curl http://192.168.1.111:3002/health # Wallet
curl http://192.168.1.111:3003/health # Planting
curl http://192.168.1.111:3004/health # Referral
curl http://192.168.1.111:3005/health # Reward
curl http://192.168.1.111:3007/health # Leaderboard
curl http://192.168.1.111:3008/health # Reporting
7.4 重启服务
# 重启单个服务
docker compose restart identity-service
# 重启所有服务
docker compose restart
# 重建并重启
docker compose up -d --build identity-service
8. 常见问题
Q1: 502 Bad Gateway
- 检查后端服务是否运行:
docker compose ps - 检查 Nginx 到 192.168.1.111 网络是否通:
ping 192.168.1.111 - 检查端口是否开放:
telnet 192.168.1.111 3000
Q2: CORS 错误
- 确认 Nginx 配置中 CORS 头已正确设置
- 检查 OPTIONS 预检请求是否返回 204
Q3: SSL 证书问题
- 检查证书路径:
ls -la /etc/nginx/ssl/ - 测试 SSL:
openssl s_client -connect rwaapi.szaiai.com:443 - 检查证书有效期:
openssl x509 -in /etc/nginx/ssl/rwaapi.szaiai.com.pem -noout -dates
Q4: 服务间通信失败
- 检查 Docker 网络:
docker network inspect rwa-network - 检查服务名解析:
docker compose exec identity-service ping wallet-service
最后更新: 2025-12-01 维护者: RWA Team