104 lines
3.1 KiB
Markdown
104 lines
3.1 KiB
Markdown
|
# 巡樓部署 (infra)
|
|||
|
|
|
|||
|
|
部署拓樸:
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
瀏覽器 → nginx(systemd, :80/:443)
|
|||
|
|
├─ 靜態前端 /var/www/haixun (frontend/dist)
|
|||
|
|
└─ /api 反向代理 → Go gateway (systemd, 127.0.0.1:8890)
|
|||
|
|
Go gateway / Go worker (systemd) → Mongo / Redis (docker compose, 綁 127.0.0.1)
|
|||
|
|
Node playwright worker (systemd) → 透過 HTTP 打 gateway
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- 資料服務(Mongo/Redis)用 docker compose,只綁 `127.0.0.1`。
|
|||
|
|
- Go gateway / Go worker / Node worker 都是 systemd 原生服務。
|
|||
|
|
- secret 一律放 `/opt/haixun/etc/haixun.env`(不進 repo),yaml 用 `${VAR}` 讀取。
|
|||
|
|
|
|||
|
|
## 目錄
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
infra/
|
|||
|
|
docker-compose.yml # mongo + redis
|
|||
|
|
.env.example # compose 用環境變數
|
|||
|
|
etc/haixun.env.example # systemd EnvironmentFile 範本(secret)
|
|||
|
|
nginx/haixun.conf # 靜態前端 + /api 反代 + SSE
|
|||
|
|
systemd/
|
|||
|
|
haixun-gateway.service
|
|||
|
|
haixun-worker.service
|
|||
|
|
haixun-node-worker.service
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 1. 起資料服務 (docker)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
cd infra
|
|||
|
|
cp .env.example .env # 填入 Mongo/Redis 密碼
|
|||
|
|
docker compose --env-file .env up -d
|
|||
|
|
docker compose ps
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 2. 建置產物(本機或 CI)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
make build # 前端 dist + 兩個 linux Go binary(backend/bin/)
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 3. 安裝到目標主機
|
|||
|
|
|
|||
|
|
於目標主機(需 root):
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
sudo make install
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
`make install` 會:
|
|||
|
|
|
|||
|
|
1. 建立使用者 `haixun` 與目錄 `/opt/haixun/{bin,etc,node-worker}`、`/var/www/haixun`。
|
|||
|
|
2. 複製 `backend/bin/{gateway,worker}`、`backend/etc/gateway.prod.yaml`、`backend/etc/gateway.worker.prod.yaml`。
|
|||
|
|
3. 複製 `frontend/dist/*` → `/var/www/haixun`。
|
|||
|
|
4. 複製 `backend/worker/*`(Node worker)→ `/opt/haixun/node-worker`,並 `npm ci` + `npx playwright install`。
|
|||
|
|
5. 安裝 `infra/systemd/*.service` 與 `infra/nginx/haixun.conf`。
|
|||
|
|
|
|||
|
|
接著手動建立 secret 檔(**只做一次**):
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
sudo cp infra/etc/haixun.env.example /opt/haixun/etc/haixun.env
|
|||
|
|
sudo chmod 600 /opt/haixun/etc/haixun.env
|
|||
|
|
sudoedit /opt/haixun/etc/haixun.env # 填入實際 secret
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 4. 初始化資料庫與 admin 帳號(只做一次)
|
|||
|
|
|
|||
|
|
Mongo 起來、secret 填好後,建立索引 / 權限 catalog / role_permissions,並建立第一個 admin:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 可在 haixun.env 內設定 INIT_ADMIN_EMAIL / INIT_ADMIN_PASSWORD,或在這裡用環境變數覆寫
|
|||
|
|
sudo make prod-init
|
|||
|
|
# 等同:source /opt/haixun/etc/haixun.env 後執行 /opt/haixun/bin/tool init -f /opt/haixun/etc/gateway.prod.yaml
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
之後一般使用者可走 `POST /api/v1/auth/register` 自助註冊(前端登入頁)。
|
|||
|
|
|
|||
|
|
## 5. 啟用服務
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
sudo systemctl daemon-reload
|
|||
|
|
sudo systemctl enable --now haixun-gateway haixun-worker haixun-node-worker
|
|||
|
|
sudo nginx -t && sudo systemctl reload nginx
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 6. 健康檢查
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
curl http://127.0.0.1:8890/api/v1/health
|
|||
|
|
sudo systemctl status haixun-gateway haixun-worker haixun-node-worker
|
|||
|
|
journalctl -u haixun-gateway -f
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 產生 secret
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
openssl rand -base64 48 # JWT access / refresh / worker secret
|
|||
|
|
openssl rand -base64 32 # HAIXUN_SECRETS_KEY(機敏資料落地加密)
|
|||
|
|
```
|