diff --git a/deploy/docker/.env.example b/deploy/docker/.env.example
new file mode 100644
index 0000000..942e3cf
--- /dev/null
+++ b/deploy/docker/.env.example
@@ -0,0 +1,79 @@
+# ============================================================
+# Docker 部署环境变量模板
+# 使用方法： cp .env.example .env  然后按实际填写
+# 注意： .env 切勿提交到 git
+# ============================================================
+
+# ---------- 基础 ----------
+TZ=Asia/Shanghai
+COMPOSE_PROJECT_NAME=integral-shop-sqszx202
+
+# ---------- 阿里云 RDS for MySQL ----------
+# 外网地址（与 59.110.91.202 同地域 VPC 时建议改为内网地址，更快更安全）
+RDS_HOST=rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com
+RDS_PORT=3306
+
+# 寄卖商城（Webman PHP 后端）
+RDS_INTEGRAL_DB=sqszx202
+RDS_INTEGRAL_USER=yangtangyoupin
+RDS_INTEGRAL_PASS=change-me
+
+# 积分商城（Spring Boot 后端） — 与寄卖商城共库共账号
+RDS_SINGLE_DB=sqszx202
+RDS_SINGLE_USER=yangtangyoupin
+RDS_SINGLE_PASS=change-me
+
+# ---------- 容器内 Redis ----------
+REDIS_PASSWORD=change-me-redis
+# 三个业务各自的 db 序号，建议互不冲突
+REDIS_INTEGRAL_DB=0
+REDIS_SINGLE_ADMIN_DB=25
+REDIS_SINGLE_FRONT_DB=26
+
+# 是否把 Redis 端口暴露到宿主机（生产建议不暴露，留空字符串即可关闭）
+REDIS_HOST_PORT=6379
+
+# ---------- 寄卖商城 H5 configs.js 注入 ----------
+# 用户浏览器访问到的 API/图片/H5 域名（必须为外网可达 URL）
+INTEGRAL_API_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_IMG_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_H5_PUBLIC_URL=https://j3s4s5.com/
+# 业务标识：sn_id（数字）、appStr（与寄卖商城 APP_SECRET 必须一致）
+INTEGRAL_SN_ID=17533260260612
+INTEGRAL_APP_STR=ZFyTNQTWEkCBczKzyUDJWE9Ecx260612
+INTEGRAL_TITLE=宿迁盛泽鑫商贸
+INTEGRAL_CONTRACT_PAGE=10012
+
+# ---------- 寄卖商城 Webman 后端短信 / OSS ----------
+# 不用就保持空值；启用时填写真实凭证（也可直接编辑 integral-resell/.env 文件）
+SMS_CHANNEL=alibaba
+SMS_SIGNNAME=宿迁盛泽鑫商贸
+SMS_TEMPLATE=SMS_335105539
+SMS_KEYID=LTAI5t6PReihGTE4zGJk1Sxa
+SMS_KEYSECRET=rzFeYQ21VOIwf0wAnxYcY10uPjoiJ4
+
+# OSS_TYPE=public 表示用本地 public/upload；oss 表示走阿里云 OSS
+FILE_STORAGE=public
+OSS_ACCESS_ID=
+OSS_ACCESS_SECRET=
+OSS_BUCKET=
+OSS_ENDPOINT=
+OSS_URL=
+
+# ---------- 积分商城前端构建参数 ----------
+# 留空即走与 Nginx 同域 /api/，最佳实践；如要直连后端写完整 URL
+SINGLE_ADMIN_BASE_API=
+SINGLE_H5_DOMAIN=
+
+# ---------- 积分商城后端 JVM ----------
+SINGLE_ADMIN_JAVA_OPTS=-Xms256m -Xmx512m
+SINGLE_FRONT_JAVA_OPTS=-Xms256m -Xmx768m
+
+# ---------- 积分商城订单同步（无 MER 时填默认） ----------
+SYNC_SOURCE_ID=
+SYNC_TARGET_MER_ID=0
+
+# ---------- 宿主机暴露端口（可按需修改） ----------
+INTEGRAL_H5_PORT=18080
+SINGLE_ADMIN_WEB_PORT=18081
+SINGLE_H5_PORT=18082
diff --git a/deploy/docker/.gitignore b/deploy/docker/.gitignore
new file mode 100644
index 0000000..6f01829
--- /dev/null
+++ b/deploy/docker/.gitignore
@@ -0,0 +1,4 @@
+# 部署敏感文件不入库
+.env
+**/houtai.env
+integral-resell/.env
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
new file mode 100644
index 0000000..6052830
--- /dev/null
+++ b/deploy/docker/README.md
@@ -0,0 +1,119 @@
+# Docker 部署 — 快速上手
+
+> 详细方案见仓库根目录的 `DOCKER_DEPLOY.md`。本文件只列必要操作。
+
+## 已提供的项目化部署目录
+
+| 项目 | 步骤一 | 步骤二 |
+|-----|------|------|
+| `czleilei240` 参考模板 | `deploy/docker/step1-integral` | `deploy/docker/step2-single-shop` |
+| `sqszx202` | `deploy/docker/step1-integral-sqszx202` | `deploy/docker/step2-single-shop-sqszx202` |
+
+## 1. 准备环境变量
+
+```bash
+cd deploy/docker
+cp .env.example .env
+$EDITOR .env                                # 填入 RDS / Redis / 域名 等
+
+cp integral-resell/.env.template integral-resell/.env
+$EDITOR integral-resell/.env                # 寄卖商城 Webman 后端配置
+```
+
+## 2. 阿里云 RDS 初始化
+
+在 RDS 控制台新建：
+- 寄卖商城库（默认名 `sqszx202`）→ 导入寄卖商城生产备份或初始化 SQL
+- 积分商城库（默认名 `sqszx202`）→ 导入 `db/shop22-v2.sql`（或与生产对齐的 `db/jjy153-mysql.sql`）
+
+把 Docker 主机出口 IP 加入 RDS 白名单。
+
+## 3. 构建并启动
+
+```bash
+# 一次性构建所有镜像（首次 5-15 分钟，含 Maven & Node 拉依赖）
+docker compose build
+
+# 后台启动全部服务
+docker compose up -d
+
+# 查看状态
+docker compose ps
+docker compose logs -f single-admin-api
+docker compose logs -f single-front-api
+docker compose logs -f integral-houtai
+```
+
+## 4. 验证
+
+| URL | 期望 |
+|-----|------|
+| `http://<host>:18080/` | 寄卖商城 H5 首页 |
+| `http://<host>:18080/api/...` | 转发到 integral-houtai |
+| `http://<host>:18081/` | 积分商城管理后台登录页 |
+| `http://<host>:18082/` | 积分商城用户端 H5 |
+
+## 5. 常用运维
+
+```bash
+docker compose restart single-admin-api
+docker compose build --no-cache single-front-api && docker compose up -d single-front-api
+docker compose exec single-admin-api sh
+docker compose down                    # 不删卷
+docker compose down -v                 # 连卷一并删除（**慎用**）
+```
+
+## 6. 备份卷
+
+```bash
+# 在 docker host 上运行
+for v in integral-upload single-images redis-data; do
+  docker run --rm -v $v:/d -v $(pwd):/b alpine \
+    tar czf /b/${v}-$(date +%F).tgz -C /d .
+done
+```
+
+## 7. "fast" 模式（跳过前端构建，使用源码已有 dist）
+
+如果源码目录里 `backend-adminend/dist` 和 `single_uniapp22miao/unpackage/dist/build/` 已经是最新构建产物，可加速：
+
+```bash
+docker compose build --build-arg=BUILDKIT_INLINE_CACHE=1 \
+  --target fast single-admin-web single-h5
+```
+
+## 8. 切换为外部 Redis
+
+把 `.env` 中 `REDIS_HOST` 改为外部地址、注释 `docker-compose.yml` 中的 `redis:` 服务即可。Spring Boot 与 Webman 都通过环境变量读取 Redis 地址。
+
+## 9. 远端一键部署（59.110.91.202）
+
+```bash
+cd scripts
+cp server.env.example server.env       # 已预填 59.110.91.202 / root，密码按实际填写
+
+# 首次（推荐）：把密码登录换成 SSH key
+ssh-copy-id root@59.110.91.202
+# 然后把 server.env 里的 SSHPASS 留空或注释掉
+
+# 同步代码并启动
+./sync-to-server.sh up
+
+# 同步完成后，若是首次部署还需要先在远端填写 .env：
+./bootstrap-remote-env.sh
+./remote-up.sh ssh
+#   远端：cd /root/integral-shop/deploy/docker
+#         vim .env
+#         vim integral-resell/.env
+# 编辑完退出后：
+./remote-up.sh up
+
+# 日常运维（本机执行，不用登录服务器）
+./remote-up.sh ps
+./remote-up.sh logs single-admin-api
+./remote-up.sh restart single-front-api
+./remote-up.sh build single-admin-web
+```
+
+> 用密码模式需要先 `brew install hudochenkov/sshpass/sshpass`（macOS）。
+> 用 SSH key 模式则任何依赖都不需要。
diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
new file mode 100644
index 0000000..611799f
--- /dev/null
+++ b/deploy/docker/docker-compose.yml
@@ -0,0 +1,187 @@
+# =============================================================
+# 寄卖商城 + 积分商城 前后端 Docker 编排
+#   - 不含 MER-2.2 多商户
+#   - 不含 MySQL（使用阿里云 RDS）
+#   - 包含独立 Redis（如需用外部 Redis，注释掉 redis 服务并修改 REDIS_HOST）
+# =============================================================
+
+name: integral-shop-sqszx202
+
+x-common: &common
+  restart: unless-stopped
+  environment:
+    TZ: ${TZ:-Asia/Shanghai}
+  logging:
+    driver: json-file
+    options:
+      max-size: "20m"
+      max-file: "5"
+
+networks:
+  inner:
+    driver: bridge
+
+volumes:
+  redis-data:
+  integral-runtime:
+  integral-upload:
+  single-images:
+  single-logs:
+
+services:
+  # ---------------- Redis ----------------
+  redis:
+    <<: *common
+    image: redis:6.2-alpine
+    container_name: integral-shop-redis
+    command: ["redis-server", "/etc/redis/redis.conf", "--requirepass", "${REDIS_PASSWORD}"]
+    volumes:
+      - ./redis/redis.conf:/etc/redis/redis.conf:ro
+      - redis-data:/data
+    networks: [inner]
+    # 仅当 REDIS_HOST_PORT 非空时暴露
+    ports:
+      - "${REDIS_HOST_PORT:-}:6379"
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+
+  # ---------------- 寄卖商城：Webman 后端 ----------------
+  integral-houtai:
+    <<: *common
+    build:
+      context: ../../integral-resell/houtai
+      dockerfile: ../../deploy/docker/integral-resell/houtai.Dockerfile
+    image: integral-shop/integral-houtai:latest
+    container_name: integral-houtai
+    networks: [inner]
+    volumes:
+      # .env 由宿主机模板渲染挂入容器；编辑此文件即可改 DB / OSS / 短信
+      - ./integral-resell/.env:/app/.env:ro
+      - integral-runtime:/app/runtime
+      - integral-upload:/app/public/upload
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  # ---------------- 寄卖商城：H5 静态站 ----------------
+  integral-h5:
+    <<: *common
+    build:
+      context: ../../integral-resell/h5
+      dockerfile: ../../deploy/docker/integral-resell/h5.Dockerfile
+    image: integral-shop/integral-h5:latest
+    container_name: integral-h5
+    networks: [inner]
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      # 这些会在 entrypoint 中被注入到 static/configs.js
+      INTEGRAL_TITLE: ${INTEGRAL_TITLE}
+      INTEGRAL_API_PUBLIC_URL: ${INTEGRAL_API_PUBLIC_URL}
+      INTEGRAL_IMG_PUBLIC_URL: ${INTEGRAL_IMG_PUBLIC_URL}
+      INTEGRAL_H5_PUBLIC_URL: ${INTEGRAL_H5_PUBLIC_URL}
+      INTEGRAL_SN_ID: ${INTEGRAL_SN_ID}
+      INTEGRAL_APP_STR: ${INTEGRAL_APP_STR}
+      INTEGRAL_CONTRACT_PAGE: ${INTEGRAL_CONTRACT_PAGE}
+    ports:
+      - "${INTEGRAL_H5_PORT:-18080}:80"
+    depends_on:
+      - integral-houtai
+
+  # ---------------- 积分商城：管理后台 API ----------------
+  single-admin-api:
+    <<: *common
+    build:
+      context: ../../single-shop-22/backend
+      dockerfile: ../../deploy/docker/single-shop/admin-api.Dockerfile
+    image: integral-shop/single-admin-api:latest
+    container_name: single-admin-api
+    networks: [inner]
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      JAVA_HEAP_OPTS: ${SINGLE_ADMIN_JAVA_OPTS:--Xms128m -Xmx256m}
+      SPRING_PROFILES_ACTIVE: docker
+      SERVER_PORT: "30032"
+      MYSQL_HOST: ${RDS_HOST}
+      MYSQL_PORT: ${RDS_PORT:-3306}
+      MYSQL_DATABASE: ${RDS_SINGLE_DB}
+      MYSQL_USERNAME: ${RDS_SINGLE_USER}
+      MYSQL_PASSWORD: ${RDS_SINGLE_PASS}
+      REDIS_HOST: redis
+      REDIS_PORT: "6379"
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+      REDIS_DATABASE: ${REDIS_SINGLE_ADMIN_DB:-25}
+      SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-}
+      SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-0}
+    volumes:
+      - ./single-shop/application-docker.yml:/config/application-docker.yml:ro
+      - single-images:/usr/local/crmeb/crmebimage
+      - single-logs:/app/log
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  # ---------------- 积分商城：用户端 API ----------------
+  single-front-api:
+    <<: *common
+    build:
+      context: ../../single-shop-22/backend
+      dockerfile: ../../deploy/docker/single-shop/front-api.Dockerfile
+    image: integral-shop/single-front-api:latest
+    container_name: single-front-api
+    networks: [inner]
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      JAVA_OPTS: ${SINGLE_FRONT_JAVA_OPTS:--Xms256m -Xmx768m}
+      SPRING_PROFILES_ACTIVE: docker
+      SERVER_PORT: "30033"
+      MYSQL_HOST: ${RDS_HOST}
+      MYSQL_PORT: ${RDS_PORT:-3306}
+      MYSQL_DATABASE: ${RDS_SINGLE_DB}
+      MYSQL_USERNAME: ${RDS_SINGLE_USER}
+      MYSQL_PASSWORD: ${RDS_SINGLE_PASS}
+      REDIS_HOST: redis
+      REDIS_PORT: "6379"
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+      REDIS_DATABASE: ${REDIS_SINGLE_FRONT_DB:-26}
+    volumes:
+      - ./single-shop/application-docker.yml:/config/application-docker.yml:ro
+      - single-images:/usr/local/crmeb/crmebimage
+      - single-logs:/app/log
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  # ---------------- 积分商城：管理后台 Web ----------------
+  single-admin-web:
+    <<: *common
+    build:
+      context: ../../single-shop-22/backend-adminend
+      dockerfile: ../../deploy/docker/single-shop/admin-web.Dockerfile
+      args:
+        VUE_APP_BASE_API: ${SINGLE_ADMIN_BASE_API:-}
+    image: integral-shop/single-admin-web:latest
+    container_name: single-admin-web
+    networks: [inner]
+    ports:
+      - "${SINGLE_ADMIN_WEB_PORT:-18081}:80"
+    depends_on:
+      - single-admin-api
+
+  # ---------------- 积分商城：用户端 H5 ----------------
+  single-h5:
+    <<: *common
+    build:
+      context: ../../single-shop-22/single_uniapp22miao
+      dockerfile: ../../deploy/docker/single-shop/h5.Dockerfile
+      args:
+        H5_API_DOMAIN: ${SINGLE_H5_DOMAIN:-}
+    image: integral-shop/single-h5:latest
+    container_name: single-h5
+    networks: [inner]
+    ports:
+      - "${SINGLE_H5_PORT:-18082}:80"
+    depends_on:
+      - single-front-api
diff --git a/deploy/docker/integral-resell/.env.template b/deploy/docker/integral-resell/.env.template
new file mode 100644
index 0000000..83b8186
--- /dev/null
+++ b/deploy/docker/integral-resell/.env.template
@@ -0,0 +1,37 @@
+# =============================================================
+# Webman 后端运行时配置 — 宿迁盛泽鑫商贸 sqszx202（寄卖商城）
+# cp .env.template .env  并填入真实密码
+# .env 不入库，由 docker-compose volumes: 挂入 /app/.env
+# =============================================================
+
+# MySQL（阿里云 RDS）
+DB_HOST = 'rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com'
+DB_PORT = 3306
+DB_DATABASE = 'sqszx202'
+DB_USERNAME = 'yangtangyoupin'
+DB_PASSWORD = 'change-me'
+
+# Redis（指向同 compose 内的 redis 容器）
+REDIS_HOST = 'redis'
+REDIS_PORT = 6379
+REDIS_PASSWORD = 'change-me-redis'
+
+# 短信（签名沿用任务单提供的阿里云短信配置）
+SMS_CHANNEL = 'alibaba'
+SMS_SIGNNAME = '宿迁盛泽鑫商贸'
+SMS_TEMPLATE = 'SMS_335105539'
+SMS_KEYID = 'LTAI5t6PReihGTE4zGJk1Sxa'
+SMS_KEYSECRET = 'rzFeYQ21VOIwf0wAnxYcY10uPjoiJ4'
+SMS_SDKAPPID = ''
+
+# OSS（不启用则走本地 public/upload）
+FILE_STORAGE = 'public'
+OSS_ACCESS_ID = ''
+OSS_ACCESS_SECRET = ''
+OSS_BUCKET = ''
+OSS_ENDPOINT = ''
+OSS_URL = ''
+
+# 业务标识（须与 H5 configs.js 的 sn_id / appStr 以及积分商城 admin 后台一致）
+APP_SIGN = '1'
+APP_SECRET = 'ZFyTNQTWEkCBczKzyUDJWE9Ecx260612'
diff --git a/deploy/docker/integral-resell/h5.Dockerfile b/deploy/docker/integral-resell/h5.Dockerfile
new file mode 100644
index 0000000..e67541c
--- /dev/null
+++ b/deploy/docker/integral-resell/h5.Dockerfile
@@ -0,0 +1,83 @@
+# =============================================================
+# 寄卖商城 H5 静态站运行时镜像
+# 静态文件通过 bind-mount 挂入 /usr/share/nginx/html
+# =============================================================
+
+FROM nginx:1.25-alpine
+
+ENV TZ=Asia/Shanghai
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache tzdata \
+    && cp /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -f /etc/apk/cache/*.apk
+
+RUN cat > /etc/nginx/conf.d/default.conf <<'NGX'
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  client_max_body_size 50m;
+
+  location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map|pdf)$ {
+    expires 30d;
+    add_header Cache-Control "public, max-age=2592000";
+    try_files $uri =404;
+  }
+
+  location /api/ {
+    proxy_pass         http://integral-houtai:8785/api/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location /upload/ {
+    proxy_pass         http://integral-houtai:8785/upload/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
+NGX
+
+RUN cat > /docker-entrypoint.d/90-integral-configs.sh <<'SH' \
+    && chmod +x /docker-entrypoint.d/90-integral-configs.sh
+#!/bin/sh
+set -eu
+
+CONFIG_FILE=/usr/share/nginx/html/static/configs.js
+
+js_escape() {
+  printf '%s' "$1" | awk '{ gsub(/\\/, "\\\\"); gsub("\047", "\\\047"); printf "%s", $0 }'
+}
+
+mkdir -p "$(dirname "$CONFIG_FILE")"
+
+cat > "$CONFIG_FILE" <<EOF
+window.configs = {
+  TITLE: '$(js_escape "${INTEGRAL_TITLE:-}")',
+  BASE_URL: '$(js_escape "${INTEGRAL_API_PUBLIC_URL:-}")/api',
+  IMG_URL: '$(js_escape "${INTEGRAL_IMG_PUBLIC_URL:-}")',
+  H5_URL: '$(js_escape "${INTEGRAL_H5_PUBLIC_URL:-}")',
+  sn_id: ${INTEGRAL_SN_ID:-0},
+  appStr: '$(js_escape "${INTEGRAL_APP_STR:-}")'
+}
+EOF
+SH
+
+EXPOSE 80
diff --git a/deploy/docker/integral-resell/houtai.Dockerfile b/deploy/docker/integral-resell/houtai.Dockerfile
new file mode 100644
index 0000000..9d03029
--- /dev/null
+++ b/deploy/docker/integral-resell/houtai.Dockerfile
@@ -0,0 +1,20 @@
+# =============================================================
+# 寄卖商城 Webman 后端运行时镜像
+# 应用目录通过 bind-mount 挂入 /app，镜像只提供基础运行环境
+# =============================================================
+
+FROM alpine:3.19
+
+ENV TZ=Asia/Shanghai
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache bash curl tzdata ca-certificates \
+    && cp /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -f /etc/apk/cache/*.apk
+
+WORKDIR /app
+
+EXPOSE 8785
+
+CMD ["sh", "-c", "chmod +x /app/webman.bin && exec /app/webman.bin start"]
diff --git a/deploy/docker/nginx/admin.lehoo6.com.conf b/deploy/docker/nginx/admin.lehoo6.com.conf
new file mode 100644
index 0000000..ef008d3
--- /dev/null
+++ b/deploy/docker/nginx/admin.lehoo6.com.conf
@@ -0,0 +1,54 @@
+upstream resell_api {
+    server 127.0.0.1:18085;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name admin.lehoo6.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/admin.lehoo6.com;
+    include /www/server/panel/vhost/nginx/extension/admin.lehoo6.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/admin.lehoo6.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    location / {
+        proxy_pass         http://resell_api;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    access_log  /www/wwwlogs/admin.lehoo6.com.log;
+    error_log   /www/wwwlogs/admin.lehoo6.com.error.log;
+}
diff --git a/deploy/docker/nginx/jf.lehoo6.com.conf b/deploy/docker/nginx/jf.lehoo6.com.conf
new file mode 100644
index 0000000..d223215
--- /dev/null
+++ b/deploy/docker/nginx/jf.lehoo6.com.conf
@@ -0,0 +1,92 @@
+upstream jifenmall_h5 {
+    server 127.0.0.1:18082;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name jf.lehoo6.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/jf.lehoo6.com;
+    include /www/server/panel/vhost/nginx/extension/jf.lehoo6.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/jf.lehoo6.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_jf.lehoo6.com.conf;
+    #REWRITE-END
+
+    location /api/front {
+        proxy_pass         http://127.0.0.1:30033/api/front;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    location /api/admin {
+        proxy_pass         http://127.0.0.1:30032/api/admin;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    location /api/external {
+        proxy_pass         http://127.0.0.1:30032/api/external;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://jifenmall_h5;
+        }
+    }
+
+    access_log  /www/wwwlogs/jf.lehoo6.com.log;
+    error_log   /www/wwwlogs/jf.lehoo6.com.error.log;
+}
diff --git a/deploy/docker/nginx/jfadmin.lehoo6.com.conf b/deploy/docker/nginx/jfadmin.lehoo6.com.conf
new file mode 100644
index 0000000..cdcf054
--- /dev/null
+++ b/deploy/docker/nginx/jfadmin.lehoo6.com.conf
@@ -0,0 +1,59 @@
+upstream jifenmall_admin {
+    server 127.0.0.1:18081;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name jfadmin.lehoo6.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/jfadmin.lehoo6.com;
+    include /www/server/panel/vhost/nginx/extension/jfadmin.lehoo6.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/jfadmin.lehoo6.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_jfadmin.lehoo6.com.conf;
+    #REWRITE-END
+
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://jifenmall_admin;
+        }
+    }
+
+    access_log  /www/wwwlogs/jfadmin.lehoo6.com.log;
+    error_log   /www/wwwlogs/jfadmin.lehoo6.com.error.log;
+}
diff --git a/deploy/docker/nginx/lehoo6.com.conf b/deploy/docker/nginx/lehoo6.com.conf
new file mode 100644
index 0000000..fca5b99
--- /dev/null
+++ b/deploy/docker/nginx/lehoo6.com.conf
@@ -0,0 +1,55 @@
+upstream resell_h5 {
+    server 127.0.0.1:18080;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name lehoo6.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/lehoo6.com;
+    include /www/server/panel/vhost/nginx/extension/lehoo6.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/lehoo6.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/lehoo6.com_cert/nginx/lehoo6.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://resell_h5;
+        }
+    }
+
+    access_log  /www/wwwlogs/lehoo6.com.log;
+    error_log   /www/wwwlogs/lehoo6.com.error.log;
+}
diff --git a/deploy/docker/nginx/leilei-jf.czchunfang.com.conf b/deploy/docker/nginx/leilei-jf.czchunfang.com.conf
new file mode 100644
index 0000000..870a0da
--- /dev/null
+++ b/deploy/docker/nginx/leilei-jf.czchunfang.com.conf
@@ -0,0 +1,117 @@
+upstream jifenmall_h5 {
+    server 127.0.0.1:18082;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name leilei-jf.czchunfang.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/leilei-jf.czchunfang.com;
+    include /www/server/panel/vhost/nginx/extension/leilei-jf.czchunfang.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/leilei-jf.czchunfang.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jf.czchunfang.com_cert/nginx/leilei-jf.czchunfang.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jf.czchunfang.com_cert/nginx/leilei-jf.czchunfang.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_leilei-jf.czchunfang.com.conf;
+    #REWRITE-END
+
+    # ---------- API 直连 Docker 容器（不经 H5 Nginx 中转） ----------
+
+    # 前台 API（用户端）→ single-front-api 容器 30033
+    location /api/front {
+        proxy_pass         http://127.0.0.1:30033/api/front;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    # 管理后台 API → single-admin-api 容器 30032
+    location /api/admin {
+        proxy_pass         http://127.0.0.1:30032/api/admin;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    # 外部接口（同 admin-api）
+    location /api/external {
+        proxy_pass         http://127.0.0.1:30032/api/external;
+        proxy_http_version 1.1;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        client_max_body_size 50m;
+    }
+
+    # ---------- H5 前端静态文件 → Docker single-h5 容器 ----------
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://jifenmall_h5;
+        }
+    }
+
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    { return 404; }
+
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/
+    { return 404; }
+
+    location ~ \.well-known { allow all; }
+
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+        return 403;
+    }
+
+    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
+        expires 30d; error_log /dev/null; access_log /dev/null;
+    }
+    location ~ .*\.(js|css)?$ {
+        expires 12h; error_log /dev/null; access_log /dev/null;
+    }
+
+    access_log  /www/wwwlogs/leilei-jf.czchunfang.com.log;
+    error_log   /www/wwwlogs/leilei-jf.czchunfang.com.error.log;
+}
diff --git a/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf b/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf
new file mode 100644
index 0000000..d3f03bb
--- /dev/null
+++ b/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf
@@ -0,0 +1,80 @@
+upstream jifenmall_admin {
+    server 127.0.0.1:18081;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name leilei-jfadmin.czchunfang.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/leilei-jfadmin.czchunfang.com;
+    include /www/server/panel/vhost/nginx/extension/leilei-jfadmin.czchunfang.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/leilei-jfadmin.czchunfang.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jfadmin.czchunfang.com_cert/nginx/leilei-jfadmin.czchunfang.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jfadmin.czchunfang.com_cert/nginx/leilei-jfadmin.czchunfang.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_leilei-jfadmin.czchunfang.com.conf;
+    #REWRITE-END
+
+    # ---------- 管理后台静态文件 → Docker single-admin-web 容器 ----------
+    # 管理后台前端调用的 API 指向 leilei-jf.czchunfang.com（与 H5 共用 API 域名）
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://jifenmall_admin;
+        }
+    }
+
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    { return 404; }
+
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/
+    { return 404; }
+
+    location ~ \.well-known { allow all; }
+
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+        return 403;
+    }
+
+    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
+        expires 30d; error_log /dev/null; access_log /dev/null;
+    }
+    location ~ .*\.(js|css)?$ {
+        expires 12h; error_log /dev/null; access_log /dev/null;
+    }
+
+    access_log  /www/wwwlogs/leilei-jfadmin.czchunfang.com.log;
+    error_log   /www/wwwlogs/leilei-jfadmin.czchunfang.com.error.log;
+}
diff --git a/deploy/docker/nginx/leilei.czchunfang.com.conf b/deploy/docker/nginx/leilei.czchunfang.com.conf
new file mode 100644
index 0000000..5edb8a2
--- /dev/null
+++ b/deploy/docker/nginx/leilei.czchunfang.com.conf
@@ -0,0 +1,82 @@
+upstream resell_h5 {
+    server 127.0.0.1:18080;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name leilei.czchunfang.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/leilei.czchunfang.com;
+    include /www/server/panel/vhost/nginx/extension/leilei.czchunfang.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/leilei.czchunfang.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    #error_page 404/404.html;
+    #HTTP_TO_HTTPS_START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    #HTTP_TO_HTTPS_END
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei.czchunfang.com_cert/nginx/leilei.czchunfang.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei.czchunfang.com_cert/nginx/leilei.czchunfang.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_leilei.czchunfang.com.conf;
+    #REWRITE-END
+
+    # 寄卖商城 H5 → Docker integral-h5 容器（内部已含 /api/ /upload/ 反代到 webman:8785）
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://resell_h5;
+        }
+    }
+
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    { return 404; }
+
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/
+    { return 404; }
+
+    location ~ \.well-known { allow all; }
+
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+        return 403;
+    }
+
+    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
+        expires 30d; error_log /dev/null; access_log /dev/null;
+    }
+    location ~ .*\.(js|css)?$ {
+        expires 12h; error_log /dev/null; access_log /dev/null;
+    }
+
+    access_log  /www/wwwlogs/leilei.czchunfang.com.log;
+    error_log   /www/wwwlogs/leilei.czchunfang.com.error.log;
+}
diff --git a/deploy/docker/nginx/leileiadmin.czchunfang.com.conf b/deploy/docker/nginx/leileiadmin.czchunfang.com.conf
new file mode 100644
index 0000000..9d51029
--- /dev/null
+++ b/deploy/docker/nginx/leileiadmin.czchunfang.com.conf
@@ -0,0 +1,82 @@
+upstream resell_api {
+    server 127.0.0.1:18085;
+    keepalive 10240;
+}
+
+server
+{
+    listen 80;
+    listen 443 ssl http2;
+    server_name leileiadmin.czchunfang.com;
+    index index.html index.htm default.htm default.html;
+    root /www/wwwroot/leileiadmin.czchunfang.com;
+    include /www/server/panel/vhost/nginx/extension/leileiadmin.czchunfang.com/*.conf;
+    #CERT-APPLY-CHECK--START
+    include /www/server/panel/vhost/nginx/well-known/leileiadmin.czchunfang.com.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START
+    #error_page 404/404.html;
+    #HTTP_TO_HTTPS_START
+    set $isRedcert 1;
+    if ($server_port != 443) {
+        set $isRedcert 2;
+    }
+    if ( $uri ~ /\.well-known/ ) {
+        set $isRedcert 1;
+    }
+    if ($isRedcert != 1) {
+        rewrite ^(/.*)$ https://$host$1 permanent;
+    }
+    #HTTP_TO_HTTPS_END
+    ssl_certificate     /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leileiadmin.czchunfang.com_cert/nginx/leileiadmin.czchunfang.com.pem;
+    ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leileiadmin.czchunfang.com_cert/nginx/leileiadmin.czchunfang.com.key;
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_tickets on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=31536000";
+    error_page 497 https://$host$request_uri;
+    #SSL-END
+
+    #REWRITE-START
+    include /www/server/panel/vhost/rewrite/html_leileiadmin.czchunfang.com.conf;
+    #REWRITE-END
+
+    # 寄卖商城后台 API → Docker integral-houtai 容器（webman.bin 写死端口 8785）
+    location ^~ / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        if (!-f $request_filename) {
+            proxy_pass http://resell_api;
+        }
+    }
+
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    { return 404; }
+
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/
+    { return 404; }
+
+    location ~ \.well-known { allow all; }
+
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+        return 403;
+    }
+
+    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
+        expires 30d; error_log /dev/null; access_log /dev/null;
+    }
+    location ~ .*\.(js|css)?$ {
+        expires 12h; error_log /dev/null; access_log /dev/null;
+    }
+
+    access_log  /www/wwwlogs/leileiadmin.czchunfang.com.log;
+    error_log   /www/wwwlogs/leileiadmin.czchunfang.com.error.log;
+}
diff --git a/deploy/docker/redis/redis.conf b/deploy/docker/redis/redis.conf
new file mode 100644
index 0000000..62afd8c
--- /dev/null
+++ b/deploy/docker/redis/redis.conf
@@ -0,0 +1,39 @@
+# =============================================================
+# Redis 6.2 — 容器内最小化生产配置
+# 密码由 docker-compose 通过 --requirepass 参数注入
+# =============================================================
+
+bind 0.0.0.0
+protected-mode yes
+port 6379
+tcp-backlog 511
+timeout 0
+tcp-keepalive 300
+
+# 数据持久化： AOF + 一份 RDB 兜底
+appendonly yes
+appendfsync everysec
+save 900 1
+save 300 10
+save 60 10000
+
+dir /data
+dbfilename dump.rdb
+appendfilename "appendonly.aof"
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+
+# 内存策略
+maxmemory 512mb
+maxmemory-policy allkeys-lru
+
+# 日志
+loglevel notice
+logfile ""
+
+# 慢日志
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+
+# 客户端
+maxclients 1000
diff --git a/deploy/docker/scripts/.gitignore b/deploy/docker/scripts/.gitignore
new file mode 100644
index 0000000..4503ccb
--- /dev/null
+++ b/deploy/docker/scripts/.gitignore
@@ -0,0 +1 @@
+server.env
diff --git a/deploy/docker/scripts/bootstrap-remote-env.sh b/deploy/docker/scripts/bootstrap-remote-env.sh
new file mode 100755
index 0000000..7eec3f6
--- /dev/null
+++ b/deploy/docker/scripts/bootstrap-remote-env.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+# =============================================================
+# 首次部署：在远端创建 .env 模板（仅在缺失时创建）
+# 同步代码后执行： ./bootstrap-remote-env.sh
+# 之后 ssh 上去 vim 这两个文件填入真实密码即可
+# =============================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+if [ -f "$SCRIPT_DIR/server.env" ]; then
+    set -a; . "$SCRIPT_DIR/server.env"; set +a
+fi
+
+SERVER_HOST="${SERVER_HOST:?}"
+SERVER_USER="${SERVER_USER:-root}"
+SERVER_PORT="${SERVER_PORT:-22}"
+REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}"
+
+if [ -n "${SSHPASS:-}" ]; then
+    command -v sshpass >/dev/null || { echo "需要 sshpass"; exit 1; }
+    export SSHPASS
+    SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null)
+else
+    SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no)
+fi
+
+"${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" bash -se <<EOSSH
+set -e
+cd "${REMOTE_DIR}/deploy/docker"
+[ -f .env ] || { cp .env.example .env; echo "[+] 已创建 .env (基于 .env.example)"; }
+[ -f integral-resell/.env ] || { cp integral-resell/.env.template integral-resell/.env; echo "[+] 已创建 integral-resell/.env"; }
+
+echo
+echo "请在远端编辑以下文件填入真实参数："
+echo "  ${REMOTE_DIR}/deploy/docker/.env"
+echo "  ${REMOTE_DIR}/deploy/docker/integral-resell/.env"
+EOSSH
diff --git a/deploy/docker/scripts/deploy-step1.sh b/deploy/docker/scripts/deploy-step1.sh
new file mode 100755
index 0000000..8fb352a
--- /dev/null
+++ b/deploy/docker/scripts/deploy-step1.sh
@@ -0,0 +1,219 @@
+#!/usr/bin/env bash
+# =============================================================
+# 寄卖商城（integral-resell）一键部署脚本
+# 目标服务器：59.110.91.202
+# 使用方式：bash deploy/docker/scripts/deploy-step1.sh
+# =============================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
+STEP1_DIR="${PROJECT_ROOT}/deploy/docker/step1-integral-sqszx202"
+
+# ---------- 读取服务器配置 ----------
+if [ -f "$SCRIPT_DIR/server.env" ]; then
+    set -a; . "$SCRIPT_DIR/server.env"; set +a
+else
+    echo "[!] 未找到 server.env，请先创建"; exit 1
+fi
+
+SERVER_HOST="${SERVER_HOST:?}"
+SERVER_USER="${SERVER_USER:-root}"
+SERVER_PORT="${SERVER_PORT:-22}"
+REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}"
+REMOTE_STEP1="${REMOTE_DIR}/deploy/docker/step1-integral-sqszx202"
+
+REDIS_PASS="${REDIS_PASS:?请通过环境变量 REDIS_PASS 提供 Redis 密码}"
+DB_PASS="${DB_PASS:?请通过环境变量 DB_PASS 提供数据库密码}"
+SMS_KEYID="${SMS_KEYID:-LTAI5t6PReihGTE4zGJk1Sxa}"
+SMS_KEYSECRET="${SMS_KEYSECRET:-rzFeYQ21VOIwf0wAnxYcY10uPjoiJ4}"
+APP_SECRET="${APP_SECRET:-ZFyTNQTWEkCBczKzyUDJWE9Ecx260612}"
+
+# ---------- SSH / rsync 通道 ----------
+SSH_OPTS="-p $SERVER_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+if [ -n "${SSHPASS:-}" ]; then
+    command -v sshpass >/dev/null 2>&1 || { echo "需要 sshpass"; exit 1; }
+    export SSHPASS
+    SSH=(sshpass -e ssh $SSH_OPTS)
+    RSYNC_SSH="sshpass -e ssh $SSH_OPTS"
+else
+    SSH=(ssh $SSH_OPTS)
+    RSYNC_SSH="ssh $SSH_OPTS"
+fi
+RSYNC_BIN="/opt/homebrew/bin/rsync"
+[ -x "$RSYNC_BIN" ] || RSYNC_BIN="rsync"
+
+remote() { "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" "$@"; }
+
+echo ""
+echo "══════════════════════════════════════════════════════"
+echo "  寄卖商城 Docker 一键部署  →  ${SERVER_HOST}"
+echo "══════════════════════════════════════════════════════"
+
+# ─── 1. 生成本地临时 env 文件 ─────────────────────────────────
+echo ""
+echo "▶ [1/6] 生成临时 .env / houtai.env ..."
+
+TMPENV=$(mktemp -d)
+trap 'rm -rf "$TMPENV"' EXIT
+
+cat > "$TMPENV/.env" <<EOF
+TZ=Asia/Shanghai
+REDIS_PASSWORD=${REDIS_PASS}
+INTEGRAL_TITLE=宿迁盛泽鑫商贸
+INTEGRAL_API_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_IMG_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_H5_PUBLIC_URL=https://j3s4s5.com/
+INTEGRAL_SN_ID=17533260260612
+INTEGRAL_APP_STR=ZFyTNQTWEkCBczKzyUDJWE9Ecx260612
+INTEGRAL_CONTRACT_PAGE=10012
+INTEGRAL_H5_PORT=18080
+RESELL_API_PORT=18085
+RESELL_H5_DIR=/www/wwwroot/j3s4s5.com
+RESELL_HOUTAI_DIR=/www/wwwroot/admin.j3s4s5.com
+EOF
+
+cat > "$TMPENV/houtai.env" <<EOF
+DB_HOST = 'rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com'
+DB_PORT = 3306
+DB_DATABASE = 'sqszx202'
+DB_USERNAME = 'yangtangyoupin'
+DB_PASSWORD = '${DB_PASS}'
+REDIS_HOST = 'redis'
+REDIS_PORT = 6379
+REDIS_PASSWORD = '${REDIS_PASS}'
+SMS_CHANNEL = 'alibaba'
+SMS_SIGNNAME = '宿迁盛泽鑫商贸'
+SMS_TEMPLATE = 'SMS_335105539'
+SMS_KEYID = '${SMS_KEYID}'
+SMS_KEYSECRET = '${SMS_KEYSECRET}'
+SMS_SDKAPPID = ''
+FILE_STORAGE = 'public'
+OSS_ACCESS_ID = ''
+OSS_ACCESS_SECRET = ''
+OSS_BUCKET = ''
+OSS_ENDPOINT = ''
+OSS_URL = ''
+APP_SIGN = '1'
+APP_SECRET = '${APP_SECRET}'
+EOF
+
+echo "  ✓ 临时文件已生成"
+
+# ─── 2. rsync 项目文件 ────────────────────────────────────────
+echo ""
+echo "▶ [2/6] rsync 项目文件 → ${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/"
+remote "mkdir -p '${REMOTE_DIR}'"
+
+"$RSYNC_BIN" -avz --partial \
+    -e "$RSYNC_SSH" \
+    --no-owner --no-group \
+    --exclude '.git/' \
+    --exclude '.DS_Store' \
+    --exclude '**/.env' \
+    --exclude '**/houtai.env' \
+    --exclude '**/*.key' \
+    --exclude '**/*.pem' \
+    --exclude '*.log' \
+    --exclude '**/.idea/' \
+    --exclude '**/.cursor/' \
+    --exclude '**/.vscode/' \
+    --exclude '**/node_modules/' \
+    --exclude '**/target/' \
+    --exclude '**/unpackage/cache/' \
+    --exclude '**/unpackage/dist/dev/' \
+    --exclude 'integral-resell/houtai/runtime/' \
+    --exclude 'single-shop-22/backend/logs/' \
+    --exclude 'single-shop-22/backend/crmebimage/' \
+    --exclude 'MER-2.2_2601/' \
+    --exclude 'db/' \
+    --exclude 'deploy/docker/scripts/server.env' \
+    "${PROJECT_ROOT}/" "${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/"
+
+echo "  ✓ 项目文件同步完成"
+
+# ─── 3. 上传 env 文件 ─────────────────────────────────────────
+echo ""
+echo "▶ [3/6] 上传 .env 和 houtai.env ..."
+
+"$RSYNC_BIN" -avz \
+    -e "$RSYNC_SSH" \
+    "$TMPENV/.env" \
+    "${SERVER_USER}@${SERVER_HOST}:${REMOTE_STEP1}/.env"
+
+"$RSYNC_BIN" -avz \
+    -e "$RSYNC_SSH" \
+    "$TMPENV/houtai.env" \
+    "${SERVER_USER}@${SERVER_HOST}:${REMOTE_STEP1}/houtai.env"
+
+echo "  ✓ env 文件上传完成"
+
+# ─── 4. 创建宿主机挂载目录 + 同步 H5 到 wwwroot ──────────────
+echo ""
+echo "▶ [4/6] 创建宿主机目录 & 同步 H5 静态文件 ..."
+
+remote "
+set -e
+mkdir -p /www/wwwroot/j3s4s5.com
+mkdir -p /www/wwwroot/admin.j3s4s5.com/public/upload
+mkdir -p /www/wwwroot/admin.j3s4s5.com/runtime/logs
+mkdir -p /www/wwwroot/admin.j3s4s5.com/runtime/sessions
+echo '  ✓ 宿主机目录已就绪'
+
+# 同步 H5 静态文件
+rsync -a --delete \
+    '${REMOTE_DIR}/h5/' \
+    '/www/wwwroot/j3s4s5.com/'
+chmod -R a+rX /www/wwwroot/j3s4s5.com
+find /www/wwwroot/j3s4s5.com -type d -exec chmod 755 {} +
+find /www/wwwroot/j3s4s5.com -type f -exec chmod 644 {} +
+echo '  ✓ H5 静态文件已同步到 /www/wwwroot/j3s4s5.com/'
+
+# 同步 webman 应用文件（webman.bin / public / index.html）到宿主机，
+# 容器启动后直接从此目录运行，FTP 更新文件后 restart 即可生效
+rsync -a --exclude='runtime/' --exclude='.env' \
+    '${REMOTE_DIR}/houtai/' \
+    '/www/wwwroot/admin.j3s4s5.com/'
+chmod +x /www/wwwroot/admin.j3s4s5.com/webman.bin
+echo '  ✓ webman 应用文件已同步到 /www/wwwroot/admin.j3s4s5.com/'
+ls /www/wwwroot/admin.j3s4s5.com/ | head -8
+"
+
+# ─── 5. docker compose build & up ────────────────────────────
+echo ""
+echo "▶ [5/6] docker compose build --no-cache ..."
+echo "  （首次构建耗时 5-15 分钟，请耐心等待）"
+
+remote "
+set -e
+cd '${REMOTE_STEP1}'
+docker compose --env-file .env build --no-cache
+echo '  ✓ 镜像构建完成'
+"
+
+echo ""
+echo "▶ [6/6] docker compose up -d ..."
+
+remote "
+set -e
+cd '${REMOTE_STEP1}'
+docker compose --env-file .env up -d
+echo ''
+docker compose --env-file .env ps
+"
+
+# ─── 完成 ─────────────────────────────────────────────────────
+echo ""
+echo "══════════════════════════════════════════════════════"
+echo "  ✅  寄卖商城部署完成！"
+echo ""
+echo "  H5 前台:  https://j3s4s5.com/  或 http://${SERVER_HOST}:18080"
+echo "  API 端口: https://admin.j3s4s5.com/api/  或 http://${SERVER_HOST}:18085"
+echo ""
+echo "  查看日志:"
+echo "    cd ${REMOTE_STEP1} && docker compose --env-file .env logs -f"
+echo ""
+echo "  查看容器状态:"
+echo "    docker compose --env-file .env ps"
+echo "══════════════════════════════════════════════════════"
diff --git a/deploy/docker/scripts/remote-up.sh b/deploy/docker/scripts/remote-up.sh
new file mode 100755
index 0000000..53c4fb2
--- /dev/null
+++ b/deploy/docker/scripts/remote-up.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+# =============================================================
+# 远端执行 docker compose 命令
+# 用法：
+#   ./remote-up.sh up           # build + up -d
+#   ./remote-up.sh build        # 仅 build
+#   ./remote-up.sh restart svc  # 重启某服务
+#   ./remote-up.sh logs [svc]   # 跟日志
+#   ./remote-up.sh ps           # 服务状态
+#   ./remote-up.sh ssh          # 登录到远端
+# =============================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+if [ -f "$SCRIPT_DIR/server.env" ]; then
+    # shellcheck disable=SC1091
+    set -a
+    . "$SCRIPT_DIR/server.env"
+    set +a
+fi
+
+SERVER_HOST="${SERVER_HOST:?SERVER_HOST 未配置，请先 cp server.env.example server.env}"
+SERVER_USER="${SERVER_USER:-root}"
+SERVER_PORT="${SERVER_PORT:-22}"
+REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}"
+
+if [ -n "${SSHPASS:-}" ]; then
+    command -v sshpass >/dev/null 2>&1 || { echo "需要 sshpass"; exit 1; }
+    export SSHPASS
+    SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t)
+else
+    SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -t)
+fi
+
+run_remote() {
+    "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" "cd ${REMOTE_DIR}/deploy/docker && $*"
+}
+
+cmd="${1:-up}"
+shift || true
+
+case "$cmd" in
+    up)
+        # 预检：必须存在 .env
+        run_remote "test -f .env && test -f integral-resell/.env" || {
+            cat <<EOF
+[!] 远端缺少 .env 文件，请在远端执行：
+
+  ssh ${SERVER_USER}@${SERVER_HOST}
+  cd ${REMOTE_DIR}/deploy/docker
+  cp .env.example .env
+  vim .env
+  cp integral-resell/.env.template integral-resell/.env
+  vim integral-resell/.env
+
+EOF
+            exit 1
+        }
+        run_remote "docker compose build && docker compose up -d && docker compose ps"
+        ;;
+    build)
+        run_remote "docker compose build $*"
+        ;;
+    restart)
+        run_remote "docker compose restart $*"
+        ;;
+    logs)
+        run_remote "docker compose logs --tail 200 -f $*"
+        ;;
+    ps|status)
+        run_remote "docker compose ps"
+        ;;
+    down)
+        run_remote "docker compose down"
+        ;;
+    pull)
+        run_remote "docker compose pull"
+        ;;
+    ssh)
+        "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}"
+        ;;
+    exec)
+        run_remote "docker compose exec $*"
+        ;;
+    *)
+        echo "未知子命令: $cmd"
+        echo "支持: up | build | restart | logs | ps | down | pull | ssh | exec"
+        exit 2
+        ;;
+esac
diff --git a/deploy/docker/scripts/server.env.example b/deploy/docker/scripts/server.env.example
new file mode 100644
index 0000000..892ffd6
--- /dev/null
+++ b/deploy/docker/scripts/server.env.example
@@ -0,0 +1,21 @@
+# =============================================================
+# 部署目标服务器配置 — 复制为 server.env 并按实际填写
+# 不要提交到 git
+# =============================================================
+
+# 远端服务器
+# 宝塔 Docker 管理面板： https://59.110.91.202:14874/docker/conmanger
+SERVER_HOST=59.110.91.202
+SERVER_USER=root
+SERVER_PORT=22
+# 部署到服务器的目标目录
+REMOTE_DIR=/root/integral-shop
+
+# 用密码登录时填写（需要 sshpass）
+# macOS:  brew install hudochenkov/sshpass/sshpass
+# Linux:  apt-get install -y sshpass
+# 留空则走 SSH key（推荐先 ssh-copy-id root@59.110.91.202）
+SSHPASS=
+
+# 是否在 rsync 之后自动 build + up（yes / no）
+AUTO_UP=yes
diff --git a/deploy/docker/scripts/sync-to-server.sh b/deploy/docker/scripts/sync-to-server.sh
new file mode 100755
index 0000000..a75e46a
--- /dev/null
+++ b/deploy/docker/scripts/sync-to-server.sh
@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+# =============================================================
+# 通过 rsync 把整个工程同步到远端服务器
+# 用法：
+#   1. 复制 server.env.example -> server.env，填入主机/密码
+#   2. ./sync-to-server.sh         # 仅同步
+#      ./sync-to-server.sh up      # 同步后在远端 docker compose build && up -d
+#      ./sync-to-server.sh logs    # 远端 docker compose logs
+# =============================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
+
+# 读取服务器配置
+if [ -f "$SCRIPT_DIR/server.env" ]; then
+    # shellcheck disable=SC1091
+    set -a
+    . "$SCRIPT_DIR/server.env"
+    set +a
+elif [ -f "$SCRIPT_DIR/server.env.example" ]; then
+    echo "[!] 未发现 server.env，请先 cp server.env.example server.env 并修改"
+    exit 1
+fi
+
+SERVER_HOST="${SERVER_HOST:?SERVER_HOST 未配置}"
+SERVER_USER="${SERVER_USER:-root}"
+SERVER_PORT="${SERVER_PORT:-22}"
+REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}"
+
+# ---------- 选择 SSH/rsync 通道 ----------
+if [ -n "${SSHPASS:-}" ]; then
+    if ! command -v sshpass >/dev/null 2>&1; then
+        echo "[!] 检测到 SSHPASS 但未安装 sshpass"
+        echo "    macOS:  brew install hudochenkov/sshpass/sshpass"
+        echo "    Linux:  apt-get install -y sshpass"
+        exit 1
+    fi
+    export SSHPASS
+    SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null)
+    RSYNC_SSH="sshpass -e ssh -p $SERVER_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+else
+    SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o ServerAliveInterval=30)
+    RSYNC_SSH="ssh -p $SERVER_PORT -o StrictHostKeyChecking=no -o ServerAliveInterval=30"
+fi
+
+remote() {
+    "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" "$@"
+}
+
+# ---------- 1. 远端目录准备 ----------
+echo "[1/3] 准备远端目录 ${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}"
+remote "mkdir -p '${REMOTE_DIR}'"
+
+# 优先使用 homebrew rsync（macOS 内置版本 2.6.9 太旧）
+RSYNC_BIN="/opt/homebrew/bin/rsync"
+[ -x "$RSYNC_BIN" ] || RSYNC_BIN="rsync"
+
+# ---------- 2. rsync ----------
+echo "[2/3] rsync ${PROJECT_ROOT}/ -> ${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/"
+"$RSYNC_BIN" -avz --delete --partial \
+    -e "$RSYNC_SSH" \
+    --exclude '.git/' \
+    --exclude '.DS_Store' \
+    --exclude '*.log' \
+    --exclude '**/.idea/' \
+    --exclude '**/.cursor/' \
+    --exclude '**/.vscode/' \
+    --exclude '**/node_modules/' \
+    --exclude '**/target/' \
+    --exclude '**/unpackage/cache/' \
+    --exclude '**/unpackage/dist/dev/' \
+    --exclude 'integral-resell/houtai/runtime/logs/' \
+    --exclude 'integral-resell/houtai/runtime/sessions/' \
+    --exclude 'integral-resell/houtai/runtime/login/' \
+    --exclude 'integral-resell/houtai/runtime/webman.pid' \
+    --exclude 'single-shop-22/backend/logs/' \
+    --exclude 'single-shop-22/backend/crmebimage/' \
+    --exclude 'single-shop-22/backend-adminend/dist/' \
+    --exclude 'MER-2.2_2601/' \
+    --exclude 'db/mysql-recover-20260514/' \
+    --exclude 'db/yangtangyoupin.sql' \
+    --exclude 'deploy/docker/.env' \
+    --exclude 'deploy/docker/integral-resell/.env' \
+    --exclude 'deploy/docker/scripts/server.env' \
+    "${PROJECT_ROOT}/" "${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/"
+
+# ---------- 3. 远端 env 文件提示 ----------
+echo "[3/3] 检查远端环境文件"
+remote "test -f ${REMOTE_DIR}/deploy/docker/.env || echo '[!] 远端缺少 deploy/docker/.env，请按下面提示创建'"
+remote "test -f ${REMOTE_DIR}/deploy/docker/integral-resell/.env || echo '[!] 远端缺少 deploy/docker/integral-resell/.env'"
+
+echo
+echo "==============================================="
+echo "  rsync 完成"
+echo "  远端目录： ${REMOTE_DIR}"
+echo "==============================================="
+
+# ---------- 后续动作 ----------
+case "${1:-${AUTO_UP:-}}" in
+    up|yes|YES)
+        echo "[远端] 执行 docker compose build && up -d"
+        "$SCRIPT_DIR/remote-up.sh" up
+        ;;
+    build)
+        "$SCRIPT_DIR/remote-up.sh" build
+        ;;
+    logs)
+        shift || true
+        "$SCRIPT_DIR/remote-up.sh" logs "$@"
+        ;;
+    "")
+        echo "下一步:"
+        echo "  $0 up      # 同步并启动"
+        echo "  $0 build   # 仅构建"
+        echo "  $0 logs    # 查看日志"
+        ;;
+    *)
+        echo "未知参数: $1"
+        exit 2
+        ;;
+esac
diff --git a/deploy/docker/single-shop/admin-api.Dockerfile b/deploy/docker/single-shop/admin-api.Dockerfile
new file mode 100644
index 0000000..fec2d99
--- /dev/null
+++ b/deploy/docker/single-shop/admin-api.Dockerfile
@@ -0,0 +1,54 @@
+# =============================================================
+# 积分商城 管理端 API（miao-admin-2.2.jar）
+# JAR 由宿主机 bind-mount 进来（/app/app.jar），无需 Maven 编译
+# 宿主机路径：${SINGLE_ADMIN_JAR} → /app/app.jar
+# FTP 更新 JAR 后：docker compose --env-file .env restart single-admin-api
+# =============================================================
+
+FROM eclipse-temurin:17-jre-jammy
+
+ENV TZ=Asia/Shanghai \
+    LANG=C.UTF-8 LC_ALL=C.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
+# 切换阿里云 Ubuntu 镜像源（服务器访问 archive.ubuntu.com 超时）
+RUN sed -i \
+    -e 's|http://archive.ubuntu.com|https://mirrors.aliyun.com|g' \
+    -e 's|http://security.ubuntu.com|https://mirrors.aliyun.com|g' \
+    /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        tzdata ca-certificates curl \
+        fontconfig fonts-dejavu fonts-wqy-zenhei \
+    && ln -sf /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /app /config /usr/local/crmeb/crmebimage /app/log
+
+# 堆大小（可通过 compose environment 覆盖）
+ENV JAVA_HEAP_OPTS="-Xms128m -Xmx256m"
+
+# Spring Boot 2.2.6 + Java 17 必须的模块开放参数
+ENV JAVA_MODULE_OPTS="\
+  --add-opens java.base/java.lang=ALL-UNNAMED \
+  --add-opens java.base/java.lang.reflect=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  --add-opens java.base/java.io=ALL-UNNAMED \
+  --add-opens java.base/java.math=ALL-UNNAMED \
+  --add-opens java.base/sun.net.util=ALL-UNNAMED \
+  --add-opens java.base/java.net=ALL-UNNAMED"
+
+WORKDIR /app
+# /app/app.jar 由 docker-compose volumes bind-mount 进来
+EXPOSE 30032
+
+# 等价于：nohup java -Xms128m -Xmx256m -jar miao-admin-2.2.jar > admin.log &
+ENTRYPOINT ["sh","-c","exec java \
+  $JAVA_HEAP_OPTS \
+  $JAVA_MODULE_OPTS \
+  -Dfile.encoding=UTF-8 \
+  -Duser.timezone=$TZ \
+  -jar /app/app.jar \
+  --spring.profiles.active=${SPRING_PROFILES_ACTIVE:-docker} \
+  --spring.config.additional-location=file:/config/ \
+  --server.port=${SERVER_PORT:-30032}"]
diff --git a/deploy/docker/single-shop/admin-web.Dockerfile b/deploy/docker/single-shop/admin-web.Dockerfile
new file mode 100644
index 0000000..5d87723
--- /dev/null
+++ b/deploy/docker/single-shop/admin-web.Dockerfile
@@ -0,0 +1,61 @@
+# =============================================================
+# 积分商城 管理后台前端（Vue 2 SPA）
+# 纯 Nginx 运行时镜像，不含 Node 构建阶段
+# 静态文件由宿主机 bind-mount 进来（${SINGLE_ADMIN_WEB_DIR}:/usr/share/nginx/html）
+# 宿主机目录示例：/www/wwwroot/jfadmin.j3s4s5.com/
+# 更新方式：rsync 新 dist 到宿主机目录 → 无需重建镜像
+# =============================================================
+
+FROM nginx:1.25-alpine
+
+ENV TZ=Asia/Shanghai
+
+# 切换阿里云 Alpine 镜像源
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache tzdata \
+    && cp /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -f /etc/apk/cache/*.apk
+
+# Nginx 反代配置
+# /api/ 和 /adminapi/ 代理到 single-admin-api 容器
+RUN cat > /etc/nginx/conf.d/default.conf <<'NGX'
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  client_max_body_size 50m;
+  add_header X-Frame-Options SAMEORIGIN always;
+
+  location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ {
+    expires 30d;
+    add_header Cache-Control "public, max-age=2592000, immutable";
+    try_files $uri =404;
+  }
+
+  location /api/ {
+    proxy_pass         http://single-admin-api:30032/api/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location /adminapi/ {
+    proxy_pass         http://single-admin-api:30032/adminapi/;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+  }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
+NGX
+
+EXPOSE 80
diff --git a/deploy/docker/single-shop/application-docker.yml b/deploy/docker/single-shop/application-docker.yml
new file mode 100644
index 0000000..867d8ac
--- /dev/null
+++ b/deploy/docker/single-shop/application-docker.yml
@@ -0,0 +1,71 @@
+# =============================================================
+# 积分商城 Docker 部署专用 Spring profile
+# 通过 --spring.config.additional-location=file:/config/ + --spring.profiles.active=docker
+# 加载本文件，并由环境变量覆盖关键参数
+# =============================================================
+
+server:
+  port: ${SERVER_PORT:-30032}
+
+crmeb:
+  imagePath: /usr/local/crmeb/
+  domain: https://j3s4s5.com
+  captchaOn: false
+  asyncConfig: true
+  demoSite: false
+
+spring:
+  datasource:
+    name: ${MYSQL_DATABASE}
+    type: com.alibaba.druid.pool.DruidDataSource
+    driver-class-name: com.mysql.jdbc.Driver
+    url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:3306}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf8&serverTimezone=GMT%2B8&useSSL=false&allowPublicKeyRetrieval=true
+    username: ${MYSQL_USERNAME}
+    password: ${MYSQL_PASSWORD}
+    druid:
+      initial-size: 5
+      min-idle: 5
+      max-active: 50
+      max-wait: 60000
+      validation-query: SELECT 1
+      test-while-idle: true
+      test-on-borrow: false
+      test-on-return: false
+  redis:
+    host: ${REDIS_HOST:redis}
+    port: ${REDIS_PORT:6379}
+    password: ${REDIS_PASSWORD:}
+    database: ${REDIS_DATABASE:0}
+    timeout: 10000
+    jedis:
+      pool:
+        max-active: 200
+        max-wait: -1
+        max-idle: 10
+        min-idle: 0
+        time-between-eviction-runs: -1
+    second:
+      database: ${REDIS_SECOND_DATABASE:1}
+
+# 订单同步（无 MER 时填默认）
+sync:
+  source-id: ${SYNC_SOURCE_ID:}
+  target-mer-id: ${SYNC_TARGET_MER_ID:0}
+
+logging:
+  level:
+    io.swagger.*: error
+    com.zbjk.crmeb: info
+    org.springframework.boot.autoconfigure: ERROR
+  config: classpath:logback-spring.xml
+  file:
+    path: /app/log
+
+mybatis-plus:
+  configuration:
+    log-impl:
+
+swagger:
+  basic:
+    enable: false
+    check: false
diff --git a/deploy/docker/single-shop/front-api.Dockerfile b/deploy/docker/single-shop/front-api.Dockerfile
new file mode 100644
index 0000000..02f9ce4
--- /dev/null
+++ b/deploy/docker/single-shop/front-api.Dockerfile
@@ -0,0 +1,54 @@
+# =============================================================
+# 积分商城 用户端 API（miao-front-2.2.jar）
+# JAR 由宿主机 bind-mount 进来（/app/app.jar），无需 Maven 编译
+# 宿主机路径：${SINGLE_FRONT_JAR} → /app/app.jar
+# FTP 更新 JAR 后：docker compose --env-file .env restart single-front-api
+# =============================================================
+
+FROM eclipse-temurin:17-jre-jammy
+
+ENV TZ=Asia/Shanghai \
+    LANG=C.UTF-8 LC_ALL=C.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive
+
+# 切换阿里云 Ubuntu 镜像源（服务器访问 archive.ubuntu.com 超时）
+RUN sed -i \
+    -e 's|http://archive.ubuntu.com|https://mirrors.aliyun.com|g' \
+    -e 's|http://security.ubuntu.com|https://mirrors.aliyun.com|g' \
+    /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        tzdata ca-certificates curl \
+        fontconfig fonts-dejavu fonts-wqy-zenhei \
+    && ln -sf /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p /app /config /usr/local/crmeb/crmebimage /app/log
+
+# 堆大小（可通过 compose environment 覆盖）
+ENV JAVA_HEAP_OPTS="-Xms128m -Xmx256m"
+
+# Spring Boot 2.2.6 + Java 17 必须的模块开放参数
+ENV JAVA_MODULE_OPTS="\
+  --add-opens java.base/java.lang=ALL-UNNAMED \
+  --add-opens java.base/java.lang.reflect=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  --add-opens java.base/java.io=ALL-UNNAMED \
+  --add-opens java.base/java.math=ALL-UNNAMED \
+  --add-opens java.base/sun.net.util=ALL-UNNAMED \
+  --add-opens java.base/java.net=ALL-UNNAMED"
+
+WORKDIR /app
+# /app/app.jar 由 docker-compose volumes bind-mount 进来
+EXPOSE 30033
+
+# 等价于：nohup java -Xms128m -Xmx256m -jar miao-front-2.2.jar > front.log &
+ENTRYPOINT ["sh","-c","exec java \
+  $JAVA_HEAP_OPTS \
+  $JAVA_MODULE_OPTS \
+  -Dfile.encoding=UTF-8 \
+  -Duser.timezone=$TZ \
+  -jar /app/app.jar \
+  --spring.profiles.active=${SPRING_PROFILES_ACTIVE:-docker} \
+  --spring.config.additional-location=file:/config/ \
+  --server.port=${SERVER_PORT:-30033}"]
diff --git a/deploy/docker/single-shop/h5.Dockerfile b/deploy/docker/single-shop/h5.Dockerfile
new file mode 100644
index 0000000..3c1de2d
--- /dev/null
+++ b/deploy/docker/single-shop/h5.Dockerfile
@@ -0,0 +1,55 @@
+# =============================================================
+# 积分商城 用户端 H5（uni-app SPA）
+# 纯 Nginx 运行时镜像，不含 Node 构建阶段
+# 静态文件由宿主机 bind-mount 进来（${SINGLE_H5_DIR}:/usr/share/nginx/html）
+# 宿主机目录示例：/www/wwwroot/jf.j3s4s5.com/
+# 更新方式：rsync 新 dist 到宿主机目录 → 无需重建镜像
+# =============================================================
+
+FROM nginx:1.25-alpine
+
+ENV TZ=Asia/Shanghai
+
+# 切换阿里云 Alpine 镜像源
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache tzdata \
+    && cp /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && rm -f /etc/apk/cache/*.apk
+
+# Nginx 反代配置
+# API 请求代理到 single-front-api 容器（Docker 内网，不经宝塔 Nginx）
+RUN cat > /etc/nginx/conf.d/default.conf <<'NGX'
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  client_max_body_size 50m;
+  add_header X-Frame-Options SAMEORIGIN always;
+
+  location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ {
+    expires 30d;
+    add_header Cache-Control "public, max-age=2592000, immutable";
+    try_files $uri =404;
+  }
+
+  # 前台 API（单点登录/商品/订单等）
+  location /api/ {
+    proxy_pass         http://single-front-api:30033/api/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
+NGX
+
+EXPOSE 80
diff --git a/deploy/docker/single-shop/nginx-admin-web.conf b/deploy/docker/single-shop/nginx-admin-web.conf
new file mode 100644
index 0000000..dc88c9c
--- /dev/null
+++ b/deploy/docker/single-shop/nginx-admin-web.conf
@@ -0,0 +1,37 @@
+# 仅供参考： 内容已内联到 admin-web.Dockerfile
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  client_max_body_size 50m;
+  add_header X-Frame-Options SAMEORIGIN always;
+
+  location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ {
+    expires 30d;
+    add_header Cache-Control "public, max-age=2592000, immutable";
+    try_files $uri =404;
+  }
+
+  location /api/ {
+    proxy_pass         http://single-admin-api:30032/api/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location /adminapi/ {
+    proxy_pass         http://single-admin-api:30032/adminapi/;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+  }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
diff --git a/deploy/docker/single-shop/nginx-h5.conf b/deploy/docker/single-shop/nginx-h5.conf
new file mode 100644
index 0000000..e15e944
--- /dev/null
+++ b/deploy/docker/single-shop/nginx-h5.conf
@@ -0,0 +1,30 @@
+# 仅供参考： 内容已内联到 h5.Dockerfile
+server {
+  listen 80;
+  server_name _;
+  root /usr/share/nginx/html;
+  index index.html;
+  client_max_body_size 50m;
+  add_header X-Frame-Options SAMEORIGIN always;
+
+  location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ {
+    expires 30d;
+    add_header Cache-Control "public, max-age=2592000, immutable";
+    try_files $uri =404;
+  }
+
+  location /api/ {
+    proxy_pass         http://single-front-api:30033/api/;
+    proxy_http_version 1.1;
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_read_timeout 120s;
+    client_max_body_size 50m;
+  }
+
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+}
diff --git a/deploy/docker/ssl-cert/.gitignore b/deploy/docker/ssl-cert/.gitignore
new file mode 100644
index 0000000..f746035
--- /dev/null
+++ b/deploy/docker/ssl-cert/.gitignore
@@ -0,0 +1,7 @@
+# 忽略证书文件，不入库
+*.pem
+*.key
+*.crt
+*.cer
+*.p12
+*.pfx
diff --git a/deploy/docker/step1-integral-sqszx202/.env.example b/deploy/docker/step1-integral-sqszx202/.env.example
new file mode 100644
index 0000000..abd238b
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/.env.example
@@ -0,0 +1,31 @@
+# =============================================================
+# 步骤一：寄卖商城环境变量 — 宿迁盛泽鑫商贸 sqszx202
+# cp .env.example .env  并填入真实密码
+# .env 不入库
+# =============================================================
+
+TZ=Asia/Shanghai
+
+# ---------- Redis（容器内） ----------
+REDIS_PASSWORD=change-me-redis
+
+# ---------- H5 对外域名（浏览器可达） ----------
+INTEGRAL_TITLE=宿迁盛泽鑫商贸
+INTEGRAL_API_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_IMG_PUBLIC_URL=https://admin.j3s4s5.com
+INTEGRAL_H5_PUBLIC_URL=https://j3s4s5.com/
+INTEGRAL_SN_ID=17533260260612
+INTEGRAL_APP_STR=ZFyTNQTWEkCBczKzyUDJWE9Ecx260612
+INTEGRAL_CONTRACT_PAGE=10012
+
+# ---------- 宿主机暴露端口 ----------
+INTEGRAL_H5_PORT=18080
+# webman API 直连端口（宝塔 Nginx admin.j3s4s5.com → 此端口）
+RESELL_API_PORT=18085
+
+# ---------- 宿主机目录映射（bind mount，与原部署路径一致）----------
+# 寄卖商城 H5 静态文件目录（手动改 JS/configs.js 直接生效，无需重建镜像）
+RESELL_H5_DIR=/www/wwwroot/j3s4s5.com
+# webman 后台完整应用目录（FTP 上传新 webman.bin/public/ 后 restart 容器即可更新）
+# 上传图片、public/upload 等均包含在此目录内，无需单独挂载
+RESELL_HOUTAI_DIR=/www/wwwroot/admin.j3s4s5.com
diff --git a/deploy/docker/step1-integral-sqszx202/.gitignore b/deploy/docker/step1-integral-sqszx202/.gitignore
new file mode 100644
index 0000000..4621727
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/.gitignore
@@ -0,0 +1,2 @@
+.env
+houtai.env
diff --git a/deploy/docker/step1-integral-sqszx202/README.md b/deploy/docker/step1-integral-sqszx202/README.md
new file mode 100644
index 0000000..2c66b93
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/README.md
@@ -0,0 +1,105 @@
+# 步骤一：寄卖商城 Docker 部署（宿迁盛泽鑫商贸 sqszx202）
+
+项目：`integral-resell`（寄卖商城）
+服务：`redis` · `integral-houtai`（Webman PHP 8.0）· `integral-h5`（Nginx 静态站）· `edge-nginx`（Docker HTTPS 入口）
+
+步骤二（积分商城）与本步骤完全独立，可以单独部署、单独重启。
+
+> 这套目录结构与 `deploy/docker/step1-integral` 保持一致，按 `czleilei240` 已验证方案复制而来。
+> 当前默认域名假设为：
+> - 寄卖商城 H5：`j3s4s5.com`
+> - 寄卖商城后台/API：`admin.j3s4s5.com`
+> - 积分商城 H5：`jf.j3s4s5.com`
+> - 积分商城管理后台：`jfadmin.j3s4s5.com`
+>
+> 以上四个域名统一使用 `deploy/docker/ssl-cert/j3s4s5.com_cert/nginx/` 下的泛域名证书。
+
+---
+
+## 快速部署
+
+```bash
+cd deploy/docker/step1-integral-sqszx202
+
+# 1. 准备环境变量
+cp .env.example .env
+cp houtai.env.example houtai.env
+vim .env
+vim houtai.env
+
+# 2. 首次部署：在服务器上确保宿主机目录存在
+mkdir -p /www/wwwroot/j3s4s5.com
+mkdir -p /www/wwwroot/admin.j3s4s5.com/public/upload
+
+# 3. 将 H5 静态文件同步到宿主机目录（首次 / 每次前端更新后）
+rsync -av h5/ /www/wwwroot/j3s4s5.com/
+chmod -R a+rX /www/wwwroot/j3s4s5.com
+
+# 4. 构建并启动，edge-nginx 会在宿主机监听 80/443
+docker compose --env-file .env up -d --build
+
+# 5. 查看状态
+docker compose --env-file .env ps
+docker compose --env-file .env logs -f integral-houtai
+```
+
+---
+
+## 目录映射
+
+| 宿主机路径 | 容器路径 | 用途 |
+|---|---|---|
+| `/www/wwwroot/j3s4s5.com` | `/usr/share/nginx/html` | H5 静态文件，手动改 JS 即时生效 |
+| `/www/wwwroot/admin.j3s4s5.com` | `/app` | webman 后台完整应用目录 |
+| `./houtai.env` | `/app/.env` | 运行时配置，只读挂入 |
+| `../ssl-cert/j3s4s5.com_cert/nginx` | `/etc/nginx/ssl/j3s4s5.com_cert` | `j3s4s5.com`、`admin.j3s4s5.com`、`jf.j3s4s5.com`、`jfadmin.j3s4s5.com` 共用 SSL 证书 |
+| `integral-runtime`（named vol）| `/app/runtime` | webman PID、session 等运行时数据 |
+
+| 域名 | 用途 | Docker 容器端口 | 宿主机端口 | Docker 入口 |
+|---|---|---|---|---|
+| `j3s4s5.com` | 寄卖商城 H5 | integral-h5:80 | **80/443**，直连测试 **18080** | `edge-nginx` |
+| `admin.j3s4s5.com` | 寄卖商城 API / 后台 | integral-houtai:**8785** | **80/443**，直连测试 **18085** | `edge-nginx` |
+
+---
+
+## 验证
+
+| 地址 | 预期 |
+|------|------|
+| `https://j3s4s5.com/` | 寄卖商城 H5 首页 |
+| `https://admin.j3s4s5.com/api/...` | 寄卖商城 API |
+| `http://59.110.91.202:18080/` | H5 直连测试 |
+| `ss -lntp \| grep -E ':(80\|443)'` | 看到 Docker Nginx 监听宿主机 80/443 |
+
+---
+
+## 常用命令
+
+```bash
+docker compose --env-file .env restart integral-houtai
+docker compose --env-file .env restart edge-nginx
+docker compose --env-file .env logs -f integral-houtai
+docker compose --env-file .env logs -f edge-nginx
+docker compose --env-file .env exec integral-houtai bash
+docker compose --env-file .env down
+docker compose --env-file .env down -v
+```
+
+---
+
+## 关键一致性检查
+
+| 位置 | 值 |
+|---|---|
+| `.env` INTEGRAL_API_PUBLIC_URL | `https://admin.j3s4s5.com` |
+| `.env` INTEGRAL_H5_PUBLIC_URL | `https://j3s4s5.com/` |
+| `.env` INTEGRAL_APP_STR | `ZFyTNQTWEkCBczKzyUDJWE9Ecx260612` |
+| `houtai.env` APP_SECRET | 同上 |
+| `.env` INTEGRAL_SN_ID | `17533260260612` |
+
+---
+
+## 待确认项
+
+- 短信当前使用阿里云签名 `宿迁盛泽鑫商贸`、模板 `SMS_335105539`，如更换短信账号需同步更新 `houtai.env`
+- 如果寄卖后台域名不是 `admin.j3s4s5.com`，请统一替换 `.env.example`、README 和入口 Nginx 配置
diff --git a/deploy/docker/step1-integral-sqszx202/docker-compose.yml b/deploy/docker/step1-integral-sqszx202/docker-compose.yml
new file mode 100644
index 0000000..1303bbc
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/docker-compose.yml
@@ -0,0 +1,102 @@
+# =============================================================
+# 步骤一：寄卖商城（integral-resell）独立部署
+# 客户：宿迁盛泽鑫商贸 sqszx202
+# 包含服务：redis · integral-houtai(webman) · integral-h5(Nginx) · edge-nginx(HTTPS入口)
+# =============================================================
+
+name: resell-sqszx202
+
+x-common: &common
+  restart: unless-stopped
+  environment:
+    TZ: ${TZ:-Asia/Shanghai}
+  logging:
+    driver: json-file
+    options:
+      max-size: "20m"
+      max-file: "5"
+
+networks:
+  integral-net:
+    driver: bridge
+
+volumes:
+  integral-redis-data:
+  integral-runtime:
+
+services:
+  redis:
+    <<: *common
+    build:
+      context: .
+      dockerfile: redis.Dockerfile
+    image: resell-sqszx202/redis:local
+    container_name: integral-redis-sqszx202
+    command: ["--requirepass", "${REDIS_PASSWORD}", "--appendonly", "yes"]
+    volumes:
+      - integral-redis-data:/data
+    networks: [integral-net]
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+
+  integral-houtai:
+    <<: *common
+    build:
+      context: ../integral-resell
+      dockerfile: houtai.Dockerfile
+    image: resell-sqszx202/houtai:latest
+    container_name: integral-houtai-sqszx202
+    networks: [integral-net]
+    ports:
+      - "${RESELL_API_PORT:-18085}:8785"
+    volumes:
+      - ${RESELL_HOUTAI_DIR}:/app
+      - ./houtai.env:/app/.env:ro
+      - integral-runtime:/app/runtime
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  integral-h5:
+    <<: *common
+    build:
+      context: ../integral-resell
+      dockerfile: h5.Dockerfile
+    image: resell-sqszx202/h5:latest
+    container_name: integral-h5-sqszx202
+    networks: [integral-net]
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      INTEGRAL_TITLE: ${INTEGRAL_TITLE}
+      INTEGRAL_API_PUBLIC_URL: ${INTEGRAL_API_PUBLIC_URL}
+      INTEGRAL_IMG_PUBLIC_URL: ${INTEGRAL_IMG_PUBLIC_URL}
+      INTEGRAL_H5_PUBLIC_URL: ${INTEGRAL_H5_PUBLIC_URL}
+      INTEGRAL_SN_ID: ${INTEGRAL_SN_ID}
+      INTEGRAL_APP_STR: ${INTEGRAL_APP_STR}
+      INTEGRAL_CONTRACT_PAGE: ${INTEGRAL_CONTRACT_PAGE}
+    volumes:
+      - ${RESELL_H5_DIR}:/usr/share/nginx/html
+    ports:
+      - "${INTEGRAL_H5_PORT:-18080}:80"
+    depends_on:
+      - integral-houtai
+
+  edge-nginx:
+    <<: *common
+    image: nginx:1.25-alpine
+    container_name: edge-nginx-sqszx202
+    networks: [integral-net]
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx-edge.conf:/etc/nginx/conf.d/default.conf:ro
+      - ../ssl-cert/j3s4s5.com_cert/nginx:/etc/nginx/ssl/j3s4s5.com_cert:ro
+    depends_on:
+      - integral-h5
+      - integral-houtai
diff --git a/deploy/docker/step1-integral-sqszx202/houtai.env.example b/deploy/docker/step1-integral-sqszx202/houtai.env.example
new file mode 100644
index 0000000..dc7434f
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/houtai.env.example
@@ -0,0 +1,37 @@
+# =============================================================
+# Webman 后端运行时配置 — 宿迁盛泽鑫商贸 sqszx202（寄卖商城）
+# cp houtai.env.example houtai.env  并填入真实密码
+# houtai.env 不入库，由 docker-compose volumes: 挂入 /app/.env
+# =============================================================
+
+# MySQL（阿里云 RDS）
+DB_HOST = 'rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com'
+DB_PORT = 3306
+DB_DATABASE = 'sqszx202'
+DB_USERNAME = 'yangtangyoupin'
+DB_PASSWORD = 'change-me'
+
+# Redis（指向同 compose 内的 redis 容器）
+REDIS_HOST = 'redis'
+REDIS_PORT = 6379
+REDIS_PASSWORD = 'change-me-redis'
+
+# 短信（需按该项目实际通道填写）
+SMS_CHANNEL = 'alibaba'
+SMS_SIGNNAME = '宿迁盛泽鑫商贸'
+SMS_TEMPLATE = 'SMS_335105539'
+SMS_KEYID = 'LTAI5t6PReihGTE4zGJk1Sxa'
+SMS_KEYSECRET = 'rzFeYQ21VOIwf0wAnxYcY10uPjoiJ4'
+SMS_SDKAPPID = ''
+
+# OSS（不启用则走本地 public/upload）
+FILE_STORAGE = 'public'
+OSS_ACCESS_ID = ''
+OSS_ACCESS_SECRET = ''
+OSS_BUCKET = ''
+OSS_ENDPOINT = ''
+OSS_URL = ''
+
+# 业务标识（须与 H5 configs.js 的 sn_id / appStr 以及积分商城 admin 后台一致）
+APP_SIGN = '1'
+APP_SECRET = 'ZFyTNQTWEkCBczKzyUDJWE9Ecx260612'
diff --git a/deploy/docker/step1-integral-sqszx202/nginx-edge.conf b/deploy/docker/step1-integral-sqszx202/nginx-edge.conf
new file mode 100644
index 0000000..21009e7
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/nginx-edge.conf
@@ -0,0 +1,102 @@
+server {
+    listen 80;
+    server_name j3s4s5.com admin.j3s4s5.com jf.j3s4s5.com jfadmin.j3s4s5.com;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name jf.j3s4s5.com;
+
+    ssl_certificate     /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.pem;
+    ssl_certificate_key /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    client_max_body_size 50m;
+
+    location / {
+        proxy_pass http://host.docker.internal:18082;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name jfadmin.j3s4s5.com;
+
+    ssl_certificate     /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.pem;
+    ssl_certificate_key /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    client_max_body_size 50m;
+
+    location / {
+        proxy_pass http://host.docker.internal:18081;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name j3s4s5.com;
+
+    ssl_certificate     /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.pem;
+    ssl_certificate_key /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    client_max_body_size 50m;
+
+    location / {
+        proxy_pass http://integral-h5:80;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name admin.j3s4s5.com;
+
+    ssl_certificate     /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.pem;
+    ssl_certificate_key /etc/nginx/ssl/j3s4s5.com_cert/j3s4s5.com.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    client_max_body_size 50m;
+
+    location / {
+        proxy_pass http://integral-houtai:8785;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
diff --git a/deploy/docker/step1-integral-sqszx202/redis.Dockerfile b/deploy/docker/step1-integral-sqszx202/redis.Dockerfile
new file mode 100644
index 0000000..58e1edd
--- /dev/null
+++ b/deploy/docker/step1-integral-sqszx202/redis.Dockerfile
@@ -0,0 +1,13 @@
+# 使用 Alpine 通过 apk 安装 Redis，绕过镜像源问题
+FROM alpine:3.19
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache redis tzdata \
+    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone
+
+VOLUME /data
+WORKDIR /data
+EXPOSE 6379
+
+ENTRYPOINT ["redis-server"]
diff --git a/deploy/docker/step2-single-shop-sqszx202/.env.example b/deploy/docker/step2-single-shop-sqszx202/.env.example
new file mode 100644
index 0000000..10d49a6
--- /dev/null
+++ b/deploy/docker/step2-single-shop-sqszx202/.env.example
@@ -0,0 +1,41 @@
+# =============================================================
+# 步骤二：积分商城环境变量 — 宿迁盛泽鑫商贸 sqszx202
+# 使用方法：cp .env.example .env  然后填入真实密码
+# .env 不入库（已加入 .gitignore）
+# =============================================================
+
+TZ=Asia/Shanghai
+
+# ---------- Redis（容器内，与步骤一独立） ----------
+REDIS_PASSWORD=change-me-redis
+
+# ---------- 阿里云 RDS ----------
+RDS_HOST=rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com
+RDS_DB=sqszx202
+RDS_USER=yangtangyoupin
+RDS_PASSWORD=change-me
+
+# ---------- 订单同步（多商户 source / target） ----------
+SYNC_SOURCE_ID=
+SYNC_TARGET_MER_ID=0
+
+# ---------- Java JAR 宿主机路径（FTP 更新后 restart 容器即可） ----------
+SINGLE_FRONT_JAR=/www/wwwroot/javaapi/miao-front-2.2.jar
+SINGLE_ADMIN_JAR=/www/wwwroot/javaapi/miao-admin-2.2.jar
+
+# ---------- Java 日志目录（bind-mount 到宿主机，直接 tail -f 查看） ----------
+SINGLE_FRONT_LOG_DIR=/www/wwwroot/javaapi/logs/front
+SINGLE_ADMIN_LOG_DIR=/www/wwwroot/javaapi/logs/admin
+
+# ---------- 图片/PDF 目录（与步骤一 H5 Nginx 共享宿主机路径） ----------
+CRMEB_IMAGE_DIR=/www/wwwroot/j3s4s5.com
+
+# ---------- 前端静态目录（bind-mount，rsync 更新后立即生效） ----------
+# 积分商城 H5（uni-app SPA），对应域名 jf.j3s4s5.com
+SINGLE_H5_DIR=/www/wwwroot/jf.j3s4s5.com
+# 积分商城管理后台（Vue SPA），对应域名 jfadmin.j3s4s5.com
+SINGLE_ADMIN_WEB_DIR=/www/wwwroot/jfadmin.j3s4s5.com
+
+# ---------- 宿主机暴露端口（供宝塔 Nginx 反代） ----------
+SINGLE_ADMIN_PORT=18081
+SINGLE_H5_PORT=18082
diff --git a/deploy/docker/step2-single-shop-sqszx202/.gitignore b/deploy/docker/step2-single-shop-sqszx202/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/deploy/docker/step2-single-shop-sqszx202/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/deploy/docker/step2-single-shop-sqszx202/README.md b/deploy/docker/step2-single-shop-sqszx202/README.md
new file mode 100644
index 0000000..4ef8eaa
--- /dev/null
+++ b/deploy/docker/step2-single-shop-sqszx202/README.md
@@ -0,0 +1,123 @@
+# 步骤二：积分商城 Docker 部署（宿迁盛泽鑫商贸 sqszx202）
+
+项目：`single-shop-22`（积分商城）
+服务：`redis` · `single-front-api`（Spring Boot）· `single-admin-api`（Spring Boot）
+`single-admin-web`（Vue 管理后台）· `single-h5`（uni-app H5）
+
+步骤一（寄卖商城）与本步骤完全独立，可以单独部署、单独重启。
+
+> 这套方案参考 `deploy/docker/step2-single-shop`，按 `czleilei240` 已验证结构复制。
+> 当前默认域名假设为：
+> - 积分商城 H5：`jf.j3s4s5.com`
+> - 积分商城管理后台：`jfadmin.j3s4s5.com`
+
+---
+
+## 部署前提：宿主机文件准备
+
+### 1. Java JAR（Spring Boot API）
+
+```bash
+mkdir -p /www/wwwroot/javaapi/logs/front
+mkdir -p /www/wwwroot/javaapi/logs/admin
+
+scp single-shop-22/backend/crmeb-front/target/miao-front-2.2.jar  root@59.110.91.202:/www/wwwroot/javaapi/
+scp single-shop-22/backend/crmeb-admin/target/miao-admin-2.2.jar  root@59.110.91.202:/www/wwwroot/javaapi/
+```
+
+### 2. 前端静态文件
+
+```bash
+mkdir -p /www/wwwroot/jf.j3s4s5.com
+rsync -a --delete single-shop-22/single_uniapp22miao/unpackage/dist/build/web/ \
+    root@59.110.91.202:/www/wwwroot/jf.j3s4s5.com/
+chmod -R 755 /www/wwwroot/jf.j3s4s5.com/
+
+mkdir -p /www/wwwroot/jfadmin.j3s4s5.com
+rsync -a --delete single-shop-22/backend-adminend/dist/ \
+    root@59.110.91.202:/www/wwwroot/jfadmin.j3s4s5.com/
+chmod -R 755 /www/wwwroot/jfadmin.j3s4s5.com/
+```
+
+### 3. 图片/PDF 目录
+
+```bash
+mkdir -p /www/wwwroot/j3s4s5.com
+```
+
+---
+
+## 快速部署
+
+```bash
+cd deploy/docker/step2-single-shop-sqszx202
+
+cp .env.example .env
+vim .env
+
+docker compose --env-file .env build
+docker compose --env-file .env up -d
+
+docker compose --env-file .env ps
+docker compose --env-file .env logs -f single-front-api
+docker compose --env-file .env logs -f single-admin-api
+```
+
+---
+
+## 域名与端口
+
+| 域名 | 用途 | 宿主机端口 |
+|---|---|---|
+| `jf.j3s4s5.com` | 积分商城 H5（uni-app） | **18082** |
+| `jfadmin.j3s4s5.com` | 积分商城管理后台（Vue） | **18081** |
+
+> Spring Boot API 端口（30032 / 30033）仅容器内监听，不对外暴露。
+> 宝塔 Nginx 通过域名反代到 `127.0.0.1:18081 / 18082`，再由容器内 Nginx 转发到 API。
+> 图片/PDF 实际落盘路径为宿主机 `/www/wwwroot/j3s4s5.com/crmebimage/public/...`。
+
+---
+
+## 验证
+
+| 地址 | 预期 |
+|------|------|
+| `https://jf.j3s4s5.com/` | 积分商城 H5 |
+| `https://jfadmin.j3s4s5.com/` | 积分商城管理后台 |
+| `http://59.110.91.202:18082/` | H5 直连测试 |
+| `http://59.110.91.202:18081/` | 管理后台直连测试 |
+
+---
+
+## bind-mount 目录总览
+
+| 宿主机路径 | 挂入容器路径 | 说明 |
+|---|---|---|
+| `/www/wwwroot/javaapi/miao-front-2.2.jar` | `/app/app.jar` | 用户端 API JAR |
+| `/www/wwwroot/javaapi/miao-admin-2.2.jar` | `/app/app.jar` | 管理端 API JAR |
+| `/www/wwwroot/javaapi/logs/front/` | `/app/log` | 用户端 API 日志 |
+| `/www/wwwroot/javaapi/logs/admin/` | `/app/log` | 管理端 API 日志 |
+| `/www/wwwroot/j3s4s5.com/` | `/usr/local/crmeb/` | 图片/PDF 写入目录 |
+| `/www/wwwroot/jf.j3s4s5.com/` | `/usr/share/nginx/html` | H5 静态文件 |
+| `/www/wwwroot/jfadmin.j3s4s5.com/` | `/usr/share/nginx/html` | 管理后台静态文件 |
+| `../single-shop/application-docker.yml` | `/config/application-docker.yml` | Spring Boot 配置 |
+
+---
+
+## sqszx202 关键配置对照
+
+| 配置项 | 值 |
+|---|---|
+| RDS Host | `rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com` |
+| DB / User | `sqszx202` / `yangtangyoupin` |
+| imagePath 宿主机目录 | `/www/wwwroot/j3s4s5.com/` |
+| SYNC_SOURCE_ID | `` |
+| SYNC_TARGET_MER_ID | `0` |
+| Spring profile | `docker`（通过 `application-docker.yml` 注入） |
+
+---
+
+## 待确认项
+
+- 如果积分管理后台域名不是 `jfadmin.j3s4s5.com`，需要同步替换 `.env.example`、README 和宝塔 Nginx 配置
+- Redis 仍按 Docker 内置实例方案生成；若你想接外部 Redis，可以再帮你补一版外部 Redis 配置
diff --git a/deploy/docker/step2-single-shop-sqszx202/docker-compose.yml b/deploy/docker/step2-single-shop-sqszx202/docker-compose.yml
new file mode 100644
index 0000000..b9f4268
--- /dev/null
+++ b/deploy/docker/step2-single-shop-sqszx202/docker-compose.yml
@@ -0,0 +1,161 @@
+# =============================================================
+# 步骤二：积分商城（single-shop-22）独立部署
+# 客户：宿迁盛泽鑫商贸 sqszx202
+# 包含服务：redis · single-admin-api · single-front-api
+#           single-admin-web(Vue) · single-h5(uni-app)
+# =============================================================
+
+name: jifenmall-sqszx202
+
+x-common: &common
+  restart: unless-stopped
+  environment:
+    TZ: ${TZ:-Asia/Shanghai}
+  logging:
+    driver: json-file
+    options:
+      max-size: "20m"
+      max-file: "5"
+
+x-spring-common: &spring-common
+  <<: *common
+  environment:
+    TZ: ${TZ:-Asia/Shanghai}
+    MYSQL_HOST: ${RDS_HOST}
+    MYSQL_DATABASE: ${RDS_DB}
+    MYSQL_USERNAME: ${RDS_USER}
+    MYSQL_PASSWORD: ${RDS_PASSWORD}
+    REDIS_HOST: redis
+    REDIS_PORT: 6379
+    REDIS_PASSWORD: ${REDIS_PASSWORD}
+    SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-}
+    SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-0}
+
+networks:
+  single-net:
+    driver: bridge
+
+volumes:
+  single-redis-data:
+
+services:
+  redis:
+    <<: *common
+    build:
+      context: .
+      dockerfile: redis.Dockerfile
+    image: jifenmall-sqszx202/redis:local
+    container_name: single-redis-sqszx202
+    command: ["--requirepass", "${REDIS_PASSWORD}", "--appendonly", "yes"]
+    volumes:
+      - single-redis-data:/data
+    networks: [single-net]
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+
+  single-front-api:
+    <<: *spring-common
+    build:
+      context: .
+      dockerfile: ../single-shop/front-api.Dockerfile
+    image: jifenmall-sqszx202/front-api:local
+    container_name: single-front-api-sqszx202
+    networks: [single-net]
+    ports:
+      - "127.0.0.1:30033:30033"
+    volumes:
+      - ${SINGLE_FRONT_JAR}:/app/app.jar:ro
+      - ${CRMEB_IMAGE_DIR}:/usr/local/crmeb
+      - ${SINGLE_FRONT_LOG_DIR}:/app/log
+      - ../single-shop/application-docker.yml:/config/application-docker.yml:ro
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      MYSQL_HOST: ${RDS_HOST}
+      MYSQL_DATABASE: ${RDS_DB}
+      MYSQL_USERNAME: ${RDS_USER}
+      MYSQL_PASSWORD: ${RDS_PASSWORD}
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+      SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-}
+      SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-0}
+      SERVER_PORT: 30033
+    depends_on:
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:30033/actuator/health || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 90s
+
+  single-admin-api:
+    <<: *spring-common
+    build:
+      context: .
+      dockerfile: ../single-shop/admin-api.Dockerfile
+    image: jifenmall-sqszx202/admin-api:local
+    container_name: single-admin-api-sqszx202
+    networks: [single-net]
+    ports:
+      - "127.0.0.1:30032:30032"
+    volumes:
+      - ${SINGLE_ADMIN_JAR}:/app/app.jar:ro
+      - ${CRMEB_IMAGE_DIR}:/usr/local/crmeb
+      - ${SINGLE_ADMIN_LOG_DIR}:/app/log
+      - ../single-shop/application-docker.yml:/config/application-docker.yml:ro
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      MYSQL_HOST: ${RDS_HOST}
+      MYSQL_DATABASE: ${RDS_DB}
+      MYSQL_USERNAME: ${RDS_USER}
+      MYSQL_PASSWORD: ${RDS_PASSWORD}
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+      SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-}
+      SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-0}
+      SERVER_PORT: 30032
+    depends_on:
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:30032/actuator/health || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 90s
+
+  single-admin-web:
+    <<: *common
+    build:
+      context: .
+      dockerfile: ../single-shop/admin-web.Dockerfile
+    image: jifenmall-sqszx202/admin-web:local
+    container_name: single-admin-web-sqszx202
+    networks: [single-net]
+    ports:
+      - "${SINGLE_ADMIN_PORT:-18081}:80"
+    volumes:
+      - ${SINGLE_ADMIN_WEB_DIR}:/usr/share/nginx/html
+    depends_on:
+      - single-admin-api
+
+  single-h5:
+    <<: *common
+    build:
+      context: .
+      dockerfile: ../single-shop/h5.Dockerfile
+    image: jifenmall-sqszx202/h5:local
+    container_name: single-h5-sqszx202
+    networks: [single-net]
+    ports:
+      - "${SINGLE_H5_PORT:-18082}:80"
+    volumes:
+      - ${SINGLE_H5_DIR}:/usr/share/nginx/html
+    depends_on:
+      - single-front-api
diff --git a/deploy/docker/step2-single-shop-sqszx202/redis.Dockerfile b/deploy/docker/step2-single-shop-sqszx202/redis.Dockerfile
new file mode 100644
index 0000000..d18299a
--- /dev/null
+++ b/deploy/docker/step2-single-shop-sqszx202/redis.Dockerfile
@@ -0,0 +1,18 @@
+# =============================================================
+# Redis（Alpine + apk 安装，绕过 Docker Hub 镜像拉取问题）
+# 与 step1 方案一致：不依赖 docker.io，只需 registry-1.docker.io 拉 alpine:3.19
+# =============================================================
+
+FROM alpine:3.19
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk add --no-cache redis tzdata \
+    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone \
+    && rm -f /etc/apk/cache/*.apk
+
+VOLUME /data
+WORKDIR /data
+EXPOSE 6379
+
+ENTRYPOINT ["redis-server"]
diff --git a/docs/resell-change-sqszx202.md b/docs/resell-change-sqszx202.md
new file mode 100755
index 0000000..1ec5b88
--- /dev/null
+++ b/docs/resell-change-sqszx202.md
@@ -0,0 +1,55 @@
+
+# 新公司（宿迁盛泽鑫商贸）项目的h5端（目录：h5） 修改任务
+
+Ecs ip： 59.110.91.202
+
+## **修改任务**
+
+- 新建分支：sqszx202，合并byhlc112分支的最新代码到该分支，并根据上述信息修改相关需要变更项，使符合该新公司项目环境
+
+## 配置项修改
+
+1.新项目公司名称，eg：盛泽鑫商贸，
+2.使用"盛泽鑫商贸"的**HTML十进制实体**编码，修改wa_options表中name=system_config中的value值里的title信息，
+3.相关配置项：
+  A. **寄卖商城API地址**：https://admin.j3s4s5.com/api
+  B. **寄卖商城后台地址**：https://admin.j3s4s5.com
+  C. **寄卖商城H5地址**：https://j3s4s5.com/
+  D. **云服务器寄卖商城H5目录**：/www/wwwroot/j3s4s5.com
+  E. **云服务器寄卖商城后台目录**：/www/wwwroot/admin.j3s4s5.com
+
+  F. **积分商城地址**：https://jf.j3s4s5.com
+  G. **云服务器积分商城目录**：/www/wwwroot/jf.j3s4s5.com
+
+4. 短信服务
+   SMS_SIGNNAME = '宿迁盛泽鑫商贸'
+   SMS_TEMPLATE = 'SMS_335105539'
+   SMS_KEYID = 'LTAI5t6PReihGTE4zGJk1Sxa'
+   SMS_KEYSECRET = 'rzFeYQ21VOIwf0wAnxYcY10uPjoiJ4'
+
+5. **webman.bin相关**
+   sn_id: 17533260260612
+   APP_SECRET: ZFyTNQTWEkCBczKzyUDJWE9Ecx260612
+
+
+### **寄卖商城H5**中需要修改的文件
+
+   A.修改h5/static/configs.js中如下内容
+    TITLE: '宿迁盛泽鑫商贸',
+    BASE_URL: 'https://admin.j3s4s5.com/api',
+    IMG_URL: 'https://admin.j3s4s5.com',
+    H5_URL: 'https://j3s4s5.com',
+    **sn_id**、**appStr**必须修改为webman.bin相关中的值
+
+   B. 修改h5/static/js/pages-personal-index.6f5415f9.js
+      第270行：https://jf.j3s4s5.com/pages/integral/points?username=
+
+   C. 修改h5/static/js/pages-sub-pages-webview-index.1042489b.js
+      第15行：https://jf.j3s4s5.com/?sn_id
+      第43行：https://jf.j3s4s5.com/?user_id=
+
+### **寄卖商城后端**项目中需要修改的文件
+
+- 修改houtai/.env环境变量配置文件中的短信信息、APP_SECRET。
+- mysql数据库使用阿里云rds：rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com
+- rds中项目数据库名：sqszx202
diff --git a/h5/static/configs.js b/h5/static/configs.js
index cfbc9df..2f9f7dc 100755
--- a/h5/static/configs.js
+++ b/h5/static/configs.js
@@ -1,12 +1,12 @@
 "use strict"
 const configs = {
-	TITLE: '宝应宏煜春商贸',
-	BASE_URL: 'https://admin.h5y2c.com/api',
-	IMG_URL: 'https://admin.h5y2c.com',
-	H5_URL: 'https://h5y2c.com/',
+	TITLE: '宿迁盛泽鑫商贸',
+	BASE_URL: 'https://admin.j3s4s5.com/api',
+	IMG_URL: 'https://admin.j3s4s5.com',
+	H5_URL: 'https://j3s4s5.com/',
 	contractPage: 10012,
 	// 须与积分商城 wa_options 及寄卖后台 APP_SECRET 一致；上线前从后台核对后填入，勿沿用他司示例值。
-	sn_id: 17533260260529,
-	appStr: 'ZFyTNQTWEkCBczKzyUDJWE9Ecx260529',
+	sn_id: 17533260260612,
+	appStr: 'ZFyTNQTWEkCBczKzyUDJWE9Ecx260612',
 	// appKey: ,
 }
diff --git a/h5/static/js/pages-personal-index.6f5415f9.js b/h5/static/js/pages-personal-index.6f5415f9.js
index a18b6fb..de61579 100755
--- a/h5/static/js/pages-personal-index.6f5415f9.js
+++ b/h5/static/js/pages-personal-index.6f5415f9.js
@@ -267,7 +267,7 @@
 								// http://jf.suzhouyuqi.com/pages/integral/points?username=
 								arguments[0] = e = t.$handleEvent(e),
 									window.location.href =
-									"https://jf.h5y2c.com/pages/integral/points?username=" +
+									"https://jf.j3s4s5.com/pages/integral/points?username=" +
 									t.userInfo.mobile + "#/pages/integral/points"
 							}
 						}
@@ -926,4 +926,4 @@
 			A.a
 		}
 	}
-]);
\ No newline at end of file
+]);
diff --git a/h5/static/js/pages-sub-pages-webview-index.1042489b.js b/h5/static/js/pages-sub-pages-webview-index.1042489b.js
index 377ac69..c25b74e 100755
--- a/h5/static/js/pages-sub-pages-webview-index.1042489b.js
+++ b/h5/static/js/pages-sub-pages-webview-index.1042489b.js
@@ -12,7 +12,7 @@
 				o = {
 					data: function() {
 						return {
-							urlSrc: "https://jf.h5y2c.com/?sn_id=".concat(uni.$sn_id),
+							urlSrc: "https://jf.j3s4s5.com/?sn_id=".concat(uni.$sn_id),
 							passback: ""
 						}
 					},
@@ -40,7 +40,7 @@
 											void 0 === a ?
 											void 0 : a.id,
 											e.passback && setTimeout((function() {
-												window.location.href = "https://jf.h5y2c.com/?user_id=" + e.passback
+												window.location.href = "https://jf.j3s4s5.com/?user_id=" + e.passback
 											}), 200));
 									case 4:
 										case "end":
@@ -132,4 +132,4 @@
 			n["default"] = u.exports
 		}
 	}
-]);
\ No newline at end of file
+]);