diff --git a/.gitignore b/.gitignore index 4779d45..2c3a653 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,15 @@ backend/**/logs/ backend/**/*.log backend/.idea/ backend/crmebimage/ + +# 独立子仓库(各自有独立 git,不纳入根 repo) +integral-resell/ +single-shop-22/ +MER-2.2_2601/ +db/ + +# 敏感运行时配置(不入库) +deploy/docker/scripts/server.env +deploy/docker/step1-integral/.env +deploy/docker/step1-integral/houtai.env +deploy/docker/step2-single-shop/.env diff --git a/DOCKER_DEPLOY.md b/DOCKER_DEPLOY.md new file mode 100644 index 0000000..2f2fa94 --- /dev/null +++ b/DOCKER_DEPLOY.md @@ -0,0 +1,469 @@ +# Docker 部署方案(寄卖商城 + 积分商城前后端) + +> 本方案覆盖: +> - **integral-resell(积分商城)**:Webman PHP 后端二进制 + H5 静态站 +> - **single-shop-22(寄卖商城)**:CRMEB Spring Boot 双 jar 后端 + Vue 管理后台 + uni-app H5 +> - **Redis**:每个子栈独立容器(两套互不干扰) +> +> 不包含:`MER-2.2_2601` 多商户、Kafka 同步、MySQL(使用 **阿里云 RDS for MySQL**)。 + +--- + +## 两步独立部署(推荐) + +从 `czleilei240` 分支开始,两个商城**各自独立**部署,互不依赖。 + +| | 步骤一 寄卖商城 | 步骤二 积分商城 | +|---|---|---| +| 项目 | `integral-resell` | `single-shop-22` | +| 目录 | `deploy/docker/step1-integral/` | `deploy/docker/step2-single-shop/` | +| 服务 | redis · integral-houtai · integral-h5 | redis · single-admin-api · single-front-api · single-admin-web · single-h5 | +| 宿主机端口 | `18080` | `18081`(管理后台) `18082`(H5) | +| compose name | `resell-czleilei240` | `jifenmall-czleilei240` | +| 详细说明 | [README](deploy/docker/step1-integral/README.md) | [README](deploy/docker/step2-single-shop/README.md) | + +### 步骤一 — 寄卖商城(integral-resell) + +```bash +cd deploy/docker/step1-integral +cp .env.example .env && cp houtai.env.example houtai.env +# 填写 .env 中的 REDIS_PASSWORD +# 填写 houtai.env 中的 DB_PASSWORD 和 REDIS_PASSWORD(两者须一致) +docker compose --env-file .env up -d --build +``` + +### 步骤二 — 积分商城(single-shop-22) + +```bash +cd deploy/docker/step2-single-shop +cp .env.example .env +# 填写 RDS_PASSWORD、REDIS_PASSWORD +docker compose --env-file .env up -d --build +# Java 首次构建约 10-20 分钟,可用 logs -f 观察进度 +``` + +> 下方章节描述的是历史上合并部署时的 `docker-compose.yml`(`deploy/docker/docker-compose.yml`),供参考。两步拆分方案已取代合并方案。 + +--- + +## 一、架构总览 + +```mermaid +flowchart LR + user((用户)) -->|H5/管理后台| EdgeLB[(阿里云 SLB / Nginx)] + + subgraph Host [Docker 主机] + direction TB + + subgraph integralStack [积分商城] + integral_h5[integral-h5\nNginx :80] + integral_houtai[integral-houtai\nwebman.bin :8787] + end + + subgraph singleStack [寄卖商城] + single_admin_web[single-admin-web\nNginx :80] + single_h5[single-h5\nNginx :80] + single_admin_api[single-admin-api\nminiao-admin :30032] + single_front_api[single-front-api\nminiao-front :30031] + end + + redis[(redis :6379)] + end + + EdgeLB -- jf-h5.* --> single_h5 + EdgeLB -- jfadmin.* --> single_admin_web + EdgeLB -- admin.* --> integral_h5 + + integral_h5 -- /api/ --> integral_houtai + single_admin_web -- /api/ --> single_admin_api + single_h5 -- /api/ --> single_front_api + + integral_houtai --> redis + single_admin_api --> redis + single_front_api --> redis + + integral_houtai --> RDS[(阿里云 RDS MySQL)] + single_admin_api --> RDS + single_front_api --> RDS +``` + +### 服务清单 + +| 服务 | 镜像构建来源 | 容器内端口 | 默认宿主机端口 | 说明 | +|------|--------------|------------|----------------|------| +| `redis` | 官方 `redis:6.2-alpine` | 6379 | 6379 (可不暴露) | 持久化 AOF,挂卷 `redis-data` | +| `integral-houtai` | `integral-resell/houtai/` | 8787 | (不暴露) | Webman 静态 ELF;同容器写 `runtime/` 与 `public/upload/` | +| `integral-h5` | `integral-resell/h5/` | 80 | 18080 | 服务静态站;`/api/` 反代到 `integral-houtai`;启动时根据 env 重写 `static/configs.js` | +| `single-admin-api` | `single-shop-22/backend/crmeb-admin` | 30032 | (不暴露) | 多阶段 Maven 构建出 `miao-admin-2.2.jar` | +| `single-front-api` | `single-shop-22/backend/crmeb-front` | 30031 | (不暴露) | 多阶段 Maven 构建出 `miao-front-2.2.jar` | +| `single-admin-web` | `single-shop-22/backend-adminend` | 80 | 18081 | 多阶段 Node 构建 `dist`;`/api/` 反代到 `single-admin-api` | +| `single-h5` | `single-shop-22/single_uniapp22miao` | 80 | 18082 | 多阶段 Node 构建 `unpackage/dist/build/h5`;`/api/` 反代到 `single-front-api` | + +> **域名/端口策略**:建议在 docker 主机前再放一层 Nginx 或阿里云 SLB,按域名分发到 18080/18081/18082;下面的 compose 默认把这三个静态站暴露在宿主机不同端口。 + +### 共享资源 / 卷 + +| 卷 / 目录 | 容器内挂载点 | 用途 | +|-----------|-------------|------| +| `redis-data` | `/data` | Redis AOF 持久化 | +| `integral-runtime` | `/app/runtime` | Webman 运行时(session、views 缓存等) | +| `integral-upload` | `/app/public/upload` | 积分商城上传图片 | +| `single-images` | `/usr/local/crmeb/crmebimage` | 寄卖商城 `imagePath`,admin/front 两个 jar **共享** | +| `single-logs` | `/app/log` | Spring Boot 日志(按需保留) | + +### 与外部资源的关系 + +| 资源 | 地址来源 | 说明 | +|------|---------|------| +| 阿里云 RDS MySQL | `.env` 中 `RDS_*` | RDS 白名单需放通宿主机出口 IP;建议同地域 VPC | +| OSS(可选) | `.env` 中 `OSS_*` | 不配置时积分商城走本地 `public/upload`;寄卖商城用 admin 后台界面里配置 | +| 短信(可选) | `.env` 中 `SMS_*` | 仅积分商城 `.env` 用到 | + +--- + +## 二、目录布局 + +``` +integral-shop/ +├── DOCKER_DEPLOY.md ← 本文档 +├── deploy/ +│ └── docker/ +│ ├── docker-compose.yml +│ ├── .env.example +│ ├── README.md ← 一键启动说明(简版) +│ ├── redis/ +│ │ └── redis.conf +│ ├── integral-resell/ +│ │ ├── houtai.Dockerfile +│ │ ├── h5.Dockerfile +│ │ ├── nginx-h5.conf +│ │ ├── .env.template ← Webman 后端运行时 .env 模板 +│ │ └── docker-entrypoint-h5.sh ← 启动时根据 env 改写 configs.js +│ └── single-shop/ +│ ├── admin-api.Dockerfile +│ ├── front-api.Dockerfile +│ ├── admin-web.Dockerfile +│ ├── h5.Dockerfile +│ ├── application-docker.yml ← Spring Boot docker profile +│ ├── nginx-admin-web.conf +│ └── nginx-h5.conf +├── integral-resell/ ← 源码(不改动) +└── single-shop-22/ ← 源码(不改动) +``` + +> 所有 Dockerfile / compose 都**只读访问**源码目录,不会修改它们。 + +--- + +## 三、配置与环境变量 + +复制一份 `deploy/docker/.env.example` 为 `deploy/docker/.env` 并按下面表格修改。 + +| 变量 | 用途 | 示例 | +|------|------|------| +| `TZ` | 容器时区 | `Asia/Shanghai` | +| `RDS_HOST` | 阿里云 RDS 外网/内网地址 | `rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com` | +| `RDS_PORT` | RDS 端口 | `3306` | +| `RDS_INTEGRAL_DB` | 积分商城数据库 | `yangtangyoupin` | +| `RDS_INTEGRAL_USER` / `RDS_INTEGRAL_PASS` | 积分商城账号 | 默认 `yangtangyoupin` / 来自原 sxsy80 | +| `RDS_SINGLE_DB` | 寄卖商城数据库(与积分共库) | `yangtangyoupin` | +| `RDS_SINGLE_USER` / `RDS_SINGLE_PASS` | 寄卖商城账号 | 同上 | +| `REDIS_PASSWORD` | 容器 Redis 密码 | 123456 | +| `REDIS_INTEGRAL_DB` | 积分商城使用的 Redis db | `0` | +| `REDIS_SINGLE_ADMIN_DB` | 寄卖 admin Redis db | `25` | +| `REDIS_SINGLE_FRONT_DB` | 寄卖 front Redis db | `26` | +| `INTEGRAL_API_PUBLIC_URL` | H5 调用后端的对外 URL | `https://admin.example.com` | +| `INTEGRAL_IMG_PUBLIC_URL` | H5 引用图片的对外 URL | `https://admin.example.com` | +| `INTEGRAL_H5_PUBLIC_URL` | H5 自身对外 URL | `https://h5.example.com/` | +| `INTEGRAL_SN_ID` | `configs.js` 中 `sn_id` | `17533260260405` | +| `INTEGRAL_APP_STR` | `configs.js` 中 `appStr`(**与寄卖 APP_SECRET 必须一致**) | `ZFyTNQTWEkCBczKzyUDJWE9Ecx260405` | +| `SINGLE_ADMIN_BASE_API` | 寄卖管理后台调用 API 的域名/路径 | 留空走同域 `/api/` 即可 | +| `SINGLE_H5_DOMAIN` | uni-app H5 调用 API 的域名 | 留空走同域 `/api/` 即可 | +| `SYNC_SOURCE_ID` / `SYNC_TARGET_MER_ID` | 多商户同步配置(无 MER 时留空) | `""` / `0` | + +> **关键一致性**:积分商城 `configs.js#appStr` ↔ 积分商城 Webman `.env#APP_SECRET` ↔ 寄卖商城 admin 后台中的 `appStr` 必须一致;否则双向调用会鉴权失败。 + +--- + +## 四、镜像构建策略 + +### 0. 基础镜像选型(与主机对齐) + +| 服务 | 基础镜像 | libc | 选择理由 | +|------|----------|------|----------| +| `redis` | `redis:6.2-alpine` | musl | Redis 官方推荐,无 native 依赖 | +| `integral-houtai` | `php:8.0-cli-bullseye` (Debian 11) | **glibc** | 与宝塔 PHP 8.0.26 版本对齐;已装 pdo_mysql / redis / gd / imagick 等 webman 常用扩展 | +| `integral-h5` | `nginx:1.25-alpine` | musl | 纯静态文件 + nginx,无字体/native 依赖 | +| `single-admin-api` / `single-front-api` 构建 | `maven:3.8.8-eclipse-temurin-17` (Debian) | **glibc** | 与部署环境 OpenJDK 17.0.x 对齐;pom.xml source/target=1.8,Java 17 编译器向下兼容 | +| `single-admin-api` / `single-front-api` 运行 | `eclipse-temurin:17-jre-jammy` (Ubuntu 22.04) | **glibc** | 匹配主机 openjdk 17.0.18;Spring Boot 2.2.6 + Java 17 需额外 `--add-opens` JVM 参数(已写入 JAVA_OPTS);预装 `fonts-dejavu` + `fonts-wqy-zenhei` | +| `single-admin-web` / `single-h5` 构建 | `node:16-alpine` | musl | 仅打包 JS/CSS,无 native 依赖 | +| `single-admin-web` / `single-h5` 运行 | `nginx:1.25-alpine` | musl | 同上 | + +> **主机环境**:Debian-class(Linux kernel 6.1.164)/ x86_64 / Docker + BuildKit。 +> 所有 `--platform=linux/amd64` 在主机上都是原生执行,**无 QEMU 模拟**;只有在 Apple Silicon 上本地 build 时才会走 QEMU。 +> Java 后端最终镜像在 glibc 上运行,与主机 OS 完全同源;这样可避免 Alpine + musl 时验证码 / 中文字体 / POI 个别场景的兼容性问题。 + +### 1. integral-houtai(PHP Webman 二进制) +- 基础镜像:`debian:bookworm-slim`(webman.bin 为 ELF x86_64,静态链接,glibc 兼容)。 +- 直接拷贝 `webman.bin`、`public/`、`runtime/views` 模板进镜像。 +- `.env` **不打进镜像**,通过 `docker-compose` 把 `deploy/docker/integral-resell/.env.template` 渲染后挂进 `/app/.env`。 +- 启动命令:`./webman.bin start -d`(业主指定的守护模式),entrypoint 在后台 `tail -F runtime/logs/*.log` 把日志接到容器 stdout,并监听主进程退出。收到 `SIGTERM` 时执行 `./webman.bin stop` 优雅退出。 + +### 2. integral-h5(静态站) +- 基础镜像:`nginx:1.25-alpine`。 +- 直接拷贝 `integral-resell/h5/` 到 `/usr/share/nginx/html/`。 +- `docker-entrypoint-h5.sh` 在启动时根据环境变量重写 `static/configs.js`:把 `BASE_URL/IMG_URL/H5_URL/sn_id/appStr` 替换为部署值,**无需重新构建前端**。 + +### 3. single-admin-api / single-front-api(Spring Boot) +- **多阶段构建**: + - 构建阶段:`maven:3.8.8-eclipse-temurin-17` → `mvn package -pl crmeb-admin -am -DskipTests`(front 同理)。pom.xml 已配置 `source/target=1.8`,Java 17 编译器向下兼容,产物字节码级别不变。 + - 运行阶段:`eclipse-temurin:17-jre-jammy`(Ubuntu 22.04 / glibc),与部署环境 `openjdk 17.0.18` 对齐;预装 `fontconfig + fonts-dejavu + fonts-wqy-zenhei`。 +- **Java 17 兼容性**:Spring Boot 2.2.6 使用 cglib、Druid、Quartz 等大量反射,Java 17 强模块封装会报 `InaccessibleObjectException`。已在 `JAVA_OPTS` 中加入 7 条 `--add-opens`,覆盖已知触发点(`java.lang / reflect / util / io / math / sun.net.util / net`)。若运行时出现新的 `InaccessibleObjectException`,按报错包名继续追加 `--add-opens`。 +- 通过 `--spring.profiles.active=docker` + `--spring.config.additional-location=file:/config/` 加载 `application-docker.yml`,所有 DB/Redis/端口参数从 `.env` 注入。 +- `imagePath` 指向 `/usr/local/crmeb/crmebimage/`(挂卷 `single-images`,两个 jar 共享)。 + +### 4. single-admin-web(Vue 管理后台) +- **多阶段构建**: + - 构建阶段:`node:16-alpine` → `npm ci && npm run build:prod`(`VUE_APP_BASE_API` 设为空,走同域 `/api/`)。 + - 运行阶段:`nginx:1.25-alpine`,`/api/` 反代到 `single-admin-api:30032`。 +- 若想**直接复用源码里现成的 `dist/`**,可改用「fast」分支(见 Dockerfile 注释)。 + +### 5. single-h5(uni-app H5) +- 同样多阶段:`node:16-alpine` → `npm install && npm run build:h5`,再 nginx 服务。 +- `config/app.js` 里 `domain` 硬编码,需在构建前注入:通过 ARG `H5_API_DOMAIN` 做字符串替换,或留空让同域生效(推荐)。 + +--- + +## 五、Spring Boot 接 RDS / Redis 的细节 + +寄卖商城原本通过 `spring.profiles.active=byjyw149` / `miao80` 等加载不同 yml。**Docker 部署用全新 profile `docker`**: + +```yaml +# deploy/docker/single-shop/application-docker.yml +spring: + datasource: + type: com.alibaba.druid.pool.DruidDataSource + driver-class-name: com.mysql.jdbc.Driver + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:3306}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf8&serverTimezone=GMT%2B8&useSSL=false + username: ${MYSQL_USERNAME} + password: ${MYSQL_PASSWORD} + redis: + host: ${REDIS_HOST} + port: ${REDIS_PORT:6379} + password: ${REDIS_PASSWORD:} + database: ${REDIS_DATABASE:0} +``` + +通过 docker-compose 注入: +``` +MYSQL_HOST=${RDS_HOST} +MYSQL_DATABASE=${RDS_SINGLE_DB} +MYSQL_USERNAME=${RDS_SINGLE_USER} +MYSQL_PASSWORD=${RDS_SINGLE_PASS} +REDIS_HOST=redis +REDIS_PASSWORD=${REDIS_PASSWORD} +REDIS_DATABASE=${REDIS_SINGLE_ADMIN_DB} +``` + +> **数据库初始化**:首次部署前请用 `db/` 下的 SQL(推荐 `db/yangtangyoupin.sql`、`db/shop22-v2.sql` 等)在 RDS 中初始化对应库;本方案不在容器中建库,**避免误覆盖现网数据**。 + +--- + +## 六、首次部署步骤 + +```bash +# 1. 准备环境变量 +cd integral-shop/deploy/docker +cp .env.example .env +vim .env # 填入 RDS / Redis / 域名等 + +# 2. 准备积分商城 Webman .env(容器运行时挂载) +cp integral-resell/.env.template integral-resell/.env +vim integral-resell/.env # 至少配置 DB_*、APP_SECRET、SMS_* + +# 3. 在阿里云 RDS 上提前导入数据 +# - 积分商城:db/yangtangyoupin.sql +# - 寄卖商城:db/shop22-v2.sql / db/jjy153-mysql.sql (按实际版本) + +# 4. 构建并启动 +docker compose --env-file .env build +docker compose --env-file .env up -d + +# 5. 健康检查 +docker compose ps +docker compose logs -f single-admin-api # 看到 "Started CrmebAdminApplication" 即成功 +docker compose logs -f integral-houtai # 看到 "Webman start success" 即成功 +curl -I http://localhost:18080 # 积分商城 H5 +curl -I http://localhost:18081 # 寄卖管理后台 +curl -I http://localhost:18082 # 寄卖用户 H5 +``` + +--- + +## 七、日常运维 + +| 场景 | 操作 | +|------|------| +| 拉取最新源码后重建 | `docker compose build --no-cache ` 然后 `docker compose up -d ` | +| 只重启某服务 | `docker compose restart single-admin-api` | +| 看日志 | `docker compose logs -f --tail 200 single-front-api` | +| 进入容器 | `docker compose exec single-admin-api sh` | +| 备份用户上传 | `docker run --rm -v integral-upload:/d -v $(pwd):/b alpine tar czf /b/upload.tgz -C /d .` | +| 备份寄卖商城图片 | 同上,卷名 `single-images` | +| 切换到外部 Redis | 在 `.env` 把 `REDIS_HOST` 改成外部地址,并在 compose 里把 `redis` 服务注释 | +| 切换到 Java 17 运行寄卖商城 | 把 `eclipse-temurin:8-jre-alpine` 改成 `17-jre`;本工程经验依旧建议 8 | + +--- + +## 八、性能与资源建议 + +| 容器 | CPU | 内存(建议) | +|------|----:|------------:| +| `redis` | 0.2 | 256 MB | +| `integral-houtai` | 0.5–1 | 256–512 MB(webman 多 worker 时 ↑) | +| `integral-h5` | 0.1 | 64 MB | +| `single-admin-api` | 1 | **JVM `-Xmx512m`,容器 limit 768 MB** | +| `single-front-api` | 1 | JVM `-Xmx768m`,容器 limit 1 GB | +| `single-admin-web` | 0.1 | 64 MB | +| `single-h5` | 0.1 | 64 MB | + +最低配宿主机:**2 vCPU / 4 GB**(建议 4 vCPU / 8 GB 起)。 + +--- + +## 九、上线检查清单 + +- [ ] 阿里云 RDS 白名单已放通 Docker 主机出口 IP +- [ ] RDS 中已导入对应库的 SQL,账号/密码权限正确 +- [ ] `.env` 中无明文敏感信息提交到 git(已 `.gitignore`) +- [ ] `INTEGRAL_APP_STR` 与寄卖商城 admin 后台 + Webman `.env#APP_SECRET` 三处一致 +- [ ] 域名 / SSL 在外层 Nginx 或阿里云 SLB 完成 443 卸载 +- [ ] OSS 与 SMS 等第三方密钥若启用,已写入对应位置 +- [ ] 备份策略:RDS 自动备份 + `integral-upload` / `single-images` 卷定期 tar 备份 + +--- + +## 十、远端 116.62.83.240 一键部署 + +服务器已具备的环境(来自宝塔软件商店截图): +- Docker(节点管理 → Docker 已部署) +- Nginx 1.28.1(**未使用**,本方案的 Nginx 在容器内) +- MySQL 5.7.44(**未使用**,本方案走阿里云 RDS) +- Redis 8.0.5(**默认未使用**,容器内自带 Redis;想复用宿主 Redis 见下方"复用宿主 Redis") +- PHP 8.0.26(**未使用**,webman 走静态二进制) +- rsync 已安装、SSH `root / A@123456` + +### 1. 本机一次性配置 + +```bash +cd deploy/docker/scripts +cp server.env.example server.env +$EDITOR server.env # 默认已写好 116.62.83.240 / root / A@123456 +``` + +> **强烈建议先用 SSH key 替代密码**:`ssh-copy-id root@116.62.83.240` 后把 `server.env` 里的 `SSHPASS=` 注释掉即可。脚本会自动切回 SSH key 通道。 + +### 2. 全量同步并启动 + +```bash +./sync-to-server.sh up +``` + +脚本流程: +1. SSH 登录 116.62.83.240,确保 `/root/integral-shop` 目录存在; +2. rsync 增量同步整个工程(自动排除 `node_modules / target / .git / runtime/logs / MER-2.2_2601` 等大目录); +3. 在远端 `cd /root/integral-shop/deploy/docker && docker compose build && docker compose up -d`; +4. 输出 `docker compose ps` 结果。 + +首次会要求你先在远端把 `.env / integral-resell/.env` 改成真实值(如未做,运行下面这一步): + +```bash +./bootstrap-remote-env.sh # 在远端基于模板创建 .env,再 ssh 上去填写 +``` + +### 3. 日常运维(无需登录服务器) + +```bash +./remote-up.sh ps # 服务状态 +./remote-up.sh logs single-admin-api # 跟随日志 +./remote-up.sh restart single-front-api # 重启某服务 +./remote-up.sh build single-admin-web # 只重建某镜像 +./remote-up.sh exec single-admin-api sh # 进容器 +./remote-up.sh ssh # 直接登录服务器 +./sync-to-server.sh up # 改了代码后再同步+重启 +``` + +### 4. 端口规划与宝塔放行 + +宿主机暴露端口(来自 `.env.example`,可改): + +| 端口 | 服务 | 用途 | +|------|------|------| +| 18080 | `integral-h5` | 积分商城 H5 | +| 18081 | `single-admin-web` | 寄卖管理后台 | +| 18082 | `single-h5` | 寄卖用户 H5 | +| 6379 | `redis` | (生产建议关闭)`REDIS_HOST_PORT=` 留空即不暴露 | + +**安全组 / 防火墙**:阿里云安全组放通 18080-18082;宝塔面板 → 安全 → 放行同样端口。**强烈建议在前面再挂一层域名 + SSL**(宝塔自带 Nginx 反代 / 阿里云 SLB / Cloudflare 都行)。 + +### 5. 复用宿主已有 Redis 8.0.5(可选) + +若想节省一份 Redis,直接用宿主机的 Redis: + +```bash +# 1) 远端编辑 deploy/docker/.env +REDIS_PASSWORD=宿主-Redis-的密码 + +# 2) 远端编辑 deploy/docker/docker-compose.yml +# a. 注释掉 redis: 整个服务块(包括 healthcheck) +# b. single-admin-api / single-front-api 把 REDIS_HOST: redis 改成 172.17.0.1 +# (docker bridge 网关;宝塔默认端口 6379;先确保 Redis 监听 0.0.0.0 且防火墙放行 6379 to docker subnet) +# c. integral-resell/.env 把 REDIS_HOST=redis 同步改为 172.17.0.1 + +# 3) 同步重启 +./sync-to-server.sh up +``` + +### 6. 阿里云 RDS 白名单 + +到 RDS 控制台 → 白名单 → 加入 `116.62.83.240`(如果 RDS 与 ECS 同 VPC 则用内网地址 + 内网白名单更优)。 + +### 7. 数据库初始化 + +```bash +# 本地把 SQL 上传到服务器(默认 db/ 已被 rsync 同步过去) +./remote-up.sh ssh +# 远端 +mysql -h -u -p < /root/integral-shop/db/yangtangyoupin.sql +mysql -h -u -p < /root/integral-shop/db/shop22-v2.sql +``` + +也可以用宝塔自带的 phpMyAdmin 直接连 RDS 导入。 + +--- + +## 十一、各文件清单一览 + +参见 `deploy/docker/` 下: + +- `docker-compose.yml` ← 编排入口 +- `.env.example` ← 环境变量模板 +- `redis/redis.conf` +- `integral-resell/houtai.Dockerfile` +- `integral-resell/h5.Dockerfile` +- `integral-resell/nginx-h5.conf` +- `integral-resell/.env.template` +- `integral-resell/docker-entrypoint-h5.sh` +- `single-shop/admin-api.Dockerfile` +- `single-shop/front-api.Dockerfile` +- `single-shop/admin-web.Dockerfile` +- `single-shop/h5.Dockerfile` +- `single-shop/application-docker.yml` +- `single-shop/nginx-admin-web.conf` +- `single-shop/nginx-h5.conf` +- `scripts/server.env.example` ← 远端 SSH 配置模板 +- `scripts/sync-to-server.sh` ← rsync 增量同步 + 触发远端部署 +- `scripts/remote-up.sh` ← 远端 `docker compose` 操作(up/build/restart/logs/ps/exec/ssh) +- `scripts/bootstrap-remote-env.sh` ← 首次在远端生成 .env 模板 + +每个文件都已生成可直接使用的版本。 diff --git a/deploy/docker/.env.example b/deploy/docker/.env.example new file mode 100644 index 0000000..0d24059 --- /dev/null +++ b/deploy/docker/.env.example @@ -0,0 +1,79 @@ +# ============================================================ +# Docker 部署环境变量模板 +# 使用方法: cp .env.example .env 然后按实际填写 +# 注意: .env 切勿提交到 git +# ============================================================ + +# ---------- 基础 ---------- +TZ=Asia/Shanghai +COMPOSE_PROJECT_NAME=integral-shop + +# ---------- 阿里云 RDS for MySQL ---------- +# 外网地址(与 240 同地域 VPC 时建议改为内网地址,更快更安全) +RDS_HOST=rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com +RDS_PORT=3306 + +# 积分商城(Webman PHP 后端) +RDS_INTEGRAL_DB=yangtangyoupin +RDS_INTEGRAL_USER=yangtangyoupin +RDS_INTEGRAL_PASS=change-me + +# 寄卖商城(Spring Boot 后端) — 与积分商城共库共账号 +RDS_SINGLE_DB=yangtangyoupin +RDS_SINGLE_USER=yangtangyoupin +RDS_SINGLE_PASS=change-me + +# ---------- 容器内 Redis ---------- +REDIS_PASSWORD=change-me-redis +# 三个业务各自的 db 序号,建议互不冲突 +REDIS_INTEGRAL_DB=0 +REDIS_SINGLE_ADMIN_DB=25 +REDIS_SINGLE_FRONT_DB=26 + +# 是否把 Redis 端口暴露到宿主机(生产建议不暴露,留空字符串即可关闭) +REDIS_HOST_PORT=6379 + +# ---------- 积分商城 H5 configs.js 注入 ---------- +# 用户浏览器访问到的 API/图片/H5 域名(必须为外网可达 URL) +INTEGRAL_API_PUBLIC_URL=https://admin.example.com +INTEGRAL_IMG_PUBLIC_URL=https://admin.example.com +INTEGRAL_H5_PUBLIC_URL=https://h5.example.com/ +# 业务标识:sn_id(数字)、appStr(与寄卖商城 APP_SECRET 必须一致) +INTEGRAL_SN_ID=17533260260405 +INTEGRAL_APP_STR=ZFyTNQTWEkCBczKzyUDJWE9Ecx260405 +INTEGRAL_TITLE=晨召春商贸 +INTEGRAL_CONTRACT_PAGE=10012 + +# ---------- 积分商城 Webman 后端短信 / OSS ---------- +# 不用就保持空值;启用时填写真实凭证(也可直接编辑 integral-resell/.env 文件) +SMS_CHANNEL=alibaba +SMS_SIGNNAME= +SMS_TEMPLATE= +SMS_KEYID= +SMS_KEYSECRET= + +# OSS_TYPE=public 表示用本地 public/upload;oss 表示走阿里云 OSS +FILE_STORAGE=public +OSS_ACCESS_ID= +OSS_ACCESS_SECRET= +OSS_BUCKET= +OSS_ENDPOINT= +OSS_URL= + +# ---------- 寄卖商城前端构建参数 ---------- +# 留空即走与 Nginx 同域 /api/,最佳实践;如要直连后端写完整 URL +SINGLE_ADMIN_BASE_API= +SINGLE_H5_DOMAIN= + +# ---------- 寄卖商城后端 JVM ---------- +SINGLE_ADMIN_JAVA_OPTS=-Xms256m -Xmx512m +SINGLE_FRONT_JAVA_OPTS=-Xms256m -Xmx768m + +# ---------- 寄卖商城订单同步(无 MER 时填默认) ---------- +SYNC_SOURCE_ID= +SYNC_TARGET_MER_ID=0 + +# ---------- 宿主机暴露端口(可按需修改) ---------- +INTEGRAL_H5_PORT=18080 +SINGLE_ADMIN_WEB_PORT=18081 +SINGLE_H5_PORT=18082 diff --git a/deploy/docker/.gitignore b/deploy/docker/.gitignore new file mode 100644 index 0000000..f7d19fa --- /dev/null +++ b/deploy/docker/.gitignore @@ -0,0 +1,3 @@ +# 部署敏感文件不入库 +.env +integral-resell/.env diff --git a/deploy/docker/README.md b/deploy/docker/README.md new file mode 100644 index 0000000..e2a39da --- /dev/null +++ b/deploy/docker/README.md @@ -0,0 +1,113 @@ +# Docker 部署 — 快速上手 + +> 详细方案见仓库根目录的 `DOCKER_DEPLOY.md`。本文件只列必要操作。 + +## 1. 准备环境变量 + +```bash +cd deploy/docker +cp .env.example .env +$EDITOR .env # 填入 RDS / Redis / 域名 等 + +cp integral-resell/.env.template integral-resell/.env +$EDITOR integral-resell/.env # 积分商城 Webman 后端配置 +``` + +## 2. 阿里云 RDS 初始化 + +在 RDS 控制台新建: +- 积分商城库(默认名 `yangtangyoupin`)→ 导入 `db/yangtangyoupin.sql` +- 寄卖商城库(默认同上)→ 导入 `db/shop22-v2.sql`(或与生产对齐的 `db/jjy153-mysql.sql`) + +把 Docker 主机出口 IP 加入 RDS 白名单。 + +## 3. 构建并启动 + +```bash +# 一次性构建所有镜像(首次 5-15 分钟,含 Maven & Node 拉依赖) +docker compose build + +# 后台启动全部服务 +docker compose up -d + +# 查看状态 +docker compose ps +docker compose logs -f single-admin-api +docker compose logs -f single-front-api +docker compose logs -f integral-houtai +``` + +## 4. 验证 + +| URL | 期望 | +|-----|------| +| `http://:18080/` | 积分商城 H5 首页 | +| `http://:18080/api/...` | 转发到 integral-houtai | +| `http://:18081/` | 寄卖管理后台登录页 | +| `http://:18082/` | 寄卖用户端 H5 | + +## 5. 常用运维 + +```bash +docker compose restart single-admin-api +docker compose build --no-cache single-front-api && docker compose up -d single-front-api +docker compose exec single-admin-api sh +docker compose down # 不删卷 +docker compose down -v # 连卷一并删除(**慎用**) +``` + +## 6. 备份卷 + +```bash +# 在 docker host 上运行 +for v in integral-upload single-images redis-data; do + docker run --rm -v $v:/d -v $(pwd):/b alpine \ + tar czf /b/${v}-$(date +%F).tgz -C /d . +done +``` + +## 7. "fast" 模式(跳过前端构建,使用源码已有 dist) + +如果源码目录里 `backend-adminend/dist` 和 `single_uniapp22miao/unpackage/dist/build/` 已经是最新构建产物,可加速: + +```bash +docker compose build --build-arg=BUILDKIT_INLINE_CACHE=1 \ + --target fast single-admin-web single-h5 +``` + +## 8. 切换为外部 Redis + +把 `.env` 中 `REDIS_HOST` 改为外部地址、注释 `docker-compose.yml` 中的 `redis:` 服务即可。Spring Boot 与 Webman 都通过环境变量读取 Redis 地址。 + +## 9. 远端一键部署(116.62.83.240) + +```bash +cd scripts +cp server.env.example server.env # 已预填 116.62.83.240 / root / A@123456 + +# 首次(推荐):把密码登录换成 SSH key +ssh-copy-id root@116.62.83.240 +# 然后把 server.env 里的 SSHPASS 行注释掉 + +# 同步代码并启动 +./sync-to-server.sh up + +# 同步完成后,若是首次部署还需要先在远端填写 .env: +./bootstrap-remote-env.sh +./remote-up.sh ssh +# 远端:cd /root/integral-shop/deploy/docker +# vim .env +# vim integral-resell/.env +# 编辑完退出后: +./remote-up.sh up + +# 日常运维(本机执行,不用登录服务器) +./remote-up.sh ps +./remote-up.sh logs single-admin-api +./remote-up.sh restart single-front-api +./remote-up.sh build single-admin-web +``` + +> 用密码模式需要先 `brew install hudochenkov/sshpass/sshpass`(macOS)。 +> 用 SSH key 模式则任何依赖都不需要。 + diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml new file mode 100644 index 0000000..5ecff7d --- /dev/null +++ b/deploy/docker/docker-compose.yml @@ -0,0 +1,187 @@ +# ============================================================= +# 寄卖商城 + 积分商城 前后端 Docker 编排 +# - 不含 MER-2.2 多商户 +# - 不含 MySQL(使用阿里云 RDS) +# - 包含独立 Redis(如需用外部 Redis,注释掉 redis 服务并修改 REDIS_HOST) +# ============================================================= + +name: integral-shop + +x-common: &common + restart: unless-stopped + environment: + TZ: ${TZ:-Asia/Shanghai} + logging: + driver: json-file + options: + max-size: "20m" + max-file: "5" + +networks: + inner: + driver: bridge + +volumes: + redis-data: + integral-runtime: + integral-upload: + single-images: + single-logs: + +services: + # ---------------- Redis ---------------- + redis: + <<: *common + image: redis:6.2-alpine + container_name: integral-shop-redis + command: ["redis-server", "/etc/redis/redis.conf", "--requirepass", "${REDIS_PASSWORD}"] + volumes: + - ./redis/redis.conf:/etc/redis/redis.conf:ro + - redis-data:/data + networks: [inner] + # 仅当 REDIS_HOST_PORT 非空时暴露 + ports: + - "${REDIS_HOST_PORT:-}:6379" + healthcheck: + test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] + interval: 10s + timeout: 3s + retries: 5 + + # ---------------- 积分商城:Webman 后端 ---------------- + integral-houtai: + <<: *common + build: + context: ../../integral-resell/houtai + dockerfile: ../../deploy/docker/integral-resell/houtai.Dockerfile + image: integral-shop/integral-houtai:latest + container_name: integral-houtai + networks: [inner] + volumes: + # .env 由宿主机模板渲染挂入容器;编辑此文件即可改 DB / OSS / 短信 + - ./integral-resell/.env:/app/.env:ro + - integral-runtime:/app/runtime + - integral-upload:/app/public/upload + depends_on: + redis: + condition: service_healthy + + # ---------------- 积分商城:H5 静态站 ---------------- + integral-h5: + <<: *common + build: + context: ../../integral-resell/h5 + dockerfile: ../../deploy/docker/integral-resell/h5.Dockerfile + image: integral-shop/integral-h5:latest + container_name: integral-h5 + networks: [inner] + environment: + TZ: ${TZ:-Asia/Shanghai} + # 这些会在 entrypoint 中被注入到 static/configs.js + INTEGRAL_TITLE: ${INTEGRAL_TITLE} + INTEGRAL_API_PUBLIC_URL: ${INTEGRAL_API_PUBLIC_URL} + INTEGRAL_IMG_PUBLIC_URL: ${INTEGRAL_IMG_PUBLIC_URL} + INTEGRAL_H5_PUBLIC_URL: ${INTEGRAL_H5_PUBLIC_URL} + INTEGRAL_SN_ID: ${INTEGRAL_SN_ID} + INTEGRAL_APP_STR: ${INTEGRAL_APP_STR} + INTEGRAL_CONTRACT_PAGE: ${INTEGRAL_CONTRACT_PAGE} + ports: + - "${INTEGRAL_H5_PORT:-18080}:80" + depends_on: + - integral-houtai + + # ---------------- 寄卖商城:管理后台 API ---------------- + single-admin-api: + <<: *common + build: + context: ../../single-shop-22/backend + dockerfile: ../../deploy/docker/single-shop/admin-api.Dockerfile + image: integral-shop/single-admin-api:latest + container_name: single-admin-api + networks: [inner] + environment: + TZ: ${TZ:-Asia/Shanghai} + JAVA_HEAP_OPTS: ${SINGLE_ADMIN_JAVA_OPTS:--Xms128m -Xmx256m} + SPRING_PROFILES_ACTIVE: docker + SERVER_PORT: "30032" + MYSQL_HOST: ${RDS_HOST} + MYSQL_PORT: ${RDS_PORT:-3306} + MYSQL_DATABASE: ${RDS_SINGLE_DB} + MYSQL_USERNAME: ${RDS_SINGLE_USER} + MYSQL_PASSWORD: ${RDS_SINGLE_PASS} + REDIS_HOST: redis + REDIS_PORT: "6379" + REDIS_PASSWORD: ${REDIS_PASSWORD} + REDIS_DATABASE: ${REDIS_SINGLE_ADMIN_DB:-25} + SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-} + SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-0} + volumes: + - ./single-shop/application-docker.yml:/config/application-docker.yml:ro + - single-images:/usr/local/crmeb/crmebimage + - single-logs:/app/log + depends_on: + redis: + condition: service_healthy + + # ---------------- 寄卖商城:用户端 API ---------------- + single-front-api: + <<: *common + build: + context: ../../single-shop-22/backend + dockerfile: ../../deploy/docker/single-shop/front-api.Dockerfile + image: integral-shop/single-front-api:latest + container_name: single-front-api + networks: [inner] + environment: + TZ: ${TZ:-Asia/Shanghai} + JAVA_OPTS: ${SINGLE_FRONT_JAVA_OPTS:--Xms256m -Xmx768m} + SPRING_PROFILES_ACTIVE: docker + SERVER_PORT: "30031" + MYSQL_HOST: ${RDS_HOST} + MYSQL_PORT: ${RDS_PORT:-3306} + MYSQL_DATABASE: ${RDS_SINGLE_DB} + MYSQL_USERNAME: ${RDS_SINGLE_USER} + MYSQL_PASSWORD: ${RDS_SINGLE_PASS} + REDIS_HOST: redis + REDIS_PORT: "6379" + REDIS_PASSWORD: ${REDIS_PASSWORD} + REDIS_DATABASE: ${REDIS_SINGLE_FRONT_DB:-26} + volumes: + - ./single-shop/application-docker.yml:/config/application-docker.yml:ro + - single-images:/usr/local/crmeb/crmebimage + - single-logs:/app/log + depends_on: + redis: + condition: service_healthy + + # ---------------- 寄卖商城:管理后台 Web ---------------- + single-admin-web: + <<: *common + build: + context: ../../single-shop-22/backend-adminend + dockerfile: ../../deploy/docker/single-shop/admin-web.Dockerfile + args: + VUE_APP_BASE_API: ${SINGLE_ADMIN_BASE_API:-} + image: integral-shop/single-admin-web:latest + container_name: single-admin-web + networks: [inner] + ports: + - "${SINGLE_ADMIN_WEB_PORT:-18081}:80" + depends_on: + - single-admin-api + + # ---------------- 寄卖商城:用户端 H5 ---------------- + single-h5: + <<: *common + build: + context: ../../single-shop-22/single_uniapp22miao + dockerfile: ../../deploy/docker/single-shop/h5.Dockerfile + args: + H5_API_DOMAIN: ${SINGLE_H5_DOMAIN:-} + image: integral-shop/single-h5:latest + container_name: single-h5 + networks: [inner] + ports: + - "${SINGLE_H5_PORT:-18082}:80" + depends_on: + - single-front-api diff --git a/deploy/docker/nginx/leilei-jf.czchunfang.com.conf b/deploy/docker/nginx/leilei-jf.czchunfang.com.conf new file mode 100644 index 0000000..9524b91 --- /dev/null +++ b/deploy/docker/nginx/leilei-jf.czchunfang.com.conf @@ -0,0 +1,83 @@ +upstream jifenmall_h5 { + server 127.0.0.1:18082; + keepalive 10240; +} + +server +{ + listen 80; + listen 443 ssl; + http2 on; + server_name leilei-jf.czchunfang.com; + index index.html index.htm default.htm default.html; + root /www/wwwroot/leilei-jf.czchunfang.com; + include /www/server/panel/vhost/nginx/extension/leilei-jf.czchunfang.com/*.conf; + #CERT-APPLY-CHECK--START + include /www/server/panel/vhost/nginx/well-known/leilei-jf.czchunfang.com.conf; + #CERT-APPLY-CHECK--END + + #SSL-START + #error_page 404/404.html; + #HTTP_TO_HTTPS_START + set $isRedcert 1; + if ($server_port != 443) { + set $isRedcert 2; + } + if ( $uri ~ /\.well-known/ ) { + set $isRedcert 1; + } + if ($isRedcert != 1) { + rewrite ^(/.*)$ https://$host$1 permanent; + } + #HTTP_TO_HTTPS_END + ssl_certificate /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jf.czchunfang.com_cert/nginx/leilei-jf.czchunfang.com.pem; + ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jf.czchunfang.com_cert/nginx/leilei-jf.czchunfang.com.key; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_tickets on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + add_header Strict-Transport-Security "max-age=31536000"; + error_page 497 https://$host$request_uri; + #SSL-END + + #REWRITE-START + include /www/server/panel/vhost/rewrite/html_leilei-jf.czchunfang.com.conf; + #REWRITE-END + + # 积分商城 H5 → Docker single-h5 容器(uni-app SPA) + location ^~ / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Connection ""; + if (!-f $request_filename) { + proxy_pass http://jifenmall_h5; + } + } + + location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$ + { return 404; } + + location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ + { return 404; } + + location ~ \.well-known { allow all; } + + if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) { + return 403; + } + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { + expires 30d; error_log /dev/null; access_log /dev/null; + } + location ~ .*\.(js|css)?$ { + expires 12h; error_log /dev/null; access_log /dev/null; + } + + access_log /www/wwwlogs/leilei-jf.czchunfang.com.log; + error_log /www/wwwlogs/leilei-jf.czchunfang.com.error.log; +} diff --git a/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf b/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf new file mode 100644 index 0000000..248388a --- /dev/null +++ b/deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf @@ -0,0 +1,83 @@ +upstream jifenmall_admin { + server 127.0.0.1:18081; + keepalive 10240; +} + +server +{ + listen 80; + listen 443 ssl; + http2 on; + server_name leilei-jfadmin.czchunfang.com; + index index.html index.htm default.htm default.html; + root /www/wwwroot/leilei-jfadmin.czchunfang.com; + include /www/server/panel/vhost/nginx/extension/leilei-jfadmin.czchunfang.com/*.conf; + #CERT-APPLY-CHECK--START + include /www/server/panel/vhost/nginx/well-known/leilei-jfadmin.czchunfang.com.conf; + #CERT-APPLY-CHECK--END + + #SSL-START + #error_page 404/404.html; + #HTTP_TO_HTTPS_START + set $isRedcert 1; + if ($server_port != 443) { + set $isRedcert 2; + } + if ( $uri ~ /\.well-known/ ) { + set $isRedcert 1; + } + if ($isRedcert != 1) { + rewrite ^(/.*)$ https://$host$1 permanent; + } + #HTTP_TO_HTTPS_END + ssl_certificate /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jfadmin.czchunfang.com_cert/nginx/leilei-jfadmin.czchunfang.com.pem; + ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei-jfadmin.czchunfang.com_cert/nginx/leilei-jfadmin.czchunfang.com.key; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_tickets on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + add_header Strict-Transport-Security "max-age=31536000"; + error_page 497 https://$host$request_uri; + #SSL-END + + #REWRITE-START + include /www/server/panel/vhost/rewrite/html_leilei-jfadmin.czchunfang.com.conf; + #REWRITE-END + + # 积分商城管理后台 → Docker single-admin-web 容器(Vue SPA) + location ^~ / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Connection ""; + if (!-f $request_filename) { + proxy_pass http://jifenmall_admin; + } + } + + location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$ + { return 404; } + + location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ + { return 404; } + + location ~ \.well-known { allow all; } + + if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) { + return 403; + } + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { + expires 30d; error_log /dev/null; access_log /dev/null; + } + location ~ .*\.(js|css)?$ { + expires 12h; error_log /dev/null; access_log /dev/null; + } + + access_log /www/wwwlogs/leilei-jfadmin.czchunfang.com.log; + error_log /www/wwwlogs/leilei-jfadmin.czchunfang.com.error.log; +} diff --git a/deploy/docker/nginx/leilei.czchunfang.com.conf b/deploy/docker/nginx/leilei.czchunfang.com.conf new file mode 100644 index 0000000..5edb8a2 --- /dev/null +++ b/deploy/docker/nginx/leilei.czchunfang.com.conf @@ -0,0 +1,82 @@ +upstream resell_h5 { + server 127.0.0.1:18080; + keepalive 10240; +} + +server +{ + listen 80; + listen 443 ssl http2; + server_name leilei.czchunfang.com; + index index.html index.htm default.htm default.html; + root /www/wwwroot/leilei.czchunfang.com; + include /www/server/panel/vhost/nginx/extension/leilei.czchunfang.com/*.conf; + #CERT-APPLY-CHECK--START + include /www/server/panel/vhost/nginx/well-known/leilei.czchunfang.com.conf; + #CERT-APPLY-CHECK--END + + #SSL-START + #error_page 404/404.html; + #HTTP_TO_HTTPS_START + set $isRedcert 1; + if ($server_port != 443) { + set $isRedcert 2; + } + if ( $uri ~ /\.well-known/ ) { + set $isRedcert 1; + } + if ($isRedcert != 1) { + rewrite ^(/.*)$ https://$host$1 permanent; + } + #HTTP_TO_HTTPS_END + ssl_certificate /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei.czchunfang.com_cert/nginx/leilei.czchunfang.com.pem; + ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leilei.czchunfang.com_cert/nginx/leilei.czchunfang.com.key; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_tickets on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + add_header Strict-Transport-Security "max-age=31536000"; + error_page 497 https://$host$request_uri; + #SSL-END + + #REWRITE-START + include /www/server/panel/vhost/rewrite/html_leilei.czchunfang.com.conf; + #REWRITE-END + + # 寄卖商城 H5 → Docker integral-h5 容器(内部已含 /api/ /upload/ 反代到 webman:8785) + location ^~ / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Connection ""; + if (!-f $request_filename) { + proxy_pass http://resell_h5; + } + } + + location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$ + { return 404; } + + location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ + { return 404; } + + location ~ \.well-known { allow all; } + + if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) { + return 403; + } + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { + expires 30d; error_log /dev/null; access_log /dev/null; + } + location ~ .*\.(js|css)?$ { + expires 12h; error_log /dev/null; access_log /dev/null; + } + + access_log /www/wwwlogs/leilei.czchunfang.com.log; + error_log /www/wwwlogs/leilei.czchunfang.com.error.log; +} diff --git a/deploy/docker/nginx/leileiadmin.czchunfang.com.conf b/deploy/docker/nginx/leileiadmin.czchunfang.com.conf new file mode 100644 index 0000000..9d51029 --- /dev/null +++ b/deploy/docker/nginx/leileiadmin.czchunfang.com.conf @@ -0,0 +1,82 @@ +upstream resell_api { + server 127.0.0.1:18085; + keepalive 10240; +} + +server +{ + listen 80; + listen 443 ssl http2; + server_name leileiadmin.czchunfang.com; + index index.html index.htm default.htm default.html; + root /www/wwwroot/leileiadmin.czchunfang.com; + include /www/server/panel/vhost/nginx/extension/leileiadmin.czchunfang.com/*.conf; + #CERT-APPLY-CHECK--START + include /www/server/panel/vhost/nginx/well-known/leileiadmin.czchunfang.com.conf; + #CERT-APPLY-CHECK--END + + #SSL-START + #error_page 404/404.html; + #HTTP_TO_HTTPS_START + set $isRedcert 1; + if ($server_port != 443) { + set $isRedcert 2; + } + if ( $uri ~ /\.well-known/ ) { + set $isRedcert 1; + } + if ($isRedcert != 1) { + rewrite ^(/.*)$ https://$host$1 permanent; + } + #HTTP_TO_HTTPS_END + ssl_certificate /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leileiadmin.czchunfang.com_cert/nginx/leileiadmin.czchunfang.com.pem; + ssl_certificate_key /www/wwwroot/integral-shop/deploy/docker/ssl-cert/leileiadmin.czchunfang.com_cert/nginx/leileiadmin.czchunfang.com.key; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_tickets on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + add_header Strict-Transport-Security "max-age=31536000"; + error_page 497 https://$host$request_uri; + #SSL-END + + #REWRITE-START + include /www/server/panel/vhost/rewrite/html_leileiadmin.czchunfang.com.conf; + #REWRITE-END + + # 寄卖商城后台 API → Docker integral-houtai 容器(webman.bin 写死端口 8785) + location ^~ / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Connection ""; + if (!-f $request_filename) { + proxy_pass http://resell_api; + } + } + + location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$ + { return 404; } + + location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ + { return 404; } + + location ~ \.well-known { allow all; } + + if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) { + return 403; + } + + location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { + expires 30d; error_log /dev/null; access_log /dev/null; + } + location ~ .*\.(js|css)?$ { + expires 12h; error_log /dev/null; access_log /dev/null; + } + + access_log /www/wwwlogs/leileiadmin.czchunfang.com.log; + error_log /www/wwwlogs/leileiadmin.czchunfang.com.error.log; +} diff --git a/deploy/docker/redis/redis.conf b/deploy/docker/redis/redis.conf new file mode 100644 index 0000000..62afd8c --- /dev/null +++ b/deploy/docker/redis/redis.conf @@ -0,0 +1,39 @@ +# ============================================================= +# Redis 6.2 — 容器内最小化生产配置 +# 密码由 docker-compose 通过 --requirepass 参数注入 +# ============================================================= + +bind 0.0.0.0 +protected-mode yes +port 6379 +tcp-backlog 511 +timeout 0 +tcp-keepalive 300 + +# 数据持久化: AOF + 一份 RDB 兜底 +appendonly yes +appendfsync everysec +save 900 1 +save 300 10 +save 60 10000 + +dir /data +dbfilename dump.rdb +appendfilename "appendonly.aof" +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +# 内存策略 +maxmemory 512mb +maxmemory-policy allkeys-lru + +# 日志 +loglevel notice +logfile "" + +# 慢日志 +slowlog-log-slower-than 10000 +slowlog-max-len 128 + +# 客户端 +maxclients 1000 diff --git a/deploy/docker/scripts/.gitignore b/deploy/docker/scripts/.gitignore new file mode 100644 index 0000000..4503ccb --- /dev/null +++ b/deploy/docker/scripts/.gitignore @@ -0,0 +1 @@ +server.env diff --git a/deploy/docker/scripts/bootstrap-remote-env.sh b/deploy/docker/scripts/bootstrap-remote-env.sh new file mode 100755 index 0000000..7eec3f6 --- /dev/null +++ b/deploy/docker/scripts/bootstrap-remote-env.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +# ============================================================= +# 首次部署:在远端创建 .env 模板(仅在缺失时创建) +# 同步代码后执行: ./bootstrap-remote-env.sh +# 之后 ssh 上去 vim 这两个文件填入真实密码即可 +# ============================================================= + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [ -f "$SCRIPT_DIR/server.env" ]; then + set -a; . "$SCRIPT_DIR/server.env"; set +a +fi + +SERVER_HOST="${SERVER_HOST:?}" +SERVER_USER="${SERVER_USER:-root}" +SERVER_PORT="${SERVER_PORT:-22}" +REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}" + +if [ -n "${SSHPASS:-}" ]; then + command -v sshpass >/dev/null || { echo "需要 sshpass"; exit 1; } + export SSHPASS + SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null) +else + SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no) +fi + +"${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" bash -se < "$TMPENV/.env" < "$TMPENV/houtai.env" </dev/null 2>&1 || { echo "需要 sshpass"; exit 1; } + export SSHPASS + SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t) +else + SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -t) +fi + +run_remote() { + "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" "cd ${REMOTE_DIR}/deploy/docker && $*" +} + +cmd="${1:-up}" +shift || true + +case "$cmd" in + up) + # 预检:必须存在 .env + run_remote "test -f .env && test -f integral-resell/.env" || { + cat < server.env,填入主机/密码 +# 2. ./sync-to-server.sh # 仅同步 +# ./sync-to-server.sh up # 同步后在远端 docker compose build && up -d +# ./sync-to-server.sh logs # 远端 docker compose logs +# ============================================================= + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)" + +# 读取服务器配置 +if [ -f "$SCRIPT_DIR/server.env" ]; then + # shellcheck disable=SC1091 + set -a + . "$SCRIPT_DIR/server.env" + set +a +elif [ -f "$SCRIPT_DIR/server.env.example" ]; then + echo "[!] 未发现 server.env,请先 cp server.env.example server.env 并修改" + exit 1 +fi + +SERVER_HOST="${SERVER_HOST:?SERVER_HOST 未配置}" +SERVER_USER="${SERVER_USER:-root}" +SERVER_PORT="${SERVER_PORT:-22}" +REMOTE_DIR="${REMOTE_DIR:-/root/integral-shop}" + +# ---------- 选择 SSH/rsync 通道 ---------- +if [ -n "${SSHPASS:-}" ]; then + if ! command -v sshpass >/dev/null 2>&1; then + echo "[!] 检测到 SSHPASS 但未安装 sshpass" + echo " macOS: brew install hudochenkov/sshpass/sshpass" + echo " Linux: apt-get install -y sshpass" + exit 1 + fi + export SSHPASS + SSH=(sshpass -e ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null) + RSYNC_SSH="sshpass -e ssh -p $SERVER_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +else + SSH=(ssh -p "$SERVER_PORT" -o StrictHostKeyChecking=no -o ServerAliveInterval=30) + RSYNC_SSH="ssh -p $SERVER_PORT -o StrictHostKeyChecking=no -o ServerAliveInterval=30" +fi + +remote() { + "${SSH[@]}" "${SERVER_USER}@${SERVER_HOST}" "$@" +} + +# ---------- 1. 远端目录准备 ---------- +echo "[1/3] 准备远端目录 ${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}" +remote "mkdir -p '${REMOTE_DIR}'" + +# 优先使用 homebrew rsync(macOS 内置版本 2.6.9 太旧) +RSYNC_BIN="/opt/homebrew/bin/rsync" +[ -x "$RSYNC_BIN" ] || RSYNC_BIN="rsync" + +# ---------- 2. rsync ---------- +echo "[2/3] rsync ${PROJECT_ROOT}/ -> ${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/" +"$RSYNC_BIN" -avz --delete --partial \ + -e "$RSYNC_SSH" \ + --exclude '.git/' \ + --exclude '.DS_Store' \ + --exclude '*.log' \ + --exclude '**/.idea/' \ + --exclude '**/.cursor/' \ + --exclude '**/.vscode/' \ + --exclude '**/node_modules/' \ + --exclude '**/target/' \ + --exclude '**/unpackage/cache/' \ + --exclude '**/unpackage/dist/dev/' \ + --exclude 'integral-resell/houtai/runtime/logs/' \ + --exclude 'integral-resell/houtai/runtime/sessions/' \ + --exclude 'integral-resell/houtai/runtime/login/' \ + --exclude 'integral-resell/houtai/runtime/webman.pid' \ + --exclude 'single-shop-22/backend/logs/' \ + --exclude 'single-shop-22/backend/crmebimage/' \ + --exclude 'single-shop-22/backend-adminend/dist/' \ + --exclude 'MER-2.2_2601/' \ + --exclude 'db/mysql-recover-20260514/' \ + --exclude 'db/yangtangyoupin.sql' \ + --exclude 'deploy/docker/.env' \ + --exclude 'deploy/docker/integral-resell/.env' \ + --exclude 'deploy/docker/scripts/server.env' \ + "${PROJECT_ROOT}/" "${SERVER_USER}@${SERVER_HOST}:${REMOTE_DIR}/" + +# ---------- 3. 远端 env 文件提示 ---------- +echo "[3/3] 检查远端环境文件" +remote "test -f ${REMOTE_DIR}/deploy/docker/.env || echo '[!] 远端缺少 deploy/docker/.env,请按下面提示创建'" +remote "test -f ${REMOTE_DIR}/deploy/docker/integral-resell/.env || echo '[!] 远端缺少 deploy/docker/integral-resell/.env'" + +echo +echo "===============================================" +echo " rsync 完成" +echo " 远端目录: ${REMOTE_DIR}" +echo "===============================================" + +# ---------- 后续动作 ---------- +case "${1:-${AUTO_UP:-}}" in + up|yes|YES) + echo "[远端] 执行 docker compose build && up -d" + "$SCRIPT_DIR/remote-up.sh" up + ;; + build) + "$SCRIPT_DIR/remote-up.sh" build + ;; + logs) + shift || true + "$SCRIPT_DIR/remote-up.sh" logs "$@" + ;; + "") + echo "下一步:" + echo " $0 up # 同步并启动" + echo " $0 build # 仅构建" + echo " $0 logs # 查看日志" + ;; + *) + echo "未知参数: $1" + exit 2 + ;; +esac diff --git a/deploy/docker/single-shop/admin-api.Dockerfile b/deploy/docker/single-shop/admin-api.Dockerfile new file mode 100644 index 0000000..29c5199 --- /dev/null +++ b/deploy/docker/single-shop/admin-api.Dockerfile @@ -0,0 +1,62 @@ +# ============================================================= +# 寄卖商城 管理后台 API (miao-admin-2.2.jar) +# build context = single-shop-22/backend +# 对应宿主机启动命令: +# nohup java -Xms128m -Xmx256m -jar miao-admin-2.2.jar > admin.log & +# ============================================================= +# syntax=docker/dockerfile:1.6 + +FROM maven:3.8.8-eclipse-temurin-17 AS builder +WORKDIR /src +COPY pom.xml ./ +COPY crmeb-common/pom.xml crmeb-common/pom.xml +COPY crmeb-service/pom.xml crmeb-service/pom.xml +COPY crmeb-admin/pom.xml crmeb-admin/pom.xml +COPY crmeb-front/pom.xml crmeb-front/pom.xml +RUN mvn -B -pl crmeb-admin -am dependency:go-offline -DskipTests || true +COPY . . +RUN mvn -B clean package -pl crmeb-admin -am -DskipTests + +FROM eclipse-temurin:17-jre-jammy +ENV TZ=Asia/Shanghai \ + DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 LC_ALL=C.UTF-8 + +# 堆大小:可通过 compose 的 JAVA_HEAP_OPTS 覆盖 +ENV JAVA_HEAP_OPTS="-Xms128m -Xmx256m" + +# Spring Boot 2.2.6 + Java 17 必须的模块开放参数(固定,不允许 compose 覆盖) +ENV JAVA_MODULE_OPTS="\ + --add-opens java.base/java.lang=ALL-UNNAMED \ + --add-opens java.base/java.lang.reflect=ALL-UNNAMED \ + --add-opens java.base/java.util=ALL-UNNAMED \ + --add-opens java.base/java.io=ALL-UNNAMED \ + --add-opens java.base/java.math=ALL-UNNAMED \ + --add-opens java.base/sun.net.util=ALL-UNNAMED \ + --add-opens java.base/java.net=ALL-UNNAMED" + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + tzdata ca-certificates curl \ + fontconfig fonts-dejavu fonts-wqy-zenhei \ + && ln -sf /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir -p /app /config /usr/local/crmeb/crmebimage /app/log + +WORKDIR /app +COPY --from=builder /src/crmeb-admin/target/miao-admin-2.2.jar /app/app.jar + +EXPOSE 30032 + +# 等价于:nohup java -Xms128m -Xmx256m -jar miao-admin-2.2.jar > admin.log & +# 日志直接输出到容器 stdout,docker logs 可查看 +ENTRYPOINT ["sh","-c","exec java \ + $JAVA_HEAP_OPTS \ + $JAVA_MODULE_OPTS \ + -Dfile.encoding=UTF-8 \ + -Duser.timezone=$TZ \ + -jar /app/app.jar \ + --spring.profiles.active=${SPRING_PROFILES_ACTIVE:-docker} \ + --spring.config.additional-location=file:/config/ \ + --server.port=${SERVER_PORT:-30032}"] diff --git a/deploy/docker/single-shop/admin-web.Dockerfile b/deploy/docker/single-shop/admin-web.Dockerfile new file mode 100644 index 0000000..13c959d --- /dev/null +++ b/deploy/docker/single-shop/admin-web.Dockerfile @@ -0,0 +1,88 @@ +# ============================================================= +# 寄卖商城 管理后台前端 (Vue 2 / Vue CLI 4) +# build context = single-shop-22/backend-adminend +# 多阶段: Node 构建 -> Nginx 运行;可通过 ARG VUE_APP_BASE_API 注入 API 域名 +# +# 想直接使用源码里已有的 dist/: 用 --target=fast 构建 +# ============================================================= +# syntax=docker/dockerfile:1.6 + +# ---------- 构建阶段(默认) ---------- +FROM node:16-alpine AS builder + +# 留空(默认)→ 浏览器走与 nginx 同域的 /api/;填具体 URL 则直连后端 +ARG VUE_APP_BASE_API="" +ENV NODE_OPTIONS=--openssl-legacy-provider \ + NPM_CONFIG_REGISTRY=https://registry.npmmirror.com + +WORKDIR /app +COPY package.json yarn.lock* package-lock.json* ./ +RUN (yarn install --frozen-lockfile 2>/dev/null) || npm ci || npm install --legacy-peer-deps + +COPY . . +# 覆盖 .env.production,使用 build arg +RUN printf "ENV='production'\nVUE_APP_BASE_API=%s\n" "$VUE_APP_BASE_API" > .env.production \ + && npm run build:prod + +# ---------- 运行阶段 ---------- +FROM nginx:1.25-alpine AS runtime +ENV TZ=Asia/Shanghai +RUN apk add --no-cache tzdata \ + && cp /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone + +COPY --from=builder /app/dist /usr/share/nginx/html + +RUN cat > /etc/nginx/conf.d/default.conf <<'NGX' +server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + client_max_body_size 50m; + add_header X-Frame-Options SAMEORIGIN always; + + location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } + + # 反代到管理后台 API + location /api/ { + proxy_pass http://single-admin-api:30032/api/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + client_max_body_size 50m; + } + + # CRMEB 部分接口直接命中 /adminapi (兼容) + location /adminapi/ { + proxy_pass http://single-admin-api:30032/adminapi/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + try_files $uri $uri/ /index.html; + } +} +NGX + +EXPOSE 80 + +# ---------- 备选: 直接复用源码已构建的 dist/(fast 模式) ---------- +# 构建命令: docker compose build --target fast single-admin-web +FROM nginx:1.25-alpine AS fast +ENV TZ=Asia/Shanghai +RUN apk add --no-cache tzdata \ + && cp /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone +COPY dist/ /usr/share/nginx/html +COPY --from=runtime /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf +EXPOSE 80 diff --git a/deploy/docker/single-shop/application-docker.yml b/deploy/docker/single-shop/application-docker.yml new file mode 100644 index 0000000..663b9ab --- /dev/null +++ b/deploy/docker/single-shop/application-docker.yml @@ -0,0 +1,68 @@ +# ============================================================= +# 寄卖商城 Docker 部署专用 Spring profile +# 通过 --spring.config.additional-location=file:/config/ + --spring.profiles.active=docker +# 加载本文件,并由环境变量覆盖关键参数 +# ============================================================= + +server: + port: ${SERVER_PORT:30032} + +crmeb: + imagePath: /usr/local/crmeb/crmebimage/ + captchaOn: false + asyncConfig: true + demoSite: false + +spring: + datasource: + name: ${MYSQL_DATABASE} + type: com.alibaba.druid.pool.DruidDataSource + driver-class-name: com.mysql.jdbc.Driver + url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:3306}/${MYSQL_DATABASE}?useUnicode=true&characterEncoding=utf8&serverTimezone=GMT%2B8&useSSL=false&allowPublicKeyRetrieval=true + username: ${MYSQL_USERNAME} + password: ${MYSQL_PASSWORD} + druid: + initial-size: 5 + min-idle: 5 + max-active: 50 + max-wait: 60000 + validation-query: SELECT 1 + test-while-idle: true + test-on-borrow: false + test-on-return: false + redis: + host: ${REDIS_HOST:redis} + port: ${REDIS_PORT:6379} + password: ${REDIS_PASSWORD:} + database: ${REDIS_DATABASE:0} + timeout: 10000 + jedis: + pool: + max-active: 200 + max-wait: -1 + max-idle: 10 + min-idle: 0 + time-between-eviction-runs: -1 + +# 订单同步(无 MER 时填默认) +sync: + source-id: ${SYNC_SOURCE_ID:} + target-mer-id: ${SYNC_TARGET_MER_ID:0} + +logging: + level: + io.swagger.*: error + com.zbjk.crmeb: info + org.springframework.boot.autoconfigure: ERROR + config: classpath:logback-spring.xml + file: + path: /app/log + +mybatis-plus: + configuration: + log-impl: + +swagger: + basic: + enable: false + check: false diff --git a/deploy/docker/single-shop/front-api.Dockerfile b/deploy/docker/single-shop/front-api.Dockerfile new file mode 100644 index 0000000..c66cb22 --- /dev/null +++ b/deploy/docker/single-shop/front-api.Dockerfile @@ -0,0 +1,62 @@ +# ============================================================= +# 寄卖商城 用户端 API (miao-front-2.2.jar) +# build context = single-shop-22/backend +# 对应宿主机启动命令: +# nohup java -Xms128m -Xmx256m -jar miao-front-2.2.jar > front.log & +# ============================================================= +# syntax=docker/dockerfile:1.6 + +FROM maven:3.8.8-eclipse-temurin-17 AS builder +WORKDIR /src +COPY pom.xml ./ +COPY crmeb-common/pom.xml crmeb-common/pom.xml +COPY crmeb-service/pom.xml crmeb-service/pom.xml +COPY crmeb-admin/pom.xml crmeb-admin/pom.xml +COPY crmeb-front/pom.xml crmeb-front/pom.xml +RUN mvn -B -pl crmeb-front -am dependency:go-offline -DskipTests || true +COPY . . +RUN mvn -B clean package -pl crmeb-front -am -DskipTests + +FROM eclipse-temurin:17-jre-jammy +ENV TZ=Asia/Shanghai \ + DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 LC_ALL=C.UTF-8 + +# 堆大小:可通过 compose 的 JAVA_HEAP_OPTS 覆盖 +ENV JAVA_HEAP_OPTS="-Xms128m -Xmx256m" + +# Spring Boot 2.2.6 + Java 17 必须的模块开放参数(固定,不允许 compose 覆盖) +ENV JAVA_MODULE_OPTS="\ + --add-opens java.base/java.lang=ALL-UNNAMED \ + --add-opens java.base/java.lang.reflect=ALL-UNNAMED \ + --add-opens java.base/java.util=ALL-UNNAMED \ + --add-opens java.base/java.io=ALL-UNNAMED \ + --add-opens java.base/java.math=ALL-UNNAMED \ + --add-opens java.base/sun.net.util=ALL-UNNAMED \ + --add-opens java.base/java.net=ALL-UNNAMED" + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + tzdata ca-certificates curl \ + fontconfig fonts-dejavu fonts-wqy-zenhei \ + && ln -sf /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir -p /app /config /usr/local/crmeb/crmebimage /app/log + +WORKDIR /app +COPY --from=builder /src/crmeb-front/target/miao-front-2.2.jar /app/app.jar + +EXPOSE 30031 + +# 等价于:nohup java -Xms128m -Xmx256m -jar miao-front-2.2.jar > front.log & +# 日志直接输出到容器 stdout,docker logs 可查看 +ENTRYPOINT ["sh","-c","exec java \ + $JAVA_HEAP_OPTS \ + $JAVA_MODULE_OPTS \ + -Dfile.encoding=UTF-8 \ + -Duser.timezone=$TZ \ + -jar /app/app.jar \ + --spring.profiles.active=${SPRING_PROFILES_ACTIVE:-docker} \ + --spring.config.additional-location=file:/config/ \ + --server.port=${SERVER_PORT:-30031}"] diff --git a/deploy/docker/single-shop/h5.Dockerfile b/deploy/docker/single-shop/h5.Dockerfile new file mode 100644 index 0000000..ee51ddd --- /dev/null +++ b/deploy/docker/single-shop/h5.Dockerfile @@ -0,0 +1,96 @@ +# ============================================================= +# 寄卖商城 用户端 H5 (uni-app) +# build context = single-shop-22/single_uniapp22miao +# 多阶段: Node 构建 H5 -> Nginx 运行 +# 通过 ARG H5_API_DOMAIN 注入 API 域名(留空走同域 /api/) +# +# 直接复用源码已构建产物: 用 --target=fast 构建 +# ============================================================= +# syntax=docker/dockerfile:1.6 + +# ---------- 构建阶段 ---------- +FROM node:16-alpine AS builder +ARG H5_API_DOMAIN="" +ENV NODE_OPTIONS=--openssl-legacy-provider \ + NPM_CONFIG_REGISTRY=https://registry.npmmirror.com + +WORKDIR /app +COPY package.json package-lock.json* ./ +RUN npm install --legacy-peer-deps + +COPY . . + +# 重写 config/app.js 中的 domain +# 留空时使用同域: let domain = '' +RUN sed -i -E "s|^let[[:space:]]+domain[[:space:]]*=.*|let domain = '${H5_API_DOMAIN}'|" config/app.js \ + && sed -i -E "s|HTTP_H5_URL:[[:space:]]*'[^']*'|HTTP_H5_URL: '${H5_API_DOMAIN}'|" config/app.js \ + && cat config/app.js + +RUN npm run build:h5 + +# uni-app 默认产物路径 +# unpackage/dist/build/h5 (Vue CLI Plugin uni 旧版: unpackage/dist/build/web) + +# ---------- 运行阶段 ---------- +FROM nginx:1.25-alpine AS runtime +ENV TZ=Asia/Shanghai +RUN apk add --no-cache tzdata \ + && cp /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone + +COPY --from=builder /app/unpackage/dist/build/ /tmp/h5build/ +# 兼容两种输出目录名 h5/ 或 web/ +RUN if [ -d /tmp/h5build/h5 ]; then cp -r /tmp/h5build/h5/. /usr/share/nginx/html/; \ + elif [ -d /tmp/h5build/web ]; then cp -r /tmp/h5build/web/. /usr/share/nginx/html/; \ + else echo "未找到 h5 / web 产物"; exit 1; fi \ + && rm -rf /tmp/h5build + +RUN cat > /etc/nginx/conf.d/default.conf <<'NGX' +server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + client_max_body_size 50m; + add_header X-Frame-Options SAMEORIGIN always; + + location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } + + location /api/ { + proxy_pass http://single-front-api:30031/api/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + client_max_body_size 50m; + } + + location / { + try_files $uri $uri/ /index.html; + } +} +NGX + +EXPOSE 80 + +# ---------- 备选: 直接复用源码已构建的 unpackage/dist/build/h5 ---------- +# 构建: docker compose build --target fast single-h5 +FROM nginx:1.25-alpine AS fast +ENV TZ=Asia/Shanghai +RUN apk add --no-cache tzdata \ + && cp /usr/share/zoneinfo/$TZ /etc/localtime \ + && echo $TZ > /etc/timezone + +COPY unpackage/dist/build/ /tmp/h5build/ +RUN if [ -d /tmp/h5build/h5 ]; then cp -r /tmp/h5build/h5/. /usr/share/nginx/html/; \ + elif [ -d /tmp/h5build/web ]; then cp -r /tmp/h5build/web/. /usr/share/nginx/html/; \ + else echo "未找到 h5 / web 产物"; exit 1; fi \ + && rm -rf /tmp/h5build +COPY --from=runtime /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf +EXPOSE 80 diff --git a/deploy/docker/single-shop/nginx-admin-web.conf b/deploy/docker/single-shop/nginx-admin-web.conf new file mode 100644 index 0000000..dc88c9c --- /dev/null +++ b/deploy/docker/single-shop/nginx-admin-web.conf @@ -0,0 +1,37 @@ +# 仅供参考: 内容已内联到 admin-web.Dockerfile +server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + client_max_body_size 50m; + add_header X-Frame-Options SAMEORIGIN always; + + location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } + + location /api/ { + proxy_pass http://single-admin-api:30032/api/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + client_max_body_size 50m; + } + + location /adminapi/ { + proxy_pass http://single-admin-api:30032/adminapi/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/deploy/docker/single-shop/nginx-h5.conf b/deploy/docker/single-shop/nginx-h5.conf new file mode 100644 index 0000000..84837c3 --- /dev/null +++ b/deploy/docker/single-shop/nginx-h5.conf @@ -0,0 +1,30 @@ +# 仅供参考: 内容已内联到 h5.Dockerfile +server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + client_max_body_size 50m; + add_header X-Frame-Options SAMEORIGIN always; + + location ~* \.(?:js|css|png|jpg|jpeg|gif|svg|woff2?|ttf|map)$ { + expires 30d; + add_header Cache-Control "public, max-age=2592000, immutable"; + try_files $uri =404; + } + + location /api/ { + proxy_pass http://single-front-api:30031/api/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 120s; + client_max_body_size 50m; + } + + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/deploy/docker/ssl-cert/.gitignore b/deploy/docker/ssl-cert/.gitignore new file mode 100644 index 0000000..f746035 --- /dev/null +++ b/deploy/docker/ssl-cert/.gitignore @@ -0,0 +1,7 @@ +# 忽略证书文件,不入库 +*.pem +*.key +*.crt +*.cer +*.p12 +*.pfx diff --git a/deploy/docker/step1-integral/.env.example b/deploy/docker/step1-integral/.env.example new file mode 100644 index 0000000..e77ba45 --- /dev/null +++ b/deploy/docker/step1-integral/.env.example @@ -0,0 +1,31 @@ +# ============================================================= +# 步骤一:寄卖商城环境变量 — 池州雷蕾商贸 czleilei240 +# cp .env.example .env 并填入真实密码 +# .env 不入库 +# ============================================================= + +TZ=Asia/Shanghai + +# ---------- Redis(容器内) ---------- +REDIS_PASSWORD=change-me-redis + +# ---------- H5 对外域名(浏览器可达) ---------- +INTEGRAL_TITLE=池州雷蕾商贸 +INTEGRAL_API_PUBLIC_URL=https://leileiadmin.czchunfang.com +INTEGRAL_IMG_PUBLIC_URL=https://leileiadmin.czchunfang.com +INTEGRAL_H5_PUBLIC_URL=https://leilei.czchunfang.com/ +INTEGRAL_SN_ID=17533260260517 +INTEGRAL_APP_STR=ZFyTNQTWEkCBczKzyUDJWE9Ecx260517 +INTEGRAL_CONTRACT_PAGE=10012 + +# ---------- 宿主机暴露端口 ---------- +INTEGRAL_H5_PORT=18080 +# webman API 直连端口(宝塔 Nginx leileiadmin.czchunfang.com → 此端口) +RESELL_API_PORT=18085 + +# ---------- 宿主机目录映射(bind mount,与原部署路径一致)---------- +# 寄卖商城 H5 静态文件目录(手动改 JS/configs.js 直接生效,无需重建镜像) +RESELL_H5_DIR=/www/wwwroot/leilei.czchunfang.com +# webman 后台完整应用目录(FTP 上传新 webman.bin/public/ 后 restart 容器即可更新) +# 上传图片、public/upload 等均包含在此目录内,无需单独挂载 +RESELL_HOUTAI_DIR=/www/wwwroot/leileiadmin.czchunfang.com diff --git a/deploy/docker/step1-integral/.gitignore b/deploy/docker/step1-integral/.gitignore new file mode 100644 index 0000000..4621727 --- /dev/null +++ b/deploy/docker/step1-integral/.gitignore @@ -0,0 +1,2 @@ +.env +houtai.env diff --git a/deploy/docker/step1-integral/README.md b/deploy/docker/step1-integral/README.md new file mode 100644 index 0000000..a46e27c --- /dev/null +++ b/deploy/docker/step1-integral/README.md @@ -0,0 +1,126 @@ +# 步骤一:寄卖商城 Docker 部署(池州雷蕾商贸 czleilei240) + +项目:`integral-resell`(寄卖商城) +服务:`redis` · `integral-houtai`(Webman PHP 8.0)· `integral-h5`(Nginx 静态站) + +步骤二(积分商城)与本步骤完全独立,可以单独部署、单独重启。 + +--- + +## 快速部署 + +```bash +cd deploy/docker/step1-integral + +# 1. 准备环境变量 +cp .env.example .env +cp houtai.env.example houtai.env +vim .env # 填入 REDIS_PASSWORD +vim houtai.env # 填入 DB_PASSWORD(RDS 密码)、REDIS_PASSWORD(同 .env) + +# 2. 首次部署:在服务器上确保宿主机目录存在 +# (若原部署目录已存在则跳过) +mkdir -p /www/wwwroot/leilei.czchunfang.com +mkdir -p /www/wwwroot/leileiadmin.czchunfang.com/public/upload + +# 3. 将 H5 静态文件同步到宿主机目录(首次 / 每次前端更新后) +rsync -av integral-resell/h5/ /www/wwwroot/leilei.czchunfang.com/ + +# 4. 构建并启动 +docker compose --env-file .env up -d --build + +# 5. 查看状态 +docker compose --env-file .env ps +docker compose --env-file .env logs -f integral-houtai +``` + +--- + +## 目录映射(宿主机 ↔ 容器) + +| 宿主机路径 | 容器路径 | 用途 | +|---|---|---| +| `/www/wwwroot/leilei.czchunfang.com` | `/usr/share/nginx/html` | H5 静态文件,手动改 JS 即时生效 | +| `/www/wwwroot/leileiadmin.czchunfang.com/public/upload` | `/app/public/upload` | webman 后台上传文件 | +| `./houtai.env` | `/app/.env` | 运行时配置,只读挂入,不打进镜像 | +| `integral-runtime`(named vol)| `/app/runtime` | webman PID、session 等运行时数据 | + +> **H5 文件更新流程**:直接修改 `/www/wwwroot/leilei.czchunfang.com/` 下的文件(如 JS bundle、configs.js), +> Nginx 下次请求时自动读取新文件,**无需重启容器**。 +> 仅当 Nginx 配置或镜像本身需要变更时,才需要 `docker compose build integral-h5`。 + +| 域名 | 用途 | Docker 容器端口 | 宿主机端口 | 宝塔 upstream | +|---|---|---|---|---| +| `leilei.czchunfang.com` | 寄卖商城 H5 | integral-h5:80 | **18080** | `resell_h5` | +| `leileiadmin.czchunfang.com` | 寄卖商城 API / 后台 | integral-houtai:**8785** | **18085** | `resell_api` | + +> webman.bin 写死监听 **8785** 端口。 +> - H5 容器内部 Nginx 已将 `/api/` 和 `/upload/` 代理到 `integral-houtai:8785`(Docker 内网,无需暴露) +> - 宝塔 Nginx 的 `leileiadmin.czchunfang.com` 直连宿主机 **18085**(映射到 webman 8785) + +--- + +## 宝塔 Nginx 配置 + +将以下两个文件内容分别粘贴到宝塔面板对应站点的「配置文件」中: + +| 配置文件 | 说明 | +|---|---| +| `deploy/docker/nginx/leilei.czchunfang.com.conf` | H5 站点,upstream → 127.0.0.1:18080 | +| `deploy/docker/nginx/leileiadmin.czchunfang.com.conf` | API 站点,upstream → 127.0.0.1:18085 | + +证书路径(文件已在项目中): + +``` +deploy/docker/ssl-cert/ + leilei.czchunfang.com_cert/nginx/leilei.czchunfang.com.{pem,key} + leileiadmin.czchunfang.com_cert/nginx/leileiadmin.czchunfang.com.{pem,key} +``` + +--- + +## 验证 + +| 地址 | 预期 | +|------|------| +| `https://leilei.czchunfang.com/` | 寄卖商城 H5 首页(生产) | +| `https://leileiadmin.czchunfang.com/api/...` | 寄卖商城 API(生产) | +| `http://116.62.83.240:18080/` | H5 直连测试(绕过域名/SSL) | + +--- + +## 常用命令 + +```bash +# 重启 webman +docker compose --env-file .env restart integral-houtai + +# 看 webman 日志 +docker compose --env-file .env logs -f integral-houtai + +# 进入 webman 容器 +docker compose --env-file .env exec integral-houtai bash + +# 仅重建 H5(改了 .env 中的域名参数后) +docker compose --env-file .env build integral-h5 +docker compose --env-file .env up -d integral-h5 + +# 停止(保留卷) +docker compose --env-file .env down + +# 停止并删除所有卷(慎用:清空上传图片和 runtime) +docker compose --env-file .env down -v +``` + +--- + +## 关键一致性检查 + +| 位置 | 值 | +|---|---| +| `.env` INTEGRAL_API_PUBLIC_URL | `https://leileiadmin.czchunfang.com` | +| `.env` INTEGRAL_H5_PUBLIC_URL | `https://leilei.czchunfang.com/` | +| `.env` INTEGRAL_APP_STR | `ZFyTNQTWEkCBczKzyUDJWE9Ecx260517` | +| `houtai.env` APP_SECRET | **同上** | +| `.env` INTEGRAL_SN_ID | `17533260260517` | +| `h5/static/configs.js` sn_id | **同上** | diff --git a/deploy/docker/step1-integral/docker-compose.yml b/deploy/docker/step1-integral/docker-compose.yml new file mode 100644 index 0000000..acee8d5 --- /dev/null +++ b/deploy/docker/step1-integral/docker-compose.yml @@ -0,0 +1,95 @@ +# ============================================================= +# 步骤一:寄卖商城(integral-resell)独立部署 +# 客户:池州雷蕾商贸 czleilei240 +# 包含服务:redis · integral-houtai(webman) · integral-h5(Nginx) +# ============================================================= + +name: resell-czleilei240 + +x-common: &common + restart: unless-stopped + environment: + TZ: ${TZ:-Asia/Shanghai} + logging: + driver: json-file + options: + max-size: "20m" + max-file: "5" + +networks: + integral-net: + driver: bridge + +volumes: + integral-redis-data: + integral-runtime: + +services: + # ---------- Redis ---------- + redis: + <<: *common + build: + context: . + dockerfile: redis.Dockerfile + image: resell-czleilei240/redis:local + container_name: integral-redis + command: ["--requirepass", "${REDIS_PASSWORD}", "--appendonly", "yes"] + volumes: + - integral-redis-data:/data + networks: [integral-net] + healthcheck: + test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] + interval: 10s + timeout: 3s + retries: 5 + + # ---------- Webman 后端 ---------- + integral-houtai: + <<: *common + build: + context: ../../../integral-resell/houtai + dockerfile: ../../deploy/docker/integral-resell/houtai.Dockerfile + image: resell-czleilei240/houtai:latest + container_name: integral-houtai + networks: [integral-net] + ports: + # 宝塔 Nginx 直连 webman API(webman.bin 写死监听 8785) + - "${RESELL_API_PORT:-18085}:8785" + volumes: + # 整个应用目录挂到宿主机 /www/wwwroot/leileiadmin.czchunfang.com/ + # FTP 上传新 webman.bin / public/ 后 docker compose restart integral-houtai 即可生效 + - ${RESELL_HOUTAI_DIR}:/app + # .env 单独挂入(覆盖宿主机目录里的 .env),避免明文密码出现在 wwwroot + - ./houtai.env:/app/.env:ro + # runtime 使用命名卷(日志/session/pid 不受 FTP 覆盖影响) + - integral-runtime:/app/runtime + depends_on: + redis: + condition: service_healthy + + # ---------- H5 静态站 ---------- + integral-h5: + <<: *common + build: + context: ../../../integral-resell/h5 + dockerfile: ../../deploy/docker/integral-resell/h5.Dockerfile + image: resell-czleilei240/h5:latest + container_name: integral-h5 + networks: [integral-net] + environment: + TZ: ${TZ:-Asia/Shanghai} + INTEGRAL_TITLE: ${INTEGRAL_TITLE} + INTEGRAL_API_PUBLIC_URL: ${INTEGRAL_API_PUBLIC_URL} + INTEGRAL_IMG_PUBLIC_URL: ${INTEGRAL_IMG_PUBLIC_URL} + INTEGRAL_H5_PUBLIC_URL: ${INTEGRAL_H5_PUBLIC_URL} + INTEGRAL_SN_ID: ${INTEGRAL_SN_ID} + INTEGRAL_APP_STR: ${INTEGRAL_APP_STR} + INTEGRAL_CONTRACT_PAGE: ${INTEGRAL_CONTRACT_PAGE} + volumes: + # H5 静态文件目录挂到宿主机,手动更新 JS/configs.js 直接生效,无需重建镜像 + # 子目录 crmebimage/ 同时由步骤二 Java 后端写入(PDF/图片),Nginx 直接对外提供访问 + - ${RESELL_H5_DIR}:/usr/share/nginx/html + ports: + - "${INTEGRAL_H5_PORT:-18080}:80" + depends_on: + - integral-houtai diff --git a/deploy/docker/step1-integral/houtai.env.example b/deploy/docker/step1-integral/houtai.env.example new file mode 100644 index 0000000..193ff21 --- /dev/null +++ b/deploy/docker/step1-integral/houtai.env.example @@ -0,0 +1,37 @@ +# ============================================================= +# Webman 后端运行时配置 — 池州雷蕾商贸 czleilei240(寄卖商城) +# cp houtai.env.example houtai.env 并填入真实密码 +# houtai.env 不入库,由 docker-compose volumes: 挂入 /app/.env +# ============================================================= + +# MySQL(阿里云 RDS) +DB_HOST = 'rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com' +DB_PORT = 3306 +DB_DATABASE = 'yangtangyoupin' +DB_USERNAME = 'yangtangyoupin' +DB_PASSWORD = 'change-me' + +# Redis(指向同 compose 内的 redis 容器) +REDIS_HOST = 'redis' +REDIS_PORT = 6379 +REDIS_PASSWORD = 'change-me-redis' + +# 短信(池州雷蕾商贸专属通道) +SMS_CHANNEL = 'alibaba' +SMS_SIGNNAME = '池州雷蕾商贸' +SMS_TEMPLATE = 'SMS_334320185' +SMS_KEYID = 'LTAI5t7CfS15hZGdNLLEMUwG' +SMS_KEYSECRET = 'ikfTvHbMMg5sStGgdvLNL8iuVYdner' +SMS_SDKAPPID = '' + +# OSS(不启用则走本地 public/upload) +FILE_STORAGE = 'public' +OSS_ACCESS_ID = '' +OSS_ACCESS_SECRET = '' +OSS_BUCKET = '' +OSS_ENDPOINT = '' +OSS_URL = '' + +# 业务标识(须与 H5 configs.js 的 sn_id / appStr 以及积分商城 admin 后台一致) +APP_SIGN = '1' +APP_SECRET = 'ZFyTNQTWEkCBczKzyUDJWE9Ecx260517' diff --git a/deploy/docker/step1-integral/redis.Dockerfile b/deploy/docker/step1-integral/redis.Dockerfile new file mode 100644 index 0000000..58e1edd --- /dev/null +++ b/deploy/docker/step1-integral/redis.Dockerfile @@ -0,0 +1,13 @@ +# 使用 Alpine 通过 apk 安装 Redis,绕过镜像源问题 +FROM alpine:3.19 + +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \ + && apk add --no-cache redis tzdata \ + && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && echo "Asia/Shanghai" > /etc/timezone + +VOLUME /data +WORKDIR /data +EXPOSE 6379 + +ENTRYPOINT ["redis-server"] diff --git a/deploy/docker/step2-single-shop/.env.example b/deploy/docker/step2-single-shop/.env.example new file mode 100644 index 0000000..8069c39 --- /dev/null +++ b/deploy/docker/step2-single-shop/.env.example @@ -0,0 +1,37 @@ +# ============================================================= +# 步骤二:积分商城环境变量 — 池州雷蕾商贸 czleilei240 +# cp .env.example .env 并填入真实密码 +# .env 不入库 +# ============================================================= + +TZ=Asia/Shanghai + +# ---------- Redis(容器内,与步骤一独立) ---------- +REDIS_PASSWORD=change-me-redis + +# ---------- 阿里云 RDS ---------- +RDS_HOST=rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com +RDS_DB=yangtangyoupin +RDS_USER=yangtangyoupin +RDS_PASSWORD=change-me + +# ---------- 积分商城 admin web 打包目标 URL ---------- +# VUE_APP_BASE_API(backend-adminend 打包时注入,指向 single-shop-22 admin-api) +SINGLE_ADMIN_API_PUBLIC_URL=https://leilei-jf.czchunfang.com + +# ---------- 积分商城 H5 打包目标 URL ---------- +# H5_API_DOMAIN(uni-app 打包时注入 config/app.js,指向 single-shop-22 front-api) +SINGLE_FRONT_API_PUBLIC_URL=https://leilei-jf.czchunfang.com + +# ---------- 订单同步(多商户 source / target) ---------- +SYNC_SOURCE_ID=shop_15 +SYNC_TARGET_MER_ID=15 + +# ---------- 图片/PDF 目录(与步骤一 H5 Nginx 共享宿主机路径)---------- +# Java 后端写入 /usr/local/crmeb/crmebimage/ → 宿主机 /www/wwwroot/leilei.czchunfang.com/crmebimage/ +# 步骤一的 H5 Nginx 从 /www/wwwroot/leilei.czchunfang.com/ 对外提供访问 +CRMEB_IMAGE_DIR=/www/wwwroot/leilei.czchunfang.com/crmebimage + +# ---------- 宿主机暴露端口 ---------- +SINGLE_ADMIN_PORT=18081 +SINGLE_H5_PORT=18082 diff --git a/deploy/docker/step2-single-shop/.gitignore b/deploy/docker/step2-single-shop/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/deploy/docker/step2-single-shop/.gitignore @@ -0,0 +1 @@ +.env diff --git a/deploy/docker/step2-single-shop/README.md b/deploy/docker/step2-single-shop/README.md new file mode 100644 index 0000000..4b09135 --- /dev/null +++ b/deploy/docker/step2-single-shop/README.md @@ -0,0 +1,130 @@ +# 步骤二:积分商城 Docker 部署(池州雷蕾商贸 czleilei240) + +项目:`single-shop-22`(积分商城) +服务:`redis` · `single-front-api`(Spring Boot)· `single-admin-api`(Spring Boot) +`single-admin-web`(Vue 管理后台)· `single-h5`(uni-app H5) + +步骤一(寄卖商城)与本步骤完全独立,可以单独部署、单独重启。 + +--- + +## 快速部署 + +```bash +cd deploy/docker/step2-single-shop + +# 1. 准备环境变量 +cp .env.example .env +vim .env # 填入 RDS_PASSWORD、REDIS_PASSWORD + +# 2. 全量构建并启动(首次,会编译 Java jar + 打包前端) +docker compose --env-file .env up -d --build + +# 3. 查看状态 +docker compose --env-file .env ps +docker compose --env-file .env logs -f single-front-api +docker compose --env-file .env logs -f single-admin-api +``` + +> ⚠️ Java 构建需要从 Maven Central 下载依赖,首次约需 10-20 分钟,请耐心等待。 + +--- + +## 域名与端口 + +| 域名 | 用途 | 宿主机端口 | +|---|---|---| +| `leilei-jf.czchunfang.com` | 积分商城 H5(uni-app) | **18082** | +| `leilei-jfadmin.czchunfang.com` | 积分商城管理后台(Vue) | **18081** | + +> Spring Boot API 端口(30032 / 30033)仅容器内使用,不对外暴露,通过 Nginx 反代访问。 + +--- + +## 宝塔 Nginx 配置 + +将以下两个文件内容分别粘贴到宝塔面板对应站点的「配置文件」中: + +| 配置文件 | 说明 | +|---|---| +| `deploy/docker/nginx/leilei-jf.czchunfang.com.conf` | H5 站点,upstream → 127.0.0.1:18082 | +| `deploy/docker/nginx/leilei-jfadmin.czchunfang.com.conf` | 管理后台,upstream → 127.0.0.1:18081 | + +证书路径(文件已在项目中): + +``` +deploy/docker/ssl-cert/ + leilei-jf.czchunfang.com_cert/nginx/leilei-jf.czchunfang.com.{pem,key} + leilei-jfadmin.czchunfang.com_cert/nginx/leilei-jfadmin.czchunfang.com.{pem,key} +``` + +--- + +## 验证 + +| 地址 | 预期 | +|------|------| +| `https://leilei-jf.czchunfang.com/` | 积分商城 H5(生产) | +| `https://leilei-jfadmin.czchunfang.com/` | 积分商城管理后台(生产) | +| `http://116.62.83.240:18082/` | H5 直连测试(绕过域名/SSL) | +| `http://116.62.83.240:18081/` | 管理后台直连测试 | + +--- + +## 仅重建前端(改了域名后) + +前端镜像在 build time 注入了 API 域名(`VUE_APP_BASE_API` / `H5_API_DOMAIN`), +修改 `.env` 中的 URL 后需要重新构建: + +```bash +# 重建管理后台(改了 SINGLE_ADMIN_API_PUBLIC_URL) +docker compose --env-file .env build single-admin-web +docker compose --env-file .env up -d single-admin-web + +# 重建 H5(改了 SINGLE_FRONT_API_PUBLIC_URL) +docker compose --env-file .env build single-h5 +docker compose --env-file .env up -d single-h5 +``` + +--- + +## 常用命令 + +```bash +# 重启某个服务 +docker compose --env-file .env restart single-admin-api + +# 实时日志 +docker compose --env-file .env logs -f single-admin-api +docker compose --env-file .env logs -f single-front-api + +# 进入容器 +docker compose --env-file .env exec single-admin-api bash + +# 停止(保留卷) +docker compose --env-file .env down + +# 停止并删除卷(慎用:清空图片/日志) +docker compose --env-file .env down -v +``` + +--- + +## czleilei240 关键配置对照 + +| 配置项 | 值 | +|---|---| +| RDS Host | `rm-bp1a178eq62lxba9xbo.mysql.rds.aliyuncs.com` | +| DB / User | `yangtangyoupin` | +| admin-web API URL(VUE_APP_BASE_API) | `https://leilei-jf.czchunfang.com` | +| H5 API Domain(H5_API_DOMAIN) | `https://leilei-jf.czchunfang.com` | +| SYNC_SOURCE_ID | `shop_15` | +| SYNC_TARGET_MER_ID | `15` | +| Spring profile | `docker`(application-docker.yml 通过 env 注入) | + +--- + +## 备注 + +- `single-images` 卷挂载到两个 API 容器,确保图片文件共享。 +- JVM 参数已包含 Java 17 + Spring Boot 2.2.6 所需的 `--add-opens` 标志(见 Dockerfile)。 diff --git a/deploy/docker/step2-single-shop/docker-compose.yml b/deploy/docker/step2-single-shop/docker-compose.yml new file mode 100644 index 0000000..0941867 --- /dev/null +++ b/deploy/docker/step2-single-shop/docker-compose.yml @@ -0,0 +1,163 @@ +# ============================================================= +# 步骤二:积分商城(single-shop-22)独立部署 +# 客户:池州雷蕾商贸 czleilei240 +# 包含服务:redis · single-admin-api · single-front-api +# single-admin-web(Vue) · single-h5(uni-app) +# ============================================================= + +name: jifenmall-czleilei240 + +x-common: &common + restart: unless-stopped + environment: + TZ: ${TZ:-Asia/Shanghai} + logging: + driver: json-file + options: + max-size: "20m" + max-file: "5" + +x-spring-common: &spring-common + <<: *common + environment: + TZ: ${TZ:-Asia/Shanghai} + MYSQL_HOST: ${RDS_HOST} + MYSQL_DATABASE: ${RDS_DB} + MYSQL_USERNAME: ${RDS_USER} + MYSQL_PASSWORD: ${RDS_PASSWORD} + REDIS_HOST: redis + REDIS_PORT: 6379 + REDIS_PASSWORD: ${REDIS_PASSWORD} + SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-shop_15} + SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-15} + +networks: + single-net: + driver: bridge + +volumes: + single-redis-data: + single-front-logs: + single-admin-logs: + +services: + # ---------- Redis ---------- + redis: + <<: *common + image: redis:6.2-alpine + container_name: single-redis + command: ["redis-server", "--requirepass", "${REDIS_PASSWORD}", "--appendonly", "yes"] + volumes: + - single-redis-data:/data + networks: [single-net] + healthcheck: + test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] + interval: 10s + timeout: 3s + retries: 5 + + # ---------- Front API(用户端 Spring Boot) ---------- + single-front-api: + <<: *spring-common + build: + context: ../../../single-shop-22/backend + dockerfile: ../../deploy/docker/single-shop/front-api.Dockerfile + image: jifenmall-czleilei240/front-api:latest + container_name: single-front-api + networks: [single-net] + volumes: + # 图片/PDF 目录 bind mount 到宿主机,与步骤一 H5 Nginx 共享同一路径 + # /www/wwwroot/leilei.czchunfang.com/crmebimage/ → 通过 leilei.czchunfang.com 对外访问 + - ${CRMEB_IMAGE_DIR}:/usr/local/crmeb/crmebimage + - single-front-logs:/app/log + - ../single-shop/application-docker.yml:/config/application-docker.yml:ro + environment: + TZ: ${TZ:-Asia/Shanghai} + MYSQL_HOST: ${RDS_HOST} + MYSQL_DATABASE: ${RDS_DB} + MYSQL_USERNAME: ${RDS_USER} + MYSQL_PASSWORD: ${RDS_PASSWORD} + REDIS_HOST: redis + REDIS_PORT: 6379 + REDIS_PASSWORD: ${REDIS_PASSWORD} + SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-shop_15} + SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-15} + SERVER_PORT: 30033 + depends_on: + redis: + condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "curl -sf http://localhost:30033/actuator/health || exit 1"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 90s + + # ---------- Admin API(管理端 Spring Boot) ---------- + single-admin-api: + <<: *spring-common + build: + context: ../../../single-shop-22/backend + dockerfile: ../../deploy/docker/single-shop/admin-api.Dockerfile + image: jifenmall-czleilei240/admin-api:latest + container_name: single-admin-api + networks: [single-net] + volumes: + # 图片/PDF 目录 bind mount 到宿主机,与步骤一 H5 Nginx 共享同一路径 + # /www/wwwroot/leilei.czchunfang.com/crmebimage/ → 通过 leilei.czchunfang.com 对外访问 + - ${CRMEB_IMAGE_DIR}:/usr/local/crmeb/crmebimage + - single-admin-logs:/app/log + - ../single-shop/application-docker.yml:/config/application-docker.yml:ro + environment: + TZ: ${TZ:-Asia/Shanghai} + MYSQL_HOST: ${RDS_HOST} + MYSQL_DATABASE: ${RDS_DB} + MYSQL_USERNAME: ${RDS_USER} + MYSQL_PASSWORD: ${RDS_PASSWORD} + REDIS_HOST: redis + REDIS_PORT: 6379 + REDIS_PASSWORD: ${REDIS_PASSWORD} + SYNC_SOURCE_ID: ${SYNC_SOURCE_ID:-shop_15} + SYNC_TARGET_MER_ID: ${SYNC_TARGET_MER_ID:-15} + SERVER_PORT: 30032 + depends_on: + redis: + condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "curl -sf http://localhost:30032/actuator/health || exit 1"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 90s + + # ---------- Admin Web(Vue 管理后台) ---------- + single-admin-web: + <<: *common + build: + context: ../../../single-shop-22/backend-adminend + dockerfile: ../../deploy/docker/single-shop/admin-web.Dockerfile + args: + VUE_APP_BASE_API: ${SINGLE_ADMIN_API_PUBLIC_URL} + image: jifenmall-czleilei240/admin-web:latest + container_name: single-admin-web + networks: [single-net] + ports: + - "${SINGLE_ADMIN_PORT:-18081}:80" + depends_on: + - single-admin-api + + # ---------- H5 前端(uni-app) ---------- + single-h5: + <<: *common + build: + context: ../../../single-shop-22/single_uniapp22miao + dockerfile: ../../deploy/docker/single-shop/h5.Dockerfile + args: + H5_API_DOMAIN: ${SINGLE_FRONT_API_PUBLIC_URL} + image: jifenmall-czleilei240/h5:latest + container_name: single-h5 + networks: [single-net] + ports: + - "${SINGLE_H5_PORT:-18082}:80" + depends_on: + - single-front-api diff --git a/deploy/ssl/leilei-jf.czchunfang.com_cert.zip b/deploy/ssl/leilei-jf.czchunfang.com_cert.zip new file mode 100644 index 0000000..98d07b3 Binary files /dev/null and b/deploy/ssl/leilei-jf.czchunfang.com_cert.zip differ diff --git a/deploy/ssl/leilei-jfadmin.czchunfang.com_cert.zip b/deploy/ssl/leilei-jfadmin.czchunfang.com_cert.zip new file mode 100644 index 0000000..c0f7b21 Binary files /dev/null and b/deploy/ssl/leilei-jfadmin.czchunfang.com_cert.zip differ diff --git a/deploy/ssl/leilei.czchunfang.com_cert.zip b/deploy/ssl/leilei.czchunfang.com_cert.zip new file mode 100644 index 0000000..a86f7d0 Binary files /dev/null and b/deploy/ssl/leilei.czchunfang.com_cert.zip differ diff --git a/deploy/ssl/leileiadmin.czchunfang.com_cert.zip b/deploy/ssl/leileiadmin.czchunfang.com_cert.zip new file mode 100644 index 0000000..b9359b9 Binary files /dev/null and b/deploy/ssl/leileiadmin.czchunfang.com_cert.zip differ diff --git a/integralResell&singleShop.code-workspace b/integralResell&singleShop.code-workspace new file mode 100644 index 0000000..8aa054c --- /dev/null +++ b/integralResell&singleShop.code-workspace @@ -0,0 +1,11 @@ +{ + "folders": [ + { + "path": "single-shop-22" + }, + { + "path": "integral-resell" + } + ], + "settings": {} +} \ No newline at end of file