2026-05-18 19:49:31 +08:00
|
|
|
|
DEPLOYMENT_MODE=PRIVATE
|
|
|
|
|
|
TENANT_REGISTER_ENABLED=false
|
|
|
|
|
|
TENANT_BOOTSTRAP_ENABLED=true
|
|
|
|
|
|
|
|
|
|
|
|
ENABLE_FILE=true
|
|
|
|
|
|
ENABLE_IM=false
|
|
|
|
|
|
ENABLE_PUSH=false
|
|
|
|
|
|
ENABLE_UPDATE=false
|
|
|
|
|
|
ENABLE_LICENSE=false
|
|
|
|
|
|
|
|
|
|
|
|
MYSQL_HOST=127.0.0.1
|
|
|
|
|
|
MYSQL_PORT=3306
|
|
|
|
|
|
MYSQL_DATABASE=xuqm_private
|
|
|
|
|
|
MYSQL_USERNAME=xuqm
|
|
|
|
|
|
|
|
|
|
|
|
REDIS_HOST=127.0.0.1
|
|
|
|
|
|
REDIS_PORT=6379
|
|
|
|
|
|
REDIS_DATABASE=0
|
|
|
|
|
|
|
|
|
|
|
|
CONSOLE_DOMAIN=https://console.customer.com
|
|
|
|
|
|
OPS_DOMAIN=https://ops.customer.com
|
|
|
|
|
|
DOCS_DOMAIN=https://docs.customer.com
|
|
|
|
|
|
FILE_DOMAIN=https://file.customer.com
|
|
|
|
|
|
IM_DOMAIN=https://im.customer.com
|
|
|
|
|
|
UPDATE_DOMAIN=https://update.customer.com
|
|
|
|
|
|
LICENSE_DOMAIN=https://license.customer.com
|
|
|
|
|
|
PUSH_DOMAIN=https://push.customer.com
|
|
|
|
|
|
|
feat: implement complete private deployment scripts (P1-P4)
- upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback
- backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification
- healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/
- doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry
- export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256
- configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts
- enable-service.sh: domain validation, docker pull + compose up, healthcheck
- disable-service.sh: compose stop+rm, profile removal, render-config
- renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success
- alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization
- bench.sh: ab/wrk/curl benchmark, JSON report with docker stats
- rotate-secrets.sh: JWT and internal token rotation
- vendor credential templates: push.env and store-submit.env with full credential comments
- render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL)
- All scripts pass bash -n syntax check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 20:49:25 +08:00
|
|
|
|
# Internal service URLs (used by SDK config endpoint)
|
|
|
|
|
|
SDK_FILE_SERVICE_URL=https://file.customer.com
|
|
|
|
|
|
SDK_IM_API_URL=https://im.customer.com
|
|
|
|
|
|
SDK_IM_WS_URL=wss://im.customer.com/ws/im
|
|
|
|
|
|
|
2026-05-19 14:29:57 +08:00
|
|
|
|
# 系统 IM 通信应用 key(私有化服务间消息通知使用此 app_key 连接 IM 服务)
|
|
|
|
|
|
# 由 deploy 脚本或 migrate-tenant.sh 自动写入,此处为默认值
|
|
|
|
|
|
SYSTEM_APP_KEY=ak_409e217e4aa14254ad73ad3c
|
|
|
|
|
|
|
鲁公网安备37132902372882号
|
鲁ICP备20018775号-1