徐勤民
d2599a0c1e
fix(nginx): WebSocket trailing slash, 413 on file upload, domain+HTTPS support
...
- nginx: /ws/im/ → /ws/im (trailing slash broke ?token= WebSocket connections)
- nginx: add /api/file/ location before /api/ with 500m limit (fixes 413)
- deploy.sh: default DEPLOY_HOST to localhost instead of 127.0.0.1
- deploy.sh: add interactive domain/HTTPS configuration step (0c)
- optional custom domain with validation
- optional HTTPS via Let's Encrypt certbot (standalone, before nginx starts)
- generates SSL nginx config (two-server-block) and docker-compose.override.yml
- SDK_IM_WS_URL and imWsUrl use _WS_SCHEME (ws/wss) based on protocol
- deploy.sh: add info() helper function
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 18:12:48 +08:00
徐勤民
20423a0347
fix: add Spring Boot DB/Redis overrides and full nginx routing
...
- docker-compose.yml: add SPRING_DATASOURCE_* and SPRING_DATA_REDIS_*
environment vars for tenant-service and file-service; these override
hardcoded production URLs in application.yml at startup.
docs-site depends_on marked required:false so nginx starts even when
docs-site image is unavailable.
- config/nginx/conf.d/xuqm.conf: add routing for /api/ and /actuator/
to tenant-service:9001, /file/ to file-service:8086, /ops to ops-web;
add client_max_body_size 100m and proxy headers.
Discovered and verified during P5-01 WSL2 acceptance testing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 00:13:09 +08:00
徐勤民
9eabe0d699
feat: implement complete private deployment scripts (P1-P4)
...
- upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback
- backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification
- healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/
- doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry
- export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256
- configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts
- enable-service.sh: domain validation, docker pull + compose up, healthcheck
- disable-service.sh: compose stop+rm, profile removal, render-config
- renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success
- alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization
- bench.sh: ab/wrk/curl benchmark, JSON report with docker stats
- rotate-secrets.sh: JWT and internal token rotation
- vendor credential templates: push.env and store-submit.env with full credential comments
- render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL)
- All scripts pass bash -n syntax check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 20:49:25 +08:00
