XuqmGroup-PrivateDeploy

作者	SHA1	备注	提交日期
徐勤民	f2f9f06bf7	chore(config): 删除私有部署配置文件 - 移除 .deploy-state/current.json 部署状态文件 - 移除 .deploy-state/last-healthcheck.json 健康检查记录文件 - 移除 .deploy-state/progress.md 部署进度文档 - 移除 config/docs/docs-runtime.json 文档运行时配置文件 - 移除 config/sdk/xuqm-private-sdk.json SDK配置文件	2026-05-20 15:54:16 +08:00
徐勤民	aa5bccae11	feat(deploy): 完成私有化部署全流程验收 - 更新部署进度文档，标记P5-02/P5-03为已完成状态 - 修复中文乱码问题，MySQL数据层使用UNHEX函数配合nginx字符集设置 - 配置im-service和update-service的内部服务URL，从127.0.0.1改为Docker服务名 - 实现全功能验收，nginx为所有服务添加路由映射并返回正确的状态码 - 创建私有化部署默认信息文档，记录完整的部署配置和访问地址 - 添加部署清理脚本clean.sh，支持一键清理容器、配置和数据目录 - 更新敏感配置模板，添加详细的密码和密钥配置说明 - 优化前端实时消息轮询机制，通过WebSocket心跳检测决定是否启用HTTP轮询回退	2026-05-19 19:23:28 +08:00
徐勤民	d2599a0c1e	fix(nginx): WebSocket trailing slash, 413 on file upload, domain+HTTPS support - nginx: /ws/im/ → /ws/im (trailing slash broke ?token= WebSocket connections) - nginx: add /api/file/ location before /api/ with 500m limit (fixes 413) - deploy.sh: default DEPLOY_HOST to localhost instead of 127.0.0.1 - deploy.sh: add interactive domain/HTTPS configuration step (0c) - optional custom domain with validation - optional HTTPS via Let's Encrypt certbot (standalone, before nginx starts) - generates SSL nginx config (two-server-block) and docker-compose.override.yml - SDK_IM_WS_URL and imWsUrl use _WS_SCHEME (ws/wss) based on protocol - deploy.sh: add info() helper function Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 18:12:48 +08:00
徐勤民	43a423b85c	feat: 一键安装向导 + 交互式租户初始化 - 新增 install.sh：curl 一键下载依赖安装 + 自动解压部署包 + 启动部署向导 - deploy-szyx.sh：移除硬编码租户常量，改为交互式选择（新建/迁移） - 新建租户：收集邮箱/用户名/密码，bcrypt 写入 bootstrap.env - 迁移租户：提示输入生产 MySQL 配置，bcrypt 验证主账号后执行迁移 - 已有数据时迁移前显示红色警告要求 yes 确认 - 移除 docs-site 独立容器（文档已内置于 tenant-web/docs/） - nginx 和 docker-compose 同步清理 docs-site 残留配置 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 14:29:57 +08:00
徐勤民	20423a0347	fix: add Spring Boot DB/Redis overrides and full nginx routing - docker-compose.yml: add SPRING_DATASOURCE_* and SPRING_DATA_REDIS_* environment vars for tenant-service and file-service; these override hardcoded production URLs in application.yml at startup. docs-site depends_on marked required:false so nginx starts even when docs-site image is unavailable. - config/nginx/conf.d/xuqm.conf: add routing for /api/ and /actuator/ to tenant-service:9001, /file/ to file-service:8086, /ops to ops-web; add client_max_body_size 100m and proxy headers. Discovered and verified during P5-01 WSL2 acceptance testing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 00:13:09 +08:00
徐勤民	9eabe0d699	feat: implement complete private deployment scripts (P1-P4) - upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback - backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification - healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/ - doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry - export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256 - configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts - enable-service.sh: domain validation, docker pull + compose up, healthcheck - disable-service.sh: compose stop+rm, profile removal, render-config - renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success - alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization - bench.sh: ab/wrk/curl benchmark, JSON report with docker stats - rotate-secrets.sh: JWT and internal token rotation - vendor credential templates: push.env and store-submit.env with full credential comments - render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL) - All scripts pass bash -n syntax check Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-18 20:49:25 +08:00
徐勤民	4ada03183a	chore: scaffold private deployment repository	2026-05-18 19:49:31 +08:00

7 次代码提交