feat: replace Nginx with Caddy for automatic SSL management

- Add Caddyfile with automatic HTTPS configuration
- Add Dockerfile.caddy for frontend build with Caddy
- Update docker-compose.yml to use Caddy service
- Update DEPLOY.md with simplified deployment instructions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

DEPLOY.md

@@ -5,7 +5,7 @@
 - Docker 20.10+
 - Docker Compose 2.0+
 - 已备案的域名
-- SSL 证书
+- 域名已解析到服务器 IP
 
 ## 快速部署
 
@@ -15,35 +15,29 @@
 scp -r company-celebration2 user@your-server:/opt/
 ```
 
-### 2. 配置 SSL 证书
+### 2. 配置域名
 
-将证书文件放入 `deploy/ssl/` 目录：
-```
-deploy/ssl/
-├── fullchain.pem  # 证书链
-└── privkey.pem    # 私钥
-```
-
-### 3. 启用 SSL 配置
+编辑 `deploy/Caddyfile`，将 `your-domain.com` 替换为你的实际域名：
 
 ```bash
-cp deploy/nginx.ssl.conf deploy/nginx.conf
+cd /opt/company-celebration2
+sed -i 's/your-domain.com/你的域名/g' deploy/Caddyfile
 ```
 
-### 4. 配置环境变量
-
+同时更新邮箱地址（用于 SSL 证书通知）：
 ```bash
-cp .env.production .env
-# 编辑 .env 文件，填入你的域名
+sed -i 's/your-email@example.com/你的邮箱/g' deploy/Caddyfile
 ```
 
-### 5. 构建并启动
+### 3. 构建并启动
 
 ```bash
 docker-compose up -d --build
 ```
 
-### 6. 查看日志
+Caddy 会自动申请和管理 SSL 证书，无需手动配置。
+
+### 4. 查看日志
 
 ```bash
 docker-compose logs -f
@@ -72,4 +66,29 @@ docker-compose ps
 # 清理重建
 docker-compose down -v
 docker-compose up -d --build
+
+# 查看 Caddy 日志
+docker-compose logs caddy
+```
+
+## Caddy 优势
+
+- **自动 HTTPS**: 自动申请和续期 Let's Encrypt 证书
+- **零配置 SSL**: 无需手动管理证书文件
+- **HTTP/2 & HTTP/3**: 默认启用现代协议
+- **简洁配置**: Caddyfile 语法简单易懂
+
+## 故障排查
+
+### 证书申请失败
+
+确保：
+1. 域名已正确解析到服务器 IP
+2. 服务器 80 和 443 端口已开放
+3. 域名已完成 ICP 备案
+
+### 查看证书状态
+
+```bash
+docker-compose exec caddy caddy list-certificates
 ```

deploy/Caddyfile

@@ -0,0 +1,33 @@
+{
+    email your-email@example.com
+}
+
+your-domain.com {
+    # Mobile client (default)
+    handle {
+        root * /srv/mobile
+        try_files {path} /index.html
+        file_server
+    }
+
+    # Screen client
+    handle /screen/* {
+        root * /srv/screen
+        uri strip_prefix /screen
+        try_files {path} /index.html
+        file_server
+    }
+
+    # API proxy
+    handle /api/* {
+        reverse_proxy server:3000
+    }
+
+    # WebSocket proxy
+    handle /socket.io/* {
+        reverse_proxy server:3000
+    }
+
+    # Gzip compression
+    encode gzip
+}

deploy/Dockerfile.caddy

@@ -0,0 +1,32 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+RUN npm install -g pnpm
+
+COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
+COPY packages/shared ./packages/shared
+COPY packages/client-screen ./packages/client-screen
+COPY packages/client-mobile ./packages/client-mobile
+
+RUN pnpm install --frozen-lockfile
+
+WORKDIR /app/packages/shared
+RUN pnpm build
+
+WORKDIR /app/packages/client-screen
+RUN pnpm build
+
+WORKDIR /app/packages/client-mobile
+RUN pnpm build
+
+# Production stage - Caddy
+FROM caddy:2-alpine
+
+COPY --from=builder /app/packages/client-screen/dist /srv/screen
+COPY --from=builder /app/packages/client-mobile/dist /srv/mobile
+COPY deploy/Caddyfile /etc/caddy/Caddyfile
+
+EXPOSE 80 443
+
+CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]

docker-compose.yml

@@ -26,17 +26,18 @@ services:
     networks:
       - gala-network
 
-  nginx:
+  caddy:
     build:
       context: .
-      dockerfile: deploy/Dockerfile.frontend
-    container_name: gala-nginx
+      dockerfile: deploy/Dockerfile.caddy
+    container_name: gala-caddy
     restart: unless-stopped
     ports:
       - "80:80"
       - "443:443"
     volumes:
-      - ./deploy/ssl:/etc/nginx/ssl:ro
+      - caddy_data:/data
+      - caddy_config:/config
     depends_on:
       - server
     networks:
@@ -44,6 +45,8 @@ services:
 
 volumes:
   redis_data:
+  caddy_data:
+  caddy_config:
 
 networks:
   gala-network: