diff --git a/DEPLOY.md b/DEPLOY.md index 34087a4..e398c46 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -5,7 +5,7 @@ - Docker 20.10+ - Docker Compose 2.0+ - 已备案的域名 -- SSL 证书 +- 域名已解析到服务器 IP ## 快速部署 @@ -15,35 +15,29 @@ scp -r company-celebration2 user@your-server:/opt/ ``` -### 2. 配置 SSL 证书 +### 2. 配置域名 -将证书文件放入 `deploy/ssl/` 目录: -``` -deploy/ssl/ -├── fullchain.pem # 证书链 -└── privkey.pem # 私钥 -``` - -### 3. 启用 SSL 配置 +编辑 `deploy/Caddyfile`,将 `your-domain.com` 替换为你的实际域名: ```bash -cp deploy/nginx.ssl.conf deploy/nginx.conf +cd /opt/company-celebration2 +sed -i 's/your-domain.com/你的域名/g' deploy/Caddyfile ``` -### 4. 配置环境变量 - +同时更新邮箱地址(用于 SSL 证书通知): ```bash -cp .env.production .env -# 编辑 .env 文件,填入你的域名 +sed -i 's/your-email@example.com/你的邮箱/g' deploy/Caddyfile ``` -### 5. 构建并启动 +### 3. 构建并启动 ```bash docker-compose up -d --build ``` -### 6. 查看日志 +Caddy 会自动申请和管理 SSL 证书,无需手动配置。 + +### 4. 查看日志 ```bash docker-compose logs -f @@ -72,4 +66,29 @@ docker-compose ps # 清理重建 docker-compose down -v docker-compose up -d --build + +# 查看 Caddy 日志 +docker-compose logs caddy +``` + +## Caddy 优势 + +- **自动 HTTPS**: 自动申请和续期 Let's Encrypt 证书 +- **零配置 SSL**: 无需手动管理证书文件 +- **HTTP/2 & HTTP/3**: 默认启用现代协议 +- **简洁配置**: Caddyfile 语法简单易懂 + +## 故障排查 + +### 证书申请失败 + +确保: +1. 域名已正确解析到服务器 IP +2. 服务器 80 和 443 端口已开放 +3. 域名已完成 ICP 备案 + +### 查看证书状态 + +```bash +docker-compose exec caddy caddy list-certificates ``` diff --git a/deploy/Caddyfile b/deploy/Caddyfile new file mode 100644 index 0000000..c9093ce --- /dev/null +++ b/deploy/Caddyfile @@ -0,0 +1,33 @@ +{ + email your-email@example.com +} + +your-domain.com { + # Mobile client (default) + handle { + root * /srv/mobile + try_files {path} /index.html + file_server + } + + # Screen client + handle /screen/* { + root * /srv/screen + uri strip_prefix /screen + try_files {path} /index.html + file_server + } + + # API proxy + handle /api/* { + reverse_proxy server:3000 + } + + # WebSocket proxy + handle /socket.io/* { + reverse_proxy server:3000 + } + + # Gzip compression + encode gzip +} diff --git a/deploy/Dockerfile.caddy b/deploy/Dockerfile.caddy new file mode 100644 index 0000000..67a970b --- /dev/null +++ b/deploy/Dockerfile.caddy @@ -0,0 +1,32 @@ +FROM node:20-alpine AS builder + +WORKDIR /app + +RUN npm install -g pnpm + +COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./ +COPY packages/shared ./packages/shared +COPY packages/client-screen ./packages/client-screen +COPY packages/client-mobile ./packages/client-mobile + +RUN pnpm install --frozen-lockfile + +WORKDIR /app/packages/shared +RUN pnpm build + +WORKDIR /app/packages/client-screen +RUN pnpm build + +WORKDIR /app/packages/client-mobile +RUN pnpm build + +# Production stage - Caddy +FROM caddy:2-alpine + +COPY --from=builder /app/packages/client-screen/dist /srv/screen +COPY --from=builder /app/packages/client-mobile/dist /srv/mobile +COPY deploy/Caddyfile /etc/caddy/Caddyfile + +EXPOSE 80 443 + +CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile"] diff --git a/docker-compose.yml b/docker-compose.yml index 492f9a2..e63345a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,17 +26,18 @@ services: networks: - gala-network - nginx: + caddy: build: context: . - dockerfile: deploy/Dockerfile.frontend - container_name: gala-nginx + dockerfile: deploy/Dockerfile.caddy + container_name: gala-caddy restart: unless-stopped ports: - "80:80" - "443:443" volumes: - - ./deploy/ssl:/etc/nginx/ssl:ro + - caddy_data:/data + - caddy_config:/config depends_on: - server networks: @@ -44,6 +45,8 @@ services: volumes: redis_data: + caddy_data: + caddy_config: networks: gala-network: