301 lines
5.9 KiB
Markdown
301 lines
5.9 KiB
Markdown
# 🚀 AI Chat 生产环境部署指南
|
||
|
||
## 📋 概述
|
||
|
||
本指南提供了完整的生产环境Docker部署方案,包括安全配置、性能优化、监控和自动化部署。
|
||
|
||
## 🏗️ 架构说明
|
||
|
||
```
|
||
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
|
||
│ 用户请求 │───▶│ Nginx Proxy │───▶│ AI Chat App │
|
||
│ │ │ (HTTPS/SSL) │ │ (Frontend) │
|
||
└─────────────────┘ └─────────────────┘ └─────────────────┘
|
||
│
|
||
▼
|
||
┌─────────────────┐
|
||
│ 日志 & 监控 │
|
||
│ (可选组件) │
|
||
└─────────────────┘
|
||
```
|
||
|
||
## 🚀 快速部署
|
||
|
||
### 1. 基础HTTP部署
|
||
|
||
```bash
|
||
# 一键部署(推荐)
|
||
./deploy-prod.sh
|
||
|
||
# 或手动部署
|
||
docker-compose -f docker-compose.prod.yml up -d --build
|
||
```
|
||
|
||
访问地址:http://your-server-ip
|
||
|
||
### 2. HTTPS部署
|
||
|
||
```bash
|
||
# 1. 配置SSL证书
|
||
./ssl-setup.sh
|
||
|
||
# 2. HTTPS部署
|
||
./deploy-prod.sh https
|
||
```
|
||
|
||
访问地址:https://your-domain.com
|
||
|
||
## 🔧 详细配置
|
||
|
||
### 环境要求
|
||
|
||
- **操作系统**: Linux (Ubuntu 20.04+ / CentOS 8+ 推荐)
|
||
- **Docker**: 20.10+
|
||
- **Docker Compose**: 2.0+
|
||
- **内存**: 最低 1GB,推荐 2GB+
|
||
- **存储**: 最低 10GB 可用空间
|
||
- **网络**: 80/443 端口开放
|
||
|
||
### 文件说明
|
||
|
||
| 文件 | 说明 |
|
||
|------|------|
|
||
| `Dockerfile.prod` | 生产环境多阶段构建 |
|
||
| `docker-compose.prod.yml` | 生产环境编排配置 |
|
||
| `nginx.prod.conf` | 生产级Nginx配置 |
|
||
| `nginx-proxy.conf` | HTTPS反向代理配置 |
|
||
| `deploy-prod.sh` | 自动化部署脚本 |
|
||
| `ssl-setup.sh` | SSL证书配置脚本 |
|
||
| `.env.production` | 生产环境变量 |
|
||
|
||
## 🔒 SSL/HTTPS 配置
|
||
|
||
### Let's Encrypt (推荐)
|
||
|
||
```bash
|
||
# 自动配置Let's Encrypt证书
|
||
./ssl-setup.sh
|
||
# 选择选项1,输入域名和邮箱
|
||
```
|
||
|
||
### 自定义证书
|
||
|
||
```bash
|
||
# 将证书文件放入ssl目录
|
||
cp your-cert.pem ssl/fullchain.pem
|
||
cp your-key.pem ssl/privkey.pem
|
||
|
||
# 部署HTTPS
|
||
./deploy-prod.sh https
|
||
```
|
||
|
||
## 📊 监控和日志
|
||
|
||
### 启用监控模式
|
||
|
||
```bash
|
||
./deploy-prod.sh monitoring
|
||
```
|
||
|
||
包含以下组件:
|
||
- **Watchtower**: 自动更新容器
|
||
- **Promtail**: 日志收集(可选)
|
||
|
||
### 日志查看
|
||
|
||
```bash
|
||
# 应用日志
|
||
docker-compose -f docker-compose.prod.yml logs -f ai-chat-web
|
||
|
||
# Nginx访问日志
|
||
tail -f logs/nginx/access.log
|
||
|
||
# 错误日志
|
||
tail -f logs/nginx/error.log
|
||
```
|
||
|
||
## 🔧 运维命令
|
||
|
||
### 基础操作
|
||
|
||
```bash
|
||
# 查看服务状态
|
||
docker-compose -f docker-compose.prod.yml ps
|
||
|
||
# 重启服务
|
||
docker-compose -f docker-compose.prod.yml restart
|
||
|
||
# 停止服务
|
||
docker-compose -f docker-compose.prod.yml down
|
||
|
||
# 查看资源使用
|
||
docker stats
|
||
```
|
||
|
||
### 更新部署
|
||
|
||
```bash
|
||
# 1. 拉取最新代码
|
||
git pull
|
||
|
||
# 2. 重新部署
|
||
./deploy-prod.sh
|
||
|
||
# 3. 清理旧镜像
|
||
docker image prune -f
|
||
```
|
||
|
||
### 备份和恢复
|
||
|
||
```bash
|
||
# 自动备份(部署时自动执行)
|
||
tar -czf backup_$(date +%Y%m%d_%H%M%S).tar.gz dist/ logs/
|
||
|
||
# 恢复备份
|
||
tar -xzf backup_20240101_120000.tar.gz
|
||
```
|
||
|
||
## 🛡️ 安全配置
|
||
|
||
### 已启用的安全特性
|
||
|
||
✅ **HTTPS强制重定向**
|
||
✅ **安全HTTP头**
|
||
✅ **HSTS (HTTP Strict Transport Security)**
|
||
✅ **XSS保护**
|
||
✅ **内容类型嗅探保护**
|
||
✅ **点击劫持保护**
|
||
✅ **CSP (Content Security Policy)**
|
||
✅ **非root用户运行**
|
||
|
||
### 额外安全建议
|
||
|
||
1. **防火墙配置**
|
||
```bash
|
||
# 只开放必要端口
|
||
ufw allow 22 # SSH
|
||
ufw allow 80 # HTTP
|
||
ufw allow 443 # HTTPS
|
||
ufw enable
|
||
```
|
||
|
||
2. **定期更新**
|
||
```bash
|
||
# 系统更新
|
||
sudo apt update && sudo apt upgrade -y
|
||
|
||
# Docker镜像更新(Watchtower自动处理)
|
||
```
|
||
|
||
## 🚨 故障排除
|
||
|
||
### 常见问题
|
||
|
||
1. **容器启动失败**
|
||
```bash
|
||
# 查看详细错误
|
||
docker-compose -f docker-compose.prod.yml logs ai-chat-web
|
||
|
||
# 检查端口占用
|
||
netstat -tlnp | grep :80
|
||
```
|
||
|
||
2. **SSL证书问题**
|
||
```bash
|
||
# 检查证书有效性
|
||
openssl x509 -in ssl/fullchain.pem -text -noout
|
||
|
||
# 重新生成证书
|
||
./ssl-setup.sh
|
||
```
|
||
|
||
3. **性能问题**
|
||
```bash
|
||
# 查看资源使用
|
||
docker stats
|
||
|
||
# 查看系统负载
|
||
htop
|
||
```
|
||
|
||
### 健康检查
|
||
|
||
```bash
|
||
# 应用健康检查
|
||
curl http://localhost/health
|
||
|
||
# 容器健康状态
|
||
docker-compose -f docker-compose.prod.yml ps
|
||
```
|
||
|
||
## 📈 性能优化
|
||
|
||
### 已启用的优化
|
||
|
||
✅ **Gzip压缩** - 减少传输大小
|
||
✅ **静态资源缓存** - 1年缓存期
|
||
✅ **HTTP/2支持** - 提升加载速度
|
||
✅ **连接复用** - 减少连接开销
|
||
✅ **多阶段构建** - 减小镜像大小
|
||
|
||
### 进一步优化
|
||
|
||
1. **CDN配置**
|
||
```bash
|
||
# 配置CDN加速静态资源
|
||
# 修改nginx.prod.conf中的静态资源处理
|
||
```
|
||
|
||
2. **缓存策略**
|
||
```bash
|
||
# 根据业务需求调整缓存时间
|
||
# 编辑nginx.prod.conf
|
||
```
|
||
|
||
## 🔄 CI/CD 集成
|
||
|
||
### GitHub Actions 示例
|
||
|
||
```yaml
|
||
# .github/workflows/deploy.yml
|
||
name: Deploy to Production
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
|
||
jobs:
|
||
deploy:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v2
|
||
|
||
- name: Deploy to server
|
||
run: |
|
||
ssh user@server 'cd /path/to/app && git pull && ./deploy-prod.sh'
|
||
```
|
||
|
||
## 📞 技术支持
|
||
|
||
如果遇到问题,请检查:
|
||
|
||
1. **日志文件**: `logs/nginx/error.log`
|
||
2. **容器状态**: `docker-compose ps`
|
||
3. **系统资源**: `htop`, `df -h`
|
||
4. **网络连接**: `netstat -tlnp`
|
||
|
||
---
|
||
|
||
## 🎯 生产环境检查清单
|
||
|
||
- [ ] 域名DNS解析正确
|
||
- [ ] SSL证书配置完成
|
||
- [ ] 防火墙规则设置
|
||
- [ ] 备份策略配置
|
||
- [ ] 监控告警设置
|
||
- [ ] 性能测试通过
|
||
- [ ] 安全扫描通过
|
||
- [ ] 文档更新完成
|
||
|
||
**🎉 恭喜!您的AI Chat应用已成功部署到生产环境!**
|