diff --git a/.github/workflows/docker-build-deploy.yml b/.github/workflows/docker-build-deploy.yml index 0da841a..61b8f06 100644 --- a/.github/workflows/docker-build-deploy.yml +++ b/.github/workflows/docker-build-deploy.yml @@ -244,9 +244,8 @@ jobs: exit 1 fi - echo "上传候选 compose、Caddyfile 与环境文件..." + echo "上传候选 compose 与环境文件..." scp -P "$SSH_PORT" ./api/docker-compose.yml "$SSH_USER@$SSH_HOST:$COMPOSE_DIR/api/docker-compose.candidate.yml" - scp -P "$SSH_PORT" ./api/Caddyfile "$SSH_USER@$SSH_HOST:$COMPOSE_DIR/api/Caddyfile.candidate" scp -P "$SSH_PORT" "$ENV_SRC" "$SSH_USER@$SSH_HOST:$COMPOSE_DIR/api/.env.candidate" ssh -p "$SSH_PORT" "$SSH_USER@$SSH_HOST" " @@ -271,9 +270,6 @@ jobs: if [ -f '$COMPOSE_FILE' ]; then cp '$COMPOSE_FILE' '${COMPOSE_FILE}.predeploy' fi - if [ -f 'Caddyfile' ]; then - cp 'Caddyfile' 'Caddyfile.predeploy' - fi if [ -f '.env.production' ]; then cp '.env.production' '.env.production.predeploy' fi @@ -281,7 +277,6 @@ jobs: cp '.env' '.env.predeploy' fi mv 'docker-compose.candidate.yml' '$COMPOSE_FILE' - mv 'Caddyfile.candidate' 'Caddyfile' mv '.env.candidate' '.env' docker-compose -f '$COMPOSE_FILE' up -d --remove-orphans echo '等待服务启动...' @@ -321,16 +316,5 @@ jobs: exit 1 fi - CADDY_CID=\$(docker-compose ps -q caddy || true) - if [ -n \"\$CADDY_CID\" ]; then - CADDY_STATE=\$(docker inspect -f '{{.State.Status}}' \"\$CADDY_CID\") - echo \"caddy state: \$CADDY_STATE\" - if [ \"\$CADDY_STATE\" != 'running' ]; then - echo 'caddy 容器未处于 running 状态' - docker-compose logs --tail=80 caddy || true - exit 1 - fi - fi - docker-compose logs --tail=50 api " diff --git a/api/.env.example b/api/.env.example index dbf0fc4..7316e32 100644 --- a/api/.env.example +++ b/api/.env.example @@ -7,6 +7,13 @@ # 不要把真实密钥提交到仓库。 # ============================================================================= +# ============================================================================= +# Docker Compose(宿主机独立 Caddy 反代到本 API) +# ============================================================================= +# 映射到宿主机的端口,默认 8000;与同机其它项目冲突时改为未占用端口,并在独立 Caddy 的 Caddyfile 中 reverse_proxy 到 127.0.0.1:该端口。 +# LIFE_ECHO_API_HOST_PORT=8000 +# 若 Caddy 跑在独立容器且非 host 网络,不要用 127.0.0.1,应把 Caddy 加入与本 compose 相同的 Docker 网络,并对 http://life-echo-api-prod:8000 做 reverse_proxy。 + # ============================================================================= # Logging(loguru sink 最低级别:TRACE / DEBUG / INFO / WARNING / ERROR / CRITICAL) # ============================================================================= diff --git a/api/Caddyfile b/api/Caddyfile deleted file mode 100644 index 1083339..0000000 --- a/api/Caddyfile +++ /dev/null @@ -1,4 +0,0 @@ -{$CADDY_PRIMARY_DOMAIN:lifecho.worldsplats.com} { - encode zstd gzip - reverse_proxy api:8000 -} diff --git a/api/docker-compose.yml b/api/docker-compose.yml index f199ba6..5b63f20 100644 --- a/api/docker-compose.yml +++ b/api/docker-compose.yml @@ -58,8 +58,10 @@ services: dockerfile: Dockerfile image: life-echo-api:latest container_name: life-echo-api-prod - expose: - - "8000" + # 独立 Caddy(宿主机或其它 compose)经 HTTPS 反代;仅绑定本机回环,避免与机上其它项目端口直接对公网。 + # 若与 Cosmetic 等共用主机且 8000 已被占用,在 .env 中设置 LIFE_ECHO_API_HOST_PORT=其它端口并在 Caddyfile 中一致。 + ports: + - "127.0.0.1:${LIFE_ECHO_API_HOST_PORT:-8000}:8000" env_file: - .env environment: @@ -118,28 +120,6 @@ services: max-size: "10m" max-file: "3" - caddy: - image: m.daocloud.io/docker.io/library/caddy:2-alpine - container_name: life-echo-caddy - depends_on: - api: - condition: service_healthy - ports: - - "80:80" - - "443:443" - volumes: - - ./Caddyfile:/etc/caddy/Caddyfile:ro - - caddy_data:/data - - caddy_config:/config - restart: always - networks: - - life-echo-network - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - # Celery Beat(定时任务调度,可选) # celery-beat: # build: @@ -193,7 +173,3 @@ volumes: driver: local redis_data: driver: local - caddy_data: - driver: local - caddy_config: - driver: local