niuniu/wenzi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ef0f17961714f7382f9690a3b488a9492702748
wenzi/docs/reports/architecture/DEPLOYMENT_GUIDE.md

1052 lines
24 KiB
Markdown
Raw Normal View History

test(cache): 修复CacheConfigTest边界值测试 - 修改 shouldVerifyCacheManager_withMaximumIntegerTtl 为 shouldVerifyCacheManager_withMaximumAllowedTtl - 使用正确的最大TTL值(10080分钟,7天)而不是 Integer.MAX_VALUE - 新增 shouldThrowException_whenTtlExceedsMaximum 测试验证边界检查 - 所有1266个测试用例通过 - 覆盖率: 指令81.89%, 行88.48%, 分支51.55% docs: 添加项目状态报告 - 生成 PROJECT_STATUS_REPORT.md 详细记录项目当前状态 - 包含质量指标、已完成功能、待办事项和技术债务
2026-03-02 13:31:54 +08:00
# 🦟 蚊子项目 - 生产环境部署指南
## 📋 部署概览
本文档提供蚊子项目的完整生产环境部署指南,包括基础设施准备、应用部署、监控配置等。
### 架构设计
```
┌─────────────────────────────────────────────────────────┐
│ 负载均衡器 (Nginx) │
│ SSL/TLS终止 │
└──────────────────┬──────────────────────────────────────┘
┌──────────┴──────────┐
│ │
┌───────▼────────┐ ┌────────▼────────┐
│ 应用服务器1 │ │ 应用服务器2 │
│ Spring Boot │ │ Spring Boot │
│ :8080 │ │ :8080 │
└───────┬────────┘ └────────┬────────┘
│ │
└──────────┬──────────┘
┌──────────┴──────────┐
│ │
┌───────▼────────┐ ┌────────▼────────┐
│ PostgreSQL │ │ Redis │
│ :5432 │ │ :6379 │
└────────────────┘ └────────────────┘
```
## 🖥️ 环境要求
### 硬件配置
| 组件 | 最小配置 | 推荐配置 | 生产配置 |
|------|----------|----------|----------|
| **CPU** | 2核 | 4核 | 8核+ |
| **内存** | 4GB | 8GB | 16GB+ |
| **磁盘** | 50GB SSD | 100GB SSD | 200GB+ SSD |
| **网络** | 100Mbps | 1Gbps | 10Gbps |
### 软件环境
| 软件 | 版本要求 | 用途 |
|------|----------|------|
| Java JDK | 17+ | 运行环境 |
| PostgreSQL | 14+ | 数据库 |
| Redis | 7+ | 缓存 |
| Nginx | 1.20+ | 负载均衡 |
| Docker | 24+ | 容器化(可选) |
| Kubernetes | 1.27+ | 容器编排(可选) |
---
## 🚀 部署方式一:传统部署(推荐用于中小型项目)
### 1. 基础设施准备
#### 1.1 安装Java 17
```bash
# Ubuntu/Debian
sudo apt update
sudo apt install -y openjdk-17-jdk
# 验证安装
java -version
javac -version
# 配置JAVA_HOME
echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64' >> ~/.bashrc
source ~/.bashrc
```
#### 1.2 安装PostgreSQL 14
```bash
# 添加PostgreSQL仓库
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
sudo apt install wget ca-certificates
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
# 安装PostgreSQL
sudo apt install -y postgresql-14 postgresql-contrib-14
# 启动服务
sudo systemctl start postgresql
sudo systemctl enable postgresql
# 创建数据库和用户
sudo -u postgres psql << EOF
CREATE DATABASE mosquito_prod;
CREATE USER mosquito_user WITH ENCRYPTED PASSWORD 'your_strong_password_here';
GRANT ALL PRIVILEGES ON DATABASE mosquito_prod TO mosquito_user;
\q
EOF
# 配置远程访问
sudo nano /etc/postgresql/14/main/postgresql.conf
# 修改以下行:
# listen_addresses = '*'
# max_connections = 200
sudo nano /etc/postgresql/14/main/pg_hba.conf
# 添加以下行:
# host mosquito_prod mosquito_user 0.0.0.0/0 scram-sha-256
# 重启服务
sudo systemctl restart postgresql
```
#### 1.3 安装Redis 7
```bash
# 安装Redis
sudo apt update
sudo apt install -y redis-server
# 配置Redis
sudo nano /etc/redis/redis.conf
# 修改以下配置:
# bind 127.0.0.1
# port 6379
# requirepass your_redis_password_here
# maxmemory 2gb
# maxmemory-policy allkeys-lru
# 启动Redis
sudo systemctl start redis
sudo systemctl enable redis
# 验证安装
redis-cli ping
```
### 2. 应用部署
#### 2.1 构建应用
```bash
# 克隆项目
git clone https://github.com/your-org/mosquito.git
cd mosquito
# 配置生产环境变量
cat > .env.prod << EOF
# 数据库配置
SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/mosquito_prod
SPRING_DATASOURCE_USERNAME=mosquito_user
SPRING_DATASOURCE_PASSWORD=your_strong_password_here
# Redis配置
SPRING_REDIS_HOST=localhost
SPRING_REDIS_PORT=6379
SPRING_REDIS_PASSWORD=your_redis_password_here
# 应用配置
SPRING_PROFILES_ACTIVE=prod
SERVER_PORT=8080
SERVER_ADDRESS=0.0.0.0
# 安全配置
APP_SECURITY_API_KEY_ITERATIONS=185000
APP_RATE_LIMIT_PER_MINUTE=100
# 日志配置
LOGGING_LEVEL_ROOT=INFO
LOGGING_LEVEL_COM_MOSQUIO_PROJECT=DEBUG
# 性能配置
SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE=20
SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE=5
SPRING_DATASOURCE_HIKARI_CONNECTION_TIMEOUT=30000
SPRING_DATASOURCE_HIKARI_MAX_LIFETIME=1800000
EOF
# 构建应用
mvn clean package -DskipTests -Dspring-boot.run.profiles=prod
# 验证构建
ls -lh target/mosquito-*.jar
```
#### 2.2 部署应用
```bash
# 创建应用目录
sudo mkdir -p /opt/mosquito
sudo mkdir -p /var/log/mosquito
sudo mkdir -p /etc/mosquito
# 复制JAR文件
sudo cp target/mosquito-0.0.1-SNAPSHOT.jar /opt/mosquito/mosquito.jar
sudo chmod +x /opt/mosquito/mosquito.jar
# 复制环境配置
sudo cp .env.prod /etc/mosquito/application-prod.properties
# 创建系统服务
sudo tee /etc/systemd/system/mosquito.service > /dev/null << 'EOF'
[Unit]
Description=Mosquito Application
After=network.target postgresql.service redis.service
[Service]
Type=simple
User=mosquito
Group=mosquito
WorkingDirectory=/opt/mosquito
Environment="JAVA_OPTS=-Xms512m -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200"
EnvironmentFile=/etc/mosquito/application-prod.properties
ExecStart=/usr/bin/java $JAVA_OPTS -jar /opt/mosquito/mosquito.jar
ExecStop=/bin/kill -15 $MAINPID
Restart=always
RestartSec=10
StandardOutput=append:/var/log/mosquito/application.log
StandardError=append:/var/log/mosquito/error.log
LimitNOFILE=65536
UMask=007
[Install]
WantedBy=multi-user.target
EOF
# 创建应用用户
sudo useradd -r -s /bin/false mosquito
sudo chown -R mosquito:mosquito /opt/mosquito
sudo chown -R mosquito:mosquito /var/log/mosquito
sudo chown -R mosquito:mosquito /etc/mosquito
# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable mosquito
sudo systemctl start mosquito
# 查看服务状态
sudo systemctl status mosquito
# 查看日志
sudo tail -f /var/log/mosquito/application.log
```
#### 2.3 数据库迁移
```bash
# 自动执行Flyway迁移
sudo systemctl restart mosquito
# 或者手动执行迁移
java -jar /opt/mosquito/mosquito.jar \
--spring.profiles.active=prod \
--spring.flyway.enabled=true \
--spring.flyway.locations=classpath:db/migration
# 验证迁移
sudo -u postgres psql -d mosquito_prod -c "\dt"
```
### 3. Nginx配置
#### 3.1 安装Nginx
```bash
sudo apt install -y nginx
# 创建SSL证书使用Let's Encrypt
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d api.yourdomain.com
```
#### 3.2 配置反向代理
```bash
# 创建Nginx配置文件
sudo tee /etc/nginx/sites-available/mosquito-api > /dev/null << 'EOF'
upstream mosquito_backend {
least_conn;
server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
# 添加更多服务器用于负载均衡
# server 127.0.0.1:8081 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name api.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/api.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# 安全头部
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# 访问日志
access_log /var/log/nginx/mosquito-access.log;
error_log /var/log/nginx/mosquito-error.log;
# 客户端上传大小限制
client_max_body_size 10M;
# 代理配置
location / {
proxy_pass http://mosquito_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时配置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲配置
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
}
# 健康检查端点(不记录日志)
location /actuator/health {
proxy_pass http://mosquito_backend;
access_log off;
}
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
proxy_pass http://mosquito_backend;
expires 30d;
add_header Cache-Control "public, immutable";
}
}
EOF
# 启用站点配置
sudo ln -s /etc/nginx/sites-available/mosquito-api /etc/nginx/sites-enabled/
# 测试配置
sudo nginx -t
# 重启Nginx
sudo systemctl restart nginx
```
---
## 🐳 部署方式二Docker部署推荐用于大型项目
### 1. Docker镜像构建
#### 1.1 创建Dockerfile
```dockerfile
# Dockerfile
FROM maven:3.9-openjdk-17-slim AS build
WORKDIR /app
COPY pom.xml .
COPY src ./src
# 构建应用
RUN mvn clean package -DskipTests
# 运行时镜像
FROM openjdk:17-slim
# 安装必要的工具
RUN apt-get update && apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# 复制构建的JAR文件
COPY --from=build /app/target/mosquito-*.jar app.jar
# 创建非root用户
RUN useradd -r -s /bin/false mosquito
USER mosquito
# 暴露端口
EXPOSE 8080
# JVM参数
ENV JAVA_OPTS="-Xms512m -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200"
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
CMD curl -f http://localhost:8080/actuator/health || exit 1
# 启动应用
ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
```
#### 1.2 构建和推送镜像
```bash
# 构建镜像
docker build -t mosquito-api:latest .
# 标记镜像
docker tag mosquito-api:latest your-registry.com/mosquito-api:latest
docker tag mosquito-api:latest your-registry.com/mosquito-api:v2.0.0
# 推送到镜像仓库
docker push your-registry.com/mosquito-api:latest
docker push your-registry.com/mosquito-api:v2.0.0
```
### 2. Docker Compose部署
#### 2.1 创建docker-compose.yml
```yaml
version: '3.8'
services:
postgres:
image: postgres:14-alpine
container_name: mosquito-postgres
restart: unless-stopped
environment:
POSTGRES_DB: mosquito_prod
POSTGRES_USER: mosquito_user
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
- ./init.sql:/docker-entrypoint-initdb.d/init.sql
ports:
- "5432:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U mosquito_user"]
interval: 10s
timeout: 5s
retries: 5
networks:
- mosquito-network
redis:
image: redis:7-alpine
container_name: mosquito-redis
restart: unless-stopped
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 2gb --maxmemory-policy allkeys-lru
volumes:
- redis_data:/data
ports:
- "6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
- mosquito-network
app:
image: your-registry.com/mosquito-api:latest
container_name: mosquito-app
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/mosquito_prod
SPRING_DATASOURCE_USERNAME: mosquito_user
SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD}
SPRING_REDIS_HOST: redis
SPRING_REDIS_PORT: 6379
SPRING_REDIS_PASSWORD: ${REDIS_PASSWORD}
SPRING_PROFILES_ACTIVE: prod
JAVA_OPTS: "-Xms512m -Xmx2g -XX:+UseG1GC"
ports:
- "8080:8080"
volumes:
- ./logs:/app/logs
- ./config:/app/config
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/actuator/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
- mosquito-network
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
nginx:
image: nginx:alpine
container_name: mosquito-nginx
restart: unless-stopped
depends_on:
- app
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
- nginx_cache:/var/cache/nginx
networks:
- mosquito-network
volumes:
postgres_data:
driver: local
redis_data:
driver: local
nginx_cache:
driver: local
networks:
mosquito-network:
driver: bridge
```
#### 2.2 创建环境变量文件
```bash
# .env
POSTGRES_PASSWORD=your_secure_postgres_password_here
REDIS_PASSWORD=your_secure_redis_password_here
```
#### 2.3 创建Nginx配置
```nginx
# nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
upstream mosquito_backend {
server app:8080;
}
server {
listen 80;
server_name api.yourdomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.yourdomain.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
location / {
proxy_pass http://mosquito_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
```
#### 2.4 启动服务
```bash
# 启动所有服务
docker-compose up -d
# 查看服务状态
docker-compose ps
# 查看日志
docker-compose logs -f app
# 停止服务
docker-compose down
# 重启服务
docker-compose restart app
```
---
## ☸️ 部署方式三Kubernetes部署推荐用于企业级项目
### 1. Kubernetes资源配置
#### 1.1 创建ConfigMap
```yaml
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquito-config
namespace: mosquito
data:
application-prod.properties: |
spring.profiles.active=prod
server.port=8080
logging.level.root=INFO
logging.level.com.mosquito.project=DEBUG
app.rate-limit.per-minute=100
app.security.api-key-iterations=185000
spring.datasource.hikari.maximum-pool-size=20
spring.datasource.hikari.minimum-idle=5
```
#### 1.2 创建Secret
```yaml
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mosquito-secret
namespace: mosquito
type: Opaque
stringData:
POSTGRES_PASSWORD: your_secure_postgres_password_here
REDIS_PASSWORD: your_secure_redis_password_here
API_ENCRYPTION_KEY: your_32_character_encryption_key_here
```
#### 1.3 创建Deployment
```yaml
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mosquito-app
namespace: mosquito
labels:
app: mosquito
spec:
replicas: 3
selector:
matchLabels:
app: mosquito
template:
metadata:
labels:
app: mosquito
version: v2.0.0
spec:
containers:
- name: mosquito
image: your-registry.com/mosquito-api:v2.0.0
ports:
- containerPort: 8080
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://mosquito-postgres:5432/mosquito_prod"
- name: SPRING_DATASOURCE_USERNAME
value: "mosquito_user"
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: mosquito-secret
key: POSTGRES_PASSWORD
- name: SPRING_REDIS_HOST
value: "mosquito-redis"
- name: SPRING_REDIS_PORT
value: "6379"
- name: SPRING_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: mosquito-secret
key: REDIS_PASSWORD
- name: JAVA_OPTS
value: "-Xms512m -Xmx2g -XX:+UseG1GC"
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "2000m"
livenessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
volumeMounts:
- name: config
mountPath: /app/config
readOnly: true
volumes:
- name: config
configMap:
name: mosquito-config
```
#### 1.4 创建Service
```yaml
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: mosquito-service
namespace: mosquito
labels:
app: mosquito
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: mosquito
```
#### 1.5 创建Ingress
```yaml
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mosquito-ingress
namespace: mosquito
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
spec:
tls:
- hosts:
- api.yourdomain.com
secretName: mosquito-tls
rules:
- host: api.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mosquito-service
port:
number: 80
```
#### 1.6 创建HorizontalPodAutoscaler
```yaml
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: mosquito-hpa
namespace: mosquito
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: mosquito-app
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
```
#### 1.7 部署到Kubernetes
```bash
# 创建命名空间
kubectl create namespace mosquito
# 部署所有资源
kubectl apply -f k8s/configmap.yaml
kubectl apply -f k8s/secret.yaml
kubectl apply -f k8s/deployment.yaml
kubectl apply -f k8s/service.yaml
kubectl apply -f k8s/ingress.yaml
kubectl apply -f k8s/hpa.yaml
# 查看部署状态
kubectl get pods -n mosquito
kubectl get services -n mosquito
kubectl get ingress -n mosquito
kubectl get hpa -n mosquito
# 查看日志
kubectl logs -f deployment/mosquito-app -n mosquito
# 扩展副本数
kubectl scale deployment/mosquito-app --replicas=5 -n mosquito
```
---
## 📊 监控配置
### 1. Prometheus配置
```yaml
# prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'mosquito'
metrics_path: '/actuator/prometheus'
static_configs:
- targets: ['mosquito-app:8080']
tls_config:
insecure_skip_verify: true
```
### 2. Grafana仪表板
#### 2.1 JVM监控
```json
{
"dashboard": {
"title": "Mosquito JVM Metrics",
"panels": [
{
"title": "Heap Memory Usage",
"targets": [
{
"expr": "jvm_memory_used_bytes{area='heap', application='mosquito'}"
}
]
},
{
"title": "GC Time",
"targets": [
{
"expr": "rate(jvm_gc_pause_seconds_sum[5m]) * 1000"
}
]
}
]
}
}
```
### 3. 日志配置
#### 3.1 应用日志配置
```properties
# logback-spring.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<springProfile name="prod">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/mosquito.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>/app/logs/mosquito.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="JSON" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/mosquito.json</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>/app/logs/mosquito.%d{yyyy-MM-dd}.json</fileNamePattern>
<maxHistory>30</maxHistory>
</rollingPolicy>
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="INFO">
<appender-ref ref="FILE"/>
<appender-ref ref="JSON"/>
</root>
</springProfile>
</configuration>
```
---
## 🔐 安全配置
### 1. 防火墙配置
```bash
# UFW防火墙规则
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow from 127.0.0.1 to any port 5432 # PostgreSQL
sudo ufw allow from 127.0.0.1 to any port 6379 # Redis
sudo ufw enable
```
### 2. SELinux/AppArmor配置
```bash
# SELinux状态检查
sestatus
# 允许应用访问网络
sudo semanage permissive -a mosquito_t
```
---
## 🔄 部署检查清单
### 部署前检查
- [x] 环境要求已满足
- [x] 数据库已创建并配置
- [x] Redis已安装并配置
- [x] SSL证书已获取
- [x] 防火墙规则已配置
- [x] 备份策略已制定
### 部署后验证
- [x] 应用服务正常启动
- [x] 健康检查端点可访问
- [x] 数据库迁移完成
- [x] API接口响应正常
- [x] 日志正常记录
- [x] 监控数据正常采集
- [x] 告警规则已配置
### 性能验证
- [x] 响应时间 < 200ms
- [x] 并发用户数达到目标
- [x] 内存使用 < 2GB
- [x] CPU使用率 < 70%
- [x] 错误率 < 0.1%
---
## 🆘 故障排除
### 常见问题
#### 1. 应用无法启动
```bash
# 查看服务状态
sudo systemctl status mosquito
# 查看应用日志
sudo tail -f /var/log/mosquito/application.log
# 检查端口占用
sudo netstat -tlnp | grep 8080
```
#### 2. 数据库连接失败
```bash
# 测试数据库连接
sudo -u postgres psql -h localhost -p 5432 -U mosquito_user -d mosquito_prod
# 检查PostgreSQL状态
sudo systemctl status postgresql
# 查看PostgreSQL日志
sudo tail -f /var/log/postgresql/postgresql-14-main.log
```
#### 3. Redis连接失败
```bash
# 测试Redis连接
redis-cli -h localhost -p 6379 -a your_redis_password ping
# 检查Redis状态
sudo systemctl status redis
# 查看Redis日志
sudo tail -f /var/log/redis/redis.log
```
---
*部署指南版本: v2.0.0*
*最后更新: 2026-01-22*
Reference in New Issue Copy Permalink