feat: 实现：自动化构建和部署

.env.prod

@@ -4,7 +4,7 @@ NODE_ENV=production
 VITE_DEV=false
 
 # 请求路径
-VITE_BASE_URL='http://localhost:48080'
+VITE_BASE_URL='https://saas.niusenyun.com'
 
 # 文件上传类型：server - 后端上传， client - 前端直连上传，仅支持S3服务
 VITE_UPLOAD_TYPE=server

.vscode/settings.json

@@ -94,7 +94,7 @@
   "i18n-ally.sortKeys": true,
   "i18n-ally.namespace": false,
   "i18n-ally.enabledParsers": ["ts"],
-  "i18n-ally.sourceLanguage": "en",
+  "i18n-ally.sourceLanguage": "zh-CN",
   "i18n-ally.displayLanguage": "zh-CN",
   "i18n-ally.enabledFrameworks": ["vue", "react"],
   "cSpell.words": [
@@ -141,5 +141,6 @@
     "package.json": "pnpm-lock.yaml,yarn.lock,LICENSE,README*,CHANGELOG*,CNAME,.gitattributes,.eslintrc-auto-import.json,.gitignore,prettier.config.js,stylelint.config.js,commitlint.config.js,.stylelintignore,.prettierignore,.gitpod.yml,.eslintrc.js,.eslintignore"
   },
   "terminal.integrated.scrollback": 10000,
-  "nuxt.isNuxtApp": false
+  "nuxt.isNuxtApp": false,
+  "ansible.python.interpreterPath": "/home/fy/.version-fox/temp/1731600000-83286/python/bin/python"
 }

script/ansible/README.md

@@ -0,0 +1,3 @@
+# 自动部署工具使用说明
+
+

script/ansible/bin/build

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# 设置错误时退出
+set -e
+
+# 进入项目根目录
+cd $(dirname $0)/../../..
+
+# 安装依赖
+echo "Installing dependencies..."
+npm install
+
+# 构建生产环境
+echo "Building for production..."
+npm run build:prod
+
+# 检查构建结果
+if [ -d "dist-prod" ]; then
+    echo "Build successful!"
+else
+    echo "Build failed!"
+    exit 1
+fi
+
+# 设置执行权限
+chmod +x script/ansible/bin/*
+
+# 运行ansible部署
+echo "Starting deployment..."
+cd script/ansible
+ansible-playbook -i inventory/hosts deploy_playbook.yml

script/ansible/bin/deploy

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Set default APP_VERSION if not provided
+if [ -z "$APP_VERSION" ]; then
+    export APP_VERSION="latest"
+fi
+
+# Run the deploy playbook
+ansible-playbook ../deploy_playbook.yml -i ../inventory/hosts"$@"

script/ansible/bin/deploy.bat

@@ -0,0 +1,8 @@
+@echo off
+setlocal
+
+:: Set default APP_VERSION if not provided
+if "%APP_VERSION%"=="" set APP_VERSION=latest
+
+:: Run the deploy playbook
+ansible-playbook ../deploy_playbook.yml -i ../inventory/hosts %*

script/ansible/bin/frpc

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Run the frpc playbook
+ansible-playbook ../frpc_playbook.yml -i ../inventory/hosts "$@"

script/ansible/bin/frpc.bat

@@ -0,0 +1,4 @@
+@echo off
+
+:: Run the frpc playbook
+ansible-playbook ../frpc_playbook.yml -i ../inventory/hosts %*

script/ansible/bin/manage

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Default action is status if not specified
+ACTION=${1:-status}
+shift 2>/dev/null || true
+
+# Run the manage playbook with the specified action
+ansible-playbook ../manage_playbook.yml -i ../inventory/hosts -e "action=$ACTION" $@

script/ansible/bin/manage.bat

@@ -0,0 +1,13 @@
+@echo off
+setlocal
+
+:: Default action is status if not specified
+if "%1"=="" (
+    set ACTION=status
+) else (
+    set ACTION=%1
+    shift
+)
+
+:: Run the manage playbook with the specified action
+ansible-playbook ../manage_playbook.yml -i ../inventory/hosts -e "action=%ACTION%" %*

script/ansible/deploy_playbook.yml

@@ -0,0 +1,107 @@
+---
+- name: Deploy Vue3 Frontend Application
+  hosts: webservers
+  vars:
+    app_name: mall-vue3
+    app_version: "{{ lookup('env', 'APP_VERSION') | default('latest', true) }}"
+    deploy_path: /usr/share/nginx/html/mall
+    nginx_config_path: /etc/nginx/sites-available
+    nginx_enabled_path: /etc/nginx/sites-enabled
+    backup_path: /usr/share/nginx/html/mall/backup
+    dist_archive: dist-prod.tar.gz
+    frontend_path: /usr/share/nginx/html/mall/backendui
+
+  tasks:
+    - name: Compress dist-prod directory locally
+      local_action:
+        module: archive
+        path: ../../dist-prod
+        dest: ../../{{ dist_archive }}
+        format: gz
+      run_once: true
+
+    - name: Create deployment directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: "0755"
+      with_items:
+        - "{{ deploy_path }}"
+        - "{{ backup_path }}"
+        - "{{ frontend_path }}"
+      become: true
+
+    - name: Clean target directory
+      ansible.builtin.file:
+        path: "{{ frontend_path }}"
+        state: directory
+        mode: "0755"
+      become: true
+
+    - name: Upload compressed dist files
+      ansible.builtin.copy:
+        src: ../../{{ dist_archive }}
+        dest: "{{ deploy_path }}/{{ dist_archive }}"
+        mode: "0644"
+      become: true
+
+    - name: Extract dist files
+      ansible.builtin.unarchive:
+        src: "{{ deploy_path }}/{{ dist_archive }}"
+        dest: "{{ frontend_path }}"
+        remote_src: true
+      become: true
+
+    - name: Debug - List directory contents
+      ansible.builtin.shell: "ls -la {{ frontend_path }}"
+      register: dir_contents
+      become: true
+
+    - name: Debug - Show directory contents
+      ansible.builtin.debug:
+        var: dir_contents.stdout_lines
+
+    - name: Remove archive file
+      ansible.builtin.file:
+        path: "{{ deploy_path }}/{{ dist_archive }}"
+        state: absent
+      become: true
+
+    - name: Set correct permissions
+      ansible.builtin.file:
+        path: "{{ frontend_path }}"
+        state: directory
+        recurse: yes
+        owner: www-data
+        group: www-data
+        mode: "0755"
+      become: true
+
+    - name: Copy nginx configuration
+      ansible.builtin.template:
+        src: templates/mall.conf.j2
+        dest: "{{ nginx_config_path }}/mall.conf"
+        mode: "0644"
+      notify: Reload nginx
+      become: true
+
+    - name: Create symlink to enable directory
+      file:
+        src: "{{ nginx_config_path }}/mall.conf"
+        dest: "{{ nginx_enabled_path }}/mall.conf"
+        state: link
+        force: yes
+      become: true
+
+    - name: Ensure nginx is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true
+      become: true
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded

script/ansible/frp/frpc.toml

@@ -0,0 +1,50 @@
+serverAddr = "47.96.151.43"
+serverPort = 7000
+
+
+
+[[proxies]]
+name = "tcp-redis"
+type = "tcp"
+localIP = "127.0.0.1"
+localPort = 6379
+remotePort = 6379
+
+[[proxies]]
+name = "http80"
+type = "tcp"
+localIP = "127.0.0.1"
+localPort = 80
+remotePort = 80
+
+[[proxies]]
+name = "test_htts2http"
+type = "https"
+customDomains = [
+"xiaodingliu.niusenyun.com",
+"xiaodingbackend.niusenyun.com",
+"saasjing.niusenyun.com",
+"massagejing.niusenyun.com",
+"saasyin.niusenyun.com",
+"mallyin.niusenyun.com",
+"saas.niusenyun.com",
+"saast.niusenyun.com",
+"mall.niusenyun.com",
+"mallt.niusenyun.com",
+"massaget.niusenyun.com",
+"massage.niusenyun.com",
+"xdyin.niusenyun.com",
+"xdjhyuser.niusenyun.com",
+"xdt.niusenyun.com"
+]
+
+
+[proxies.plugin]
+type = "https2http"
+localAddr = "127.0.0.1:80"
+
+# HTTPS 证书相关的配置
+crtPath = "/root/frp/cert.pem"
+keyPath = "/root/frp/key.pem"
+#hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"

script/ansible/frpc_playbook.yml

@@ -0,0 +1,61 @@
+---
+- name: Setup and manage frpc
+  hosts: frpclient
+  become: true
+  tasks:
+    - name: Create mall directory if not exists
+      file:
+        path: /root/mall
+        state: directory
+        mode: '0755'
+
+    - name: Create frp directory if not exists
+      file:
+        path: /root/frp
+        state: directory
+        mode: '0755'
+
+    - name: Copy frp directory
+      ansible.builtin.copy:
+        src: frp
+        dest: /root
+        mode: '0644'
+        force: true
+
+    - name: Copy frpc binary to /usr/local/bin
+      copy:
+        src: "../../script/ansible/frp/frpc"
+        dest: "/usr/local/bin/frpc"
+        mode: '0755'
+
+    - name: Create systemd service file
+      copy:
+        dest: /etc/systemd/system/frpc.service
+        content: |
+          [Unit]
+          Description=frpc service
+          After=network.target
+
+          [Service]
+          Type=simple
+          User=root
+          ExecStart=/usr/local/bin/frpc -c /root/frp/frpc.toml
+          Restart=always
+          RestartSec=5
+
+          [Install]
+          WantedBy=multi-user.target
+        mode: '0644'
+
+    - name: Start and enable frpc service
+      systemd:
+        name: frpc
+        state: restarted
+        enabled: true
+        daemon_reload: true
+
+    - name: Check frpc service status
+      command: systemctl status frpc
+      register: frpc_status
+      changed_when: false
+      ignore_errors: true

script/ansible/inventory/hosts

@@ -0,0 +1,5 @@
+[webservers]
+192.168.110.86 ansible_ssh_user=root ansible_python_interpreter=/usr/bin/python3.12
+
+[frpclient]
+192.168.110.86 ansible_ssh_user=root ansible_python_interpreter=/usr/bin/python3.12

script/ansible/manage_playbook.yml

@@ -0,0 +1,92 @@
+---
+- name: Manage Vue3 Frontend Application
+  hosts: webservers
+  vars:
+    app_name: mall-vue3
+    deploy_path: /usr/share/nginx/html/mall
+    nginx_config_path: /etc/nginx/conf.d
+    backup_path: /usr/share/nginx/html/mall/backup
+    nginx_access_log: /var/log/nginx/mall_access.log
+    nginx_error_log: /var/log/nginx/mall_error.log
+    max_backups: 5
+
+  tasks:
+    - name: Check nginx status
+      ansible.builtin.command: systemctl status nginx
+      register: nginx_status
+      when: action is defined and action == "status"
+
+    - name: Display nginx status
+      ansible.builtin.debug:
+        var: nginx_status.stdout_lines
+      when: action is defined and action == "status"
+
+    - name: Reload nginx configuration
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+      become: yes
+      when: action is defined and action == "reload"
+
+    - name: View nginx access logs
+      ansible.builtin.command: "tail -n 100 {{ nginx_access_log }}"
+      register: access_logs
+      become: yes
+      when: action is defined and action == "access_logs"
+
+    - name: Display access logs
+      ansible.builtin.debug:
+        var: access_logs.stdout_lines
+      when: action is defined and action == "access_logs"
+
+    - name: View nginx error logs
+      ansible.builtin.command: "tail -n 100 {{ nginx_error_log }}"
+      register: error_logs
+      become: yes
+      when: action is defined and action == "error_logs"
+
+    - name: Display error logs
+      ansible.builtin.debug:
+        var: error_logs.stdout_lines
+      when: action is defined and action == "error_logs"
+
+    - name: List backups
+      ansible.builtin.find:
+        paths: "{{ backup_path }}"
+        patterns: "backup_*.tar.gz"
+      register: backup_files
+      when: action is defined and action == "list_backups"
+
+    - name: Display backup files
+      ansible.builtin.debug:
+        var: backup_files.files
+      when: action is defined and action == "list_backups"
+
+    - name: Clean old backups
+      ansible.builtin.shell: |
+        cd {{ backup_path }} && \
+        ls -t backup_*.tar.gz | tail -n +{{ max_backups + 1 }} | xargs -r rm --
+      become: yes
+      when: action is defined and action == "clean_backups"
+
+    - name: Rollback to previous version
+      block:
+        - name: Find latest backup
+          ansible.builtin.shell: "ls -t {{ backup_path }}/backup_*.tar.gz | head -n1"
+          register: latest_backup
+          
+        - name: Extract backup
+          ansible.builtin.unarchive:
+            src: "{{ latest_backup.stdout }}"
+            dest: "{{ deploy_path }}"
+            remote_src: yes
+          notify: reload nginx
+      become: yes
+      when: action is defined and action == "rollback"
+
+  handlers:
+    - name: reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+      become: yes

script/ansible/ssl.md

@@ -0,0 +1,168 @@
+# 使用acme.sh申请和安装SSL证书教程
+
+## 1. 安装acme.sh
+
+```bash
+# 安装所需工具
+apt update
+apt install -y socat curl wget
+
+# 安装acme.sh
+curl https://get.acme.sh | sh -s email=mall@niusenyun.com
+
+# 重新加载环境变量
+source ~/.bashrc
+```
+
+## 2. 清除已存在的证书
+
+```bash
+# 删除已存在的证书文件
+rm -f /root/frp/cert.pem /root/frp/key.pem
+
+# 移除acme.sh中的证书记录
+acme.sh --remove -d niusenyun.com
+acme.sh --remove -d "*.niusenyun.com"
+
+# 清除acme.sh的域名配置
+rm -rf ~/.acme.sh/niusenyun.com
+rm -rf ~/.acme.sh/*.niusenyun.com
+```
+
+## 3. 申请证书
+
+### 3.1 设置腾讯云DNS API
+
+```bash
+# 设置腾讯云API密钥（需要先在腾讯云控制台获取SecretId和SecretKey）
+export DP_Id="82be64b0a33311efbcaf475f4b5bfbc8"
+export DP_Key="d2087abec1f643329e6b7e0635043705"
+# 设置腾讯云DNS API的标识符
+userId:67371376616d0500c5162a87
+secretId:82be64b0a33311efbcaf475f4b5bfbc8
+secretKey:d2087abec1f643329e6b7e0635043705
+```
+
+### 3.2 查看DNS解析记录
+
+```bash
+# 使用腾讯云API获取解析记录
+curl -X POST https://dnspod.tencentcloudapi.com \
+  -H "Authorization: SECRET_ID" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "Domain": "niusenyun.com",
+    "Subdomain": "_acme-challenge"
+  }'
+
+# 或者使用dig命令查询
+dig TXT _acme-challenge.niusenyun.com @8.8.8.8
+
+# 等待解析生效检查
+nslookup -type=TXT _acme-challenge.niusenyun.com
+```
+
+### 3.3 验证DNS记录
+
+在申请证书之前，可以先验证DNS记录是否正确设置：
+
+```bash
+# 手动添加DNS TXT记录
+# 主域名验证
+记录类型: TXT
+主机记录: _acme-challenge
+记录值: uF1OMd8vv7Yfvn5lxmR328NyXT1yzEDD0h8C8dwmOkw
+
+# 泛域名验证
+记录类型: TXT
+主机记录: _acme-challenge
+记录值: uF1OMd8vv7Yfvn5lxmR328NyXT1yzEDD0h8C8dwmOkw
+
+# 验证DNS记录是否生效
+dig _acme-challenge.niusenyun.com TXT
+
+# 等待DNS记录生效（通常需要等待1-5分钟）
+```
+
+### 3.4 网络配置（Ubuntu 24.04）
+
+```bash
+# 查看网卡状态
+ip addr
+
+# 重启网卡方法1（使用netplan）
+sudo netplan apply
+
+# 重启网卡方法2（使用systemd）
+sudo systemctl restart systemd-networkd
+
+# 重启网卡方法3（针对特定网卡）
+sudo ip link set dev [网卡名] down
+sudo ip link set dev [网卡名] up
+
+# 验证网络连接
+ping -c 4 niusenyun.com
+```
+
+### 3.5 申请证书
+
+```bash
+# 使用DNS方式验证域名所有权（腾讯云DNS）
+acme.sh --issue --dns dns_dp -d niusenyun.com -d '*.niusenyun.com' --force
+
+# 说明：dns_dp 是腾讯云DNS API的标识符
+# --force 参数用于强制重新申请证书
+```
+
+## 4. 安装证书到frp指定目录
+
+```bash
+# 创建证书存放目录
+mkdir -p /root/frp
+
+# 安装证书到指定目录（PEM格式）
+acme.sh --install-cert -d niusenyun.com \
+--key-file /root/frp/key.pem \
+--fullchain-file /root/frp/cert.pem \
+--reloadcmd "systemctl restart frpc"
+```
+
+## 5. 验证证书
+
+```bash
+# 查看证书内容
+openssl x509 -in /root/frp/cert.pem -text -noout
+
+# 验证私钥
+openssl rsa -in /root/frp/key.pem -check
+```
+
+## 6. 自动更新
+
+acme.sh会自动创建一个cron任务，每天检查并在需要时自动更新证书，无需手动操作。
+
+可以通过以下命令查看cron任务：
+```bash
+crontab -l
+```
+
+## 注意事项
+
+1. 已配置域名为：niusenyun.com（包含泛域名 *.niusenyun.com）
+2. 替换`your-secret-id`和`your-secret-key`为腾讯云API密钥（在腾讯云控制台 -> 访问密钥 -> API密钥管理中获取）
+3. 确保域名已正确解析到服务器IP
+4. DNS记录生效可能需要一些时间，如果证书申请失败，请等待几分钟后重试
+
+## 故障排查
+
+如果遇到问题，可以查看以下日志：
+
+```bash
+# 查看acme.sh日志
+acme.sh --log
+
+# 检查证书权限
+ls -l /root/frp/cert.pem /root/frp/key.pem
+
+# 检查DNS记录
+dig _acme-challenge.niusenyun.com TXT

script/ansible/templates/mall.conf.j2

@@ -0,0 +1,54 @@
+server {
+    listen 80;
+    server_name saas.niusenyun.com;  # 替换为您的域名
+
+    access_log /var/log/nginx/mall_access.log;
+    error_log /var/log/nginx/mall_error.log;
+
+    root {{ deploy_path }}/backendui/dist-prod;
+    index index.html;
+
+    # 启用gzip压缩
+    gzip on;
+    gzip_min_length 1k;
+    gzip_buffers 4 16k;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_vary on;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+        expires 7d;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    # 静态资源缓存设置
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        expires 30d;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    location /admin-api/ { ## 后端项目 - 管理后台
+        proxy_pass http://localhost:48080/admin-api/; ## 重要！！！proxy_pass 需要设置为后端项目所在服务器的 IP
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /app-api/ { ## 后端项目 - 用户 App
+        proxy_pass http://localhost:48080/app-api/; ## 重要！！！proxy_pass 需要设置为后端项目所在服务器的 IP
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+
+    # 禁止访问隐藏文件
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+}