feat: 新增 Docker Compose 部署方案

- Dockerfile 单阶段 Alpine 镜像，使用国内镜像（npmmirror / Prisma 引擎 / apk）加速 - entrypoint 首次复制内置图章素材到 uploads volume，自动执行 prisma migrate deploy - docker-compose.yml 绑定 127.0.0.1:3001，强制走外部 Nginx 反代 - Express 在 production 下同时托管 packages/web/dist 及 SPA fallback - Prisma schema 增加 linux-musl 二进制目标，支持 Alpine 运行 - 新增 DEPLOY.md 部署指南，含 .env 模板与 Nginx 反代示例 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-19 17:04:25 +08:00
parent 0319557723
commit 711f422558
8 changed files with 307 additions and 1 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,18 @@
+node_modules
+**/node_modules
+**/dist
+.git
+.gitignore
+.env
+.env.local
+.env.*
+!.env.production.example
+prisma/dev.db
+prisma/dev.db-journal
+*.log
+.DS_Store
+# 原始素材（镜像只需要 packages/server/uploads/stamps 里的成品）
+assets/
+# Docker 构建上下文不需要旧的数据目录
+data/
+uploads/
--- a/.env.production.example
+++ b/.env.production.example
@@ -0,0 +1,12 @@
+# 部署前复制为 .env 并修改以下值
+# cp .env.production.example .env
+
+# JWT 签名密钥（32+ 字符随机串）
+JWT_SECRET=please-replace-with-a-strong-random-secret
+
+# 管理后台访问密钥（通过 X-Admin-Key 请求头传入）
+ADMIN_API_KEY=please-replace-with-a-strong-random-admin-key
+
+# 对外访问的站点根 URL（用于生成 QR 码中的收集链接）
+# 必须与你在 Nginx 上配置的域名一致
+SITE_URL=https://stamp.example.com
--- a/DEPLOY.md
+++ b/DEPLOY.md
@@ -0,0 +1,181 @@
+# 部署指南
+
+基于 Docker Compose 的单容器部署方案。容器内 Express 同时托管：
+
+- `/api/*` — API
+- `/uploads/*` — 图章静态资源
+- 其余路径 — React SPA（`packages/web/dist`）
+
+外部通过宿主机 Nginx 反向代理到容器的 3000 端口（仅绑定 127.0.0.1，不直接暴露）。
+
+---
+
+## 1. 前置条件
+
+- Linux 服务器（Docker ≥ 24、Docker Compose v2）
+- 已解析到服务器的域名（例 `stamp.example.com`）
+- 已签发的 SSL 证书（Let's Encrypt / acme.sh 等任选）
+
+---
+
+## 2. 拉取代码并配置环境变量
+
+```bash
+git clone <repo-url> citywalk-stamp
+cd citywalk-stamp
+
+cp .env.production.example .env
+vim .env   # 填入 JWT_SECRET / ADMIN_API_KEY / SITE_URL
+```
+
+必填项：
+
+| 变量 | 说明 |
+|---|---|
+| `JWT_SECRET` | 用户 JWT 签名密钥，建议 `openssl rand -hex 32` 生成 |
+| `ADMIN_API_KEY` | 管理后台访问密钥，同上 |
+| `SITE_URL` | 对外域名，例 `https://stamp.example.com`（影响 QR 码链接） |
+
+---
+
+## 3. 启动容器
+
+```bash
+docker compose up -d --build
+```
+
+首次启动会自动完成：
+
+- Prisma migrate deploy（建表）
+- 把内置的 16 枚图章素材复制到 `./uploads/stamps/`
+
+查看日志确认启动成功：
+
+```bash
+docker compose logs -f app
+# 看到 "Server running on http://localhost:3000" 即 OK
+```
+
+---
+
+## 4. 首次导入图章数据
+
+容器默认不自动 seed 数据库（避免覆盖后续运营数据）。首次部署需手动执行一次：
+
+```bash
+docker compose exec app pnpm db:seed
+```
+
+> 再次执行会**清空并重建**所有图章，同时级联删除用户的收集记录。生产环境请勿随意重跑。
+
+---
+
+## 5. 配置 Nginx 反向代理
+
+在宿主机上配置 Nginx：
+
+```nginx
+server {
+    listen 80;
+    server_name stamp.example.com;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name stamp.example.com;
+
+    ssl_certificate     /etc/letsencrypt/live/stamp.example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/stamp.example.com/privkey.pem;
+
+    # 单入口反代：容器里 Express 自己处理 /api、/uploads、SPA 路由
+    location / {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host              $host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # 静态资源缓存（可选）
+    location ^~ /uploads/ {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        expires 7d;
+        add_header Cache-Control "public, max-age=604800";
+    }
+
+    # 上传体积（管理后台上传图章）
+    client_max_body_size 10m;
+}
+```
+
+测试并 reload：
+
+```bash
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+访问 `https://stamp.example.com` 即可看到首页。
+
+---
+
+## 6. 数据持久化与备份
+
+容器两个 bind mount：
+
+- `./data/` — SQLite 数据库（`prod.db`）
+- `./uploads/` — 图章图片（含首次填充的 16 枚 + 后续管理后台上传的）
+
+备份：
+
+```bash
+# 停机备份最稳妥（SQLite 文件锁）
+docker compose stop app
+tar czf backup-$(date +%F).tgz data/ uploads/ .env
+docker compose start app
+```
+
+---
+
+## 7. 常用运维命令
+
+```bash
+# 查看日志
+docker compose logs -f app
+
+# 进入容器
+docker compose exec app sh
+
+# 重启
+docker compose restart app
+
+# 升级（拉新代码后重建）
+git pull
+docker compose up -d --build
+
+# 查看当前图章数
+docker compose exec app sh -c 'echo "SELECT COUNT(*) FROM Stamp;" | sqlite3 /app/data/prod.db' \
+  || docker compose exec app node -e "
+    import('@prisma/client').then(async ({PrismaClient}) => {
+      const p = new PrismaClient();
+      console.log(await p.stamp.count());
+      await p.\$disconnect();
+    });
+  "
+
+# 完全重置（会删除所有用户和收集数据，谨慎）
+docker compose down
+rm -rf data/ uploads/
+docker compose up -d --build
+docker compose exec app pnpm db:seed
+```
+
+---
+
+## 8. 故障排查
+
+- **容器启动失败 `PrismaClientInitializationError`**：检查 `./data/` 目录权限、`DATABASE_URL` 值
+- **图章图片 404**：进入容器 `ls /app/packages/server/uploads/stamps` 看是否被 seed 进来；若空，手动执行 `cp /app/stamps-seed/*.jpg /app/packages/server/uploads/stamps/`
+- **QR 码扫出来是 `localhost`**：`.env` 里 `SITE_URL` 没改对，修正后 `docker compose restart app`
+- **Nginx 502**：确认容器跑着 `docker compose ps`，端口 `ss -tlnp | grep 3000`
--- a/44
+++ b/44
@@ -0,0 +1,44 @@
+FROM node:22-alpine
+
+WORKDIR /app
+
+# 国内构建环境加速（仅容器构建期生效，不影响本地/正式 registry）
+# 1) Alpine apk 源换清华
+RUN sed -i 's|https\?://dl-cdn.alpinelinux.org|https://mirrors.tuna.tsinghua.edu.cn|g' /etc/apk/repositories
+
+RUN corepack enable && corepack prepare pnpm@9 --activate \
+  && apk add --no-cache openssl
+
+# 2) npm / pnpm registry 换淘宝镜像
+# 3) Prisma 下载引擎走淘宝镜像
+ENV PRISMA_ENGINES_MIRROR=https://registry.npmmirror.com/-/binary/prisma
+RUN npm config set registry https://registry.npmmirror.com/ \
+  && pnpm config set registry https://registry.npmmirror.com/
+
+# Copy everything (.dockerignore filters out node_modules, dist, .git, etc.)
+COPY . .
+
+# 强制项目级 registry（兜底：防止项目根 .npmrc 未覆盖）
+RUN echo "registry=https://registry.npmmirror.com/" > /app/.npmrc
+
+# Install all deps (tsx is used at runtime via devDependencies)
+RUN pnpm install --frozen-lockfile --registry=https://registry.npmmirror.com/
+
+# Generate Prisma client (produces linux-musl binary per schema.prisma)
+RUN pnpm exec prisma generate
+
+# Build web SPA; server runs directly from TS via tsx
+RUN pnpm --filter @stamp/web build
+
+# Stash initial stamp assets so the uploads volume can be seeded on first run
+RUN mkdir -p /app/stamps-seed \
+  && cp packages/server/uploads/stamps/*.jpg /app/stamps-seed/ \
+  && rm -rf packages/server/uploads/stamps
+
+COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENV NODE_ENV=production
+EXPOSE 3000
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,19 @@
+services:
+  app:
+    build: .
+    image: citywalk-stamp:latest
+    container_name: citywalk-stamp
+    restart: unless-stopped
+    # Bind to loopback only: the outside world must go through your host Nginx
+    # 宿主机 3001 -> 容器 3000（3000 已被宿主其它服务占用，例如 1Panel Gitea）
+    ports:
+      - "127.0.0.1:3001:3000"
+    volumes:
+      - ./data:/app/data
+      - ./uploads:/app/packages/server/uploads
+    env_file:
+      - .env
+    environment:
+      NODE_ENV: production
+      SERVER_PORT: 3000
+      DATABASE_URL: file:/app/data/prod.db
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+cd /app
+
+mkdir -p /app/data
+mkdir -p /app/packages/server/uploads/stamps
+
+# Seed stamp assets on first run (idempotent)
+if [ -z "$(ls -A /app/packages/server/uploads/stamps 2>/dev/null)" ]; then
+  echo "→ Seeding stamp assets into uploads volume..."
+  cp /app/stamps-seed/*.jpg /app/packages/server/uploads/stamps/ 2>/dev/null || true
+fi
+
+echo "→ Applying database migrations..."
+pnpm exec prisma migrate deploy
+
+echo "→ Starting server on :${SERVER_PORT:-3000}..."
+cd /app/packages/server
+exec pnpm exec tsx src/index.ts
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -31,6 +31,17 @@ app.use("/api/redemption", redemptionRoutes);
 // Admin routes
 app.use("/api/admin", adminRoutes);

+// Serve built web frontend in production (single-container deployment)
+if (process.env.NODE_ENV === "production") {
+  const webDist = path.join(__dirname, "../../web/dist");
+  app.use(express.static(webDist));
+  app.use((req, res, next) => {
+    if (req.method !== "GET" && req.method !== "HEAD") return next();
+    if (req.path.startsWith("/api") || req.path.startsWith("/uploads")) return next();
+    res.sendFile(path.join(webDist, "index.html"));
+  });
+}
+
 app.listen(PORT, () => {
  console.log(`Server running on http://localhost:${PORT}`);
 });
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -1,5 +1,6 @@
 generator client {
-  provider = "prisma-client-js"
+  provider      = "prisma-client-js"
+  binaryTargets = ["native", "linux-musl-openssl-3.0.x"]
 }

 datasource db {