novalon-manage-system/docs/deployment/deployment-guide.md

# Novalon 管理系统 - 部署指南

## 1. 环境要求

### 1.1 硬件要求

| 组件 | 最低配置 | 推荐配置 |
|------|----------|----------|
| CPU | 2 核 | 4 核+ |
| 内存 | 4 GB | 8 GB+ |
| 磁盘 | 20 GB | 50 GB+ SSD |
| 网络 | 100 Mbps | 1 Gbps |

### 1.2 软件要求

| 软件 | 版本 | 说明 |
|------|------|------|
| JDK | 21 | OpenJDK 或 Oracle JDK |
| Maven | 3.9+ | 构建工具 |
| Node.js | 21+ | 前端构建 |
| Docker | 24.0+ | 容器化部署 |
| PostgreSQL | 15+ | 数据库 |
| Nginx | 1.24+ | 反向代理 |

### 1.3 端口要求

| 端口 | 协议 | 用途 |
|------|------|------|
| 8080 | HTTP | 后端 API 服务 |
| 3000 | HTTP | 前端开发服务 |
| 5432 | TCP | PostgreSQL 数据库 |
| 9090 | HTTP | Prometheus 监控 |
| 3000 | HTTP | Grafana 可视化 |

## 2. 本地开发环境部署

### 2.1 数据库部署

#### 启动 PostgreSQL

```bash
# 使用 Docker 启动 PostgreSQL
docker run -d \
  --name novalon-postgres \
  -e POSTGRES_DB=manage_system \
  -e POSTGRES_USER=postgres \
  -e POSTGRES_PASSWORD=postgres \
  -p 55432:5432 \
  -v postgres-data:/var/lib/postgresql/data \
  postgres:15-alpine
```

#### 初始化数据库

```bash
# 运行 Flyway 迁移
cd novalon-manage-api/manage-sys
mvn flyway:migrate
```

### 2.2 后端部署

#### 配置环境变量

```bash
# 创建 .env 文件
cat > novalon-manage-api/manage-app/.env << EOF
DB_HOST=localhost
DB_PORT=55432
DB_NAME=manage_system
DB_USERNAME=postgres
DB_PASSWORD=postgres
JWT_SECRET=novalon-manage-secret-key-change-in-production
JWT_EXPIRATION=86400000
EOF
```

#### 启动后端服务

```bash
cd novalon-manage-api/manage-app

# 开发模式启动
mvn spring-boot:run

# 或打包后启动
mvn clean package
java -jar target/manage-app-1.0.0.jar
```

#### 验证后端服务

```bash
# 健康检查
curl http://localhost:8084/actuator/health

# 查看 API 文档
open http://localhost:8084/swagger-ui.html
```

### 2.3 前端部署

#### 安装依赖

```bash
cd novalon-manage-web

# 使用 npm
npm install

# 或使用 pnpm (更快)
pnpm install
```

#### 配置 API 地址

```typescript
// 修改 src/utils/request.ts
const baseURL = import.meta.env.VITE_API_BASE_URL || 'http://localhost:8080';
```

#### 启动前端服务

```bash
# 开发模式
npm run dev

# 生产构建
npm run build
```

#### 验证前端服务

```bash
# 访问前端
open http://localhost:5173
```

## 3. Docker 容器化部署

### 3.1 构建镜像

#### 网关镜像

```bash
cd novalon-manage-api/manage-gateway

# 构建镜像
docker build -t novalon-manage-gateway:latest .

# 查看镜像
docker images | grep novalon
```

#### 应用镜像

```bash
cd novalon-manage-api/manage-app

# 构建镜像
docker build -t novalon-manage-app:latest .

# 查看镜像
docker images | grep novalon
```

#### 前端镜像

```bash
cd novalon-manage-web

# 构建镜像
docker build -t novalon-manage-web:latest .

# 查看镜像
docker images | grep novalon
```

### 3.2 Docker Compose 部署

#### 创建 docker-compose.yml

```yaml
version: '3.8'

services:
  postgres:
    image: postgres:15-alpine
    container_name: novalon-postgres
    environment:
      POSTGRES_DB: manage_system
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
    ports:
      - "55432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - novalon-network

  gateway:
    image: novalon-manage-gateway:latest
    container_name: novalon-gateway
    environment:
      SPRING_PROFILES_ACTIVE: prod
      JWT_SECRET: ${JWT_SECRET:-novalon-manage-secret-key}
    ports:
      - "8080:8080"
    depends_on:
      - app
    healthcheck:
      test: ["CMD", "wget", "--spider", "http://localhost:8080/actuator/health"]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - novalon-network

  app:
    image: novalon-manage-app:latest
    container_name: novalon-app
    environment:
      SPRING_PROFILES_ACTIVE: prod
      DB_HOST: postgres
      DB_PORT: 5432
      DB_NAME: manage_system
      DB_USERNAME: postgres
      DB_PASSWORD: ${DB_PASSWORD:-postgres}
      JWT_SECRET: ${JWT_SECRET:-novalon-manage-secret-key}
    ports:
      - "8084:8084"
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "--spider", "http://localhost:8084/actuator/health"]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - novalon-network

  frontend:
    image: novalon-manage-web:latest
    container_name: novalon-web
    ports:
      - "80:80"
    depends_on:
      - gateway
    networks:
      - novalon-network

  prometheus:
    image: prom/prometheus:latest
    container_name: novalon-prometheus
    ports:
      - "9090:9090"
    volumes:
      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
    networks:
      - novalon-network

  grafana:
    image: grafana/grafana:latest
    container_name: novalon-grafana
    ports:
      - "3000:3000"
    environment:
      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD:-admin}
    volumes:
      - grafana-data:/var/lib/grafana
    networks:
      - novalon-network

networks:
  novalon-network:
    driver: bridge

volumes:
  postgres-data:
  grafana-data:
```

#### 启动服务

```bash
# 启动所有服务
docker-compose up -d

# 查看日志
docker-compose logs -f

# 停止服务
docker-compose down

# 停止并删除数据卷
docker-compose down -v
```

## 4. 生产环境部署

### 4.1 服务器准备

#### 系统配置

```bash
# 更新系统
sudo apt update && sudo apt upgrade -y

# 安装 Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# 安装 Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# 安装 Nginx
sudo apt install nginx -y
```

#### 防火墙配置

```bash
# 开放必要端口
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
sudo ufw enable
```

### 4.2 数据库部署

#### 生产数据库配置

```bash
# 使用生产级配置
docker run -d \
  --name novalon-postgres \
  -e POSTGRES_DB=manage_system \
  -e POSTGRES_USER=${DB_USER} \
  -e POSTGRES_PASSWORD=${DB_PASSWORD} \
  -p 5432:5432 \
  -v /data/postgres:/var/lib/postgresql/data \
  -v /etc/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf:ro \
  postgres:15-alpine \
  -c max_connections=200 \
  -c shared_buffers=256MB \
  -c effective_cache_size=1GB
```

#### 数据库备份

```bash
# 创建备份脚本
cat > /scripts/backup-db.sh << 'EOF'
#!/bin/bash
BACKUP_DIR="/backup/postgres"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/manage_system_$DATE.sql"

mkdir -p $BACKUP_DIR

docker exec novalon-postgres pg_dump -U postgres manage_system > $BACKUP_FILE

# 压缩备份
gzip $BACKUP_FILE

# 删除 7 天前的备份
find $BACKUP_DIR -name "*.sql.gz" -mtime +7 -delete

echo "Backup completed: $BACKUP_FILE.gz"
EOF

chmod +x /scripts/backup-db.sh

# 添加定时任务 (每天凌晨 2 点备份)
crontab -e
# 0 2 * * * /scripts/backup-db.sh
```

### 4.3 后端部署

#### 构建生产镜像

```bash
cd novalon-manage-api/manage-sys

# 构建生产镜像
docker build \
  --build-arg SPRING_PROFILES_ACTIVE=prod \
  -t registry.novalon.cn/novalon-manage-api:${VERSION} \
  -t registry.novalon.cn/novalon-manage-api:latest \
  .

# 推送到镜像仓库
docker push registry.novalon.cn/novalon-manage-api:${VERSION}
docker push registry.novalon.cn/novalon-manage-api:latest
```

#### 部署后端服务

```bash
# 拉取最新镜像
docker pull registry.novalon.cn/novalon-manage-api:latest

# 停止旧容器
docker stop novalon-api
docker rm novalon-api

# 启动新容器
docker run -d \
  --name novalon-api \
  --restart unless-stopped \
  -p 8080:8080 \
  -e SPRING_DATASOURCE_URL=${DB_URL} \
  -e SPRING_DATASOURCE_USERNAME=${DB_USER} \
  -e SPRING_DATASOURCE_PASSWORD=${DB_PASSWORD} \
  -e JWT_SECRET=${JWT_SECRET} \
  -e SPRING_PROFILES_ACTIVE=prod \
  -v /var/log/novalon:/app/logs \
  registry.novalon.cn/novalon-manage-api:latest
```

#### 健康检查

```bash
# 检查服务状态
curl http://localhost:8080/actuator/health

# 预期输出
{
  "status": "UP"
}
```

### 4.4 前端部署

#### 构建生产镜像

```bash
cd novalon-manage-web

# 构建生产镜像
docker build \
  -t registry.novalon.cn/novalon-manage-web:${VERSION} \
  -t registry.novalon.cn/novalon-manage-web:latest \
  .

# 推送到镜像仓库
docker push registry.novalon.cn/novalon-manage-web:${VERSION}
docker push registry.novalon.cn/novalon-manage-web:latest
```

#### Nginx 配置

```nginx
# /etc/nginx/sites-available/novalon-manage
upstream backend {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name api.novalon.cn;

    # 后端 API 代理
    location /api/ {
        proxy_pass http://backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # WebSocket 代理
    location /ws/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 健康检查
    location /actuator/health {
        proxy_pass http://backend;
        access_log off;
    }
}

server {
    listen 80;
    server_name www.novalon.cn novalon.cn;

    # 前端静态文件
    root /var/www/novalon-manage-web;
    index index.html;

    # SPA 路由支持
    location / {
        try_files $uri $uri/ /index.html;
    }

    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Gzip 压缩
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_comp_level 6;
}
```

#### 启用站点

```bash
# 创建符号链接
sudo ln -s /etc/nginx/sites-available/novalon-manage /etc/nginx/sites-enabled/

# 测试配置
sudo nginx -t

# 重载 Nginx
sudo systemctl reload nginx
```

### 4.5 HTTPS 配置

#### 使用 Let's Encrypt

```bash
# 安装 Certbot
sudo apt install certbot python3-certbot-nginx -y

# 获取证书
sudo certbot --nginx -d api.novalon.cn -d www.novalon.cn -d novalon.cn

# 自动续期
sudo certbot renew --dry-run
```

## 5. 监控部署

### 5.1 Prometheus 配置

```yaml
# /opt/monitoring/prometheus.yml
global:
  scrape_interval: 15s
  evaluation_interval: 15s

alerting:
  alertmanagers:
    - static_configs:
        - targets: ['localhost:9093']

rule_files:
  - '/opt/monitoring/alerts/*.yml'

scrape_configs:
  - job_name: 'novalon-manage-system'
    metrics_path: '/actuator/prometheus'
    static_configs:
      - targets: ['localhost:8080']
    relabel_configs:
      - source_labels: [__address__]
        target_label: instance
        replacement: 'novalon-manage-api'
```

### 5.2 Grafana 配置

#### 导入仪表板

1. 访问 Grafana: http://localhost:3000
2. 登录 (admin/admin)
3. 添加 Prometheus 数据源
4. 导入预配置的仪表板

#### 关键指标

| 指标 | 说明 | 告警阈值 |
|------|------|----------|
| jvm_memory_used_bytes | JVM 内存使用 | > 80% |
| http_server_requests_seconds | API 响应时间 | P95 > 500ms |
| hikaricp_connections_active | 数据库连接数 | > 80% |
| cache_gets_total | 缓存命中率 | < 90% |
| system_cpu_usage | CPU 使用率 | > 80% |

## 6. CI/CD 部署

### 6.1 Woodpecker 配置

```yaml
# .woodpecker.yml
pipeline:
  name: Novalon Manage System CI/CD

steps:
  - name: Backend Build
    image: maven:3.9-eclipse-temurin-21
    commands:
      - cd novalon-manage-api
      - mvn clean package -DskipTests

  - name: Backend Test
    image: maven:3.9-eclipse-temurin-21
    commands:
      - cd novalon-manage-api
      - mvn test

  - name: Build Docker Image
    image: docker:dind
    commands:
      - cd novalon-manage-api/manage-sys
      - docker build -t ${REGISTRY}/novalon-manage-api:${CI_COMMIT_SHA:0:8} .

  - name: Push Docker Image
    image: docker:dind
    commands:
      - docker push ${REGISTRY}/novalon-manage-api:${CI_COMMIT_SHA:0:8}

  - name: Deploy to Production
    image: alpine:latest
    commands:
      - ssh ${DEPLOY_USER}@${DEPLOY_HOST} "docker pull ${REGISTRY}/novalon-manage-api:${CI_COMMIT_SHA:0:8} && docker stop novalon-api && docker rm novalon-api && docker run -d --name novalon-api -p 8080:8080 ${REGISTRY}/novalon-manage-api:${CI_COMMIT_SHA:0:8}"
    secrets: [ deploy_ssh_key, deploy_host, deploy_user ]
    when:
      branch: [main]
```

## 7. 运维操作

### 7.1 查看日志

```bash
# 查看应用日志
docker logs -f novalon-api

# 查看数据库日志
docker logs -f novalon-postgres

# 查看所有服务日志
docker-compose logs -f
```

### 7.2 数据库备份

```bash
# 手动备份
docker exec novalon-postgres pg_dump -U postgres manage_system > backup.sql

# 恢复备份
docker exec -i novalon-postgres psql -U postgres manage_system < backup.sql
```

### 7.3 服务重启

```bash
# 重启后端
docker restart novalon-api

# 重启数据库
docker restart novalon-postgres

# 重启所有服务
docker-compose restart
```

### 7.4 查看资源使用

```bash
# 查看容器资源使用
docker stats

# 查看磁盘使用
df -h

# 查看内存使用
free -h
```

## 8. 故障排查

### 8.1 常见问题

| 问题 | 可能原因 | 解决方案 |
|------|----------|----------|
| 数据库连接失败 | 数据库未启动或网络不通 | 检查数据库状态和网络连接 |
| API 请求超时 | 数据库查询慢或资源不足 | 检查慢查询日志和资源使用 |
| 前端无法访问 | Nginx 配置错误 | 检查 Nginx 配置和日志 |
| 内存溢出 | JVM 堆内存不足 | 调整 JVM 参数或增加内存 |

### 8.2 日志分析

```bash
# 查看错误日志
docker logs novalon-api 2>&1 | grep ERROR

# 查看慢查询
docker exec novalon-postgres psql -U postgres -d manage_system -c "SELECT query, mean_exec_time FROM pg_stat_statements ORDER BY mean_exec_time DESC LIMIT 10"
```

## 9. 安全加固

### 9.1 网络安全

- 启用 HTTPS
- 配置防火墙规则
- 限制 API 访问频率
- 使用 WAF (Web Application Firewall)

### 9.2 应用安全

- 定期更新依赖
- 运行安全扫描
- 审计日志监控
- 敏感数据加密

### 9.3 数据安全

- 定期备份数据
- 加密备份数据
- 异地备份存储
- 备份恢复演练

## 10. 附录

### 10.1 相关文档

- [系统架构设计](../architecture/system-architecture.md)
- [API 文档](http://localhost:8080/swagger-ui.html)
- [数据库设计](../database/database-schema.md)

### 10.2 联系方式

- 技术支持: support@novalon.cn
- 紧急联系: emergency@novalon.cn
- 文档地址: https://docs.novalon.cn