From 18fad98cbd470f5df1efb3a69a0f3c20a148768c Mon Sep 17 00:00:00 2001 From: david_bai Date: Sat, 21 Jun 2025 16:56:26 +0800 Subject: [PATCH] translate chinese comment into english --- backend/docker/Dockerfile | 16 ++-- backend/docker/Nginx/configure.sh | 56 ++++++------- backend/docker/Nginx/default | 82 +++++++++---------- backend/docker/Nginx/nginx.conf | 4 +- backend/docker/Nginx/renew_ssl.sh | 26 +++--- backend/docker/TURN/configure.sh | 62 +++++++------- .../docker/TURN/turnserver_development.conf | 28 +++---- .../docker/TURN/turnserver_production.conf | 28 +++---- backend/docker/env_install.log | 18 ++-- 9 files changed, 160 insertions(+), 160 deletions(-) diff --git a/backend/docker/Dockerfile b/backend/docker/Dockerfile index 67c031c..1978805 100644 --- a/backend/docker/Dockerfile +++ b/backend/docker/Dockerfile @@ -1,27 +1,27 @@ -# 使用 Ubuntu 20.04 镜像作为基础 +# Use Ubuntu 20.04 image as base FROM ubuntu:20.04 -# 设置环境变量,以避免交互式安装 +# Set environment variables to avoid interactive installation ENV DEBIAN_FRONTEND=noninteractive -# 设置清华大学软件源 +# Set Tsinghua University software source RUN sed -i 's/archive.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list RUN apt-get update && apt-get install -y tzdata -# 设置上海时区 +# Set Shanghai time zone RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -# 安装 certbot nginx +# Install certbot nginx RUN apt install -y certbot python3-certbot-nginx -# TURN服务器 +# TURN server RUN apt-get install -y vim coturn -# redis服务 +# redis service RUN apt-get install -y redis-server -# 安装nodejs 20 +# Install nodejs 20 RUN apt-get install -y curl # node.js diff --git a/backend/docker/Nginx/configure.sh b/backend/docker/Nginx/configure.sh index bb251e5..59ea4b0 100644 --- a/backend/docker/Nginx/configure.sh +++ b/backend/docker/Nginx/configure.sh @@ -1,43 +1,43 @@ #!/bin/bash -# 定义必需的环境变量 +# Define required environment variables declare -A required_vars=( - ["NGINX_SERVER_NAME"]="Nginx服务器域名" - ["NGINX_SSL_CERT"]="SSL证书路径" - ["NGINX_SSL_KEY"]="SSL密钥路径" - ["NGINX_FRONTEND_ROOT"]="前端构建文件路径" - ["BACKEND_PORT"]="后端服务端口" + ["NGINX_SERVER_NAME"]="Nginx server domain" + ["NGINX_SSL_CERT"]="SSL certificate path" + ["NGINX_SSL_KEY"]="SSL key path" + ["NGINX_FRONTEND_ROOT"]="Frontend build file path" + ["BACKEND_PORT"]="Backend service port" ) -# 验证环境变量 +# Validate environment variables validate_env_vars() { local missing_vars=() local env_file=$1 - echo "正在验证 Nginx 环境变量配置..." + echo "Verifying Nginx environment variable configuration..." - # 加载环境变量 + # Load environment variables source "$env_file" - # 检查必需变量 + # Check required variables for var in "${!required_vars[@]}"; do if [ -z "${!var}" ]; then missing_vars+=("$var (${required_vars[$var]})") fi done - # 如果有缺失的变量,显示错误信息并退出 + # If there are missing variables, display an error message and exit if [ ${#missing_vars[@]} -ne 0 ]; then - echo "错误: 以下必需的 Nginx 变量未设置:" + echo "Error: The following required Nginx variables are not set:" printf '%s\n' "${missing_vars[@]}" | sed 's/^/ - /' - echo "请在 $env_file 中设置这些变量后重试。" + echo "Please set these variables in $env_file and try again." exit 1 fi - echo "Nginx 生产环境变量验证通过!" + echo "Nginx production environment variables verified successfully!" } -# 检查参数 +# Check parameters if [ -z "$1" ]; then echo "Usage: $0 " exit 1 @@ -47,19 +47,19 @@ ENV_FILE=$1 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" echo "Nginx path: $SCRIPT_DIR" -# 检查环境变量文件是否存在 +# Check if the environment variable file exists if [ ! -f "$ENV_FILE" ]; then echo "Error: Environment file $ENV_FILE not found" exit 1 fi -# 验证环境变量 +# Validate environment variables validate_env_vars "$ENV_FILE" -# 读取环境变量 +# Read environment variables source "$ENV_FILE" -# 配置Nginx +# Configure Nginx configure_nginx() { echo "Configuring Nginx..." @@ -67,21 +67,21 @@ configure_nginx() { echo "reading $NGINX_TEMPLATE ..." TEMP_NGINX=$(mktemp) - # 读取模板并替换变量 + # Read the template and replace variables while IFS= read -r line || [ -n "$line" ]; do - # 替换server_name + # Replace server_name if [[ $line =~ ^[[:space:]]*server_name[[:space:]]+ ]]; then echo " server_name $NGINX_SERVER_NAME www.$NGINX_SERVER_NAME;" - # 替换SSL证书路径 + # Replace SSL certificate path elif [[ $line =~ ^[[:space:]]*ssl_certificate[[:space:]]+ ]]; then echo " ssl_certificate $NGINX_SSL_CERT;" - # 替换SSL密钥路径 + # Replace SSL key path elif [[ $line =~ ^[[:space:]]*ssl_certificate_key[[:space:]]+ ]]; then echo " ssl_certificate_key $NGINX_SSL_KEY;" - # 精确匹配前端构建路径设置行 + # Exactly match the frontend build path setting line elif [[ $line =~ ^[[:space:]]*set[[:space:]]+\$frontend_build_root[[:space:]]+ ]]; then echo " set \$frontend_build_root $NGINX_FRONTEND_ROOT;" - # 简单替换端口号 + # Simple port number replacement elif [[ $line =~ localhost:3001 ]]; then echo "${line/localhost:3001/localhost:$BACKEND_PORT}" else @@ -89,16 +89,16 @@ configure_nginx() { fi done < "$NGINX_TEMPLATE" > "$TEMP_NGINX" - # 复制配置文件到目标位置 + # Copy the configuration file to the target location cp "$TEMP_NGINX" /etc/nginx/sites-available/ # cp "$TEMP_NGINX" default_temp rm "$TEMP_NGINX" } -# 执行配置 +# Execute configuration configure_nginx -# 测试Nginx配置 +# Test Nginx configuration cp nginx.conf /etc/nginx nginx -t diff --git a/backend/docker/Nginx/default b/backend/docker/Nginx/default index e738a42..1c46cde 100644 --- a/backend/docker/Nginx/default +++ b/backend/docker/Nginx/default @@ -1,59 +1,59 @@ server { - # 将 HTTP 重定向到 HTTPS + # Redirect HTTP to HTTPS listen 80; server_name YourDomain www.YourDomain; return 301 https://$server_name$request_uri; } server { - listen 443 ssl http2; # 监听 TCP 端口 443,支持 HTTP/2 和 SSL - listen 443 quic reuseport; # 监听 UDP 端口 443,用于 QUIC 和 HTTP/3 - # 'reuseport' 允许多个 worker 进程共享同一个端口,推荐用于 QUIC + listen 443 ssl http2; # Listen on TCP port 443, supporting HTTP/2 and SSL + listen 443 quic reuseport; # Listen on UDP port 443 for QUIC and HTTP/3 + # 'reuseport' allows multiple worker processes to share the same port, recommended for QUIC - # 确保 SSL 协议至少包含 TLSv1.3,因为 HTTP/3 要求 TLSv1.3 - ssl_protocols TLSv1.3 TLSv1.2; # 确保 TLSv1.3 在前面 + # Ensure that the SSL protocol includes at least TLSv1.3, as HTTP/3 requires TLSv1.3 + ssl_protocols TLSv1.3 TLSv1.2; # Make sure TLSv1.3 is at the front - # 添加 HTTP/3 特定的头部,告知浏览器 HTTP/3 可用 - # Alt-Svc (Alternative Service) 头部 - # h3=":443" 表示 HTTP/3 在当前域名和 443 端口上可用 - # ma=86400 表示这个信息缓存 24 小时 (86400 秒) + # Add HTTP/3 specific headers to inform the browser that HTTP/3 is available + # Alt-Svc (Alternative Service) header + # h3=":443" indicates that HTTP/3 is available on the current domain and port 443 + # ma=86400 means this information is cached for 24 hours (86400 seconds) add_header Alt-Svc 'h3=":443"; ma=86400'; - # (可选,但推荐) 启用 0-RTT 数据,可以进一步减少延迟 - # 需要客户端和服务器都支持 + # (Optional, but recommended) Enable 0-RTT data to further reduce latency + # Requires support from both client and server ssl_early_data on; server_name YourDomain www.YourDomain; - # SSL 配置 + # SSL Configuration ssl_certificate path/to/your/certFile; ssl_certificate_key path/to/your/privkeyFile; - # SSL 优化 + # SSL Optimization ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; - # 现代配置 + # Modern Configuration ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; - # HSTS (谨慎启用) + # HSTS (Enable with caution) # add_header Strict-Transport-Security "max-age=63072000" always; - # 定义前端构建产物在容器内的根路径 - # !!! 重要: 请将此路径修改为您的前端项目构建后在Nginx容器内的实际路径 !!! + # Define the root path of the frontend build artifacts inside the container + # !!! Important: Please modify this path to the actual path of your frontend project build inside the Nginx container !!! set $frontend_build_root path/to/your/frontend_build_root; - # 1. 优先处理 Next.js 的核心静态资源 (_next/static) + # 1. Prioritize handling of Next.js core static resources (_next/static) location /_next/static/ { alias $frontend_build_root/.next/static/; - expires 365d; # 长时间缓存 - access_log off; # 关闭此路径的访问日志 - add_header Cache-Control "public"; # 明确告知浏览器可以公开缓存 + expires 365d; # Long-term cache + access_log off; # Disable access log for this path + add_header Cache-Control "public"; # Explicitly inform the browser that it can be cached publicly } - # WebSocket 信令服务器配置 + # WebSocket signaling server configuration location /socket.io/ { proxy_pass http://localhost:3001/socket.io/; proxy_http_version 1.1; @@ -64,59 +64,59 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # CORS 配置 + # CORS Configuration add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - # WebSocket 相关优化 + # WebSocket related optimizations proxy_read_timeout 86400; # 24h proxy_send_timeout 86400; # 24h proxy_connect_timeout 7d; proxy_buffering off; } - # 后端API地址--转发 + # Backend API address -- forward location /api/ { - proxy_pass http://localhost:3001/api/; # 后端API地址--转发 + proxy_pass http://localhost:3001/api/; # Backend API address -- forward proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # 修改 CORS 配置,只设置一个 Origin + # Modify CORS configuration, only set one Origin add_header Access-Control-Allow-Origin "https://www.securityshare.xyz" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always; add_header Access-Control-Allow-Credentials "true" always; } - # Next.js 图片优化服务 (通常由 Next.js 应用处理) + # Next.js Image Optimization Service (usually handled by the Next.js application) location /_next/image { - proxy_pass http://localhost:3000; # 指向 Next.js 应用 + proxy_pass http://localhost:3000; # Point to the Next.js application proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } - # 2. 处理 public 目录下的静态文件和 Next.js 动态请求 - # 这个 location 应该在特定代理 (如 /api/, /socket.io/) 之后, - # 但在 /_next/static/ 之前或之后都可以,因为它们匹配不同的路径。 - # 为了清晰,我们把它放在这里。 + # 2. Handle static files under the public directory and Next.js dynamic requests + # This location should be after specific proxies (like /api/, /socket.io/), + # but it can be before or after /_next/static/ because they match different paths. + # For clarity, we put it here. location / { - # root 指向 public 目录的父目录,即前端构建产物的根目录 + # root points to the parent directory of the public directory, which is the root directory of the frontend build artifacts root $frontend_build_root/public; - # 尝试按顺序查找文件: - # 1. $uri: 作为 public 目录下的文件 (例如 /image.png -> $frontend_build_root/public/image.png) - # 2. $uri/: 作为 public 目录下的目录 (通常不直接用于 Next.js public 文件) - # 3. @nextjs: 如果以上都未找到,则将请求传递给 Next.js 应用处理 + # Try to find files in order: + # 1. $uri: as a file in the public directory (e.g., /image.png -> $frontend_build_root/public/image.png) + # 2. $uri/: as a directory in the public directory (not typically used for Next.js public files) + # 3. @nextjs: If none of the above are found, pass the request to the Next.js application for processing try_files $uri $uri/ @nextjs_app; } - # 命名 location, 用于将请求代理到 Next.js 应用 + # Named location, used to proxy requests to the Next.js application location @nextjs_app { - proxy_pass http://localhost:3000; # 指向 Next.js 应用 + proxy_pass http://localhost:3000; # Point to the Next.js application proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; diff --git a/backend/docker/Nginx/nginx.conf b/backend/docker/Nginx/nginx.conf index 364294a..4760a42 100644 --- a/backend/docker/Nginx/nginx.conf +++ b/backend/docker/Nginx/nginx.conf @@ -1,6 +1,6 @@ -#运行用户,需要给文件目录访问权限 +# The user that nginx runs as, needs file directory access permissions user root; -#启动进程,通常设置成和cpu的数量相等 +# The number of worker processes, usually set to be equal to the number of CPUs # worker_processes 1; worker_processes auto; pid /run/nginx.pid; diff --git a/backend/docker/Nginx/renew_ssl.sh b/backend/docker/Nginx/renew_ssl.sh index d0ab8c7..2a95a22 100755 --- a/backend/docker/Nginx/renew_ssl.sh +++ b/backend/docker/Nginx/renew_ssl.sh @@ -1,44 +1,44 @@ #!/bin/bash -# 证书监控续期脚本--自动检查,如果少于30天则续期, 手动执行: +# Certificate monitoring and renewal script--auto-checks, and renews if less than 30 days, manual execution: # cd path/to/privydrop/backend/docker/Nginx && bash renew_ssl.sh -# crontab 自动任务 +# crontab automatic task # chmod +x path/to/privydrop/backend/docker/Nginx/renew_ssl.sh -# crontab -e 打开编辑器 +# crontab -e open editor # 0 0 * * * bash path/to/privydrop/backend/docker/Nginx/renew_ssl.sh >> path/to/log/certbot-renew.log 2>&1 -# 首先切换到脚本所在目录 +# First switch to the script directory cd "$(dirname "$(readlink -f "$0")")" || exit 1 -# 定义证书目录 +# Define certificate directory CERTBOT_DIR="/etc/letsencrypt/live" -# 遍历所有证书 +# Iterate over all certificates for CERT_PATH in "$CERTBOT_DIR"/*/fullchain.pem; do - # 获取域名 + # Get domain name DOMAIN=$(basename "$(dirname "$CERT_PATH")") - # 检查证书有效期 + # Check certificate validity DAYS_REMAINING=$(openssl x509 -enddate -noout -in "$CERT_PATH" | cut -d= -f2 | xargs -I{} date -d "{}" +%s) NOW=$(date +%s) DAYS=$(( ($DAYS_REMAINING - $NOW) / 86400 )) echo "Domain: $DOMAIN, Days left: $DAYS days" - # 如果剩余时间少于 30 天,自动续期 + # If the remaining time is less than 30 days, renew automatically if [ $DAYS -lt 30 ]; then echo "Warning: Certificate for $DOMAIN will expire in $DAYS days. Renewing..." - # 运行续期命令之前要解除80端口占用--暂停ngnix + # Before running the renewal command, release port 80 -- stop nginx sudo bash stop_clean-log.sh - # 使用 Certbot 自动续期 + # Use Certbot for automatic renewal sudo certbot renew --force-renewal --cert-name "$DOMAIN" - # 检查续期是否成功 + # Check if renewal was successful if [ $? -eq 0 ]; then echo "Renewal successful for $DOMAIN" else echo "Failed to renew certificate for $DOMAIN" fi - # 启动ngnix + # Start nginx sudo bash configure.sh ../../.env.production.local fi done \ No newline at end of file diff --git a/backend/docker/TURN/configure.sh b/backend/docker/TURN/configure.sh index a7b51ae..3972aee 100644 --- a/backend/docker/TURN/configure.sh +++ b/backend/docker/TURN/configure.sh @@ -1,57 +1,57 @@ #!/bin/bash -# 定义必需的环境变量 +# Define required environment variables declare -A required_vars=( - ["TURN_EXTERNAL_IP"]="TURN服务器外部IP地址" - ["TURN_REALM"]="TURN服务器域名" - ["TURN_USERNAME"]="TURN服务器用户名" - ["TURN_PASSWORD"]="TURN服务器密码" + ["TURN_EXTERNAL_IP"]="TURN server external IP address" + ["TURN_REALM"]="TURN server realm" + ["TURN_USERNAME"]="TURN server username" + ["TURN_PASSWORD"]="TURN server password" ) -# 生产环境额外的必需变量 +# Additional required variables for production environment production_vars=( "TURN_CERT_PATH" "TURN_KEY_PATH" ) -# 验证环境变量 +# Validate environment variables validate_env_vars() { local missing_vars=() local env_file=$1 - echo "正在验证 TURN 服务器环境变量配置..." + echo "Verifying TURN server environment variable configuration..." - # 加载环境变量 + # Load environment variables source "$env_file" - # 检查基本必需变量 + # Check basic required variables for var in "${!required_vars[@]}"; do if [ -z "${!var}" ]; then missing_vars+=("$var (${required_vars[$var]})") fi done - # 如果是生产环境,检查额外的必需变量 + # If it is a production environment, check additional required variables if [[ "$NODE_ENV" == "production" ]]; then for var in "${production_vars[@]}"; do if [ -z "${!var}" ]; then - missing_vars+=("$var (生产环境必需)") + missing_vars+=("$var (Required for production)") fi done fi - # 如果有缺失的变量,显示错误信息并退出 + # If there are missing variables, display an error message and exit if [ ${#missing_vars[@]} -ne 0 ]; then - echo "错误: 以下必需的 TURN 服务器变量未设置:" + echo "Error: The following required TURN server variables are not set:" printf '%s\n' "${missing_vars[@]}" | sed 's/^/ - /' - echo "请在 $env_file 中设置这些变量后重试。" + echo "Please set these variables in $env_file and try again." exit 1 fi - echo "TURN 服务器环境变量验证通过!" + echo "TURN server environment variables verified successfully!" } -# 检查参数 +# Check parameters if [ -z "$1" ]; then echo "Usage: $0 " exit 1 @@ -60,45 +60,45 @@ fi ENV_FILE=$1 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -# 检查环境变量文件是否存在 +# Check if the environment variable file exists if [ ! -f "$ENV_FILE" ]; then echo "Error: Environment file $ENV_FILE not found" exit 1 fi -# 验证环境变量 +# Validate environment variables validate_env_vars "$ENV_FILE" -# 读取环境变量 +# Read environment variables source "$ENV_FILE" echo "Configuring TURN server..." -# 确定使用哪个配置模板 +# Determine which configuration template to use if [[ "$NODE_ENV" == "development" ]]; then TEMPLATE_FILE="$SCRIPT_DIR/turnserver_development.conf" else TEMPLATE_FILE="$SCRIPT_DIR/turnserver_production.conf" fi -# 创建临时配置文件 +# Create a temporary configuration file TEMP_CONF=$(mktemp) -# 读取模板并替换变量 +# Read the template and replace variables while IFS= read -r line || [ -n "$line" ]; do - # 替换external-ip + # Replace external-ip if [[ $line =~ ^external-ip= ]]; then echo "external-ip=$TURN_EXTERNAL_IP" - # 替换realm + # Replace realm elif [[ $line =~ ^realm= ]]; then echo "realm=$TURN_REALM" - # 替换user credentials + # Replace user credentials elif [[ $line =~ ^user= ]]; then echo "user=$TURN_USERNAME:$TURN_PASSWORD" - # 替换证书路径 + # Replace certificate path elif [[ $line =~ ^cert= ]]; then echo "cert=$TURN_CERT_PATH" - # 替换密钥路径 + # Replace key path elif [[ $line =~ ^pkey= ]]; then echo "pkey=$TURN_KEY_PATH" else @@ -107,13 +107,13 @@ while IFS= read -r line || [ -n "$line" ]; do done < "$TEMPLATE_FILE" > "$TEMP_CONF" # cp "$TEMP_CONF" turnserver.conf -# 使用sudo复制配置文件到目标位置 +# Use sudo to copy the configuration file to the target location cp "$TEMP_CONF" /etc/turnserver.conf -# # 删除临时文件 +# Delete temporary file rm "$TEMP_CONF" -# # 重启TURN服务器 +# Restart the TURN server service coturn restart echo "TURN server configuration has been updated and service restarted." \ No newline at end of file diff --git a/backend/docker/TURN/turnserver_development.conf b/backend/docker/TURN/turnserver_development.conf index 8cb4e08..2cee314 100644 --- a/backend/docker/TURN/turnserver_development.conf +++ b/backend/docker/TURN/turnserver_development.conf @@ -1,45 +1,45 @@ # /etc/turnserver.conf -# 监听所有接口 +# Listen on all interfaces listening-ip=0.0.0.0 -# 使用你的服务器公网IP +# Use your server's public IP external-ip=YourServerPublicIP -# TURN 服务器端口 +# TURN server port listening-port=3478 -# 启用 TLS--TURNS(加密的 TURN) +# Enable TLS -- TURNS (encrypted TURN) #tls-listening-port=5349 -# 中继端口范围 +# Relay port range min-port=49152 max-port=65535 -# 长期证书机制 +# Long-term certificate mechanism lt-cred-mech -# TURN 服务器域名(如果有的话) IP or YourTURNDomain +# TURN server domain (if any) IP or YourTURNDomain # realm=YourTURNDomain realm=YourServerPublicIP -# TURN 服务器证书和密钥(用于TLS) 开发环境可以不用证书 +# TURN server certificate and key (for TLS) certificates are not required in the development environment # cert=/etc/letsencrypt/live/turn.securityshare.xyz/fullchain.pem # pkey=/etc/letsencrypt/live/turn.securityshare.xyz/privkey.pem -# 用户名和密码(在生产环境中应使用更安全的方法) +# Username and password (a more secure method should be used in a production environment) user=UserName:PassWord -# 启用详细日志 +# Enable verbose logging verbose -# 允许回环地址 +# Allow loopback addresses # allow-loopback-peers -# 设置最大带宽(字节/秒) +# Set maximum bandwidth (bytes/second) # max-bandwidth=0 -# 禁用 TLS +# Disable TLS # no-tls -# 禁用 DTLS +# Disable DTLS # no-dtls \ No newline at end of file diff --git a/backend/docker/TURN/turnserver_production.conf b/backend/docker/TURN/turnserver_production.conf index bcd26d0..09bc380 100644 --- a/backend/docker/TURN/turnserver_production.conf +++ b/backend/docker/TURN/turnserver_production.conf @@ -1,45 +1,45 @@ # /etc/turnserver.conf -# 监听所有接口 +# Listen on all interfaces listening-ip=0.0.0.0 -# 使用你的服务器公网IP +# Use your server's public IP external-ip=YourServerPublicIP -# TURN 服务器端口 +# TURN server port listening-port=3478 -# 启用 TLS--TURNS(加密的 TURN) +# Enable TLS -- TURNS (encrypted TURN) tls-listening-port=5349 -# 中继端口范围 +# Relay port range min-port=49152 max-port=65535 -# 长期证书机制 +# Long-term certificate mechanism lt-cred-mech -# TURN 服务器域名(如果有的话) IP or YourTURNDomain +# TURN server domain (if any) IP or YourTURNDomain # realm=YourServerPublicIP realm=YourTURNDomain -# TURN 服务器证书和密钥(用于TLS) +# TURN server certificate and key (for TLS) cert=path/to/your/certFile pkey=path/to/your/privkeyFile -# 用户名和密码(在生产环境中应使用更安全的方法) +# Username and password (a more secure method should be used in a production environment) user=UserName:PassWord -# 启用详细日志 +# Enable verbose logging verbose -# 允许回环地址 +# Allow loopback addresses # allow-loopback-peers -# 设置最大带宽(字节/秒) +# Set maximum bandwidth (bytes/second) # max-bandwidth=0 -# 禁用 TLS +# Disable TLS # no-tls -# 禁用 DTLS +# Disable DTLS # no-dtls \ No newline at end of file diff --git a/backend/docker/env_install.log b/backend/docker/env_install.log index 4e85a91..3afaa4d 100644 --- a/backend/docker/env_install.log +++ b/backend/docker/env_install.log @@ -16,35 +16,35 @@ sudo apt-get update sudo apt install -y nodejs sudo npm install -g pnpm -# 安装Nginx (支持 HTTP/3,Ubuntu 示例) -参考: https://nginx.org/en/linux_packages.html#Ubuntu +# Install Nginx (with HTTP/3 support, Ubuntu example) +Reference: https://nginx.org/en/linux_packages.html#Ubuntu -1. **安装先决条件:** +1. **Install prerequisites:** sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -2. **导入 Nginx 签名密钥:** +2. **Import Nginx signing key:** curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null -3. **验证密钥:** +3. **Verify the key:** gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg - # 期望指纹: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + # Expected fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 -4. **为稳定版 Nginx 包设置 apt 仓库:** +4. **Set up the apt repository for stable Nginx packages:** echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list -5. **设置仓库 pinning:** +5. **Set up repository pinning:** echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ | sudo tee /etc/apt/preferences.d/99nginx -6. **安装 Nginx:** +6. **Install Nginx:** sudo apt update sudo apt install nginx