diff --git a/backend/docker/Dockerfile b/backend/docker/Dockerfile index facba10..c747b8d 100644 --- a/backend/docker/Dockerfile +++ b/backend/docker/Dockerfile @@ -43,7 +43,7 @@ RUN npm install -g pnpm pm2 #apt update && apt-get install yarn -y ## Install Nginx -RUN apt install nginx +RUN apt install -y nginx #clean up RUN apt-get clean autoclean diff --git a/backend/docker/env_install.sh b/backend/docker/env_install.sh index 13d2919..505f42f 100644 --- a/backend/docker/env_install.sh +++ b/backend/docker/env_install.sh @@ -3,7 +3,7 @@ sudo apt-get install -y vim coturn sudo apt-get install -y redis-server -sudo apt-get install -y curl +sudo apt-get install -y curl lsb-release sudo apt install -y ca-certificates gnupg && sudo mkdir -p /etc/apt/keyrings @@ -16,8 +16,12 @@ sudo apt-get update sudo apt install -y nodejs sudo npm install -g pnpm pm2 -# Install Nginx -sudo apt install -y nginx +# Install Nginx from official repository +curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - +echo "deb https://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list +sudo apt update && sudo apt install -y nginx +# Verify stream module +nginx -V 2>&1 | grep -o with-stream || echo "Stream module not available" sudo apt-get clean autoclean sudo apt-get autoremove --yes diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index d47a7bb..eb83060 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -17,56 +17,59 @@ Before you begin, please ensure your server environment meets the following requ - **Domain Name:** Required for a production deployment. - **Optional: Base Environment & Docker Image Reference:** If you are starting from a very clean system environment or wish to see the base dependencies for a Docker build, you can refer to the `backend/docker/Dockerfile` (for Docker image creation) and `backend/docker/env_install.log` (dependency installation log) files. -## 3. Dependency Services: Installation & Configuration +## 3. Environment Installation -### 3.1. Redis Server - -Redis is used by the backend for room management, session information, and caching. - -**Installation (Ubuntu Example):** +**Important Note:** The `backend/docker/env_install.sh` script in the project root contains all necessary dependency installation commands, including Node.js, Redis, Coturn, Nginx, and more. You can run this script directly to install all dependencies: ```bash -sudo apt update -sudo apt install redis-server +# Make the script executable +chmod +x backend/docker/env_install.sh + +# Run the installation script +sudo bash backend/docker/env_install.sh ``` -**Configuration:** - -- By default, Redis listens on `127.0.0.1:6379` without a password. Ensure your backend's `.env.production[development]` file includes the correct `REDIS_HOST` and `REDIS_PORT`. -- Verify that Redis is running: `sudo systemctl status redis-server` -- If it's not running, start it: `sudo systemctl start redis-server` - -### 3.2. TURN/STUN Server (Coturn) - -**Important: This section is optional.** By default, PrivyDrop uses public STUN servers, which are sufficient to establish connections in most network environments. You only need to set up your own TURN server if you have extremely high requirements for NAT traversal success rates. - -A TURN server is crucial for WebRTC to traverse NATs and firewalls. Coturn is a popular implementation. - -**Installation (Ubuntu Example):** +This script will automatically install: +- **Node.js v20** - Runtime environment +- **Redis Server** - Used for room management and caching +- **Coturn** - TURN/STUN server (optional, for NAT traversal) +- **Nginx** - Web server and reverse proxy (from official repository) +- **PM2** - Node.js process manager +- **Certbot** - SSL certificate management +After installation, you can verify the services: ```bash -sudo apt update -sudo apt install coturn +# Verify Node.js version +node -v + +# Verify Redis status +sudo systemctl status redis-server + +# Verify Nginx installation +nginx -V + +# Verify Coturn installation +sudo systemctl status coturn ``` -**Base Configuration:** +**Configuration Notes:** +- **Redis Configuration:** Default listening on `127.0.0.1:6379`, ensure your backend `.env` file includes correct `REDIS_HOST` and `REDIS_PORT` +- **TURN Service:** Optional configuration, PrivyDrop uses public STUN servers by default, only needed for extremely high NAT traversal requirements +- **Nginx:** Script installs official version and verifies stream module support -1. **Enable the Coturn service:** - Edit `/etc/default/coturn` and uncomment `TURNSERVER_ENABLED=1`. +**TURN Server Firewall Configuration (if configuring TURN service):** +```bash +# Enable the Coturn service +sudo sed -i 's/#TURNSERVER_ENABLED=1/TURNSERVER_ENABLED=1/' /etc/default/coturn -2. **Firewall Configuration:** - Open the necessary ports on your server's firewall (e.g., using `ufw`): +# Firewall Configuration: Open Turnserver default ports +sudo ufw allow Turnserver +sudo ufw reload +``` - ```bash - sudo ufw allow Turnserver - sudo ufw reload # or ufw enable - ``` - - The ports seen via `sudo ufw app info Turnserver` are as follows: - `3478,3479,5349,5350,49152:65535/tcp` - `3478,3479,5349,5350,49152:65535/udp` - - **Engineer's Note**: Detailed production configuration for Coturn (like SSL certificates, username, password, etc.) will be handled in `Section 4: Application Deployment` alongside Nginx and the main application to ensure a streamlined and unified process. +The ports seen via `sudo ufw app info Turnserver` are as follows: +- `3478,3479,5349,5350,49152:65535/tcp` +- `3478,3479,5349,5350,49152:65535/udp` ## 4. Application Deployment (Production) @@ -117,12 +120,7 @@ In production, Nginx will act as the entry point for all traffic, handling SSL t ``` Then, edit `frontend/.env.production` to set `NEXT_PUBLIC_API_URL` to your backend service domain (e.g., `https://privydrop.app`). -2. **Install Nginx:** - ```bash - sudo apt install -y nginx - ``` - -3. **Firewall:** +2. **Firewall:** Open 'Nginx Full' default ports and 443/udp: ```bash @@ -133,7 +131,7 @@ In production, Nginx will act as the entry point for all traffic, handling SSL t The ports seen via `sudo ufw app info 'Nginx Full'` are as follows: 80,443/tcp -4. **Generate Base Nginx Configuration:** +3. **Generate Base Nginx Configuration:** The `backend/docker/Nginx/` directory provides a configuration script and template. This template uses a temporary "placeholder" certificate to ensure the Nginx configuration is valid before obtaining a real certificate. - Now, edit the `backend/.env.production` file and add the `NGINX_*` related variables. **Do not include SSL certificate paths yet**. Example: @@ -261,13 +259,7 @@ With the unified SSL certificate obtained, we can now complete the production co PM2 is a powerful process manager for Node.js. We will use it to run both backend and frontend services. -1. **Install PM2 globally:** - - ```bash - sudo npm install -g pm2 - ``` - -2. **Start Services Using Unified Configuration:** +1. **Start Services Using Unified Configuration:** The project root directory provides a unified `ecosystem.config.js` configuration file that can start all services at once: @@ -279,7 +271,7 @@ PM2 is a powerful process manager for Node.js. We will use it to run both backen sudo pm2 start ecosystem.config.js ``` -3. **Manage Applications:** +2. **Manage Applications:** - View status: `pm2 list` - View logs: `pm2 logs ` (e.g., `pm2 logs signaling-server` or `pm2 logs privydrop-frontend`) - Set up startup script: `pm2 startup` followed by `pm2 save` diff --git a/docs/DEPLOYMENT.zh-CN.md b/docs/DEPLOYMENT.zh-CN.md index 6d690b8..bf4b813 100644 --- a/docs/DEPLOYMENT.zh-CN.md +++ b/docs/DEPLOYMENT.zh-CN.md @@ -17,56 +17,59 @@ - **域名:** 生产环境部署需要一个域名。 - **可选:基础环境与 Docker 镜像参考:** 如果您需要从一个非常纯净的系统环境开始搭建,或者希望了解用于 Docker 构建的基础依赖,可以参考 `backend/docker/Dockerfile` 文件(用于 Docker 基础镜像构建)和 `backend/docker/env_install.log` 文件(依赖安装记录)。 -## 3. 依赖服务安装与配置 +## 3. 环境安装 -### 3.1. Redis 服务器 - -Redis 用于后端的房间管理、会话信息和缓存。 - -**安装 (Ubuntu 示例):** +**重要提示:** 项目根目录的 `backend/docker/env_install.sh` 脚本包含了所有必要的依赖安装命令,包括 Node.js、Redis、Coturn、Nginx 等。您可以直接运行此脚本来安装所有依赖: ```bash -sudo apt update -sudo apt install redis-server +# 确保脚本有执行权限 +chmod +x backend/docker/env_install.sh + +# 运行安装脚本 +sudo bash backend/docker/env_install.sh ``` -**配置:** - -- 默认情况下,Redis 监听 `127.0.0.1:6379` 且无需密码。请确保后端的 `.env.production[development]` 文件中包含 `REDIS_HOST` 和 `REDIS_PORT`。 -- 确保 Redis 正在运行:`sudo systemctl status redis-server` -- 如果未运行,请启动:`sudo systemctl start redis-server` - -### 3.2. TURN/STUN 服务器 (Coturn) - -**重要提示:本节为可选配置。** Privydrop 默认仅使用公共 STUN 服务器,在多数网络环境下足以建立连接。只有当您对 NAT 穿透成功率有极高要求时,才需要搭建自己的 TURN 服务器。 - -TURN 服务器对于 WebRTC 穿透 NAT 和防火墙至关重要。Coturn 是一个流行的实现。 - -**安装 (Ubuntu 示例):** +该脚本将自动安装: +- **Node.js v20** - 运行环境 +- **Redis Server** - 用于房间管理和缓存 +- **Coturn** - TURN/STUN 服务器(可选,用于NAT穿透) +- **Nginx** - Web 服务器和反向代理(使用官方仓库) +- **PM2** - Node.js 进程管理器 +- **Certbot** - SSL 证书管理 +安装完成后,可以验证各服务状态: ```bash -sudo apt update -sudo apt install coturn +# 验证 Node.js 版本 +node -v + +# 验证 Redis 状态 +sudo systemctl status redis-server + +# 验证 Nginx 安装 +nginx -V + +# 验证 Coturn 安装 +sudo systemctl status coturn ``` -**基础配置:** +**注意事项:** +- **Redis配置:** 默认监听 `127.0.0.1:6379`,请确保后端 `.env` 文件中包含正确的 `REDIS_HOST` 和 `REDIS_PORT` +- **TURN服务:** 为可选配置,Privydrop 默认使用公共 STUN 服务器,只有对 NAT 穿透有极高要求时才需要配置 +- **Nginx:** 脚本安装官方版本并验证 stream 模块支持 -1. **启用 Coturn 服务:** - 编辑 `/etc/default/coturn` 并取消注释 `TURNSERVER_ENABLED=1`。 +**TURN服务器防火墙配置(如果需要配置TURN服务):** +```bash +# 启用 Coturn 服务 +sudo sed -i 's/#TURNSERVER_ENABLED=1/TURNSERVER_ENABLED=1/' /etc/default/coturn -2. **防火墙配置:** - 在服务器的防火墙上打开 Turnserver 默认端口 (例如,使用 `ufw`): +# 防火墙配置:打开 Turnserver 默认端口 +sudo ufw allow Turnserver +sudo ufw reload +``` - ```bash - sudo ufw allow Turnserver - sudo ufw reload # 或 ufw enable - ``` - - 通过 sudo ufw app info Turnserver 看到的端口如下: - 3478,3479,5349,5350,49152:65535/tcp - 3478,3479,5349,5350,49152:65535/udp - -**工程师提示**:关于 Coturn 在生产环境中的详细配置(如 SSL 证书、用户名、密码等),将在 `第 4 节:应用部署` 中与 Nginx 和主应用一同进行,以确保流程的统一和简化。 +通过 `sudo ufw app info Turnserver` 看到的端口如下: +- `3478,3479,5349,5350,49152:65535/tcp` +- `3478,3479,5349,5350,49152:65535/udp` ## 4. 应用部署 (生产环境) @@ -117,11 +120,7 @@ cd backend && npm run build && cd .. ``` 然后编辑 `frontend/.env.production`,配置 `NEXT_PUBLIC_API_URL` 为您的后端服务域名 (例如 `https://privydrop.app`)。 -2. **安装 Nginx:** - ```bash - sudo apt install -y nginx - ``` -3. **防火墙:** +2. **防火墙:** 打开'Nginx Full'默认端口以及 443/udp ```bash @@ -132,7 +131,7 @@ cd backend && npm run build && cd .. 通过 sudo ufw app info 'Nginx Full'看到的端口如下: 80,443/tcp -4. **生成 Nginx 基础配置:** +3. **生成 Nginx 基础配置:** 后端项目 `backend/docker/Nginx/` 目录中提供了配置脚本和模板。此模板使用一个临时的"占位符"证书,以确保 Nginx 配置在申请真实证书前是有效的。 - 现在,编辑 `backend/.env.production` 文件,添加 `NGINX_*` 相关变量。**无需 SSL 证书路径**。示例为: @@ -259,13 +258,7 @@ cd backend && npm run build && cd .. PM2 是一个强大的 Node.js 进程管理器,我们将用它来运行后端和前端服务。 -1. **全局安装 PM2:** - - ```bash - sudo npm install -g pm2 - ``` - -2. **使用统一配置文件启动服务:** +1. **使用统一配置文件启动服务:** 项目根目录提供了一个统一的 `ecosystem.config.js` 配置文件,可以一次性启动所有服务: @@ -277,7 +270,7 @@ PM2 是一个强大的 Node.js 进程管理器,我们将用它来运行后端 sudo pm2 start ecosystem.config.js ``` -3. **管理应用:** +2. **管理应用:** - 查看状态: `pm2 list` - 查看日志: `pm2 logs ` (例如:`pm2 logs signaling-server` 或 `pm2 logs privydrop-frontend`) - 设置开机自启: `pm2 startup` 然后 `pm2 save`