feat: Caddyfile 支持环境变量 — DOMAIN/ACME_EMAIL 通过 .docker.env 配置
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+3
-1
@@ -45,5 +45,7 @@ ENABLE_BACKGROUND_THINKING=true
|
||||
# ========== Webhook(可选) ==========
|
||||
WEBHOOK_API_KEY=
|
||||
|
||||
# ========== Caddy / ACME(有域名时填写) ==========
|
||||
# ========== 域名与 HTTPS(有域名时填写) ==========
|
||||
# 留空 = 仅 HTTP (:80);填写域名后 Caddy 自动申请 Let's Encrypt 证书
|
||||
DOMAIN=
|
||||
ACME_EMAIL=admin@example.com
|
||||
|
||||
@@ -1,36 +1,32 @@
|
||||
# Caddyfile — Cyrene AI 助手平台反向代理
|
||||
# Caddy version: 2.x
|
||||
# 环境变量: DOMAIN, ACME_EMAIL
|
||||
|
||||
{
|
||||
# 全局配置
|
||||
email {$ACME_EMAIL:admin@localhost}
|
||||
admin off
|
||||
}
|
||||
|
||||
# 默认站点
|
||||
:80 {
|
||||
# 访问日志
|
||||
# 站点(DOMAIN 未设置时回退到 :80 HTTP)
|
||||
{$DOMAIN::80} {
|
||||
log {
|
||||
output stdout
|
||||
format json
|
||||
}
|
||||
|
||||
# 安全头
|
||||
header {
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "DENY"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# 生产环境启用 HSTS
|
||||
# 生产环境有域名时取消注释
|
||||
# Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
||||
}
|
||||
|
||||
# WebSocket 路由 (需放在 API 路由之前以匹配优先级)
|
||||
# WebSocket 路由
|
||||
handle_path /ws/* {
|
||||
reverse_proxy gateway:8080 {
|
||||
# WebSocket 支持
|
||||
header_up Host {http.request.host}
|
||||
}
|
||||
reverse_proxy gateway:8080
|
||||
}
|
||||
|
||||
# API 路由 → Gateway
|
||||
@@ -42,9 +38,8 @@
|
||||
}
|
||||
}
|
||||
|
||||
# 前端静态文件 (未来可改为反代到 frontend 容器)
|
||||
# 前端静态文件
|
||||
handle {
|
||||
# 默认响应 — 前端尚未部署时使用
|
||||
respond "Cyrene AI Platform — Frontend coming soon." 200
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,6 +19,9 @@ services:
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
environment:
|
||||
DOMAIN: ${DOMAIN:-}
|
||||
ACME_EMAIL: ${ACME_EMAIL:-admin@localhost}
|
||||
volumes:
|
||||
- ./Caddyfile:/etc/caddy/Caddyfile
|
||||
- caddy_data:/data
|
||||
|
||||
@@ -6,14 +6,12 @@
|
||||
# 1. 配置环境变量
|
||||
cp .docker.env.example .docker.env
|
||||
# 编辑 .docker.env,填入真实的 API Key 和密码
|
||||
# 有域名时设置 DOMAIN=your-domain.com
|
||||
|
||||
# 2. 配置 Caddyfile(有域名时)
|
||||
# 将 :80 替换为你的域名,并取消 HSTS 注释
|
||||
|
||||
# 3. 启动所有服务
|
||||
# 2. 启动所有服务
|
||||
docker compose --env-file .docker.env up -d
|
||||
|
||||
# 4. 查看状态
|
||||
# 3. 查看状态
|
||||
docker compose ps
|
||||
docker compose logs -f
|
||||
```
|
||||
@@ -65,19 +63,18 @@ docker compose logs -f
|
||||
|
||||
## 域名与 HTTPS
|
||||
|
||||
有域名时修改 [Caddyfile](../../Caddyfile):
|
||||
在 `.docker.env` 中设置 `DOMAIN` 和 `ACME_EMAIL`:
|
||||
|
||||
```caddy
|
||||
# 将 :80 改为你的域名
|
||||
your-domain.com {
|
||||
# 取消 HSTS 注释
|
||||
header {
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
||||
}
|
||||
}
|
||||
```bash
|
||||
# 无域名(仅 HTTP)
|
||||
DOMAIN=
|
||||
|
||||
# 有域名(自动 HTTPS)
|
||||
DOMAIN=your-domain.com
|
||||
ACME_EMAIL=admin@your-domain.com
|
||||
```
|
||||
|
||||
Caddy 会自动从 Let's Encrypt 申请证书,确保 `ACME_EMAIL` 已正确填写。
|
||||
Caddy 在 `DOMAIN` 有值时自动从 Let's Encrypt 申请 TLS 证书,无需额外配置。
|
||||
|
||||
## 常用命令
|
||||
|
||||
|
||||
Reference in New Issue
Block a user