2bc5c7e0be
新增: - NGINX.md: Nginx 反向代理部署指南(含 HTTPS 配置) - FEISHU_PERMISSIONS.md: 飞书权限配置指南 修正: - README.md: 更正飞书权限(im:file → im:message + im:resource) - 添加文档链接
7.3 KiB
7.3 KiB
Nginx 部署指南
📋 完整部署流程
1️⃣ 准备服务器
推荐配置:
- CPU: 1 核
- 内存:1GB
- 存储:10GB
- 系统:Ubuntu 20.04+ / CentOS 7+
2️⃣ 安装 Node.js
# Ubuntu/Debian
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
# CentOS/RHEL
curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
sudo yum install -y nodejs
# 验证
node --version # 应 >= 18
npm --version
3️⃣ 克隆项目
git clone -b master http://git.joywaygames.cn:3000/daoqi/qiniu-feishu-bot.git
cd qiniu-feishu-bot
4️⃣ 配置应用
# 复制配置文件
cp .env.example .env
cp config/qiniu-config.json.example config/qiniu-config.json
# 编辑飞书配置
nano .env
.env 文件:
# 飞书配置(从飞书开放平台获取)
FEISHU_APP_ID=cli_xxxxxxxxxx
FEISHU_APP_SECRET=xxxxxxxxxxxxxx
FEISHU_VERIFICATION_TOKEN=xxxxxxxxxxxxxx
FEISHU_ENCRYPT_KEY=xxxxxxxxxxxxxx
# 七牛云配置
QINIU_ACCESS_KEY=xxxxxxxxxxxxxx
QINIU_SECRET_KEY=xxxxxxxxxxxxxx
QINIU_BUCKET=your-bucket-name
QINIU_REGION=z0
QINIU_DOMAIN=https://your-cdn.com
# 服务配置
PORT=3000
NODE_ENV=production
5️⃣ 安装依赖
npm install
6️⃣ 使用 PM2 管理进程
# 安装 PM2
npm install -g pm2
# 启动应用
pm2 start src/index.js --name qiniu-bot
# 设置开机自启
pm2 startup
pm2 save
# 查看状态
pm2 status
pm2 logs qiniu-bot
🔧 Nginx 配置
安装 Nginx
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install -y nginx
# CentOS/RHEL
sudo yum install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
配置 Nginx
sudo nano /etc/nginx/sites-available/qiniu-bot
# 或 CentOS: sudo nano /etc/nginx/conf.d/qiniu-bot.conf
配置内容:
server {
listen 80;
server_name your-domain.com; # 替换为你的域名或服务器 IP
# 日志
access_log /var/log/nginx/qiniu-bot-access.log;
error_log /var/log/nginx/qiniu-bot-error.log;
# 飞书事件回调
location /feishu/event {
proxy_pass http://127.0.0.1:3000/feishu/event;
proxy_http_version 1.1;
# 保留原始请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 飞书签名验证需要这些头
proxy_set_header X-Feishu-Request-Timestamp $http_x_feishu_request_timestamp;
proxy_set_header X-Feishu-Request-Nonce $http_x_feishu_request_nonce;
proxy_set_header X-Feishu-Request-Signature $http_x_feishu_request_signature;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 健康检查
location /health {
proxy_pass http://127.0.0.1:3000/health;
access_log off;
}
}
启用配置
# Ubuntu/Debian
sudo ln -s /etc/nginx/sites-available/qiniu-bot /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
# CentOS/RHEL
sudo nginx -t
sudo systemctl restart nginx
配置防火墙
# Ubuntu (UFW)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload
# CentOS (Firewall)
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# 云服务器安全组
# 在阿里云/腾讯云控制台开放 80 和 443 端口
🔒 配置 HTTPS(推荐)
使用 Let's Encrypt 免费证书
# 安装 Certbot
sudo apt-get install -y certbot python3-certbot-nginx # Ubuntu
sudo yum install -y certbot python3-certbot-nginx # CentOS
# 获取证书
sudo certbot --nginx -d your-domain.com
# 自动续期
sudo crontab -e
# 添加:0 3 * * * certbot renew --quiet
HTTPS 配置(Certbot 自动配置后):
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# SSL 优化
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location /feishu/event {
proxy_pass http://127.0.0.1:3000/feishu/event;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Feishu-Request-Timestamp $http_x_feishu_request_timestamp;
proxy_set_header X-Feishu-Request-Nonce $http_x_feishu_request_nonce;
proxy_set_header X-Feishu-Request-Signature $http_x_feishu_request_signature;
}
location /health {
proxy_pass http://127.0.0.1:3000/health;
access_log off;
}
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
✅ 验证部署
1. 检查服务状态
# 检查 Node.js 应用
pm2 status
# 检查 Nginx
sudo systemctl status nginx
# 检查端口
sudo netstat -tlnp | grep -E ':(80|443|3000)'
2. 测试健康检查
curl http://localhost/health
curl http://your-domain.com/health
应返回:{"status":"ok",...}
3. 测试飞书回调
在飞书开放平台重新配置事件订阅:
- 请求地址:
https://your-domain.com/feishu/event - 点击"保存",应显示验证成功
🔧 故障排查
Nginx 启动失败
# 检查配置
sudo nginx -t
# 查看错误日志
sudo tail -f /var/log/nginx/error.log
飞书回调失败
# 查看应用日志
pm2 logs qiniu-bot
# 查看 Nginx 日志
sudo tail -f /var/log/nginx/qiniu-bot-error.log
# 测试本地访问
curl -X POST http://localhost:3000/feishu/event \
-H "Content-Type: application/json" \
-d '{"type":"url_verification","challenge":"test"}'
端口被占用
# 查找占用端口的进程
sudo lsof -i :80
sudo lsof -i :3000
# 停止冲突服务
sudo systemctl stop apache2 # 如果 Apache 占用 80
权限问题
# 确保 Nginx 能访问
sudo chown -R www-data:www-data /var/log/nginx/
sudo chmod 644 /etc/nginx/sites-available/qiniu-bot
📝 日常维护
查看日志
# 应用日志
pm2 logs qiniu-bot
# Nginx 日志
sudo tail -f /var/log/nginx/qiniu-bot-access.log
sudo tail -f /var/log/nginx/qiniu-bot-error.log
重启服务
# 重启应用
pm2 restart qiniu-bot
# 重启 Nginx
sudo systemctl restart nginx
# 全部重启
pm2 restart all
sudo systemctl restart nginx
更新代码
cd /path/to/qiniu-feishu-bot
git pull
npm install # 如果有新依赖
pm2 restart qiniu-bot
📊 性能优化
Nginx 优化
# 在 http 块中添加
worker_processes auto;
worker_connections 1024;
# 启用压缩
gzip on;
gzip_types text/plain application/json;
Node.js 优化
# 使用集群模式(可选)
pm2 start src/index.js --name qiniu-bot -i max
🍙 祝你部署顺利!