Cloudflare Tunnel 多服务部署指南
将 MBE 和 QT2 同时部署到 Cloudflare
mbe.hi-maker.com + qt2.hi-maker.com
一、架构概览
┌─────────────────────────────────────────────────┐
│ Cloudflare Edge │
│ │
│ mbe.hi-maker.com ──┐ │
│ ├──► Cloudflare Tunnel │
│ qt2.hi-maker.com ──┘ │
└─────────────────────────┬───────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ 本地服务器 │
│ │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ cloudflared │ ───► │ Tunnel │ │
│ └─────────────┘ │ Config │ │
│ └──────┬──────┘ │
│ │ │
│ ┌────────────────┼────────────────┐│
│ │ │ ││
│ ▼ ▼ ││
│ ┌─────────────────┐ ┌─────────────────┐ ││
│ │ MBE API │ │ QT2 服务 │ ││
│ │ localhost:8000 │ │ localhost:3000 │ ││
│ └─────────────────┘ └─────────────────┘ ││
│ ││
└─────────────────────────────────────────────────┘
二、配置方式
方式一:使用配置文件(推荐)
1. 创建 Cloudflare Tunnel
# 登录 Cloudflare
cloudflared tunnel login
# 创建隧道
cloudflared tunnel create hi-maker-tunnel
# 会生成:
# - Tunnel ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# - 凭证文件: ~/.cloudflared/<tunnel-id>.json
2. 创建配置文件
创建 ~/.cloudflared/config.yml(Linux/Mac)或 C:\Users\<用户>\.cloudflared\config.yml(Windows):
# Cloudflare Tunnel 配置文件
# 支持多个服务路由到不同子域名
tunnel: hi-maker-tunnel
credentials-file: /root/.cloudflared/<tunnel-id>.json
# 入口规则 - 按顺序匹配
ingress:
# MBE 服务
- hostname: mbe.hi-maker.com
service: http://localhost:8000
originRequest:
connectTimeout: 30s
noTLSVerify: true
# QT2 服务
- hostname: qt2.hi-maker.com
service: http://localhost:3000
originRequest:
connectTimeout: 30s
# WebSocket 支持 (如果需要单独配置)
- hostname: mbe.hi-maker.com
path: /ws/*
service: http://localhost:8000
originRequest:
connectTimeout: 120s
# 默认 - 必须有一个 catch-all 规则
- service: http_status:404
3. 配置 DNS
在 Cloudflare Dashboard 中添加 DNS 记录:
类型: CNAME
名称: mbe
内容: <tunnel-id>.cfargotunnel.com
代理: 是 (橙色云朵)
类型: CNAME
名称: qt2
内容: <tunnel-id>.cfargotunnel.com
代理: 是 (橙色云朵)
或者使用命令:
cloudflared tunnel route dns hi-maker-tunnel mbe.hi-maker.com
cloudflared tunnel route dns hi-maker-tunnel qt2.hi-maker.com
4. 启动 Tunnel
# 前台运行(测试)
cloudflared tunnel run hi-maker-tunnel
# 后台运行(生产)
cloudflared service install
systemctl start cloudflared
方式二:使用 Docker Compose(推荐生产环境)
创建一个统一的 Docker Compose 配置:
# docker-compose.multi-service.yml
version: '3.8'
services:
# ==================== MBE 服务 ====================
mbe-api:
image: mbe-api:gpu
container_name: mbe-api
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql+asyncpg://mbe:password@mbe-postgres:5432/mbe
- REDIS_URL=redis://mbe-redis:6379
- LLM_API_KEY=${LLM_API_KEY}
volumes:
- ./mises-behavior-engine/src:/app/src
- ./mises-behavior-engine/knowledge_bases:/app/knowledge_bases
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
depends_on:
- mbe-postgres
- mbe-redis
restart: always
networks:
- app-network
mbe-postgres:
image: pgvector/pgvector:pg16
container_name: mbe-postgres
environment:
- POSTGRES_USER=mbe
- POSTGRES_PASSWORD=password
- POSTGRES_DB=mbe
volumes:
- mbe-pgdata:/var/lib/postgresql/data
restart: always
networks:
- app-network
mbe-redis:
image: redis:alpine
container_name: mbe-redis
volumes:
- mbe-redisdata:/data
restart: always
networks:
- app-network
# ==================== QT2 服务 ====================
qt2-app:
image: qt2-app:latest
container_name: qt2-app
ports:
- "3000:3000"
environment:
- NODE_ENV=production
# 添加 QT2 的环境变量
volumes:
- ./qt2/dist:/app/dist
restart: always
networks:
- app-network
# ==================== Cloudflare Tunnel ====================
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared-tunnel
command: tunnel --config /etc/cloudflared/config.yml run
volumes:
- ./cloudflared:/etc/cloudflared
depends_on:
- mbe-api
- qt2-app
restart: always
networks:
- app-network
volumes:
mbe-pgdata:
mbe-redisdata:
networks:
app-network:
driver: bridge
创建 cloudflared 配置目录
mkdir -p cloudflared
# 复制凭证文件
cp ~/.cloudflared/<tunnel-id>.json ./cloudflared/
# 创建配置文件
cat > ./cloudflared/config.yml << 'EOF'
tunnel: hi-maker-tunnel
credentials-file: /etc/cloudflared/<tunnel-id>.json
ingress:
- hostname: mbe.hi-maker.com
service: http://mbe-api:8000
- hostname: qt2.hi-maker.com
service: http://qt2-app:3000
- service: http_status:404
EOF
方式三:使用 Cloudflare Dashboard Token(最简单)
如果已经在 Cloudflare Dashboard 创建了 Tunnel:
- 进入 Cloudflare Dashboard → Zero Trust → Networks → Tunnels
- 创建或编辑 Tunnel
- 在 Public Hostname 中添加多个路由:
| Subdomain | Domain | Service | Port |
|---|---|---|---|
| mbe | hi-maker.com | HTTP | localhost:8000 |
| qt2 | hi-maker.com | HTTP | localhost:3000 |
- 获取 Tunnel Token
- 使用 Token 启动:
# docker-compose.tunnel.yml
version: '3.8'
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
command: tunnel --no-autoupdate run --token ${CLOUDFLARE_TUNNEL_TOKEN}
restart: always
network_mode: host # 使用 host 网络直接访问 localhost
# .env 文件
CLOUDFLARE_TUNNEL_TOKEN=eyJhIjoixxxxxx...
三、完整部署步骤
步骤 1:准备目录结构
/opt/services/
├── mises-behavior-engine/ # MBE 代码
├── qt2/ # QT2 代码
├── cloudflared/ # Cloudflare 配置
│ ├── config.yml
│ └── <tunnel-id>.json
├── docker-compose.yml # 统一 compose 文件
└── .env # 环境变量
步骤 2:配置 .env
# .env
# MBE 配置
LLM_API_KEY=sk-your-deepseek-key
MBE_SECRET_KEY=your-secret-key
# QT2 配置
QT2_API_KEY=your-qt2-key
# Cloudflare
CLOUDFLARE_TUNNEL_TOKEN=eyJhIjoixxxxxx...
步骤 3:启动服务
cd /opt/services
# 构建镜像
docker compose build
# 启动所有服务
docker compose up -d
# 查看状态
docker compose ps
# 查看日志
docker compose logs -f cloudflared
步骤 4:验证
# 检查 MBE
curl https://mbe.hi-maker.com/health
# 检查 QT2
curl https://qt2.hi-maker.com/
# 检查 Cloudflare Tunnel 状态
docker logs cloudflared
四、常见问题
Q1: WebSocket 连接失败
在 Cloudflare Dashboard 中启用 WebSocket:
- 进入 hi-maker.com → Rules → Settings
- 确保 WebSockets 开启
或在配置文件中添加:
ingress:
- hostname: mbe.hi-maker.com
service: http://localhost:8000
originRequest:
connectTimeout: 120s
# WebSocket 自动支持
Q2: 两个服务端口冲突
确保每个服务使用不同端口:
- MBE: 8000
- QT2: 3000
Q3: 如何添加更多服务?
在 config.yml 的 ingress 中添加新规则:
ingress:
- hostname: mbe.hi-maker.com
service: http://localhost:8000
- hostname: qt2.hi-maker.com
service: http://localhost:3000
# 新服务
- hostname: new-service.hi-maker.com
service: http://localhost:4000
- service: http_status:404
然后添加 DNS:
cloudflared tunnel route dns hi-maker-tunnel new-service.hi-maker.com
Q4: 如何查看 Tunnel 状态?
# 命令行
cloudflared tunnel info hi-maker-tunnel
# 或在 Cloudflare Dashboard
# Zero Trust → Networks → Tunnels
五、监控与维护
健康检查脚本
#!/bin/bash
# check_services.sh
echo "检查服务状态..."
# 检查 MBE
if curl -s https://mbe.hi-maker.com/health | grep -q "ok"; then
echo "✅ MBE: 正常"
else
echo "❌ MBE: 异常"
fi
# 检查 QT2
if curl -s -o /dev/null -w "%{http_code}" https://qt2.hi-maker.com/ | grep -q "200"; then
echo "✅ QT2: 正常"
else
echo "❌ QT2: 异常"
fi
# 检查 Tunnel
if docker ps | grep -q cloudflared; then
echo "✅ Tunnel: 运行中"
else
echo "❌ Tunnel: 未运行"
fi
自动重启
# 添加到 crontab
*/5 * * * * docker ps | grep -q cloudflared || docker restart cloudflared
六、成本
| 项目 | 费用 |
|---|---|
| Cloudflare Tunnel | 免费 |
| DNS 托管 | 免费 |
| SSL 证书 | 免费(Cloudflare 自动提供) |
| 带宽 | 免费(合理使用) |
更新日期: 2026-01-21