MBE订阅系统 - 生产环境部署指南
📋 部署清单
1. 环境准备
服务器要求
操作系统: Ubuntu 22.04 LTS / CentOS 8+
CPU: 4核+
内存: 8GB+
硬盘: 100GB+ SSD
带宽: 10Mbps+
依赖服务
Python: 3.10+
PostgreSQL: 14+
Redis: 6.2+
Nginx: 1.20+
Docker: 20.10+ (可选)
🚀 部署步骤
Step 1: 安装系统依赖
# 更新系统
sudo apt update && sudo apt upgrade -y
# 安装Python和依赖
sudo apt install python3.10 python3-pip python3-venv -y
# 安装PostgreSQL
sudo apt install postgresql postgresql-contrib -y
# 安装Redis
sudo apt install redis-server -y
# 安装Nginx
sudo apt install nginx -y
# 安装Node.js (前端构建)
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install nodejs -y
Step 2: 配置PostgreSQL
# 切换到postgres用户
sudo -u postgres psql
# 创建数据库和用户
CREATE DATABASE mbe_subscription;
CREATE USER mbe_user WITH ENCRYPTED PASSWORD 'your_secure_password';
GRANT ALL PRIVILEGES ON DATABASE mbe_subscription TO mbe_user;
# 退出
\q
# 修改PostgreSQL配置允许远程连接(如需要)
sudo nano /etc/postgresql/14/main/postgresql.conf
# 修改: listen_addresses = '*'
sudo nano /etc/postgresql/14/main/pg_hba.conf
# 添加: host all all 0.0.0.0/0 md5
# 重启PostgreSQL
sudo systemctl restart postgresql
Step 3: 配置Redis
# 编辑Redis配置
sudo nano /etc/redis/redis.conf
# 设置密码(可选)
# requirepass your_redis_password
# 允许后台运行
daemonize yes
# 重启Redis
sudo systemctl restart redis-server
Step 4: 部署后端服务
# 创建项目目录
sudo mkdir -p /var/www/mbe
sudo chown $USER:$USER /var/www/mbe
cd /var/www/mbe
# 克隆代码(或上传)
git clone https://github.com/your-org/mises-behavior-engine.git
cd mises-behavior-engine
# 创建虚拟环境
python3 -m venv venv
source venv/bin/activate
# 安装Python依赖
pip install -r requirements.txt
# 复制环境变量文件
cp .env.subscription .env
nano .env
# 修改数据库、Redis、支付等配置
# 初始化数据库
python -m src.database.subscription_db
# 测试运行
python src/main.py
Step 5: 配置Gunicorn(生产WSGI服务器)
# 安装Gunicorn
pip install gunicorn
# 创建Gunicorn配置文件
nano /var/www/mbe/mises-behavior-engine/gunicorn.conf.py
# gunicorn.conf.py
bind = "127.0.0.1:8000"
workers = 4
worker_class = "uvicorn.workers.UvicornWorker"
timeout = 120
keepalive = 5
errorlog = "/var/log/mbe/gunicorn-error.log"
accesslog = "/var/log/mbe/gunicorn-access.log"
loglevel = "info"
# 创建日志目录
sudo mkdir -p /var/log/mbe
sudo chown $USER:$USER /var/log/mbe
Step 6: 配置Systemd服务
# 创建后端服务文件
sudo nano /etc/systemd/system/mbe-backend.service
[Unit]
Description=MBE Backend Service
After=network.target postgresql.service redis.service
[Service]
Type=notify
User=www-data
Group=www-data
WorkingDirectory=/var/www/mbe/mises-behavior-engine
Environment="PATH=/var/www/mbe/mises-behavior-engine/venv/bin"
ExecStart=/var/www/mbe/mises-behavior-engine/venv/bin/gunicorn -c gunicorn.conf.py src.main:app
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# 创建Celery Worker服务
sudo nano /etc/systemd/system/mbe-celery-worker.service
[Unit]
Description=MBE Celery Worker
After=network.target redis.service
[Service]
Type=forking
User=www-data
Group=www-data
WorkingDirectory=/var/www/mbe/mises-behavior-engine
Environment="PATH=/var/www/mbe/mises-behavior-engine/venv/bin"
ExecStart=/var/www/mbe/mises-behavior-engine/venv/bin/celery -A src.tasks.celery_tasks worker --loglevel=info --logfile=/var/log/mbe/celery-worker.log
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# 创建Celery Beat服务(定时任务)
sudo nano /etc/systemd/system/mbe-celery-beat.service
[Unit]
Description=MBE Celery Beat
After=network.target redis.service
[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/var/www/mbe/mises-behavior-engine
Environment="PATH=/var/www/mbe/mises-behavior-engine/venv/bin"
ExecStart=/var/www/mbe/mises-behavior-engine/venv/bin/celery -A src.tasks.celery_tasks beat --loglevel=info --logfile=/var/log/mbe/celery-beat.log
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable mbe-backend mbe-celery-worker mbe-celery-beat
sudo systemctl start mbe-backend mbe-celery-worker mbe-celery-beat
# 查看状态
sudo systemctl status mbe-backend
sudo systemctl status mbe-celery-worker
sudo systemctl status mbe-celery-beat
Step 7: 部署前端
# 进入前端目录
cd /var/www/mbe/mises-behavior-engine/opensource/mbe-education/frontend
# 安装依赖
npm install
# 构建生产版本
npm run build
# 输出在 .next 目录
Step 8: 配置Nginx
# 创建Nginx配置
sudo nano /etc/nginx/sites-available/mbe
# HTTP重定向到HTTPS
server {
listen 80;
server_name api.mbe.com www.mbe.com;
return 301 https://$server_name$request_uri;
}
# 后端API
server {
listen 443 ssl http2;
server_name api.mbe.com;
# SSL证书配置
ssl_certificate /etc/ssl/certs/mbe.crt;
ssl_certificate_key /etc/ssl/private/mbe.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 日志
access_log /var/log/nginx/mbe-api-access.log;
error_log /var/log/nginx/mbe-api-error.log;
# 代理到后端
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 限流
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=100r/s;
location /api/ {
limit_req zone=api_limit burst=200 nodelay;
proxy_pass http://127.0.0.1:8000;
}
}
# 前端网站
server {
listen 443 ssl http2;
server_name www.mbe.com;
# SSL证书
ssl_certificate /etc/ssl/certs/mbe.crt;
ssl_certificate_key /etc/ssl/private/mbe.key;
# 日志
access_log /var/log/nginx/mbe-web-access.log;
error_log /var/log/nginx/mbe-web-error.log;
# 静态文件
location /_next/static/ {
alias /var/www/mbe/mises-behavior-engine/opensource/mbe-education/frontend/.next/static/;
expires 365d;
add_header Cache-Control "public, immutable";
}
# Next.js应用
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# 启用站点
sudo ln -s /etc/nginx/sites-available/mbe /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Step 9: 配置SSL证书(Let's Encrypt)
# 安装Certbot
sudo apt install certbot python3-certbot-nginx -y
# 获取证书
sudo certbot --nginx -d api.mbe.com -d www.mbe.com
# 自动续期测试
sudo certbot renew --dry-run
Step 10: 配置防火墙
# 使用UFW
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
# 查看状态
sudo ufw status
🔧 配置优化
PostgreSQL性能优化
sudo nano /etc/postgresql/14/main/postgresql.conf
# 根据8GB内存服务器优化
shared_buffers = 2GB
effective_cache_size = 6GB
maintenance_work_mem = 512MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 10MB
min_wal_size = 1GB
max_wal_size = 4GB
max_connections = 200
Redis性能优化
sudo nano /etc/redis/redis.conf
maxmemory 2gb
maxmemory-policy allkeys-lru
save 900 1
save 300 10
save 60 10000
appendonly yes
appendfsync everysec
📊 监控和日志
安装监控工具
# 安装Prometheus和Grafana(可选)
# Docker方式
docker run -d -p 9090:9090 prom/prometheus
docker run -d -p 3000:3000 grafana/grafana
日志查看
# 后端日志
sudo tail -f /var/log/mbe/gunicorn-access.log
sudo tail -f /var/log/mbe/gunicorn-error.log
# Celery日志
sudo tail -f /var/log/mbe/celery-worker.log
sudo tail -f /var/log/mbe/celery-beat.log
# Nginx日志
sudo tail -f /var/log/nginx/mbe-api-access.log
sudo tail -f /var/log/nginx/mbe-web-access.log
# 系统日志
sudo journalctl -u mbe-backend -f
sudo journalctl -u mbe-celery-worker -f
🔐 安全加固
1. 数据库安全
# 禁用远程root登录
# 使用强密码
# 定期备份
2. 应用安全
# 设置环境变量权限
chmod 600 .env
# 使用非root用户运行服务
# 启用HTTPS
# 配置CORS
3. 系统安全
# 定期更新系统
sudo apt update && sudo apt upgrade
# 配置fail2ban
sudo apt install fail2ban
💾 备份策略
数据库备份
# 创建备份脚本
nano /usr/local/bin/backup-mbe-db.sh
#!/bin/bash
BACKUP_DIR="/var/backups/mbe"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# 备份PostgreSQL
pg_dump -U mbe_user mbe_subscription | gzip > $BACKUP_DIR/db_$DATE.sql.gz
# 删除30天前的备份
find $BACKUP_DIR -name "db_*.sql.gz" -mtime +30 -delete
echo "Database backup completed: db_$DATE.sql.gz"
chmod +x /usr/local/bin/backup-mbe-db.sh
# 添加到crontab(每天凌晨4点)
crontab -e
0 4 * * * /usr/local/bin/backup-mbe-db.sh
🎯 健康检查
创建健康检查脚本
nano /usr/local/bin/check-mbe-health.sh
#!/bin/bash
# 检查后端服务
if systemctl is-active --quiet mbe-backend; then
echo "✓ Backend is running"
else
echo "✗ Backend is down"
systemctl restart mbe-backend
fi
# 检查Celery
if systemctl is-active --quiet mbe-celery-worker; then
echo "✓ Celery worker is running"
else
echo "✗ Celery worker is down"
systemctl restart mbe-celery-worker
fi
# 检查API响应
if curl -f http://localhost:8000/health > /dev/null 2>&1; then
echo "✓ API is responding"
else
echo "✗ API is not responding"
fi
chmod +x /usr/local/bin/check-mbe-health.sh
# 每5分钟检查一次
crontab -e
*/5 * * * * /usr/local/bin/check-mbe-health.sh
📝 部署检查清单
- 服务器环境准备完成
- PostgreSQL安装并配置
- Redis安装并配置
- 后端代码部署
- 数据库初始化
- Gunicorn配置
- Systemd服务创建
- Celery Worker启动
- Celery Beat启动
- 前端构建
- Nginx配置
- SSL证书配置
- 防火墙配置
- 监控系统配置
- 备份脚本配置
- 健康检查配置
- 日志轮转配置
- 性能优化
- 安全加固
- 压力测试
🚦 启动顺序
# 1. 启动基础服务
sudo systemctl start postgresql
sudo systemctl start redis-server
# 2. 启动后端服务
sudo systemctl start mbe-backend
# 3. 启动Celery
sudo systemctl start mbe-celery-worker
sudo systemctl start mbe-celery-beat
# 4. 启动Nginx
sudo systemctl start nginx
# 5. 验证所有服务
sudo systemctl status mbe-backend
sudo systemctl status mbe-celery-worker
sudo systemctl status mbe-celery-beat
curl http://localhost:8000/health
📞 故障排查
常见问题
数据库连接失败
# 检查PostgreSQL状态 sudo systemctl status postgresql # 检查连接 psql -U mbe_user -d mbe_subscription -h localhostRedis连接失败
# 检查Redis状态 sudo systemctl status redis-server # 测试连接 redis-cli pingCelery任务不执行
# 查看Celery日志 sudo journalctl -u mbe-celery-worker -f # 检查Redis队列 redis-cli LLEN celery
部署完成! 🎉
访问地址: