fix: add backend health check + HTTPS nginx config with SSL support

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 14:46:16 +08:00 · 2026-05-18 14:46:16 +08:00 · 87e904b97e
commit 87e904b97e
parent 03209e07fc
2 changed files with 100 additions and 3 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@ -23,11 +23,10 @@ jobs:
            -w /app \
            node:22-alpine sh -c "npm install && npm run build"

-      - name: Install Nginx config
+      - name: Install Nginx config (HTTP)
        run: |
          mkdir -p /etc/nginx/conf.d 2>/dev/null
          cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/conf.d/longde.cloud.conf
-          # fallback for sites-enabled style
          mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled 2>/dev/null
          cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/sites-available/longde.cloud.conf 2>/dev/null
          ln -sf /etc/nginx/sites-available/longde.cloud.conf /etc/nginx/sites-enabled/longde.cloud.conf 2>/dev/null
@ -37,5 +36,42 @@ jobs:
          rm -rf /var/www/longde.cloud/*
          cp -r /tmp/web-projects/dist/* /var/www/longde.cloud/

+      - name: Ensure API backend is running
+        run: |
+          # Start MySQL + Redis via docker compose (try common locations)
+          for dir in /opt/zhixi /root/zhixi /home/*/zhixi; do
+            if [ -f "$dir/docker-compose.yml" ]; then
+              cd "$dir" && docker compose up -d mysql redis 2>/dev/null || true
+              break
+            fi
+          done
+
+          # Create shared network if missing
+          docker network inspect zhixi-net >/dev/null 2>&1 || docker network create zhixi-net
+
+          # Restart API container if not running
+          if ! docker ps --format '{{.Names}}' | grep -q '^zhixi-api$'; then
+            echo "[deploy] zhixi-api is down, attempting restart..."
+            docker start zhixi-api 2>/dev/null || true
+            sleep 5
+          fi
+
+          # Health check
+          if curl -sf http://localhost:3001/health; then
+            echo "[deploy] Backend health OK"
+          else
+            echo "[deploy] WARNING: Backend health check failed"
+            docker ps --format 'table {{.Names}}\t{{.Status}}' 2>/dev/null | grep -i zhixi || true
+          fi
+
+      - name: Install Nginx config (HTTPS)
+        run: |
+          if [ -f /etc/letsencrypt/live/longde.cloud/fullchain.pem ]; then
+            cp /tmp/web-projects/nginx/longde.cloud-ssl.conf /etc/nginx/conf.d/longde.cloud-ssl.conf
+          else
+            echo "[deploy] No SSL cert found, skipping HTTPS config"
+            rm -f /etc/nginx/conf.d/longde.cloud-ssl.conf
+          fi
+
      - name: Reload Nginx
-        run: nginx -s reload
+        run: nginx -s reload || nginx -t 2>&1
--- a/nginx/longde.cloud-ssl.conf
+++ b/nginx/longde.cloud-ssl.conf
@ -0,0 +1,61 @@
+server {
+    listen 443 ssl http2;
+    server_name longde.cloud www.longde.cloud;
+
+    ssl_certificate /etc/letsencrypt/live/longde.cloud/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/longde.cloud/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/longde.cloud/chain.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 1d;
+
+    root /var/www/longde.cloud;
+    index index.html;
+
+    # Gzip
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 5;
+    gzip_min_length 256;
+    gzip_types application/json text/plain text/css application/javascript image/svg+xml;
+
+    # API proxy to NestJS backend (Docker container on port 3001)
+    location /api/ {
+        proxy_pass http://localhost:3001/api/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 90s;
+        proxy_connect_timeout 10s;
+        client_max_body_size 10m;
+    }
+
+    # Swagger docs
+    location /api-docs {
+        proxy_pass http://localhost:3001/api-docs;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /api-docs-json {
+        proxy_pass http://localhost:3001/api-docs-json;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Frontend — SPA fallback
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}