fix: add backend health check + HTTPS nginx config with SSL support
All checks were successful
Deploy Website / build-and-deploy (push) Successful in 8s
All checks were successful
Deploy Website / build-and-deploy (push) Successful in 8s
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
03209e07fc
commit
87e904b97e
@ -23,11 +23,10 @@ jobs:
|
|||||||
-w /app \
|
-w /app \
|
||||||
node:22-alpine sh -c "npm install && npm run build"
|
node:22-alpine sh -c "npm install && npm run build"
|
||||||
|
|
||||||
- name: Install Nginx config
|
- name: Install Nginx config (HTTP)
|
||||||
run: |
|
run: |
|
||||||
mkdir -p /etc/nginx/conf.d 2>/dev/null
|
mkdir -p /etc/nginx/conf.d 2>/dev/null
|
||||||
cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/conf.d/longde.cloud.conf
|
cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/conf.d/longde.cloud.conf
|
||||||
# fallback for sites-enabled style
|
|
||||||
mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled 2>/dev/null
|
mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled 2>/dev/null
|
||||||
cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/sites-available/longde.cloud.conf 2>/dev/null
|
cp /tmp/web-projects/nginx/longde.cloud.conf /etc/nginx/sites-available/longde.cloud.conf 2>/dev/null
|
||||||
ln -sf /etc/nginx/sites-available/longde.cloud.conf /etc/nginx/sites-enabled/longde.cloud.conf 2>/dev/null
|
ln -sf /etc/nginx/sites-available/longde.cloud.conf /etc/nginx/sites-enabled/longde.cloud.conf 2>/dev/null
|
||||||
@ -37,5 +36,42 @@ jobs:
|
|||||||
rm -rf /var/www/longde.cloud/*
|
rm -rf /var/www/longde.cloud/*
|
||||||
cp -r /tmp/web-projects/dist/* /var/www/longde.cloud/
|
cp -r /tmp/web-projects/dist/* /var/www/longde.cloud/
|
||||||
|
|
||||||
|
- name: Ensure API backend is running
|
||||||
|
run: |
|
||||||
|
# Start MySQL + Redis via docker compose (try common locations)
|
||||||
|
for dir in /opt/zhixi /root/zhixi /home/*/zhixi; do
|
||||||
|
if [ -f "$dir/docker-compose.yml" ]; then
|
||||||
|
cd "$dir" && docker compose up -d mysql redis 2>/dev/null || true
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Create shared network if missing
|
||||||
|
docker network inspect zhixi-net >/dev/null 2>&1 || docker network create zhixi-net
|
||||||
|
|
||||||
|
# Restart API container if not running
|
||||||
|
if ! docker ps --format '{{.Names}}' | grep -q '^zhixi-api$'; then
|
||||||
|
echo "[deploy] zhixi-api is down, attempting restart..."
|
||||||
|
docker start zhixi-api 2>/dev/null || true
|
||||||
|
sleep 5
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Health check
|
||||||
|
if curl -sf http://localhost:3001/health; then
|
||||||
|
echo "[deploy] Backend health OK"
|
||||||
|
else
|
||||||
|
echo "[deploy] WARNING: Backend health check failed"
|
||||||
|
docker ps --format 'table {{.Names}}\t{{.Status}}' 2>/dev/null | grep -i zhixi || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Install Nginx config (HTTPS)
|
||||||
|
run: |
|
||||||
|
if [ -f /etc/letsencrypt/live/longde.cloud/fullchain.pem ]; then
|
||||||
|
cp /tmp/web-projects/nginx/longde.cloud-ssl.conf /etc/nginx/conf.d/longde.cloud-ssl.conf
|
||||||
|
else
|
||||||
|
echo "[deploy] No SSL cert found, skipping HTTPS config"
|
||||||
|
rm -f /etc/nginx/conf.d/longde.cloud-ssl.conf
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Reload Nginx
|
- name: Reload Nginx
|
||||||
run: nginx -s reload
|
run: nginx -s reload || nginx -t 2>&1
|
||||||
|
|||||||
61
nginx/longde.cloud-ssl.conf
Normal file
61
nginx/longde.cloud-ssl.conf
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name longde.cloud www.longde.cloud;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/longde.cloud/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/longde.cloud/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/longde.cloud/chain.pem;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
|
||||||
|
root /var/www/longde.cloud;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
# Gzip
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_types application/json text/plain text/css application/javascript image/svg+xml;
|
||||||
|
|
||||||
|
# API proxy to NestJS backend (Docker container on port 3001)
|
||||||
|
location /api/ {
|
||||||
|
proxy_pass http://localhost:3001/api/;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_read_timeout 90s;
|
||||||
|
proxy_connect_timeout 10s;
|
||||||
|
client_max_body_size 10m;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Swagger docs
|
||||||
|
location /api-docs {
|
||||||
|
proxy_pass http://localhost:3001/api-docs;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api-docs-json {
|
||||||
|
proxy_pass http://localhost:3001/api-docs-json;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Frontend — SPA fallback
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.html;
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user