Develop/AIclinicalresearch
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(aia): Complete AIA V2.0 with universal streaming capabilities

Browse Source 
Major Changes:
- Add StreamingService with OpenAI Compatible format
- Upgrade Chat component V2 with Ant Design X integration
- Implement AIA module with 12 intelligent agents
- Update API routes to unified /api/v1 prefix
- Update system documentation

Backend (~1300 lines):
- common/streaming: OpenAI Compatible adapter
- modules/aia: 12 agents, conversation service, streaming integration
- Update route versions (RVW, PKB to v1)

Frontend (~3500 lines):
- modules/aia: AgentHub + ChatWorkspace (100% prototype restoration)
- shared/Chat: AIStreamChat, ThinkingBlock, useAIStream Hook
- Update API endpoints to v1

Documentation:
- AIA module status guide
- Universal capabilities catalog
- System overview updates
- All module documentation sync

Tested: Stream response verified, authentication working
Status: AIA V2.0 core completed (85%)
This commit is contained in:
HaHafeng
2026-01-14 19:15:01 +08:00
parent 3d35e9c58b
commit 1b53ab9d52
386 changed files with 52096 additions and 65238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

506
docs/05-部署文档/07-关键配置补充说明.md
View File

@@ -1,126 +1,99 @@
# 关键配置补充说明 - 部署文档勘误与增强
> **文档版本:** v1.0
> **创建日期:** 2025-12-14
> **文档性质:** 对5个独立部署文档的关键补充
> **优先级:** ⭐⭐⭐⭐⭐ 必读包含3个P0/P1致命问题
# <EFBFBD>喲睸<EFBFBD>滨蔭銵亙<EFBFBD>霂湔<EFBFBD> - <20>函蔡<E587BD><E894A1><EFBFBD>䁅秤銝𤾸<E98A9D>撘?
> **<2A><><EFBFBD><EFB99D>𧋦嚗?* v1.0
> **<EFBFBD>𥕦遣<EFBFBD><EFBFBD>嚗?* 2025-12-14
> **<EFBFBD><EFBFBD><EFBFBD>扯捶嚗?* 撖?銝芰𡠺蝡钅<E89DA1>蝵脫<E89DB5><EFBFBD><E78DA2><EFBFBD>喲睸銵亙<E98AB5>
> **隡睃<EFBFBD>蝥改<EFBFBD>** 潃鐥<E6BD83>潃鐥<E6BD83>潃?敹<>粉嚗<E7B289><E59A97><EFBFBD>?銝枉0/P1<50>游𦶢<E6B8B8><EFBFBD>嚗?
---
## <20><> <20><>﹝霂湔<E99C82>
本文档基于对5个独立部署文档的深度审查补充了**3个致命问题**和**若干最佳实践**。这些内容在原文档中遗漏或未充分强调,但对生产环境部署至关重要。
**请在部署前务必阅读本文档!**
<EFBFBD><EFBFBD><EFBFBD>抅鈭𤾸笆5銝芰𡠺蝡钅<EFBFBD>蝵脫<EFBFBD><EFBFBD><EFBFBD>瘛勗漲摰⊥䰻嚗諹<EFBFBD><EFBFBD><EFBFBD>**3銝芾稲<E88ABE>賡䔮憸?*<2A>?*<2A>亙僕<E4BA99><E58395>雿喳<E99BBF>頝?*<2A><><EFBFBD>鈭𥕦<E988AD>摰孵銁<E5ADB5><E98A81><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E59F88>𡝗𧊋<F0A19D97><F0A78A8B><EFBFBD>撘箄<E69298>嚗䔶<E59A97>撖寧<E69296>鈭抒㴓憓<E3B493><E68693>蝵脰秐<E884B0><EFBFBD><EFBFBD><E996AC>?
**霂瑕銁<E79195>函蔡<E587BD>滚𦛚敹<F0A69B9A><E695B9>霂餅𧋦<E9A485><F0A78BA6>﹝嚗?*
---
## 🚨 致命问题修正P0/P1
### 1. SAE孤岛效应 - NAT网关配置 ⭐⭐⭐⭐⭐
## <EFBFBD><20>游𦶢<E6B8B8><EFBFBD>靽格迤嚗㇊0/P1嚗?
### 1. SAE摮文<E691AE><E69687><EFBFBD><EFBFBD> - NAT蝵穃<E89DB5><E7A983>滨蔭 潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P0嚗<30><EFBFBD><EFBFBD>**
#### <20><EFBFBD><E6A185>讛膩
```
SAE部署在VPC内默认没有公网出口
SAE<EFBFBD>函蔡<EFBFBD>汲PC<EFBFBD><EFBFBD><EFBFBD>暺䁅恕瘝⊥<EFBFBD><EFBFBD><EFBFBD><EFBFBD>箏藁嚗?
敶勗<EFBFBD><EFBFBD>箸艶嚗?<3F>?<3F>𡒊垢靚<E59EA2>鍂 DeepSeek/OpenAI API <20>?頞<>𧒄
<EFBFBD>?Python銝贝蝸<E8B49D><EFBFBD>PDF <20>?頞<>𧒄
<EFBFBD>?npm install<6C><EFBFBD>靘肽<E99D98><EFBFBD><E59A97>撱箸𧒄嚗争<E59A97> 憭梯揖
影响场景:
❌ 后端调用 DeepSeek/OpenAI API → 超时
❌ Python下载公网PDF → 超时
❌ npm install公网依赖构建时→ 失败
结果所有AI功能不可用系统基本瘫痪
```
蝏𤘪<EFBFBD>嚗𡁏<EFBFBD><EFBFBD>𡅅I<EFBFBD><EFBFBD>銝滚虾<EFBFBD><EFBFBD>蝟餌<EFBFBD><EFBFBD>箸𧋦<EFBFBD>怎緾嚗?```
#### 閫<><E996AB><EFBFBD><EFBFBD>
**方案ANAT网关推荐生产环境**
**<EFBFBD><EFBFBD>A嚗鐭AT蝵穃<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>煺漣<EFBFBD><EFBFBD>嚗?*
```bash
# 甇仿炊1嚗𡁜<E59A97>撱摸AT蝵穃<E89DB5>
<EFBFBD><EFBFBD>鈭烐綉<EFBFBD>嗅蝱 > VPC > NAT蝵穃<E89DB5> > <20>𥕦遣NAT蝵穃<E89DB5>
<EFBFBD><EFBFBD> VPC嚗𡁻<E59A97>㗇𥋘SAE<41><45><EFBFBD><EFBFBD>VPC
├─ 交换机选择SAE所在的交换机
├─ 规格:小型(够用)
└─ 计费方式:按使用量计费
<EFBFBD><EFBFBD> 鈭斗揢<E69697><EFBFBD><E7B6BD>㗇𥋘SAE<41><45><EFBFBD><EFBFBD>鈭斗揢<E69697>?<3F><EFBFBD><>聢嚗𡁜<E59A97><F0A1819C><EFBFBD>憭毺鍂嚗?<3F><EFBFBD> 霈∟晶<E2889F><EFBFBD>嚗𡁏<E59A97>雿輻鍂<E8BCBB>讛恣韐?
# 甇仿炊2嚗𡁜<E59A97>撱箏僎蝏穃<E89D8F>EIP
NAT蝵穃<EFBFBD>霂行<EFBFBD> > 撘寞<E69298><EFBFBD>蝵飡P > 蝏穃<E89D8F>撘寞<E69298><EFBFBD>蝵飡P
<EFBFBD><EFBFBD> <20>𥕦遣<F0A595A6>蚩IP<49><EFBFBD>㗇𥋘撌脫<E6928C>EIP
├─ 带宽:按使用流量(成本低)
└─ 确认绑定
<EFBFBD><EFBFBD> 撣血捐嚗𡁏<E59A97>雿輻鍂瘚<E98D82><E7989A><EFBFBD><E59A97><EFBFBD><EFBFBD>嚗?<3F><EFBFBD> 蝖株恕蝏穃<E89D8F>
# 甇仿炊3嚗𡁻<E59A97>蝵娟NAT<41>∠𤌍
NAT蝵穃<EFBFBD>霂行<EFBFBD> > SNAT蝞∠<E89D9E> > <20>𥕦遣SNAT<41>∠𤌍
├─ 选择交换机SAE所在的交换机如 vsw-xxxxx
├─ 选择公网IP刚才绑定的EIP
<EFBFBD><EFBFBD> <20>㗇𥋘鈭斗揢<E69697><EFBFBD>SAE<41><45><EFBFBD><EFBFBD>鈭斗揢<E69697><EFBFBD>憒?vsw-xxxxx嚗?<3F><EFBFBD> <20>㗇𥋘<E39787><EFBFBD>IP嚗𡁜<E59A97><F0A1819C><EFBFBD>摰𡁶<E691B0>EIP
<EFBFBD><EFBFBD> 蝖株恕<E6A0AA>𥕦遣
成本NAT网关¥60/+ EIP流量费¥30-50/月 = ¥90-110/
```
<EFBFBD>鞉𧋦嚗鐭AT蝵穃<EFBFBD>60/<EFBFBD>?+ EIP<EFBFBD><EFBFBD>韐嗽?0-50/<2F>?= 瞼90-110/<EFBFBD>?```
**<2A><EFBFBD>B嚗锭AE蝏穃<E89D8F><E7A983><EFBFBD>IP嚗<50><E59A97><EFBFBD><EFBFBD>𧑐<EFBFBD><F0A79190>𣈲<EFBFBD><F0A388B2><EFBFBD>**
```bash
SAE控制台 > 应用配置 > 网络配置
└─ 查看是否有"公网访问""绑定EIP"选项
SAE<EFBFBD><EFBFBD><EFBFBD>?> 摨𠉛鍂<F0A0899B>滨蔭 > 蝵𤑳<E89DB5><F0A491B3>滨蔭
<EFBFBD><EFBFBD> <20><EFBFBD><E4BAA6>臬炏<E887AC>?<3F><EFBFBD>霈輸䔮"<22>?蝏穃<E89D8F>EIP"<EFBFBD>厰★
⚠️ 注意:
- 并非所有地域都支持
- 优先使用方案A更稳定
```
<EFBFBD>𩤃<EFBFBD> 瘜冽<E7989C>嚗?- 撟園<E6929F><E59C92><EFBFBD><EFBFBD>匧𧑐<E58CA7><EFBFBD><E7BDB8><EFBFBD>
- 隡睃<EFBFBD>雿輻鍂<EFBFBD><EFBFBD>A嚗<EFBFBD>凒蝔喳<EFBFBD>嚗?```
#### 撉諹<E69289>NAT蝵穃<E89DB5><E7A983>臬炏<E887AC><E7828F><EFBFBD>
```bash
# 方法1在SAE应用日志中查看
# 应用启动后查看是否有DeepSeek API调用成功的日志
# 方法2通过云助手执行命令SAE控制台 > 实例列表 > 登录实例)
curl -I https://api.deepseek.com
# 应该返回 200 OK而不是超时
# <20><EFBFBD>1嚗𡁜銁SAE摨𠉛鍂<F0A0899B><EFBFBD>銝剜䰻<E5899C>?# 摨𠉛鍂<F0A0899B>臬𢆡<E887AC>𠬍<EFBFBD><F0A0AC8D><EFBFBD><E4BAA6>臬炏<E887AC><E7828F>eepSeek API靚<49><EFBFBD>𣂼<EFBFBD><F0A382BC><EFBFBD>𠯫敹?
# <EFBFBD><EFBFBD>2嚗𡁻<EFBFBD><EFBFBD>鈭穃𨭌<EFBFBD>𧢲<EFBFBD><EFBFBD>𦶢隞歹<EFBFBD>SAE<EFBFBD><EFBFBD><EFBFBD>?> 摰硺<E691B0><E7A1BA>𡑒” > <20><EFBFBD>摰硺<E691B0>嚗?curl -I https://api.deepseek.com
# 摨磰砲餈𥪜<E9A488> 200 OK嚗諹<E59A97><EFBFBD><E494B6><EFBFBD><E888AA>?
# <20><EFBFBD>3嚗𡁏<E59A97>霂𠠬ython銝贝蝸<E8B49D><EFBFBD>PDF
curl -I https://arxiv.org/pdf/2301.00001.pdf
# 摨磰砲餈𥪜<E9A488> 200 OK
```
#### 更新的文档
- `00-部署架构总览.md`物理架构图已增加NAT网关
-`00-部署架构总览.md`成本估算已更新¥1,200-1,250/月)
#### <EFBFBD>湔鰵<EFBFBD><EFBFBD><EFBFBD>獢?
- <20>?`00-<2D>函蔡<E587BD><EFBFBD><E59786><EFBFBD>.md`嚗𡁶<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>㦛撌脣<EFBFBD><EFBFBD>賫AT蝵穃<EFBFBD>
- <EFBFBD>?`00-<EFBFBD>函蔡<EFBFBD><EFBFBD><EFBFBD><EFBFBD>.md`嚗𡁏<EFBFBD><EFBFBD>砌摯蝞堒歇<EFBFBD>湔鰵嚗<EFBFBD>?,200-1,250/<2F><><EFBFBD>
- <20>𩤃<EFBFBD> `05-Node.js<6A>𡒊垢-SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"SAE摨𠉛鍂<F0A0899B>滨蔭"蝡㰘<E89DA1>憓𧼮<E68693>蝵𤑳<E89DB5><F0A491B3>滨蔭霂湔<E99C82>
- ⚠️ `04-Python微服务-SAE容器部署指南.md`:同上
- <EFBFBD>𩤃<EFBFBD> `04-Python敺格<EFBFBD><EFBFBD>?SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁜<EFBFBD>銝?
---
### 2. 部署依赖死锁 - Dify API Key鸡生蛋问题 ⭐⭐⭐⭐⭐
### 2. <EFBFBD>函蔡靘肽<EFBFBD>甇駁<EFBFBD> - Dify API Key曏∠<EFBFBD><EFBFBD>钅䔮憸?潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P1嚗<31><EFBFBD><EFBFBD>**
#### <20><EFBFBD><E6A185>讛膩
```
甇駁<EFBFBD><EFBFBD><EFBFBD>
1. 后端启动需要 DIFY_API_KEY
2. DIFY_API_KEY 需要 Dify 启动并人工登录后才能生成
3. 后端如果健康检查失败,会无限重启
1. <EFBFBD>𡒊垢<EFBFBD>臬𢆡<EFBFBD><EFBFBD>閬?DIFY_API_KEY
2. DIFY_API_KEY <EFBFBD><EFBFBD>閬?Dify <EFBFBD>臬𢆡撟嗡犖撌亦蒈敶訫<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
3. <EFBFBD>𡒊垢憒<EFBFBD><EFBFBD><EFBFBD>亙熒璉<EFBFBD><EFBFBD>亙仃韐伐<EFBFBD>隡𡁏<EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
蝏𤘪<EFBFBD>嚗𡁜<EFBFBD>蝡舀<EFBFBD>瘜訫鍳<EFBFBD><EFBFBD><EFBFBD>硋鍳<EFBFBD><EFBFBD>PKB璅<EFBFBD>銝滚虾<EFBFBD>?```
结果后端无法启动或启动后PKB模块不可用
```
#### 解决方案(分阶段部署)
**阶段1首次部署后端临时配置**
#### 閫<><E996AB><EFBFBD><EFBFBD><EFBFBD><E59A97><EFBFBD>嗆挾<E59786>函蔡嚗?
**<2A>嗆挾1嚗𡁻<E59A97>甈⊿<E79488>蝵脣<E89DB5>蝡荔<E89DA1>銝湔𧒄<E6B994>滨蔭嚗?*
```bash
# SAE<41><EFBFBD><E887AC><EFBFBD><E3979B>滨蔭
DIFY_API_KEY=temp_placeholder_will_update_later
# ⚠️ 重要:后端代码需要容错处理
# backend/src/common/rag/DifyClient.ts
# <EFBFBD>𩤃<EFBFBD> <20><EFBFBD>嚗𡁜<E59A97>蝡臭誨<E887AD><E8AAA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E59D94>?# backend/src/common/rag/DifyClient.ts
constructor() {
const apiKey = process.env.DIFY_API_KEY
@@ -134,8 +107,7 @@ constructor() {
this.enabled = true
}
// 所有Dify调用前检查
async createDataset(name: string) {
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ify靚<EFBFBD><EFBFBD>齿<EFBFBD><EFBFBD>?async createDataset(name: string) {
if (!this.enabled) {
throw new Error('Dify<66>滚𦛚<E6BB9A><EFBFBD>蝵殷<E89DB5>霂瑕<E99C82><E79195>滨蔭DIFY_API_KEY<45><EFBFBD><E887AC><EFBFBD>')
}
@@ -146,14 +118,12 @@ async createDataset(name: string) {
**<EFBFBD>嗆挾2嚗𡁻<EFBFBD>蝵涼ify撟嗉繮<EFBFBD>𣇉<EFBFBD>摰揼ey**
```bash
# 1. 部署Dify到ECS参考 03-Dify-ECS部署完全指南.md
cd /opt/dify
# 1. <EFBFBD>函蔡Dify<EFBFBD>蚩CS嚗<EFBFBD><EFBFBD><EFBFBD>?03-Dify-ECS<EFBFBD>函蔡摰<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.md嚗?cd /opt/dify
docker-compose up -d
# 2. 等待服务启动约2-3分钟
docker-compose logs -f api
# 2. 蝑匧<EFBFBD><EFBFBD>滚𦛚<EFBFBD>臬𢆡嚗<EFBFBD>漲2-3<><33><EFBFBD>嚗?docker-compose logs -f api
# 3. 浏览器访问 http://ECS公网IP
# 3. 瘚讛<EFBFBD><EFBFBD>刻挪<EFBFBD>?http://ECS<EFBFBD><EFBFBD>IP
# 4. 瘜典<E7989C>蝞∠<E89D9E><E288A0>䁅揭<E48185><EFBFBD>擐𡝗活霈輸䔮隡𡁏<E99AA1>蝷綽<E89DB7>
# 5. <20>𥕦遣API Key
# 霈曄蔭 > API撖<49>𤨎 > <20>𥕦遣撖<E981A3>𤨎 > 憭滚<E686AD>
@@ -163,12 +133,11 @@ docker-compose logs -f api
DIFY_API_KEY=app-xxxxxxxxxxxxxxxxxxxxx
```
**阶段3更新后端配置**
**<EFBFBD>嗆挾3嚗𡁏凒<EFBFBD><EFBFBD>蝡舫<EFBFBD>蝵?*
```bash
# SAE控制台 > 应用详情 > 环境变量
# 找到 DIFY_API_KEY,修改为真实值
DIFY_API_KEY=app-xxxxxxxxxxxxxxxxxxxxx
# SAE<EFBFBD><EFBFBD><EFBFBD>?> 摨𠉛鍂霂行<E99C82> > <20><EFBFBD><E887AC><EFBFBD>
# <EFBFBD><EFBFBD> DIFY_API_KEY嚗䔶耨<EFBFBD>嫣蛹<EFBFBD><EFBFBD><EFBFBD>?DIFY_API_KEY=app-xxxxxxxxxxxxxxxxxxxxx
# 靽嘥<E99DBD> > <20>滚鍳摨𠉛鍂
# SAE隡𡁏<E99AA1>銵峕<E98AB5><E5B395><EFBFBD><E588B8><EFBFBD><E88D94><EFBFBD><E59785><EFBFBD>
@@ -177,18 +146,16 @@ DIFY_API_KEY=app-xxxxxxxxxxxxxxxxxxxxx
**<EFBFBD>嗆挾4嚗𡁻<EFBFBD><EFBFBD>KB<EFBFBD><EFBFBD>**
```bash
# 测试知识库创建
curl -X POST https://your-api.com/api/v1/pkb/knowledge-bases \
# 瘚贝<EFBFBD><EFBFBD><EFBFBD>摨枏<EFBFBD>撱?curl -X POST https://your-api.com/api/v1/pkb/knowledge-bases \
-H "Authorization: Bearer YOUR_USER_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"测试知识库","description":"测试"}'
-d '{"name":"瘚贝<EFBFBD><EFBFBD><EFBFBD>摨?,"description":"瘚贝<EFBFBD>"}'
# 应该返回 200 OK,而不是 "Dify服务未配置" 错误
# 摨磰砲餈𥪜<EFBFBD> 200 OK嚗諹<EFBFBD><EFBFBD><EFBFBD>?"Dify<66>滚𦛚<E6BB9A><EFBFBD>蝵? <20>躰秤
```
#### 更新的文档
-`00-部署架构总览.md`:部署顺序已更新,明确分阶段部署
#### <EFBFBD>湔鰵<EFBFBD><EFBFBD><EFBFBD>獢?
- <20>?`00-<2D>函蔡<E587BD><EFBFBD><E59786><EFBFBD>.md`嚗𡁻<EFBFBD>蝵脤◇摨誩歇<EFBFBD>湔鰵嚗峕<EFBFBD>蝖桀<EFBFBD><EFBFBD>嗆挾<EFBFBD>函蔡
- <20>𩤃<EFBFBD> `05-Node.js<6A>𡒊垢-SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"<22><EFBFBD><E887AC><EFBFBD><E3979B>滨蔭"蝡㰘<E89DA1>憓𧼮<E68693>銝湔𧒄<E6B994>滨蔭霂湔<E99C82>
- <20>𩤃<EFBFBD> `03-Dify-ECS<43>函蔡摰<E894A1><E691B0><EFBFBD><EFBFBD><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"擐𡝗活霈輸䔮"蝡㰘<E89DA1>憓𧼮<E68693>API Key<65><79><EFBFBD>甇仿炊
@@ -201,11 +168,8 @@ curl -X POST https://your-api.com/api/v1/pkb/knowledge-bases \
#### <20><EFBFBD><E6A185>讛膩
```
Python服务处理PDF/OCR可能需要60-120秒
如果后端HTTP Client没有设置超时会导致
❌ 连接数堆积
❌ 后端实例内存耗尽
❌ 数据库连接池耗尽
Python<EFBFBD>滚𦛚憭<EFBFBD><EFBFBD>PDF/OCR<EFBFBD><EFBFBD><EFBFBD><EFBFBD>閬?0-120蝘?憒<><E68692><EFBFBD>𡒊垢HTTP Client瘝⊥<E7989D>霈曄蔭頞<E894AD>𧒄嚗䔶<E59A97>撖潸稲嚗?<3F>?餈墧𦻖<E5A2A7><EFBFBD>蝘?<3F>?<3F>𡒊垢摰硺<E691B0><E7A1BA><EFBFBD><EFBFBD><EFBFBD>堒偷
<EFBFBD>?<3F>唳旿摨栞<E691A8><E6A09E><EFBFBD><E4BAA4>堒偷
```
#### 閫<><E996AB><EFBFBD><EFBFBD>
@@ -218,15 +182,13 @@ import axios from 'axios'
export const pythonServiceClient = axios.create({
baseURL: process.env.EXTRACTION_SERVICE_URL || 'http://localhost:8000',
timeout: 120000, // ⚠️ 1202分钟
timeoutErrorMessage: 'Python微服务响应超时>2分钟',
timeout: 120000, // <EFBFBD>𩤃<EFBFBD> 120蝘𡜐<EFBFBD>2<EFBFBD><EFBFBD><EFBFBD>嚗? timeoutErrorMessage: 'Python敺格<E695BA><E6A0BC><EFBFBD>摨磰<E691A8><E7A3B0><EFBFBD>>2<><32><EFBFBD>嚗?,
headers: {
'Content-Type': 'application/json'
}
})
// 请求拦截器(可选,用于日志)
pythonServiceClient.interceptors.request.use(
// 霂瑟<EFBFBD><EFBFBD>行⏛<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>嚗?pythonServiceClient.interceptors.request.use(
(config) => {
console.log(`[HTTP] 靚<>鍂Python<6F>滚𦛚: ${config.method?.toUpperCase()} ${config.url}`)
return config
@@ -234,8 +196,7 @@ pythonServiceClient.interceptors.request.use(
(error) => Promise.reject(error)
)
// 响应拦截器(错误处理)
pythonServiceClient.interceptors.response.use(
// <EFBFBD><EFBFBD><EFBFBD>行⏛<EFBFBD><EFBFBD><EFBFBD>躰秤憭<EFBFBD><EFBFBD>嚗?pythonServiceClient.interceptors.response.use(
(response) => response,
(error) => {
if (error.code === 'ECONNABORTED') {
@@ -254,8 +215,7 @@ import axios from 'axios'
const difyHttpClient = axios.create({
baseURL: process.env.DIFY_API_URL || 'http://localhost/v1',
timeout: 60000, // ⚠️ 60秒Dify响应较快
headers: {
timeout: 60000, // <EFBFBD>𩤃<EFBFBD> 60蝘𡜐<E89D98>Dify<66><EFBFBD><EFBFBD>翰嚗? headers: {
'Authorization': `Bearer ${process.env.DIFY_API_KEY}`,
'Content-Type': 'application/json'
}
@@ -266,31 +226,26 @@ const difyHttpClient = axios.create({
| <20>滚𦛚 | 頞<>𧒄<EFBFBD>園𡢿 | <20><>眏 |
|------|---------|------|
| **Python微服务** | 120| PDF解析Nougat OCR可能需要60-120|
| **Dify API** | 60| RAG检索通常<10秒60秒足够 |
| **外部LLM API** | 60| DeepSeek/OpenAI流式响应60秒足够 |
| **数据库查询** | 30| Prisma默认复杂查询可能需要10-20|
#### 更新的文档
| **Python敺格<EFBFBD><EFBFBD>?* | 120蝘?| PDF<EFBFBD><EFBFBD>嚗𠃊ougat OCR嚗匧虾<EFBFBD><EFBFBD>閬?0-120蝘?|
| **Dify API** | 60蝘?| RAG<EFBFBD><EFBFBD>𡁜虜<10蝘𡜐<E89D98>60蝘坿雲憭?|
| **憭㚚<EFBFBD>LLM API** | 60蝘?| DeepSeek/OpenAI<EFBFBD><EFBFBD><EFBFBD><EFBFBD>嚗?0蝘坿雲憭?|
| **<EFBFBD>唳旿摨𤘪䰻霂?* | 30蝘?| Prisma暺䁅恕嚗<EFBFBD><EFBFBD><EFBFBD><EFBFBD>䰻霂<EFBFBD><EFBFBD>閬?0-20蝘?|
#### <20>湔鰵<E6B994><E9B0B5><EFBFBD>獢?
- <20>𩤃<EFBFBD> `05-Node.js<6A>𡒊垢-SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"隞<><E99A9E><EFBFBD><EFBFBD><EFBFBD>"蝡㰘<E89DA1>憓𧼮<E68693>HTTP Client<6E>滨蔭
---
## <20>𩤃<EFBFBD> <20><EFBFBD>摰匧<E691B0><E58CA7>滨蔭
### 4. ECS端口安全 - Redis/Weaviate不对外开放 ⭐⭐⭐⭐⭐
### 4. ECS蝡臬藁摰匧<EFBFBD> - Redis/Weaviate銝滚笆憭硋<EFBFBD><EFBFBD>?潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P0嚗<30><EFBFBD><EFBFBD><E8B3A2><EFBFBD><E588B8><EFBFBD>**
#### <20><EFBFBD><E6A185>讛膩
```
Dify的Redis6379)和Weaviate8080)如果对公网开放:
Redis无密码,可被攻击者直接访问
❌ Weaviate包含敏感的向量数据
❌ 可能被用于DDoS攻击的跳板
```
Dify<EFBFBD><EFBFBD>edis嚗?379嚗匧<EFBFBD>Weaviate嚗?080嚗匧<EFBFBD><EFBFBD>𨅯笆<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD>?Redis<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>航◤<EFBFBD>餃稬<EFBFBD><EFBFBD><EFBFBD>亥挪<EFBFBD>?<3F>?Weaviate<74><65><EFBFBD>𤩺<EFBFBD><F0A4A9BA><EFBFBD><EFBFBD><EFBFBD>𤩺㺭<F0A4A9BA>?<3F>?<3F><EFBFBD>鋡怎鍂鈭𥟠DoS<6F>餃稬<E9A483><E7A8AC><EFBFBD>?```
#### 甇<><EFBFBD>滨蔭
@@ -298,38 +253,35 @@ Dify的Redis6379和Weaviate8080如果对公网开放
```yaml
services:
# ❌ 错误示例(危险)
# <20>?<3F>躰秤蝷箔<E89DB7><EFBFBD><EFBFBD><EFBFBD>
redis:
ports:
- "6379:6379" # 对所有网卡开放,包括公网!
# ✅ 正确配置
- "6379:6379" # 撖寞<E69296><E5AF9E><EFBFBD><E58EA9><EFBFBD><E288AA><EFBFBD><E6A998><EFBFBD>𡠺<EFBFBD><EFBFBD>嚗?
# <20>?甇<><EFBFBD>滨蔭
redis:
image: redis:6-alpine
ports:
- "127.0.0.1:6379:6379" # 只监听 localhost
- "127.0.0.1:6379:6379" # <20><EFBFBD><E88AB0>?localhost
restart: always
volumes:
- ./volumes/redis/data:/data
command: redis-server --save 60 1 --loglevel warning
# ✅ 正确配置
# <20>?甇<><EFBFBD>滨蔭
weaviate:
image: semitechnologies/weaviate:1.19.0
ports:
- "127.0.0.1:8080:8080" # 只监听 localhost
- "127.0.0.1:8080:8080" # <20><EFBFBD><E88AB0>?localhost
restart: always
environment:
- QUERY_DEFAULTS_LIMIT=25
- AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED=true
- PERSISTENCE_DATA_PATH=/var/lib/weaviate
# ✅ 只有Nginx需要对外VPC内网
nginx:
# <20>?<3F><EFBFBD>Nginx<6E><78><EFBFBD>笆憭吔<E686AD>VPC<50><43><EFBFBD>嚗? nginx:
image: nginx:latest
ports:
- "80:80" # 对VPC内网开放不是公网
restart: always
- "80:80" # 撖釉PC<50><43><EFBFBD><EFBFBD><E69298><EFBFBD>銝齿糓<E9BDBF><EFBFBD>嚗? restart: always
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
depends_on:
@@ -337,52 +289,42 @@ services:
- web
```
#### ECS安全组配置
#### ECS摰匧<EFBFBD><EFBFBD><EFBFBD>蝵?
```bash
# 安全组规则ECS控制台 > 安全组 > 配置规则)
# 摰匧<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ECS<EFBFBD><EFBFBD><EFBFBD>?> 摰匧<E691B0>蝏?> <20>滨蔭閫<E894AD><E996AB>嚗?
<EFBFBD>交䲮<EFBFBD>𤏸<EFBFBD><EFBFBD><EFBFBD>
├─ 允许 80/TCP 来源VPC网段172.16.0.0/12 # Nginx
<EFBFBD><EFBFBD> <20><> 80/TCP <EFBFBD><EFBFBD>嚗间PC蝵烐挾嚗?72.16.0.0/12嚗? # Nginx
<EFBFBD><EFBFBD> <20><>捂 22/TCP <20><EFBFBD>嚗𡁏<E59A97><F0A1818F><EFBFBD><EFBFBD><EFBFBD>砍恕IP # SSH蝞∠<E89D9E>
└─ 拒绝 所有 来源0.0.0.0/0 # 默认拒绝
<EFBFBD><EFBFBD> <20><EFBFBD> <20><><EFBFBD>? <EFBFBD><EFBFBD>嚗?.0.0.0/0 # 暺䁅恕<EFBFBD><EFBFBD>
<EFBFBD>箸䲮<EFBFBD>𤏸<EFBFBD><EFBFBD><EFBFBD>
└─ 允许 所有 目标0.0.0.0/0 # 允许访问公网
<EFBFBD><EFBFBD> <20><><20><><EFBFBD>? <EFBFBD><EFBFBD>嚗?.0.0.0/0 # <EFBFBD><EFBFBD>捂霈輸䔮<EFBFBD><EFBFBD>
```
#### 撉諹<E69289>摰匧<E691B0><E58CA7>滨蔭
```bash
# 从公网测试(应该失败)
telnet ECS公网IP 6379
# 应该超时或拒绝连接
# 隞𤾸<EFBFBD>蝵烐<EFBFBD>霂𤏪<EFBFBD>摨磰砲憭梯揖嚗?telnet ECS<43><EFBFBD>IP 6379
# 摨磰砲頞<E7A0B2>𧒄<EFBFBD>𡝗<EFBFBD>蝏肽<E89D8F><E882BD>?
telnet ECS<43><EFBFBD>IP 8080
# 应该超时或拒绝连接
# 从VPC内测试应该成功
# 在SAE应用中执行
curl http://172.16.x.x # Dify内网地址
# 应该返回 Dify 的响应
```
#### 更新的文档
# 摨磰砲頞<EFBFBD>𧒄<EFBFBD>𡝗<EFBFBD>蝏肽<EFBFBD><EFBFBD>?
# 隞竚PC<50><43><EFBFBD>霂𤏪<E99C82>摨磰砲<E7A3B0>𣂼<EFBFBD>嚗?# <20>沒AE摨𠉛鍂銝剜<E98A9D>銵?curl http://172.16.x.x # Dify<66><79><EFBFBD><EFBFBD><EFBFBD>
# 摨磰砲餈𥪜<EFBFBD> Dify <20><><EFBFBD>摨?```
#### <20>湔鰵<E6B994><E9B0B5><EFBFBD>獢?
- <20>𩤃<EFBFBD> `03-Dify-ECS<43>函蔡摰<E894A1><E691B0><EFBFBD><EFBFBD><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>"docker-compose.yaml<6D>滨蔭"蝡㰘<EFBFBD>撘箄<EFBFBD>蝡臬藁摰匧<EFBFBD>
---
### 5. Nginx client_max_body_size - 支持大文件上传 ⭐⭐⭐⭐
### 5. Nginx client_max_body_size - <EFBFBD><EFBFBD>憭扳<EFBFBD>隞嗡<EFBFBD>隡?潃鐥<E6BD83>潃鐥<E6BD83>
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P2嚗<32><E59A97><EFBFBD>穿<EFBFBD>**
#### <20><EFBFBD><E6A185>讛膩
```
医疗PDF可能很大10-50MB
Nginx默认限制1MB
结果:用户上传大文件时返回 413 Request Entity Too Large
<EFBFBD><EFBFBD>PDF<EFBFBD><EFBFBD><EFBFBD>之嚗?0-50MB嚗?Nginx暺䁅恕<E48185>𣂼<EFBFBD>嚗?MB
蝏𤘪<EFBFBD>嚗𡁶鍂<EFBFBD><EFBFBD>隡惩之<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?413 Request Entity Too Large
```
#### 閫<><E996AB><EFBFBD><EFBFBD>
@@ -395,8 +337,7 @@ http {
# <20>𩤃<EFBFBD> <20><EFBFBD>嚗𡁏𣈲<F0A1818F><F0A388B2><EFBFBD><E4B98B>辣銝𠹺<E98A9D>
client_max_body_size 50M;
# ⚠️ 新增开启gzipReact大体积JS
gzip on;
# <EFBFBD>𩤃<EFBFBD> <20><EFBFBD>嚗𡁜<E59A97><F0A1819C>zip嚗㇌eact憭找<EFBFBD>蝘浥S嚗? gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 1000;
gzip_comp_level 6;
@@ -405,8 +346,7 @@ http {
listen 8080;
server_name _;
# 根目录
root /usr/share/nginx/html;
# <EFBFBD>寧𤌍敶? root /usr/share/nginx/html;
index index.html;
# API<50><EFBFBD><EFBFBD><E99A9E>
@@ -417,8 +357,7 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# ⚠️ 新增:代理超时配置
proxy_connect_timeout 120s;
# <EFBFBD>𩤃<EFBFBD> <20><EFBFBD>嚗帋誨<E5B88B><E8AAA8><EFBFBD><EFBFBD><EFBFBD>蝵? proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
}
@@ -428,8 +367,7 @@ http {
try_files $uri $uri/ /index.html;
}
# 健康检查
location /health {
# <EFBFBD>亙熒璉<EFBFBD><EFBFBD>? location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
@@ -438,23 +376,19 @@ http {
}
```
#### 更新的文档
#### <EFBFBD>湔鰵<EFBFBD><EFBFBD><EFBFBD>獢?
- <20>𩤃<EFBFBD> `06-<2D>滨垢Nginx-SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"nginx.conf.template"蝡㰘<E89DA1>憓𧼮<E68693><F0A7BCAE>滨蔭
---
### 6. Python Workers限制 - 防止OOM ⭐⭐⭐⭐⭐
### 6. Python Workers<EFBFBD>𣂼<EFBFBD> - <20>脫迫OOM 潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P1嚗<31><EFBFBD><EFBFBD>**
#### <20><EFBFBD><E6A185>讛膩
```
PyMuPDF/Nougat OCR非常吃内存单个请求可能占用500MB-1GB
SAE配置2GB内存
如果Gunicorn workers过多会导致OOMOut of Memory
```
PyMuPDF/Nougat OCR<EFBFBD>𧼮虜<EFBFBD><EFBFBD><EFBFBD>摮矋<EFBFBD><EFBFBD>蓥葵霂瑟<EFBFBD><EFBFBD><EFBFBD><EFBFBD>删鍂500MB-1GB嚗?SAE<41>滨蔭嚗?GB<47><42><EFBFBD>
<EFBFBD><EFBFBD>Gunicorn workers餈<73><E9A488>嚗䔶<E59A97>撖潸稲OOM嚗㇉ut of Memory嚗?```
#### 閫<><E996AB><EFBFBD><EFBFBD>
@@ -479,17 +413,14 @@ CMD ["gunicorn", "app.main:app", \
"--access-logfile", "-", \
"--error-logfile", "-"]
# workers=2: 最多2个worker2GB内存限制
# timeout=120: 单个请求最多120秒OCR可能很慢
# max-requests=100: 100个请求后重启worker防止内存泄漏
# workers=2: <EFBFBD><EFBFBD>憭?銝泡orker嚗?GB<47><42><EFBFBD><EFBFBD>𣂼<EFBFBD>嚗?# timeout=120: <20>蓥葵霂瑟<E99C82><E7919F><EFBFBD>憭?20蝘𡜐<E89D98>OCR<43><EFBFBD><EFBFBD><E695BA>嚗?# max-requests=100: 100銝芾窈瘙<E7AA88><E79899><EFBFBD>滚鍳worker嚗<72>俈甇<E79487>摮䀹<E691AE>瞍𧶏<E79E8D>
```
**SAE<41>滨蔭**
```bash
# SAE控制台 > 应用配置 > 实例规格
CPU: 1
内存: 2GB # ⚠️ 不要低于2GB
# SAE<EFBFBD><EFBFBD><EFBFBD>?> 摨𠉛鍂<F0A0899B>滨蔭 > 摰硺<E691B0><EFBFBD>
CPU: 1<EFBFBD>?<3F><><EFBFBD>: 2GB # <20>𩤃<EFBFBD> 銝滩<E98A9D>雿𦒘<E99BBF>2GB
# 摰硺<E691B0><E7A1BA><EFBFBD>
<EFBFBD><EFBFBD>撠誩<EFBFBD>靘𧢲㺭: 1
@@ -502,37 +433,29 @@ CPU: 1核
# 蝏誯<E89D8F><E8AAAF><EFBFBD>
workers = (CPU<EFBFBD>豢㺭 <EFBFBD> 2) + 1
# 但对于内存密集型应用如PDF解析
workers = min((内存GB / 单worker内存GB), (CPU核数 × 2) + 1)
# <EFBFBD>笆鈭𤾸<EFBFBD>摮睃<EFBFBD><EFBFBD><EFBFBD><EFBFBD>摨𠉛鍂嚗<EFBFBD><EFBFBD>PDF閫<EFBFBD><EFBFBD>嚗?workers = min((<28><><EFBFBD>GB / <20>嫤orker<65><72><EFBFBD>GB), (CPU<50>豢㺭 <20> 2) + 1)
# 示例SAE 1核2GB
单worker内存 800MBPyMuPDF + Nougat
workers = min(2GB / 0.8GB, 1×2+1) = min(2.5, 3) = 2
# 蝷箔<EFBFBD>嚗锭AE 1<EFBFBD>?GB
<EFBFBD>嫤orker<EFBFBD><EFBFBD><EFBFBD> <EFBFBD>?800MByMuPDF + Nougat?workers = min(2GB / 0.8GB, 1<EFBFBD>2+1) = min(2.5, 3) = 2
# 结论workers=2 是安全值
```
# 蝏栞捏嚗鯱orkers=2 <EFBFBD><EFBFBD><EFBFBD><EFBFBD>?```
#### <20>烐綉OOM
```bash
# SAE控制台 > 监控 > 内存使用率
# 如果经常达到90%+,说明需要:
# 1. 减少workers从2降到1
# 2. 增加内存从2GB升到4GB
# 3. 优化代码(减少内存占用)
# SAE<EFBFBD><EFBFBD><EFBFBD>?> <20>烐綉 > <20><><EFBFBD>雿輻鍂<E8BCBB>?# 憒<><E68692>蝏誩虜颲曉<E9A2B2>90%+嚗諹秩<E8ABB9>𡡞<EFBFBD><EFBFBD><E996AC>
# 1. <20><EFBFBD>workers嚗<73><E59A97>2<EFBFBD><EFBFBD>1嚗?# 2. 憓𧼮<E68693><F0A7BCAE><EFBFBD><EFBFBD><EFBFBD><E59A97>2GB<47><42><EFBFBD>4GB嚗?# 3. 隡睃<E99AA1><EFBFBD><E99A9E><EFBFBD><E59A97>撠穃<E692A0>摮睃<E691AE><E79D83><EFBFBD>
```
#### 更新的文档
- ⚠️ `04-Python微服务-SAE容器部署指南.md`:需要在"Dockerfile"章节强调workers限制
#### <EFBFBD>湔鰵<EFBFBD><EFBFBD><EFBFBD>獢?
- <20>𩤃<EFBFBD> `04-Python敺格<E695BA><E6A0BC>?SAE摰孵膥<E5ADB5>函蔡<E587BD><E894A1><EFBFBD>.md`嚗𡁻<EFBFBD><EFBFBD>銁"Dockerfile"蝡㰘<E89DA1>撘箄<E69298>workers<72>𣂼<EFBFBD>
---
## 📖 开发调试最佳实践
## <EFBFBD><EFBFBD><><E69298>𤏸<EFBFBD>霂閙<E99C82>雿喳<E99BBF>頝?
### 7. SSH<53><EFBFBD> - <20>砍𧑐<E7A08D><EFBFBD>RDS<44>唳旿摨?潃鐥<E6BD83>潃鐥<E6BD83>
### 7. SSH隧道 - 本地直连RDS数据库 ⭐⭐⭐⭐
**用途:开发便利性(非必需,但强烈推荐)**
**<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>睲噶<EFBFBD><EFBFBD><EFBFBD><EFBFBD>𧼮<EFBFBD><EFBFBD><EFBFBD>嚗䔶<EFBFBD>撘箇<EFBFBD><EFBFBD><EFBFBD>嚗?*
#### <20>箸艶
@@ -547,12 +470,10 @@ workers = min(2GB / 0.8GB, 1×2+1) = min(2.5, 3) = 2
**甇仿炊1嚗𡁶靽𨎊CS<43>农SH霈輸䔮<E8BCB8><E494AE><EFBFBD>**
```bash
# 本地生成SSH密钥如果还没有
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# <EFBFBD>砍𧑐<EFBFBD><EFBFBD><EFBFBD>SSH撖<EFBFBD>𤨎嚗<EFBFBD><EFBFBD><EFBFBD>𡏭<EFBFBD>瘝⊥<EFBFBD>嚗?ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# 撠<><E692A0><EFBFBD>交溶<E4BAA4><EFBFBD>ECS
# ECS控制台 > 实例 > 远程连接 > 重置密钥对
# 或者手动添加到 ~/.ssh/authorized_keys
# ECS<EFBFBD><EFBFBD><EFBFBD>?> 摰硺<E691B0> > 餈𦦵<E9A488>餈墧𦻖 > <20>滨蔭撖<E894AD>𤨎撖?# <20>𤥁<EFBFBD><F0A4A581><EFBFBD><EFBFBD>冽溶<E586BD><EFBFBD> ~/.ssh/authorized_keys
```
**甇仿炊2嚗𡁜遣蝡喹SH<53><EFBFBD>**
@@ -566,11 +487,8 @@ ssh -N -L 5433:rm-bp1xxxxx.pg.rds.aliyuncs.com:5432 \
root@120.55.xx.xx \
-i ~/.ssh/dify-ecs.pem
# 参数说明:
# -N: 不执行远程命令,只建立隧道
# -L: 本地端口转发
# 5433: 本地监听端口避免与本地PostgreSQL 5432冲突
# rm-bp1xxxxx...: RDS内网地址
# <EFBFBD><EFBFBD>㺭霂湔<EFBFBD>嚗?# -N: 銝齿<E98A9D>銵諹<E98AB5>蝔见𦶢隞歹<E99A9E><E6ADB9>芸遣蝡钅银<E99285>?# -L: <20>砍𧑐蝡臬藁頧砍<E9A0A7>
# 5433: <20>砍𧑐<E7A08D>穃𨯬蝡臬藁嚗<E89781><E59A97><EFBFBD><EFBFBD><E6BBA2>砍𧑐PostgreSQL 5432<33><EFBFBD>嚗?# rm-bp1xxxxx...: RDS<44><53><EFBFBD><EFBFBD><EFBFBD>
# 5432: RDS蝡臬藁
```
@@ -579,13 +497,11 @@ ssh -N -L 5433:rm-bp1xxxxx.pg.rds.aliyuncs.com:5432 \
```
餈墧𦻖蝐餃<EFBFBD>嚗䥪ostgreSQL
銝餅㦤嚗饝ocalhost
端口5433
蝡臬藁嚗?433
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>aiclinical_rw
密码RDS密码
数据库ai_clinical_research
<EFBFBD><EFBFBD>嚗𡄯<EFBFBD>RDS撖<EFBFBD><EFBFBD>嚗?<3F>唳旿摨橒<E691A8>ai_clinical_research
测试连接 → 成功!
```
瘚贝<EFBFBD>餈墧𦻖 <20>?<3F>𣂼<EFBFBD>嚗?```
**甇仿炊4嚗𡁜<E59A97><F0A1819C><EFBFBD>銵屸银<E5B1B8><EFBFBD><E6A992><EFBFBD><EFBFBD>**
@@ -594,8 +510,7 @@ ssh -N -L 5433:rm-bp1xxxxx.pg.rds.aliyuncs.com:5432 \
nohup ssh -N -L 5433:rm-xxxxx.pg.rds.aliyuncs.com:5432 \
root@ECS-IP -i key.pem > /dev/null 2>&1 &
# 方法2创建systemd服务Linux
# /etc/systemd/system/rds-tunnel.service
# <EFBFBD><EFBFBD>2嚗𡁜<EFBFBD>撱漳ystemd<EFBFBD>滚𦛚嚗𡿨inux嚗?# /etc/systemd/system/rds-tunnel.service
[Unit]
Description=SSH Tunnel to RDS
After=network.target
@@ -624,18 +539,14 @@ sudo systemctl enable rds-tunnel
---
### 8. 时区统一配置 - 防止日志时间混乱 ⭐⭐⭐⭐⭐
### 8. <EFBFBD>嗅躹蝏煺<EFBFBD><EFBFBD>滨蔭 - <20>脫迫<E884AB><EFBFBD><E4BA99>園𡢿瘛瑚僚 潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P2嚗<32><E59A97><EFBFBD><E996AC>**
#### <20><EFBFBD><E6A185>讛膩
```
不同服务的时区不一致会导致:
❌ 日志时间对不上前端14:00后端06:00
❌ pg-boss定时任务在错误时间触发
❌ 用户看到的时间戳错误
❌ 排查故障极为痛苦
銝滚<EFBFBD><EFBFBD>滚𦛚<EFBFBD><EFBFBD>𧒄<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>撖潸稲嚗?<3F>?<3F><EFBFBD><E4BA99>園𡢿撖嫣<E69296>銝𠺪<E98A9D><F0A0BAAA>滨垢14:00嚗<30><E59A97>蝡?6:00嚗?<3F>?pg-boss摰𡁏𧒄隞餃𦛚<E9A483><EFBFBD>霂舀𧒄<E88880>渲圻<E6B8B2>?<3F>?<3F><EFBFBD><E586BD><EFBFBD><E8A781><EFBFBD>𧒄<EFBFBD><EFBFBD><E6B994>躰秤
<EFBFBD>?<3F>埝䰻<E59F9D><E4B0BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>𥡝㜃
```
#### 閫<><E996AB><EFBFBD><EFBFBD>
@@ -649,15 +560,13 @@ RUN apk add --no-cache tzdata
ENV TZ=Asia/Shanghai
# ... <20><EFBFBD><E597A1>滨蔭
# extraction_service/Dockerfile - Python微服务
FROM python:3.11-slim
# extraction_service/Dockerfile - Python敺格<EFBFBD><EFBFBD>?FROM python:3.11-slim
RUN apt-get update && apt-get install -y tzdata
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
# ... <20><EFBFBD><E597A1>滨蔭
# frontend-v2/Dockerfile - 前端(已配置)
FROM nginx:1.25-alpine
# frontend-v2/Dockerfile - <EFBFBD>滨垢嚗<EFBFBD><EFBFBD>滨蔭嚗?FROM nginx:1.25-alpine
RUN apk add --no-cache tzdata
ENV TZ=Asia/Shanghai
# ... <20><EFBFBD><E597A1>滨蔭
@@ -665,11 +574,11 @@ ENV TZ=Asia/Shanghai
```sql
-- RDS PostgreSQL <20>嗅躹<E59785>滨蔭
-- RDS控制台 > 参数设置 > timezone
-- RDS<EFBFBD><EFBFBD><EFBFBD>?> <20><>㺭霈曄蔭 > timezone
timezone = Asia/Shanghai
```
**验证时区:**
**撉諹<EFBFBD><EFBFBD>嗅躹嚗?*
```bash
# <20><EFBFBD>摰孵膥<E5ADB5>嗅躹
docker exec <container-id> date
@@ -682,11 +591,10 @@ psql -c "SHOW timezone;"
#### 敶勗<E695B6><E58B97><EFBFBD>
- Node.js后端需要更新Dockerfile
- Python微服务需要更新Dockerfile
- ✅ 前端Nginx已正确配置
- RDS PostgreSQL:需要修改参数
- <EFBFBD>?Node.js<EFBFBD>𡒊垢嚗𡁻<EFBFBD><EFBFBD><EFBFBD>ockerfile
- <EFBFBD>?Python敺格<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ockerfile
- <EFBFBD>?<3F>滨垢Nginx嚗𡁜歇甇<E6AD87><EFBFBD>滨蔭
- <EFBFBD>?RDS PostgreSQL嚗𡁻<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
#### 靽桀<E99DBD>甇仿炊
```bash
@@ -699,7 +607,7 @@ cd extraction_service
# <20>求ockerfile銝剜溶<E5899C>䭾𧒄<E4ADBE><EFBFBD>蝵殷<E89DB5><EFBFBD><E996AB><EFBFBD>寧內靘页<E99D98>
# 3. 靽格㺿RDS<44>嗅躹
# RDS控制台 > 参数设置 > timezone > Asia/Shanghai
# RDS<EFBFBD><EFBFBD><EFBFBD>?> <20><>㺭霈曄蔭 > timezone > Asia/Shanghai
# <20><><EFBFBD><E996AC><EFBFBD>爹DS摰硺<E691B0>
# 4. 撉諹<E69289>
@@ -710,35 +618,30 @@ psql -h rds-host -c "SHOW timezone;"
---
### 9. 镜像拉取策略 - 防止代码不更新 ⭐⭐⭐⭐⭐
### 9. <EFBFBD>𨅯<EFBFBD><EFBFBD><EFBFBD>蝑𣇉裦 - <20>脫迫隞<E8BFAB><E99A9E>銝齿凒<E9BDBF>?潃鐥<E6BD83>潃鐥<E6BD83>潃?
**<2A><EFBFBD>銝仿<E98A9D>摨佗<E691A8>P2嚗<32><E59A97><EFBFBD><E996AC>**
#### <20><EFBFBD><E6A185>讛膩
```
场景:
开发者修改代码 → 构建镜像 → 推送到ACR覆盖v1.0.0
→ SAE部署 → 发现代码没更新???
<EFBFBD>箸艶嚗?撘<><E69298>𤏸<EFBFBD><F0A48FB8><EFBFBD>嫣誨<E5ABA3>?<3F>?<3F><><EFBFBD>𨅯<EFBFBD> <20>?<3F><EFBFBD><E588B8><EFBFBD>ACR嚗<52><E59A97><EFBFBD>𩥈1.0.0嚗?<3F>?SAE<41>函蔡 <20>?<3F>𤑳緵隞<E7B7B5><E99A9E>瘝⊥凒<E28AA5><EFBFBD><EFBFBD><E59A97>
原因:
SAE默认镜像拉取策略可能是 IfNotPresent
如果本地已有 v1.0.0,不会重新拉取
```
<EFBFBD><EFBFBD>嚗?SAE暺䁅恕<E48185>𨅯<EFBFBD><F0A885AF><EFBFBD>蝑𣇉裦<F0A38789><EFBFBD><E888AA>?IfNotPresent
<EFBFBD><EFBFBD><EFBFBD>砍𧑐撌脫<EFBFBD> v1.0.0嚗䔶<EFBFBD>隡𡁻<EFBFBD><EFBFBD><EFBFBD><EFBFBD>?```
#### 閫<><E996AB><EFBFBD><EFBFBD>
**方案A每次部署使用新版本号强烈推荐**
**<EFBFBD><EFBFBD>A嚗𡁏<EFBFBD>甈⊿<EFBFBD>蝵脖蝙<EFBFBD>冽鰵<EFBFBD><EFBFBD>𧋦<EFBFBD><EFBFBD>撘箇<EFBFBD><EFBFBD><EFBFBD>嚗?*
```bash
# 雿輻鍂霂凋<E99C82><E5878B>𣇉<EFBFBD><F0A38789>砍噡
v1.0.0 v1.0.1 v1.0.2 ...
v1.0.0 <EFBFBD>?v1.0.1 <EFBFBD>?v1.0.2 ...
# <20>碶蝙<E7A2B6>冽𧒄<E586BD><EFBFBD>
v20251214-1430 v20251214-1530 ...
v20251214-1430 <EFBFBD>?v20251214-1530 ...
# <20>碶蝙<E7A2B6>沁it SHA
v-a1b2c3d v-b2c3d4e ...
v-a1b2c3d <EFBFBD>?v-b2c3d4e ...
# <20><>遣蝷箔<E89DB7>
docker build -t backend:v1.0.1 .
@@ -751,23 +654,21 @@ docker push registry.cn-hangzhou.aliyuncs.com/aiclinical/backend:v1.0.1
**<EFBFBD><EFBFBD>B嚗𡁻<EFBFBD>蝵娟AE<EFBFBD>𨅯<EFBFBD><EFBFBD><EFBFBD>蝑𣇉裦嚗<EFBFBD><EFBFBD>霂閧㴓憓<EFBFBD><EFBFBD>**
```bash
# SAE控制台 > 应用配置 > 镜像设置
# SAE<EFBFBD><EFBFBD><EFBFBD>?> 摨𠉛鍂<F0A0899B>滨蔭 > <20>𨅯<EFBFBD>霈曄蔭
<EFBFBD>𨅯<EFBFBD><EFBFBD><EFBFBD>蝑𣇉裦嚗鋫lways
# ⚠️ 注意:
# - 每次重启都会拉取镜像(启动稍慢)
# <EFBFBD>𩤃<EFBFBD> 瘜冽<E7989C>嚗?# - 瘥𤩺活<F0A4A9BA>滚鍳<E6BB9A><EFBFBD><E8B3AD><EFBFBD><E58CA7>𨅯<EFBFBD><EFBFBD><EFBFBD><EFBFBD><E587BD><EFBFBD>
# - <20><><EFBFBD>瘚贝<E7989A><E8B49D><EFBFBD>嚗䔶<E59A97><E494B6><EFBFBD><E588BB>煺漣<E785BA><EFBFBD>
```
#### 最佳实践
#### <EFBFBD><EFBFBD>雿喳<EFBFBD>頝?
| <20><EFBFBD> | <20><EFBFBD><E588BB><EFBFBD> | <20><>眏 |
|------|---------|------|
| **生产环境** | 方案A版本号管理 | 版本可追溯,稳定 |
| **测试环境** | 方案BAlways拉取 | 始终最新,方便 |
| **开发环境** | 方案A | 避免混乱 |
| **<EFBFBD>煺漣<EFBFBD><EFBFBD>** | <EFBFBD><EFBFBD>A嚗<EFBFBD><EFBFBD><EFBFBD>砍噡蝞∠<EFBFBD>嚗?| <20><>𧋦<EFBFBD>航蕭皞荔<E79A9E>蝔喳<E89D94> |
| **瘚贝<EFBFBD><EFBFBD><EFBFBD>** | <EFBFBD><EFBFBD>B嚗㇁lways<EFBFBD><EFBFBD>嚗?| 憪讠<E686AA><E8AEA0><EFBFBD><EFBFBD><EFBFBD><E5A086>嫣噶 |
| **<EFBFBD><EFBFBD>𤑳㴓憓?* | <20><EFBFBD>A | <20><EFBFBD>瘛瑚僚 |
**❌ 不要:**
**<EFBFBD>?銝滩<E98A9D>嚗?*
```bash
# 憪讠<E686AA>雿輻鍂 latest <20><>倌嚗<E5808C><E59A97>瘜閗蕭皞舐<E79A9E><E88890>穿<EFBFBD>
docker tag backend:latest ...
@@ -783,20 +684,19 @@ docker tag backend:latest ...
```
Python<EFBFBD>滚𦛚嚗㇊yMuPDF/Nougat嚗匧<E59A97>摮睃<E691AE><E79D83><EFBFBD><EFBFBD>摰寞<E691B0>OOM
❌ 单个PDF OCR可能占用500MB-1GB内存
❌ 多个并发请求会导致内存溢出
❌ SAE默认2GB内存可能不够
<EFBFBD>?<3F>蓥葵PDF OCR<EFBFBD><EFBFBD><EFBFBD>删鍂500MB-1GB<EFBFBD><EFBFBD><EFBFBD>
<EFBFBD>?憭帋葵撟嗅<E6929F>霂瑟<E99C82>隡𡁜紡<F0A1819C><EFBFBD>摮䀹滯<E480B9>?<3F>?SAE暺䁅恕2GB<47><42><EFBFBD><EFBFBD><EFBFBD>銝滚<E98A9D>
```
#### 閫<><E996AB><EFBFBD><EFBFBD>
**规格建议:**
**<EFBFBD>聢撱箄悅嚗?*
| <20>箸艶 | CPU | <20><><EFBFBD> | Workers | <20><><EFBFBD><E98D82><EFBFBD> |
|------|-----|------|---------|---------|
| **基础版** | 1| 2GB | 2 | 简单PDF解析 |
| **标准版** | 2| 4GB | 3 | 包含OCRNougat |
| **增强版** | 2| 8GB | 4 | 大量OCR + 高并发 |
| **<EFBFBD><EFBFBD><EFBFBD>?* | 1<EFBFBD>?| 2GB | 2 | <EFBFBD><EFBFBD>𠠬DF閫<EFBFBD><EFBFBD> |
| **<EFBFBD><EFBFBD><EFBFBD><EFBFBD>?* | 2<EFBFBD>?| 4GB | 3 | <EFBFBD><EFBFBD>OCR嚗𠃊ougat嚗?|
| **憓𧼮撩<EFBFBD>?* | 2<EFBFBD>?| 8GB | 4 | 憭折<EFBFBD>OCR + 擃睃僎<EFBFBD>?|
**Dockerfile隡睃<E99AA1><EFBFBD>歇摨𠉛鍂嚗㚁<E59A97>**
@@ -807,13 +707,12 @@ CMD ["gunicorn", "main:app", \
"--workers", "2", \ # <20>𩤃<EFBFBD> <20>𣂼<EFBFBD>撟嗅<E6929F>
"--timeout", "120", \ # <20>𩤃<EFBFBD> 2<><32><EFBFBD><EFBFBD>𧒄
"--max-requests", "100", \ # <20>𩤃<EFBFBD><><E686AD>100銝芾窈瘙<E7AA88><E79899><EFBFBD>滚鍳worker
"--max-requests-jitter", "10"] # ⚠️ 随机抖动,避免同时重启
```
"--max-requests-jitter", "10"] # <EFBFBD>𩤃<EFBFBD> <20>𤩺㦤<F0A4A9BA>硋𢆡嚗屸<E59A97><E5B1B8><EFBFBD><E6BB9A><EFBFBD><E59C92>?```
**<2A>烐綉銝𤾸<E98A9D>霅佗<E99C85>**
```bash
# SAE控制台 > 监控告警 > 创建告警规则
# SAE<EFBFBD><EFBFBD><EFBFBD>?> <20>烐綉<E78390>𡃏郎 > <20>𥕦遣<F0A595A6>𡃏郎閫<E9838E><E996AB>
<EFBFBD><EFBFBD><EFBFBD>嚗𡁜<EFBFBD>摮䀝蝙<EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>> 80%
<EFBFBD><EFBFBD>嚗𡁜<EFBFBD><EFBFBD><EFBFBD><EFBFBD>𡁶䰻 + <20>芸𢆡<E88AB8>拙捆嚗<E68D86><EFBFBD><EFBFBD>
@@ -821,13 +720,13 @@ CMD ["gunicorn", "main:app", \
#### 憒<><E68692><EFBFBD><EFBFBD><EFBFBD>OOM
**方案1升级内存推荐**
**<EFBFBD><EFBFBD>1嚗𡁜<EFBFBD>蝥批<EFBFBD>摮矋<EFBFBD><EFBFBD><EFBFBD>嚗?*
```bash
# SAE控制台 > 应用配置 > 规格调整
1核2GB → 2核4GB增加¥100/月)
# SAE<EFBFBD><EFBFBD><EFBFBD>?> 摨𠉛鍂<F0A0899B>滨蔭 > 閫<>聢靚<E881A2>
1<EFBFBD>?GB <EFBFBD>?2<>?GB嚗<42><E59A97><EFBFBD>覉?00/<2F><><EFBFBD>
```
**方案2限制并发临时**
**<EFBFBD><EFBFBD>2嚗𡁻<EFBFBD><EFBFBD>嗅僎<EFBFBD>𡢅<EFBFBD>銝湔𧒄嚗?*
```dockerfile
# 靽格㺿Dockerfile
CMD ["gunicorn", "main:app", \
@@ -837,17 +736,15 @@ CMD ["gunicorn", "main:app", \
---
### 11. OSS签名URL - 安全的文件访问 ⭐⭐⭐⭐
### 11. OSS蝑曉<EFBFBD>URL - 摰匧<EFBFBD><EFBFBD><EFBFBD><EFBFBD>隞嗉挪<EFBFBD>?潃鐥<E6BD83>潃鐥<E6BD83>
**用途:安全最佳实践**
**<EFBFBD><EFBFBD><EFBFBD>摰匧<EFBFBD><EFBFBD><EFBFBD>雿喳<EFBFBD>頝?*
#### <20><EFBFBD>
```
如果OSS Bucket设置为Public
❌ 任何人都可以访问所有文件
❌ 无法追踪谁访问了哪些文件
❌ 无法控制访问时效
<EFBFBD><EFBFBD>OSS Bucket霈曄蔭銝摺ublic嚗?<3F>?隞颱<E99A9E>鈭粹<E988AD><E7B2B9>臭誑霈輸䔮<E8BCB8><E494AE><EFBFBD><EFBFBD>隞?<3F>?<3F><EFBFBD>餈質葵靚<E891B5><EFBFBD><EFBFBD><E6A190><EFBFBD><E88AAF><EFBFBD>
<EFBFBD>?<3F><EFBFBD><E4ADBE><EFBFBD>霈輸䔮<E8BCB8><EFBFBD>
```
#### 閫<><E996AB><EFBFBD><EFBFBD>
@@ -855,9 +752,8 @@ CMD ["gunicorn", "main:app", \
**OSS Bucket<65>滨蔭**
```bash
# OSS控制台 > Bucket列表 > aiclinical-data-prod
# 读写权限:私有(Private
```
# OSS<EFBFBD><EFBFBD><EFBFBD>?> Bucket<EFBFBD>𡑒” > aiclinical-data-prod
# 霂餃<EFBFBD><EFBFBD><EFBFBD><EFBFBD>嚗𡁶<EFBFBD><EFBFBD><EFBFBD>Private嚗?```
**<2A>𡒊垢<F0A1928A><E59EA2><EFBFBD>蝑曉<E89D91>URL**
@@ -878,7 +774,7 @@ export class OSSAdapter {
}
/**
* 生成签名URL1小时有效期
* <EFBFBD><EFBFBD><EFBFBD>蝑曉<EFBFBD>URL嚗?撠𤩺𧒄<F0A4A9BA><EFBFBD><E39787><EFBFBD><EFBFBD>
*/
async getSignedUrl(objectKey: string, expiresIn: number = 3600): Promise<string> {
try {
@@ -902,8 +798,7 @@ export class OSSAdapter {
const result = await this.client.put(objectKey, filePath)
console.log(`[OSS] <20><>辣銝𠹺<E98A9D><F0A0B9BA>𣂼<EFBFBD>: ${objectKey}`)
// 返回签名URL不是公开URL
return this.getSignedUrl(objectKey)
// 餈𥪜<EFBFBD>蝑曉<EFBFBD>URL嚗<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>URL嚗? return this.getSignedUrl(objectKey)
} catch (error) {
console.error('[OSS] <20><>辣銝𠹺<E98A9D>憭梯揖:', error)
throw error
@@ -919,22 +814,20 @@ export class OSSAdapter {
router.get('/documents/:id/download', async (req, res) => {
const { id } = req.params
// 1. 查询文档元数据
const document = await prisma.document.findUnique({
// 1. <EFBFBD>亥砭<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? const document = await prisma.document.findUnique({
where: { id }
})
if (!document) {
return res.status(404).json({ error: '文档不存在' })
return res.status(404).json({ error: '<EFBFBD><EFBFBD>﹝銝滚<EFBFBD><EFBFBD>? })
}
// 2. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>靽萘鍂<E89098><EFBFBD><E7919F><EFBFBD><EFBFBD><EFBFBD>
if (document.userId !== req.user.id) {
return res.status(403).json({ error: '无权访问此文档' })
return res.status(403).json({ error: '<EFBFBD><EFBFBD><EFBFBD>? })
}
// 3. 生成签名URL1小时有效
const ossAdapter = new OSSAdapter()
// 3. <EFBFBD><EFBFBD><EFBFBD>蝑曉<EFBFBD>URL嚗?撠𤩺𧒄<F0A4A9BA><EFBFBD>嚗? const ossAdapter = new OSSAdapter()
const signedUrl = await ossAdapter.getSignedUrl(document.ossKey, 3600)
// 4. 餈𥪜<E9A488>蝑曉<E89D91>URL
@@ -962,7 +855,7 @@ export async function downloadDocument(documentId: string) {
// 2. 雿輻鍂蝑曉<E89D91>URL銝贝蝸<E8B49D><E89DB8>
const link = document.createElement('a')
link.href = url // 签名URL1小时有效
link.href = url // 蝑曉<EFBFBD>URL嚗?撠𤩺𧒄<F0A4A9BA><EFBFBD>
link.download = filename
link.click()
}
@@ -971,58 +864,45 @@ export async function downloadDocument(documentId: string) {
#### 隡睃飵
```
✅ 安全只有授权用户才能获取签名URL
✅ 时效URL自动过期1小时后失效
✅ 审计:可以记录谁访问了哪些文件
✅ 灵活:可以动态调整过期时间
```
<EFBFBD>?摰匧<E691B0>嚗𡁜蘨<F0A1819C><EFBFBD><E39787><EFBFBD><EFBFBD><EFBFBD><E7919F>質繮<E8B3AA>𣇉倌<F0A38789>RL
<EFBFBD>?<3F><EFBFBD>嚗䦧RL<52>芸𢆡餈<F0A286A1><E9A488>嚗?撠𤩺𧒄<F0A4A9BA>𤾸仃<F0A4BEB8><E4BB83><EFBFBD>
<EFBFBD>?摰∟恣嚗𡁜虾隞亥扇敶閗<E695B6>霈輸䔮鈭<E494AE>𪑛鈭𥟇<E988AD>隞?<3F>?<3F>菜暑嚗𡁜虾隞亙𢆡<E4BA99><F0A286A1><EFBFBD><EFBFBD><EFBFBD><E6B8B2><EFBFBD>𧒄<EFBFBD>?```
---
## <20><> <20><EFBFBD>
### 必须立即修复的问题
| # | 问题 | 严重度 | 影响 | 修复时间 |
### <EFBFBD>◆蝡见朖靽桀<EFBFBD><EFBFBD><EFBFBD>䔮憸?
| # | <20><EFBFBD> | 銝仿<E98A9D>摨?| 敶勗<E695B6> | 靽桀<E99DBD><E6A180>園𡢿 |
|---|------|--------|------|---------|
| 1 | **NAT网关缺失** | P0 | 所有AI功能不可用 | 15分钟 |
| 2 | **Dify API Key死锁** | P1 | PKB模块不可用 | 10分钟分阶段部署 |
| 3 | **HTTP超时未配置** | P1 | 连接泄漏,系统崩溃 | 5分钟代码修改 |
| 4 | **ECS端口对外开放** | P0 | 安全风险,可被攻击 | 5分钟docker-compose修改) |
| 5 | **Python Workers过多** | P1 | OOM,服务崩溃 | 2分钟Dockerfile修改) |
| 6 | **Nginx文件大小限制** | P2 | 大文件上传失败 | 2分钟nginx.conf修改) |
| 1 | **NAT蝵穃<EFBFBD>蝻箏仃** | P0 | <EFBFBD><EFBFBD><EFBFBD>𡅅I<EFBFBD><EFBFBD>銝滚虾<EFBFBD>?| 15<EFBFBD><EFBFBD><EFBFBD> |
| 2 | **Dify API Key甇駁<EFBFBD>** | P1 | PKB<EFBFBD>銝滚虾<EFBFBD>?| 10<31><30><EFBFBD><EFBFBD><E59A97><EFBFBD>嗆挾<E59786>函蔡嚗?|
| 3 | **HTTP<EFBFBD>𧒄<EFBFBD><EFBFBD>蝵?* | P1 | 餈墧𦻖瘜<F0A6BB96><E7989C>嚗𣬚頂蝏笔援皞?| 5<><35><EFBFBD><EFBFBD><EFBFBD><E8AAA8><EFBFBD><EFBFBD> |
| 4 | **ECS蝡臬藁撖孵<EFBFBD><EFBFBD><EFBFBD>?* | P0 | 摰匧<E691B0>憌𡡞埯嚗<E59FAF>虾鋡急𤫇<E680A5>?| 5<><35><EFBFBD>嚗Ê̌ocker-compose靽格㺿嚗?|
| 5 | **Python Workers<EFBFBD><EFBFBD>** | P1 | OOM嚗峕<EFBFBD><EFBFBD>援皞?| 2<><32><EFBFBD>嚗㇄ockerfile靽格㺿嚗?|
| 6 | **Nginx<EFBFBD><EFBFBD>辣憭批<EFBFBD><EFBFBD>𣂼<EFBFBD>** | P2 | 憭扳<EFBFBD>隞嗡<EFBFBD>隡惩仃韐?| 2<><32><EFBFBD>嚗ěginx.conf靽格㺿嚗?|
### 推荐但非必需的优化
| # | 优化 | 价值 | 实施时间 |
### <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
| # | 隡睃<E99AA1> | 隞瑕<E99A9E>?| 摰墧鴌<E5A2A7>園𡢿 |
|---|------|------|---------|
| 7 | **SSH隧道** | 开发便利性 | 10分钟 |
| 8 | **OSS签名URL** | 安全最佳实践 | 30分钟代码修改 |
### 下一步行动
| 7 | **SSH<EFBFBD><EFBFBD>** | <EFBFBD><EFBFBD>睲噶<EFBFBD><EFBFBD>?| 10<EFBFBD><EFBFBD><EFBFBD> |
| 8 | **OSS蝑曉<EFBFBD>URL** | 摰匧<EFBFBD><EFBFBD><EFBFBD>雿喳<EFBFBD>頝?| 30<33><30><EFBFBD><EFBFBD><EFBFBD><E8AAA8><EFBFBD><EFBFBD> |
### 銝衤<E98A9D>甇亥<E79487><E4BAA5>?
```
☐ 1. 创建NAT网关必需15分钟⭐⭐⭐⭐⭐
2. 修改docker-compose.yamlECS端口安全5分钟⭐⭐⭐⭐⭐
3. 修改DockerfilePython workers限制2分钟⭐⭐⭐⭐
☐ 4. 修改nginx.conf文件大小限制2分钟⭐⭐⭐⭐
☐ 5. 修改后端代码HTTP超时5分钟⭐⭐⭐⭐
☐ 6. 修改后端代码Dify容错5分钟⭐⭐⭐⭐
☐ 7. 更新部署流程(分阶段部署,文档更新)⭐⭐⭐⭐
☐ 8. 统一时区配置必需15分钟⭐⭐⭐⭐⭐
☐ 9. 配置镜像拉取策略必需5分钟⭐⭐⭐⭐⭐
☐ 10. Python内存管理必需10分钟⭐⭐⭐⭐
☐ 11. 可选配置SSH隧道开发便利10分钟
☐ 12. 可选实现OSS签名URL安全30分钟
总计必需修复约70分钟可选优化约40分钟
<EFBFBD>?1. <20>𥕦遣NAT蝵穃<E89DB5><EFBFBD><E59A97><EFBFBD><EFBFBD>嚗?5<><35><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃鐥<E6BD83>
<EFBFBD>?2. 靽格㺿docker-compose.yaml嚗𠄌CS蝡臬藁摰匧<EFBFBD>嚗?<3F><><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃鐥<E6BD83>
<EFBFBD>?3. 靽格㺿Dockerfile嚗㇊ython workers<EFBFBD>𣂼<EFBFBD>嚗?<3F><><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃?<3F>?4. 靽格㺿nginx.conf嚗<66><E59A97>隞嗅之撠誯<E692A0><E8AAAF><EFBFBD>2<EFBFBD><32><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃?<3F>?5. 靽格㺿<E6A0BC>𡒊垢隞<E59EA2><E99A9E>嚗𠃍TTP頞<50>𧒄嚗?<3F><><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃?<3F>?6. 靽格㺿<E6A0BC>𡒊垢隞<E59EA2><E99A9E>嚗㇄ify摰寥<E691B0>嚗?<3F><><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃?<3F>?7. <20>湔鰵<E6B994>函蔡瘚<E894A1><E7989A><EFBFBD><E59A97><EFBFBD>嗆挾<E59786>函蔡嚗峕<E59A97><EFBFBD><EFBFBD><EFBFBD>潃鐥<E6BD83>潃鐥<E6BD83>
<EFBFBD>?8. 蝏煺<E89D8F><E785BA>嗅躹<E59785>滨蔭嚗<E894AD><E59A97><EFBFBD><EFBFBD>嚗?5<><35><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃鐥<E6BD83>
<EFBFBD>?9. <20>滨蔭<E6BBA8>𨅯<EFBFBD><F0A885AF><EFBFBD>蝑𣇉裦嚗<E8A3A6><E59A97><EFBFBD><EFBFBD>嚗?<3F><><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃鐥<E6BD83>
<EFBFBD>?10. Python<6F><6E><EFBFBD>蝞∠<E89D9E><EFBFBD><E59A97><EFBFBD><EFBFBD>嚗?0<><30><EFBFBD>嚗争<E59A97>潃鐥<E6BD83>潃?<3F>?11. 嚗<><EFBFBD><EFBFBD><E39A81>滨蔭SSH<53><EFBFBD><EFBFBD><E59A97><EFBFBD>睲噶<E79DB2><EFBFBD>10<31><30><EFBFBD>嚗?<3F>?12. 嚗<><EFBFBD><EFBFBD>摰䂿緵OSS蝑曉<E89D91>URL嚗<4C><E59A97><EFBFBD><EFBFBD>30<33><30><EFBFBD>嚗?
<EFBFBD>餉恣嚗𡁜<EFBFBD><EFBFBD><EFBFBD>靽桀<EFBFBD>蝥?0<><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E58A90>𣇉漲40<34><30><EFBFBD>
```
---
**<EFBFBD><EFBFBD><EFBFBD>𥕦遣鈭綽<EFBFBD>** AI<41><EFBFBD>
**<EFBFBD><EFBFBD><EFBFBD>擧凒<EFBFBD><EFBFBD>** 2025-12-14
**版本:** v1.0
**核心理念:安全第一、稳定第二、便利第三** ⭐⭐⭐
**<EFBFBD><EFBFBD>𧋦嚗?* v1.0
**<EFBFBD><EFBFBD><EFBFBD><EFBFBD>艙嚗𡁜<EFBFBD><EFBFBD>函洵銝<EFBFBD><EFBFBD><EFBFBD>迅摰𡁶洵鈭䎚<EFBFBD><EFBFBD><EFBFBD>拍洵銝?* 潃鐥<E6BD83>潃?