cool/termi-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ship public ops features and cache docker builds
Some checks failed
docker-images / build-and-push (admin, admin, termi-astro-admin, admin/Dockerfile) (push) Failing after 13s
Details
docker-images / build-and-push (frontend, frontend, termi-astro-frontend, frontend/Dockerfile) (push) Has been cancelled
Details
docker-images / build-and-push (backend, backend, termi-astro-backend, backend/Dockerfile) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
limitcool
2026-04-01 13:22:19 +08:00
parent 669b79cc95
commit 497a9d713d
75 changed files with 6985 additions and 668 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
deploy/docker/README.md
View File

@@ -45,12 +45,17 @@ python deploy/scripts/render_compose_env.py \
- `INTERNAL_API_BASE_URL`frontend SSR 容器访问 backend 用compose 默认推荐 `http://backend:5150/api`
- `PUBLIC_API_BASE_URL`:浏览器访问 backend API 用;留空时前台会回退到“当前主机 + `:5150/api`
- `PUBLIC_COMMENT_TURNSTILE_SITE_KEY`:前台评论 / 订阅表单使用的 Cloudflare Turnstile site key
- `PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY`:前台浏览器推送订阅使用的 VAPID public key
- `PUBLIC_IMAGE_ALLOWED_HOSTS`:前台 `/_img` 图片优化端点允许的额外图片 host逗号分隔
- `ADMIN_API_BASE_URL`admin 浏览器访问 backend API 用;留空时后台会回退到“当前主机 + `:5150`
- `ADMIN_FRONTEND_BASE_URL`admin 里“打开前台 / 问答页 / 文章页预览”跳转用
- `TERMI_ADMIN_TRUST_PROXY_AUTH`:是否信任前置代理(如 Caddy + TinyAuth注入的后台认证头
- `TERMI_ADMIN_LOCAL_LOGIN_ENABLED`:是否保留本地账号密码登录兜底
- `TERMI_ADMIN_PROXY_SHARED_SECRET`:代理 SSO 共享密钥;建议和 Caddy 的 `X-Termi-Proxy-Secret` 配套使用
- `TERMI_TURNSTILE_SECRET_KEY`backend 评论 / 订阅接口使用的 Cloudflare Turnstile secret key兼容旧的 `TERMI_COMMENT_TURNSTILE_SECRET_KEY`
- `TERMI_WEB_PUSH_VAPID_PRIVATE_KEY`backend / worker 发送浏览器推送时使用的 VAPID private key
- `TERMI_WEB_PUSH_VAPID_SUBJECT`:浏览器推送 VAPID subject推荐 `mailto:xxx@example.com`
- `SMTP_ENABLE / SMTP_HOST / SMTP_PORT / SMTP_SECURE / SMTP_USER / SMTP_PASSWORD / SMTP_HELLO_NAME`:订阅确认和邮件通知需要
例如:
@@ -58,11 +63,16 @@ python deploy/scripts/render_compose_env.py \
```yaml
compose_env:
PUBLIC_API_BASE_URL: https://api.blog.init.cool
PUBLIC_COMMENT_TURNSTILE_SITE_KEY: 1x00000000000000000000AA
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: replace-with-web-push-vapid-public-key
ADMIN_API_BASE_URL: https://admin.blog.init.cool
ADMIN_FRONTEND_BASE_URL: https://blog.init.cool
TERMI_ADMIN_TRUST_PROXY_AUTH: true
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: false
TERMI_ADMIN_PROXY_SHARED_SECRET: replace-with-a-long-random-secret
TERMI_TURNSTILE_SECRET_KEY: replace-with-turnstile-secret-key
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: replace-with-web-push-vapid-private-key
TERMI_WEB_PUSH_VAPID_SUBJECT: mailto:noreply@blog.init.cool
```
> 这些值最终会被渲染成 `deploy/docker/.env`,再由 `compose.package.yml` 读取。

11
deploy/docker/compose.package.yml
View File

@@ -16,6 +16,10 @@ services:
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
TERMI_TURNSTILE_SECRET_KEY: ${TERMI_TURNSTILE_SECRET_KEY:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: ${TERMI_WEB_PUSH_VAPID_PRIVATE_KEY:-}
TERMI_WEB_PUSH_VAPID_SUBJECT: ${TERMI_WEB_PUSH_VAPID_SUBJECT:-}
RUST_LOG: ${RUST_LOG:-info}
ports:
# 这是“直连端口”示例;如果前面接 tohka 宿主机 Caddy
@@ -39,6 +43,9 @@ services:
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: ${TERMI_WEB_PUSH_VAPID_PRIVATE_KEY:-}
TERMI_WEB_PUSH_VAPID_SUBJECT: ${TERMI_WEB_PUSH_VAPID_SUBJECT:-}
RUST_LOG: ${RUST_LOG:-info}
TERMI_SKIP_MIGRATIONS: 'true'
@@ -53,9 +60,13 @@ services:
# frontend 是 Astro SSR(Node)
# - INTERNAL_API_BASE_URL 给服务端渲染访问 backend 用
# - PUBLIC_API_BASE_URL 给浏览器里的评论 / AI 问答等请求用
# - PUBLIC_COMMENT_TURNSTILE_SITE_KEY 给评论 / 订阅表单的人机验证组件用
# - PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY 给浏览器推送订阅用
# - PUBLIC_IMAGE_ALLOWED_HOSTS 给前台图片优化端点 /_img 放行额外图片域名
INTERNAL_API_BASE_URL: ${INTERNAL_API_BASE_URL:-http://backend:5150/api}
PUBLIC_API_BASE_URL: ${PUBLIC_API_BASE_URL:-}
PUBLIC_COMMENT_TURNSTILE_SITE_KEY: ${PUBLIC_COMMENT_TURNSTILE_SITE_KEY:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
PUBLIC_IMAGE_ALLOWED_HOSTS: ${PUBLIC_IMAGE_ALLOWED_HOSTS:-}
# frontend 是 Astro SSR(Node) 服务,容器内部监听 4321
# 生产建议由网关统一反代,仅对外开放 80/443

5
deploy/docker/config.yaml.example
View File

@@ -29,6 +29,8 @@ compose_env:
APP_BASE_URL: https://admin.blog.init.cool
INTERNAL_API_BASE_URL: http://backend:5150/api
PUBLIC_API_BASE_URL: https://api.blog.init.cool
PUBLIC_COMMENT_TURNSTILE_SITE_KEY: 1x00000000000000000000AA
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: replace-with-web-push-vapid-public-key
ADMIN_API_BASE_URL: https://admin.blog.init.cool
ADMIN_FRONTEND_BASE_URL: https://blog.init.cool
PUBLIC_IMAGE_ALLOWED_HOSTS: cdn.example.com,pub-xxxx.r2.dev
@@ -50,6 +52,9 @@ compose_env:
TERMI_ADMIN_TRUST_PROXY_AUTH: true
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: false
TERMI_ADMIN_PROXY_SHARED_SECRET: replace-with-another-long-random-secret
TERMI_TURNSTILE_SECRET_KEY: replace-with-turnstile-secret-key
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: replace-with-web-push-vapid-private-key
TERMI_WEB_PUSH_VAPID_SUBJECT: mailto:noreply@blog.init.cool
BACKEND_IMAGE: git.init.cool/cool/termi-astro-backend:latest
FRONTEND_IMAGE: git.init.cool/cool/termi-astro-frontend:latest