Add development HTTP nginx provision mode

2026-05-02 21:20:27 +08:00
parent e61b1a1586
commit 6c519970b4
4 changed files with 140 additions and 19 deletions
--- a/jenkins/Jenkinsfile.production-server-provision
+++ b/jenkins/Jenkinsfile.production-server-provision
@@ -26,7 +26,7 @@ pipeline {
    string(name: 'WEB_LINK', defaultValue: '/srv/genarrative/web', description: 'Nginx 静态站点目录或软链接')
    string(name: 'API_ENV_FILE', defaultValue: '/etc/genarrative/api-server.env', description: 'api-server 环境文件')
    string(name: 'API_PORT', defaultValue: '8082', description: 'api-server 本机监听端口')
-    booleanParam(name: 'INSTALL_NGINX_CONFIG', defaultValue: false, description: '安装 Nginx 配置并执行 nginx -t；首次初始化且证书未准备好时保持关闭')
+    choice(name: 'NGINX_CONFIG_MODE', choices: ['none', 'production-https', 'development-http'], description: 'Nginx 配置模式；开发服无域名时选 development-http，release 正式入口选 production-https')
    booleanParam(name: 'ENABLE_SERVICES', defaultValue: true, description: '启用并启动 spacetimedb 与 api-server systemd 服务')
  }

@@ -49,8 +49,15 @@ pipeline {
          if (!params.SPACETIME_BIN_SOURCE?.trim()) {
            error('SPACETIME_BIN_SOURCE 不能为空。')
          }
-          if (!params.DRY_RUN && params.INSTALL_NGINX_CONFIG && params.SERVER_NAME?.trim() == 'genarrative.example.com') {
-            error('真实初始化安装 Nginx 配置时必须把 SERVER_NAME 改成真实域名，不能使用 genarrative.example.com 占位值。证书未准备好时请先保持 INSTALL_NGINX_CONFIG=false。')
+          def nginxMode = params.NGINX_CONFIG_MODE?.trim()
+          if (!(nginxMode in ['none', 'production-https', 'development-http'])) {
+            error("NGINX_CONFIG_MODE 只能是 none、production-https 或 development-http，当前值: ${params.NGINX_CONFIG_MODE}")
+          }
+          if (params.DEPLOY_TARGET == 'release' && nginxMode == 'development-http') {
+            error('release 目标禁止安装 development-http Nginx 配置；无证书初始化请使用 NGINX_CONFIG_MODE=none。')
+          }
+          if (!params.DRY_RUN && nginxMode == 'production-https' && params.SERVER_NAME?.trim() == 'genarrative.example.com') {
+            error('真实初始化安装 Nginx 配置时必须把 SERVER_NAME 改成真实域名，不能使用 genarrative.example.com 占位值。证书未准备好时请先保持 NGINX_CONFIG_MODE=none。')
          }
        }
      }
@@ -116,10 +123,14 @@ pipeline {
              fi
            }

-            render_nginx_config() {
+            render_nginx_https_config() {
              sed "s/genarrative.example.com/${SERVER_NAME}/g" deploy/nginx/genarrative.conf
            }

+            render_nginx_development_http_config() {
+              sed "s/genarrative.example.com/${SERVER_NAME}/g" deploy/nginx/genarrative-dev-http.conf
+            }
+
            render_api_env_example() {
              sed \
                -e "s|^GENARRATIVE_API_PORT=.*|GENARRATIVE_API_PORT=${API_PORT}|" \
@@ -130,12 +141,12 @@ pipeline {
            validate_nginx_tls() {
              local cert_dir="/etc/letsencrypt/live/${SERVER_NAME}"
              if [[ "${SERVER_NAME}" == "genarrative.example.com" ]]; then
-                echo "[server-provision] SERVER_NAME 仍是占位域名，拒绝写入 Nginx HTTPS 配置。请填写真实域名，或先设置 INSTALL_NGINX_CONFIG=false。" >&2
+                echo "[server-provision] SERVER_NAME 仍是占位域名，拒绝写入 Nginx HTTPS 配置。请填写真实域名，或先设置 NGINX_CONFIG_MODE=none。" >&2
                exit 1
              fi
              if [[ ! -f "${cert_dir}/fullchain.pem" || ! -f "${cert_dir}/privkey.pem" ]]; then
                echo "[server-provision] 未找到 Nginx HTTPS 证书: ${cert_dir}/fullchain.pem 或 ${cert_dir}/privkey.pem" >&2
-                echo "[server-provision] 请先完成证书申请，或首次初始化时设置 INSTALL_NGINX_CONFIG=false，避免写入无法通过 nginx -t 的配置。" >&2
+                echo "[server-provision] 请先完成证书申请，或首次初始化时设置 NGINX_CONFIG_MODE=none，避免写入无法通过 nginx -t 的配置。" >&2
                exit 1
              fi
            }
@@ -143,12 +154,22 @@ pipeline {
            install_nginx_config_with_rollback() {
              local config_target="/etc/nginx/conf.d/genarrative.conf"
              local snippet_target="/etc/nginx/snippets/genarrative-maintenance.conf"
+              local config_source
              local rendered_config rendered_snippet config_backup snippet_backup
              local had_config="false"
              local had_snippet="false"

              run_cmd mkdir -p /etc/nginx/snippets /etc/nginx/conf.d
-              echo "+ render deploy/nginx/genarrative.conf -> ${config_target}"
+              if [[ "${NGINX_CONFIG_MODE}" == "production-https" ]]; then
+                config_source="deploy/nginx/genarrative.conf"
+              elif [[ "${NGINX_CONFIG_MODE}" == "development-http" ]]; then
+                config_source="deploy/nginx/genarrative-dev-http.conf"
+              else
+                echo "[server-provision] NGINX_CONFIG_MODE=${NGINX_CONFIG_MODE} 不需要安装 Nginx 配置。"
+                return
+              fi
+
+              echo "+ render ${config_source} -> ${config_target}"
              echo "+ install -m 0644 deploy/nginx/snippets/genarrative-maintenance.conf ${snippet_target}"

              if [[ "${DRY_RUN}" == "true" ]]; then
@@ -156,12 +177,16 @@ pipeline {
                return
              fi

-              validate_nginx_tls
              rendered_config="$(mktemp)"
              rendered_snippet="$(mktemp)"
              config_backup="$(mktemp)"
              snippet_backup="$(mktemp)"
-              render_nginx_config >"${rendered_config}"
+              if [[ "${NGINX_CONFIG_MODE}" == "production-https" ]]; then
+                validate_nginx_tls
+                render_nginx_https_config >"${rendered_config}"
+              else
+                render_nginx_development_http_config >"${rendered_config}"
+              fi
              cp deploy/nginx/snippets/genarrative-maintenance.conf "${rendered_snippet}"

              if [[ -f "${config_target}" ]]; then
@@ -244,13 +269,14 @@ pipeline {
            require_path deploy/systemd/spacetimedb.service
            require_path deploy/systemd/genarrative-api.service
            require_path deploy/nginx/genarrative.conf
+            require_path deploy/nginx/genarrative-dev-http.conf
            require_path deploy/nginx/snippets/genarrative-maintenance.conf
            require_path deploy/env/api-server.env.example
            require_path scripts/deploy/maintenance-on.sh
            require_path scripts/deploy/maintenance-off.sh
            require_path scripts/deploy/maintenance-status.sh

-            echo "[server-provision] target=${DEPLOY_TARGET}, dry_run=${DRY_RUN}, source_commit=$(cat .jenkins-source-commit)"
+            echo "[server-provision] target=${DEPLOY_TARGET}, dry_run=${DRY_RUN}, nginx_config_mode=${NGINX_CONFIG_MODE}, source_commit=$(cat .jenkins-source-commit)"

            run_cmd id
            run_cmd mkdir -p "${SPACETIME_ROOT}" "${RELEASE_ROOT}" "$(dirname "${CURRENT_LINK}")" "$(dirname "${WEB_LINK}")" /etc/genarrative /var/lib/genarrative/maintenance /var/lib/genarrative/auth
@@ -299,7 +325,7 @@ pipeline {
              echo "[server-provision] 已存在环境文件，保留不覆盖: ${API_ENV_FILE}"
            fi

-            if [[ "${INSTALL_NGINX_CONFIG}" == "true" ]]; then
+            if [[ "${NGINX_CONFIG_MODE}" != "none" ]]; then
              install_nginx_config_with_rollback
            else
              cleanup_placeholder_nginx_config
@@ -325,7 +351,7 @@ pipeline {

  post {
    success {
-      echo "Server provision 完成: target=${params.DEPLOY_TARGET}, dryRun=${params.DRY_RUN}"
+      echo "Server provision 完成: target=${params.DEPLOY_TARGET}, dryRun=${params.DRY_RUN}, nginxConfigMode=${params.NGINX_CONFIG_MODE}"
    }
  }
 }