enoch
bb9d7a869d
Some checks failed
Deploy to Production / Run Tests (push) Failing after 16m35s
Deploy to Production / Security Scan (push) Has been skipped
Deploy to Production / Build Docker Image (push) Has been skipped
Deploy to Production / Deploy to Staging (push) Has been skipped
Deploy to Production / Deploy to Production (push) Has been skipped
Deploy to Production / Notify Results (push) Successful in 31s
✨ 新功能: - SQLite数据库集成和持久化存储 - 数据库迁移系统和版本管理 - API分页功能和高效查询 - 用户搜索和过滤机制 - 完整的RBAC角色权限系统 - 结构化日志记录和系统监控 - API限流和多层安全防护 - Docker容器化和生产部署配置 🔒 安全特性: - JWT认证和授权 - 限流和防暴力破解 - 安全头和CORS配置 - 输入验证和XSS防护 - 审计日志和安全监控 📊 监控和运维: - Prometheus指标收集 - 健康检查和系统监控 - 自动化备份和恢复 - 完整的运维文档和脚本 - CI/CD流水线配置 🚀 部署支持: - 多环境Docker配置 - 生产环境部署指南 - 性能优化和安全加固 - 故障排除和应急响应 - 自动化运维脚本 📚 文档完善: - API使用文档 - 部署检查清单 - 运维操作手册 - 性能和安全指南 - 故障排除指南
161 lines
4.1 KiB
Plaintext
161 lines
4.1 KiB
Plaintext
# 生产环境配置模板
|
||
# 复制此文件为 .env.production 并填入实际值
|
||
|
||
# ===========================================
|
||
# 服务器配置
|
||
# ===========================================
|
||
SERVER_HOST=0.0.0.0
|
||
SERVER_PORT=3000
|
||
RUST_LOG=info
|
||
RUST_BACKTRACE=0
|
||
|
||
# ===========================================
|
||
# 数据库配置
|
||
# ===========================================
|
||
# SQLite配置(默认)
|
||
DATABASE_URL=sqlite:///app/data/production.db?mode=rwc
|
||
|
||
# PostgreSQL配置(可选)
|
||
# DATABASE_URL=postgresql://username:password@localhost:5432/rust_api_prod
|
||
# DATABASE_MAX_CONNECTIONS=10
|
||
# DATABASE_MIN_CONNECTIONS=1
|
||
# DATABASE_CONNECT_TIMEOUT=30
|
||
# DATABASE_IDLE_TIMEOUT=600
|
||
|
||
# ===========================================
|
||
# 安全配置
|
||
# ===========================================
|
||
# JWT密钥(必须更改为强密钥)
|
||
JWT_SECRET=CHANGE_THIS_TO_A_SECURE_SECRET_KEY_AT_LEAST_32_CHARACTERS_LONG
|
||
|
||
# 限流配置
|
||
SECURITY_RATE_LIMIT_PER_MINUTE=100
|
||
SECURITY_BURST_SIZE=20
|
||
SECURITY_BRUTE_FORCE_MAX_ATTEMPTS=5
|
||
SECURITY_BAN_DURATION=3600
|
||
|
||
# CORS配置
|
||
CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
|
||
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
|
||
CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-Requested-With
|
||
CORS_MAX_AGE=3600
|
||
|
||
# 安全头配置
|
||
SECURITY_HEADERS_ENABLED=true
|
||
HSTS_MAX_AGE=31536000
|
||
CSP_POLICY=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
|
||
|
||
# ===========================================
|
||
# 日志配置
|
||
# ===========================================
|
||
LOG_LEVEL=info
|
||
LOG_FORMAT=json
|
||
LOG_TO_CONSOLE=true
|
||
LOG_TO_FILE=true
|
||
LOG_FILE_PATH=/app/logs/app.log
|
||
LOG_FILE_MAX_SIZE=100MB
|
||
LOG_FILE_MAX_FILES=10
|
||
|
||
# 审计日志
|
||
AUDIT_LOG_ENABLED=true
|
||
AUDIT_LOG_PATH=/app/logs/audit.log
|
||
AUDIT_LOG_RETENTION_DAYS=90
|
||
|
||
# ===========================================
|
||
# 监控配置
|
||
# ===========================================
|
||
METRICS_ENABLED=true
|
||
HEALTH_CHECK_ENABLED=true
|
||
PROMETHEUS_METRICS_ENABLED=true
|
||
SYSTEM_METRICS_INTERVAL=60
|
||
|
||
# 告警配置
|
||
ALERT_EMAIL_ENABLED=false
|
||
ALERT_EMAIL_SMTP_HOST=smtp.gmail.com
|
||
ALERT_EMAIL_SMTP_PORT=587
|
||
ALERT_EMAIL_USERNAME=your-email@gmail.com
|
||
ALERT_EMAIL_PASSWORD=your-app-password
|
||
ALERT_EMAIL_TO=admin@yourdomain.com
|
||
|
||
# ===========================================
|
||
# 性能配置
|
||
# ===========================================
|
||
# 线程池配置
|
||
TOKIO_WORKER_THREADS=4
|
||
MAX_BLOCKING_THREADS=512
|
||
|
||
# 请求配置
|
||
MAX_REQUEST_SIZE=1MB
|
||
REQUEST_TIMEOUT=30
|
||
KEEP_ALIVE_TIMEOUT=75
|
||
|
||
# 连接池配置
|
||
CONNECTION_POOL_SIZE=10
|
||
CONNECTION_POOL_TIMEOUT=30
|
||
|
||
# ===========================================
|
||
# 缓存配置
|
||
# ===========================================
|
||
CACHE_ENABLED=true
|
||
CACHE_TTL=300
|
||
CACHE_MAX_SIZE=1000
|
||
|
||
# Redis配置(可选)
|
||
# REDIS_URL=redis://localhost:6379
|
||
# REDIS_MAX_CONNECTIONS=10
|
||
# REDIS_CONNECTION_TIMEOUT=5
|
||
|
||
# ===========================================
|
||
# 备份配置
|
||
# ===========================================
|
||
BACKUP_ENABLED=true
|
||
BACKUP_INTERVAL=3600
|
||
BACKUP_RETENTION_DAYS=30
|
||
BACKUP_PATH=/app/backups
|
||
|
||
# S3备份配置(可选)
|
||
# AWS_ACCESS_KEY_ID=your-access-key
|
||
# AWS_SECRET_ACCESS_KEY=your-secret-key
|
||
# AWS_REGION=us-east-1
|
||
# S3_BUCKET=your-backup-bucket
|
||
|
||
# ===========================================
|
||
# 外部服务配置
|
||
# ===========================================
|
||
# 邮件服务
|
||
EMAIL_SERVICE_ENABLED=false
|
||
EMAIL_PROVIDER=smtp
|
||
SMTP_HOST=smtp.gmail.com
|
||
SMTP_PORT=587
|
||
SMTP_USERNAME=your-email@gmail.com
|
||
SMTP_PASSWORD=your-app-password
|
||
|
||
# 短信服务
|
||
SMS_SERVICE_ENABLED=false
|
||
SMS_PROVIDER=twilio
|
||
TWILIO_ACCOUNT_SID=your-account-sid
|
||
TWILIO_AUTH_TOKEN=your-auth-token
|
||
TWILIO_PHONE_NUMBER=+1234567890
|
||
|
||
# ===========================================
|
||
# 开发和调试配置
|
||
# ===========================================
|
||
# 开发模式(生产环境应设为false)
|
||
DEBUG_MODE=false
|
||
DEVELOPMENT_MODE=false
|
||
|
||
# API文档
|
||
API_DOCS_ENABLED=false
|
||
SWAGGER_UI_ENABLED=false
|
||
|
||
# 测试配置
|
||
TEST_MODE=false
|
||
MOCK_EXTERNAL_SERVICES=false
|
||
|
||
# ===========================================
|
||
# 环境标识
|
||
# ===========================================
|
||
ENVIRONMENT=production
|
||
SERVICE_NAME=rust-user-api
|
||
SERVICE_VERSION=1.0.0
|
||
DEPLOYMENT_ID=prod-001 |