安装部署指南
本指南详细介绍 Realm API 的各种部署方式和配置选项。
🐳 Docker 部署(推荐)
Docker Compose 部署
1. 创建 docker-compose.yml
yaml
version: '3.8'
services:
new-api:
image: calciumion/new-api:latest
container_name: new-api
restart: always
ports:
- "3000:3000"
environment:
- TZ=Asia/Shanghai
- SESSION_SECRET=your_session_secret_here
- SQL_DSN=root:123456@tcp(mysql:3306)/newapi
- REDIS_CONN_STRING=redis://redis:6379
volumes:
- ./data:/data
depends_on:
- mysql
- redis
networks:
- new-api-network
mysql:
image: mysql:8.0
container_name: new-api-mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=123456
- MYSQL_DATABASE=newapi
- MYSQL_USER=newapi
- MYSQL_PASSWORD=newapi123
volumes:
- ./mysql-data:/var/lib/mysql
ports:
- "3306:3306"
networks:
- new-api-network
redis:
image: redis:7-alpine
container_name: new-api-redis
restart: always
volumes:
- ./redis-data:/data
ports:
- "6379:6379"
networks:
- new-api-network
networks:
new-api-network:
driver: bridge2. 启动服务
bash
# 启动所有服务
docker-compose up -d
# 查看服务状态
docker-compose ps
# 查看日志
docker-compose logs -f new-api单容器部署
SQLite 版本
bash
docker run --name new-api -d --restart always \
-p 3000:3000 \
-e TZ=Asia/Shanghai \
-e SESSION_SECRET=your_session_secret_here \
-v ./data:/data \
calciumion/new-api:latestMySQL 版本
bash
docker run --name new-api -d --restart always \
-p 3000:3000 \
-e TZ=Asia/Shanghai \
-e SESSION_SECRET=your_session_secret_here \
-e SQL_DSN="root:123456@tcp(localhost:3306)/newapi" \
-v ./data:/data \
calciumion/new-api:latest🖥️ 直接部署
二进制文件部署
1. 下载最新版本
bash
# 下载适用于您系统的版本
wget https://github.com/QuantumNous/new-api/releases/latest/download/new-api-linux-amd64
# 赋予执行权限
chmod +x new-api-linux-amd64
# 移动到系统路径
sudo mv new-api-linux-amd64 /usr/local/bin/new-api2. 创建配置文件
bash
# 创建配置目录
sudo mkdir -p /etc/new-api
# 创建环境变量文件
sudo tee /etc/new-api/.env > /dev/null <<EOF
# 基础配置
PORT=3000
SESSION_SECRET=your_session_secret_here
# 数据库配置
SQL_DSN=root:123456@tcp(localhost:3306)/newapi
# Redis 配置(可选)
REDIS_CONN_STRING=redis://localhost:6379
# 时区设置
TZ=Asia/Shanghai
EOF3. 创建系统服务
bash
sudo tee /etc/systemd/system/new-api.service > /dev/null <<EOF
[Unit]
Description=Realm API Service
After=network.target
[Service]
Type=simple
User=new-api
Group=new-api
WorkingDirectory=/var/lib/new-api
EnvironmentFile=/etc/new-api/.env
ExecStart=/usr/local/bin/new-api
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# 启用并启动服务
sudo systemctl enable new-api
sudo systemctl start new-api
sudo systemctl status new-api源码编译部署
1. 环境准备
bash
# 安装 Go 1.21+
sudo apt update
sudo apt install -y golang-go git
# 验证 Go 版本
go version2. 克隆并编译
bash
# 克隆项目
git clone https://github.com/QuantumNous/new-api.git
cd new-api
# 编译
go build -o new-api main.go
# 移动二进制文件
sudo mv new-api /usr/local/bin/🌐 反向代理配置
Nginx 配置
nginx
server {
listen 80;
server_name your-domain.com;
# 重定向到 HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL 证书配置
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/key.pem;
# SSL 安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
ssl_prefer_server_ciphers off;
# 安全头
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# 反向代理配置
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 静态文件缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
proxy_pass http://127.0.0.1:3000;
expires 1y;
add_header Cache-Control "public, immutable";
}
}Apache 配置
apache
<VirtualHost *:80>
ServerName your-domain.com
Redirect permanent / https://your-domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName your-domain.com
# SSL 配置
SSLEngine on
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/key.pem
# 反向代理
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/
# WebSocket 支持
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:3000/$1 [P,L]
</VirtualHost>🗄️ 数据库配置
MySQL 配置
sql
-- 创建数据库
CREATE DATABASE newapi CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-- 创建用户
CREATE USER 'newapi'@'%' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON newapi.* TO 'newapi'@'%';
FLUSH PRIVILEGES;PostgreSQL 配置
sql
-- 创建数据库
CREATE DATABASE newapi;
-- 创建用户
CREATE USER newapi WITH PASSWORD 'your_password';
GRANT ALL PRIVILEGES ON DATABASE newapi TO newapi;🔧 环境变量配置
基础配置
| 变量名 | 说明 | 默认值 | 示例 |
|---|---|---|---|
PORT | 服务端口 | 3000 | 8080 |
SESSION_SECRET | 会话密钥 | - | your_secret_key |
TZ | 时区 | UTC | Asia/Shanghai |
数据库配置
| 变量名 | 说明 | 示例 |
|---|---|---|
SQL_DSN | 数据库连接字符串 | root:123456@tcp(localhost:3306)/newapi |
Redis 配置
| 变量名 | 说明 | 示例 |
|---|---|---|
REDIS_CONN_STRING | Redis 连接字符串 | redis://localhost:6379 |
CRYPTO_SECRET | 加密密钥 | your_crypto_secret |
高级配置
| 变量名 | 说明 | 默认值 |
|---|---|---|
STREAMING_TIMEOUT | 流式超时时间(秒) | 300 |
MEMORY_CACHE_ENABLED | 内存缓存开关 | false |
ERROR_LOG_ENABLED | 错误日志开关 | false |
🚀 性能优化
1. 数据库优化
sql
-- MySQL 优化配置
[mysqld]
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
max_connections = 1000
query_cache_size = 64M2. Redis 缓存
bash
# Redis 配置优化
echo "maxmemory 512mb" >> /etc/redis/redis.conf
echo "maxmemory-policy allkeys-lru" >> /etc/redis/redis.conf3. 系统优化
bash
# 增加文件描述符限制
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
# 优化内核参数
echo "net.core.somaxconn = 65535" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65535" >> /etc/sysctl.conf
sysctl -p🔒 安全配置
1. 防火墙设置
bash
# UFW 配置
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable2. SSL 证书
bash
# 使用 Let's Encrypt
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.com3. 安全头配置
nginx
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";📊 监控和日志
1. 日志配置
bash
# 配置日志轮转
sudo tee /etc/logrotate.d/new-api > /dev/null <<EOF
/var/log/new-api/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 644 new-api new-api
postrotate
systemctl reload new-api
endscript
}
EOF2. 监控配置
yaml
# docker-compose.yml 中添加监控
services:
new-api:
# ... 现有配置
prometheus:
image: prom/prometheus
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
grafana:
image: grafana/grafana
ports:
- "3001:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin🔄 备份和恢复
1. 数据备份
bash
#!/bin/bash
# backup.sh
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/backup/new-api"
# 创建备份目录
mkdir -p $BACKUP_DIR
# 备份数据库
mysqldump -u root -p newapi > $BACKUP_DIR/database_$DATE.sql
# 备份数据文件
tar -czf $BACKUP_DIR/data_$DATE.tar.gz /var/lib/new-api/data
# 清理旧备份(保留30天)
find $BACKUP_DIR -name "*.sql" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete2. 自动备份
bash
# 添加到 crontab
crontab -e
# 每天凌晨2点备份
0 2 * * * /path/to/backup.sh⚠️ 注意: 在生产环境中,请务必:
- 使用强密码和安全的 SESSION_SECRET
- 启用 HTTPS 和安全头
- 定期备份数据
- 监控系统状态和日志