feat: 部署脚本——Oracle Cloud Free Tier + Nginx + SSL

jiajunagent · claude · jiajunagent · commit 5f81a9951f32 · 2026-03-22T00:20:43.000-04:00
3 个脚本：
1. setup-server.sh — 系统初始化（Docker/Git/防火墙/Swap）
2. deploy.sh — 一键部署（.env/build/start/admin/invite codes）
3. setup-nginx.sh — Nginx 反向代理 + Let's Encrypt SSL

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/deploy/README.md b/deploy/README.md
@@ -0,0 +1,68 @@
+# MetaboFlow Deployment Guide
+
+## Prerequisites
+
+- Oracle Cloud Free Tier account (or any Ubuntu 22.04 server with ≥8GB RAM)
+- Domain name pointing to server IP (e.g., ponytech.dev)
+- SSH access to server
+
+## Quick Deploy (3 steps)
+
+### Step 1: Setup server (run as root)
+
+```bash
+ssh ubuntu@<SERVER_IP>
+sudo bash
+curl -fsSL https://raw.githubusercontent.com/ponytech-dev/MetaboFlow/main/deploy/setup-server.sh | bash
+```
+
+### Step 2: Deploy MetaboFlow (run as ubuntu)
+
+```bash
+cd /opt/metaboflow
+git clone https://github.com/ponytech-dev/MetaboFlow.git .
+export METABOFLOW_DOMAIN=ponytech.dev
+export ADMIN_EMAIL=jiajunagent@gmail.com
+bash deploy/deploy.sh
+```
+
+First build takes 15-30 minutes (R packages compilation).
+
+### Step 3: Setup Nginx + SSL (run as root)
+
+```bash
+export METABOFLOW_DOMAIN=ponytech.dev
+export ADMIN_EMAIL=jiajunagent@gmail.com
+sudo bash deploy/setup-nginx.sh
+```
+
+## Access
+
+- Frontend: https://ponytech.dev
+- API docs: https://ponytech.dev/docs
+- Admin: jiajunagent@gmail.com / MetaboFlow2026! (change after first login)
+
+## Server Requirements
+
+| Scale | RAM | CPU | Disk | Monthly Cost |
+|-------|-----|-----|------|-------------|
+| 5 labs | 8GB | 4 cores | 100GB | Free (Oracle) |
+| 10 labs | 16-24GB | 4 cores | 200GB | Free (Oracle) |
+| 20+ labs | 32GB | 8 cores | 500GB | ~$40/mo |
+
+## Maintenance
+
+```bash
+# Update to latest version
+cd /opt/metaboflow
+git pull
+docker compose build --parallel
+docker compose up -d
+
+# View logs
+docker compose logs -f backend
+docker compose logs -f xcms-worker
+
+# Check service health
+docker compose ps
+```
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+# MetaboFlow Deployment Script
+# Run from the MetaboFlow repo root: bash deploy/deploy.sh
+set -euo pipefail
+
+DOMAIN="${METABOFLOW_DOMAIN:-ponytech.dev}"
+ADMIN_EMAIL="${ADMIN_EMAIL:-jiajunagent@gmail.com}"
+SECRET_KEY=$(openssl rand -hex 32)
+
+echo "=== MetaboFlow Deployment ==="
+echo "Domain: $DOMAIN"
+echo "Admin email: $ADMIN_EMAIL"
+
+# 1. Create production .env
+echo ">>> Step 1: Create .env"
+cat > .env << EOF
+# MetaboFlow Production Environment
+FRONTEND_PORT=3005
+METABOFLOW_DATABASE_URL=postgresql://metaboflow:metaboflow@postgres:5432/metaboflow
+METABOFLOW_REDIS_URL=redis://redis:6379/0
+METABOFLOW_CELERY_BROKER_URL=redis://redis:6379/0
+METABOFLOW_CELERY_RESULT_BACKEND=redis://redis:6379/1
+METABOFLOW_SECRET_KEY=${SECRET_KEY}
+METABOFLOW_CORS_ORIGINS=["http://localhost:3005","http://${DOMAIN}","https://${DOMAIN}"]
+METABOFLOW_XCMS_WORKER_URL=http://xcms-worker:8001
+METABOFLOW_STATS_WORKER_URL=http://stats-worker:8002
+METABOFLOW_CHART_SERVICE_URL=http://chart-service:8005
+METABOFLOW_ANNOT_WORKER_URL=http://annot-worker:8006
+METABOFLOW_SIRIUS_WORKER_URL=http://sirius-worker:8007
+METABOFLOW_CHART_R_WORKER_URL=http://chart-r-worker:8008
+METABOFLOW_REPORT_WORKER_URL=http://report-worker:8009
+POSTGRES_USER=metaboflow
+POSTGRES_PASSWORD=metaboflow
+POSTGRES_DB=metaboflow
+EOF
+echo ".env created (SECRET_KEY generated)"
+
+# 2. Build all images
+echo ">>> Step 2: Build Docker images (this takes 15-30 minutes first time)"
+docker compose build --parallel 2>&1 | tail -20
+
+# 3. Start all services
+echo ">>> Step 3: Start services"
+docker compose up -d
+
+# 4. Wait for services to be healthy
+echo ">>> Step 4: Waiting for services..."
+for i in $(seq 1 60); do
+    healthy=$(docker compose ps --format json 2>/dev/null | python3 -c "
+import sys, json
+lines = sys.stdin.read().strip().split('\n')
+total = len(lines)
+ok = sum(1 for l in lines if 'healthy' in l or 'running' in l.lower())
+print(f'{ok}/{total}')
+" 2>/dev/null || echo "?/?")
+    echo "  [$i/60] Services: $healthy"
+    if docker compose ps | grep -q "unhealthy\|starting"; then
+        sleep 10
+    else
+        break
+    fi
+done
+
+# 5. Create admin user + invite codes
+echo ">>> Step 5: Create admin user"
+docker compose exec -T backend uv run python3 -c "
+from app.db.base import SessionLocal, init_db
+from app.db.models import User, InviteCode
+from app.services.auth_service import hash_password
+import uuid, secrets
+from datetime import datetime, timedelta, timezone
+
+init_db()
+session = SessionLocal()
+
+# Admin user
+existing = session.query(User).filter_by(email='${ADMIN_EMAIL}').first()
+if not existing:
+    admin = User(id=str(uuid.uuid4()), email='${ADMIN_EMAIL}',
+                 password_hash=hash_password('MetaboFlow2026!'),
+                 is_admin=True, created_at=datetime.now(timezone.utc))
+    session.add(admin)
+    print(f'Admin created: ${ADMIN_EMAIL} / MetaboFlow2026!')
+else:
+    print('Admin already exists')
+
+# Generate 10 invite codes
+codes = []
+for i in range(10):
+    code = secrets.token_urlsafe(16)
+    invite = InviteCode(id=str(uuid.uuid4()), code=code,
+                        expires_at=datetime.now(timezone.utc) + timedelta(days=90),
+                        created_at=datetime.now(timezone.utc))
+    session.add(invite)
+    codes.append(code)
+
+session.commit()
+session.close()
+
+print(f'\n10 invite codes (valid 90 days):')
+for i, c in enumerate(codes, 1):
+    print(f'  {i:2d}. {c}')
+"
+
+# 6. Test health
+echo ""
+echo ">>> Step 6: Health check"
+echo -n "Backend: "
+curl -s http://localhost:8000/health | python3 -c "import sys,json; print(json.load(sys.stdin)['status'])" 2>/dev/null || echo "FAIL"
+echo -n "Frontend: "
+curl -s -o /dev/null -w "%{http_code}" http://localhost:3005/ 2>/dev/null || echo "FAIL"
+
+echo ""
+echo "=============================================="
+echo "  MetaboFlow deployed successfully!"
+echo "=============================================="
+echo ""
+echo "  Frontend: http://${DOMAIN}:3005"
+echo "  API docs: http://${DOMAIN}:8000/docs"
+echo ""
+echo "  Admin login:"
+echo "    Email:    ${ADMIN_EMAIL}"
+echo "    Password: MetaboFlow2026!"
+echo ""
+echo "  Change admin password after first login!"
+echo ""
+echo "  Next: setup Nginx reverse proxy + SSL"
+echo "    bash deploy/setup-nginx.sh"
+echo "=============================================="
diff --git a/deploy/setup-nginx.sh b/deploy/setup-nginx.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+# Setup Nginx reverse proxy + Let's Encrypt SSL for MetaboFlow
+# Run as root or with sudo
+set -euo pipefail
+
+DOMAIN="${METABOFLOW_DOMAIN:-ponytech.dev}"
+ADMIN_EMAIL="${ADMIN_EMAIL:-jiajunagent@gmail.com}"
+
+echo "=== Nginx + SSL Setup ==="
+echo "Domain: $DOMAIN"
+
+# 1. Install Nginx + Certbot
+echo ">>> Step 1: Install Nginx + Certbot"
+apt-get install -y nginx certbot python3-certbot-nginx
+
+# 2. Create Nginx config
+echo ">>> Step 2: Configure Nginx"
+cat > /etc/nginx/sites-available/metaboflow << NGINX
+server {
+    listen 80;
+    server_name ${DOMAIN};
+
+    # Frontend
+    location / {
+        proxy_pass http://127.0.0.1:3005;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_cache_bypass \$http_upgrade;
+    }
+
+    # Backend API
+    location /api/ {
+        proxy_pass http://127.0.0.1:8000/api/;
+        proxy_http_version 1.1;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_read_timeout 3600;  # Long timeout for analysis pipelines
+    }
+
+    # Backend health + docs
+    location /health {
+        proxy_pass http://127.0.0.1:8000/health;
+    }
+    location /docs {
+        proxy_pass http://127.0.0.1:8000/docs;
+    }
+    location /openapi.json {
+        proxy_pass http://127.0.0.1:8000/openapi.json;
+    }
+
+    # SSE (Server-Sent Events) — needs special proxy config
+    location ~ /api/v1/analyses/.*/progress/stream {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Connection '';
+        proxy_set_header Cache-Control 'no-cache';
+        proxy_set_header X-Accel-Buffering 'no';
+        proxy_buffering off;
+        chunked_transfer_encoding off;
+        proxy_read_timeout 86400;
+    }
+
+    # File upload size (mzML files can be 200MB+)
+    client_max_body_size 500M;
+}
+NGINX
+
+ln -sf /etc/nginx/sites-available/metaboflow /etc/nginx/sites-enabled/
+rm -f /etc/nginx/sites-enabled/default
+
+# Test and reload
+nginx -t && systemctl reload nginx
+
+# 3. SSL Certificate
+echo ">>> Step 3: SSL Certificate (Let's Encrypt)"
+echo "Make sure DNS for ${DOMAIN} points to this server's IP first!"
+echo ""
+read -p "DNS configured? (y/n) " -n 1 -r
+echo ""
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    certbot --nginx -d "${DOMAIN}" --non-interactive --agree-tos -m "${ADMIN_EMAIL}"
+    echo "SSL certificate installed!"
+    echo ""
+    echo "MetaboFlow is now available at:"
+    echo "  https://${DOMAIN}"
+else
+    echo "Skipping SSL. Configure DNS first, then run:"
+    echo "  certbot --nginx -d ${DOMAIN} --agree-tos -m ${ADMIN_EMAIL}"
+    echo ""
+    echo "MetaboFlow is available at:"
+    echo "  http://${DOMAIN}"
+fi
+
+# 4. Auto-renewal
+echo ">>> Step 4: Certbot auto-renewal"
+systemctl enable certbot.timer
+echo "SSL auto-renewal enabled"
diff --git a/deploy/setup-server.sh b/deploy/setup-server.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+# MetaboFlow Server Setup Script
+# Target: Oracle Cloud Free Tier (ARM/aarch64, Ubuntu 22.04)
+# Run as root or with sudo
+set -euo pipefail
+
+echo "=== MetaboFlow Server Setup ==="
+echo "Target: Oracle Cloud Free Tier (4 ARM cores, 24GB RAM, 200GB disk)"
+
+# 1. System update
+echo ">>> Step 1: System update"
+apt-get update && apt-get upgrade -y
+
+# 2. Install Docker
+echo ">>> Step 2: Install Docker"
+if ! command -v docker &>/dev/null; then
+    curl -fsSL https://get.docker.com | sh
+    systemctl enable docker
+    systemctl start docker
+    usermod -aG docker ubuntu  # default Oracle Cloud user
+    echo "Docker installed. You may need to re-login for group changes."
+else
+    echo "Docker already installed"
+fi
+
+# 3. Install Docker Compose plugin
+echo ">>> Step 3: Install Docker Compose"
+if ! docker compose version &>/dev/null; then
+    apt-get install -y docker-compose-plugin
+else
+    echo "Docker Compose already installed"
+fi
+
+# 4. Install git
+echo ">>> Step 4: Install Git"
+apt-get install -y git
+
+# 5. Configure firewall (Oracle Cloud uses iptables by default)
+echo ">>> Step 5: Configure firewall"
+# Open ports: 80 (HTTP), 443 (HTTPS), 8000 (API), 3005 (frontend)
+iptables -I INPUT -p tcp --dport 80 -j ACCEPT
+iptables -I INPUT -p tcp --dport 443 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 3005 -j ACCEPT
+# Save rules
+apt-get install -y iptables-persistent
+netfilter-persistent save
+
+# 6. Setup swap (helpful for R package compilation)
+echo ">>> Step 6: Setup swap (4GB)"
+if [ ! -f /swapfile ]; then
+    fallocate -l 4G /swapfile
+    chmod 600 /swapfile
+    mkswap /swapfile
+    swapon /swapfile
+    echo '/swapfile none swap sw 0 0' >> /etc/fstab
+    echo "Swap configured"
+else
+    echo "Swap already exists"
+fi
+
+# 7. Create app directory
+echo ">>> Step 7: Create app directory"
+mkdir -p /opt/metaboflow
+chown ubuntu:ubuntu /opt/metaboflow
+
+echo ""
+echo "=== Server setup complete ==="
+echo "Next steps:"
+echo "  1. SSH as 'ubuntu' user"
+echo "  2. cd /opt/metaboflow"
+echo "  3. git clone https://github.com/ponytech-dev/MetaboFlow.git ."
+echo "  4. bash deploy/deploy.sh"
