|
| 1 | +# Deployment Guide / 部署指南 |
| 2 | + |
| 3 | +[English](#english) | [中文](#中文) |
| 4 | + |
| 5 | +## English |
| 6 | + |
| 7 | +This guide covers a practical production deployment for API Hub Mobile. |
| 8 | + |
| 9 | +### 1. Requirements |
| 10 | + |
| 11 | +- Node.js 18 or later |
| 12 | +- A persistent `data/` directory |
| 13 | +- HTTPS reverse proxy for public access |
| 14 | +- Strong admin password and encryption secret |
| 15 | + |
| 16 | +### 2. Environment Variables |
| 17 | + |
| 18 | +| Variable | Recommended | Description | |
| 19 | +| --- | --- | --- | |
| 20 | +| `PORT` | `4173` | HTTP listen port | |
| 21 | +| `APIHUB_ADMIN_USER` | `admin` | Admin username | |
| 22 | +| `APIHUB_ADMIN_PASSWORD` | Required | Admin login password | |
| 23 | +| `APIHUB_SECRET` | Required | Secret used to derive the AES-GCM encryption key | |
| 24 | +| `APIHUB_COOKIE_SECURE` | `true` with HTTPS | Adds `Secure` to the session cookie | |
| 25 | +| `APIHUB_ENABLE_MOCKS` | `false` in production | Disables local mock remote endpoints | |
| 26 | + |
| 27 | +### 3. Start the App |
| 28 | + |
| 29 | +Linux / macOS: |
| 30 | + |
| 31 | +```bash |
| 32 | +PORT=4173 \ |
| 33 | +APIHUB_ADMIN_USER=admin \ |
| 34 | +APIHUB_ADMIN_PASSWORD=replace-with-a-strong-password \ |
| 35 | +APIHUB_SECRET=replace-with-a-long-random-secret \ |
| 36 | +APIHUB_COOKIE_SECURE=true \ |
| 37 | +APIHUB_ENABLE_MOCKS=false \ |
| 38 | +node server.js |
| 39 | +``` |
| 40 | + |
| 41 | +Windows PowerShell: |
| 42 | + |
| 43 | +```powershell |
| 44 | +$env:PORT="4173" |
| 45 | +$env:APIHUB_ADMIN_USER="admin" |
| 46 | +$env:APIHUB_ADMIN_PASSWORD="replace-with-a-strong-password" |
| 47 | +$env:APIHUB_SECRET="replace-with-a-long-random-secret" |
| 48 | +$env:APIHUB_COOKIE_SECURE="true" |
| 49 | +$env:APIHUB_ENABLE_MOCKS="false" |
| 50 | +node server.js |
| 51 | +``` |
| 52 | + |
| 53 | +### 4. Reverse Proxy |
| 54 | + |
| 55 | +Put the app behind Nginx, Caddy, Traefik, or a platform gateway. |
| 56 | + |
| 57 | +Production checklist: |
| 58 | + |
| 59 | +- Serve the public site over HTTPS. |
| 60 | +- Set `APIHUB_COOKIE_SECURE=true`. |
| 61 | +- Do not expose `data/` as static files. |
| 62 | +- Keep request logs free of credentials. |
| 63 | +- Persist and back up `data/store.json`. |
| 64 | +- Keep `APIHUB_SECRET` stable. Changing it will make existing encrypted credentials unreadable. |
| 65 | + |
| 66 | +### 5. Data Files |
| 67 | + |
| 68 | +`data/` may contain: |
| 69 | + |
| 70 | +- `store.json`: local app data and encrypted credentials |
| 71 | +- `secret.key`: generated local encryption key when `APIHUB_SECRET` is not set |
| 72 | +- `initial-admin-password.txt`: generated first-run password when `APIHUB_ADMIN_PASSWORD` is not set |
| 73 | + |
| 74 | +Never commit these files. |
| 75 | + |
| 76 | +### 6. Pre-Deployment Checks |
| 77 | + |
| 78 | +```bash |
| 79 | +node --check server.js |
| 80 | +node --check public/app.js |
| 81 | +git status --short --ignored |
| 82 | +``` |
| 83 | + |
| 84 | +Confirm that `data/` and `verification/` are ignored. |
| 85 | + |
| 86 | +## 中文 |
| 87 | + |
| 88 | +这份文档用于说明 API Hub Mobile 的生产部署方式。 |
| 89 | + |
| 90 | +### 1. 运行要求 |
| 91 | + |
| 92 | +- Node.js 18 或更高版本 |
| 93 | +- 持久化 `data/` 目录 |
| 94 | +- 公开访问时建议使用 HTTPS 反向代理 |
| 95 | +- 强管理员密码和加密密钥 |
| 96 | + |
| 97 | +### 2. 环境变量 |
| 98 | + |
| 99 | +| 变量 | 建议值 | 说明 | |
| 100 | +| --- | --- | --- | |
| 101 | +| `PORT` | `4173` | HTTP 监听端口 | |
| 102 | +| `APIHUB_ADMIN_USER` | `admin` | 管理员用户名 | |
| 103 | +| `APIHUB_ADMIN_PASSWORD` | 必填 | 管理员登录密码 | |
| 104 | +| `APIHUB_SECRET` | 必填 | 用于派生 AES-GCM 加密密钥 | |
| 105 | +| `APIHUB_COOKIE_SECURE` | HTTPS 下设为 `true` | 为会话 Cookie 添加 `Secure` | |
| 106 | +| `APIHUB_ENABLE_MOCKS` | 生产设为 `false` | 关闭本地 mock 远端接口 | |
| 107 | + |
| 108 | +### 3. 启动应用 |
| 109 | + |
| 110 | +Linux / macOS: |
| 111 | + |
| 112 | +```bash |
| 113 | +PORT=4173 \ |
| 114 | +APIHUB_ADMIN_USER=admin \ |
| 115 | +APIHUB_ADMIN_PASSWORD=replace-with-a-strong-password \ |
| 116 | +APIHUB_SECRET=replace-with-a-long-random-secret \ |
| 117 | +APIHUB_COOKIE_SECURE=true \ |
| 118 | +APIHUB_ENABLE_MOCKS=false \ |
| 119 | +node server.js |
| 120 | +``` |
| 121 | + |
| 122 | +Windows PowerShell: |
| 123 | + |
| 124 | +```powershell |
| 125 | +$env:PORT="4173" |
| 126 | +$env:APIHUB_ADMIN_USER="admin" |
| 127 | +$env:APIHUB_ADMIN_PASSWORD="replace-with-a-strong-password" |
| 128 | +$env:APIHUB_SECRET="replace-with-a-long-random-secret" |
| 129 | +$env:APIHUB_COOKIE_SECURE="true" |
| 130 | +$env:APIHUB_ENABLE_MOCKS="false" |
| 131 | +node server.js |
| 132 | +``` |
| 133 | + |
| 134 | +### 4. 反向代理 |
| 135 | + |
| 136 | +建议使用 Nginx、Caddy、Traefik 或平台网关提供 HTTPS。 |
| 137 | + |
| 138 | +生产检查清单: |
| 139 | + |
| 140 | +- 对外使用 HTTPS。 |
| 141 | +- 设置 `APIHUB_COOKIE_SECURE=true`。 |
| 142 | +- 不要把 `data/` 作为静态文件暴露。 |
| 143 | +- 请求日志不要记录凭证。 |
| 144 | +- 持久化并备份 `data/store.json`。 |
| 145 | +- 保持 `APIHUB_SECRET` 稳定。更换后,已有加密凭证将无法解密。 |
| 146 | + |
| 147 | +### 5. 数据文件 |
| 148 | + |
| 149 | +`data/` 可能包含: |
| 150 | + |
| 151 | +- `store.json`:本地应用数据和加密凭证 |
| 152 | +- `secret.key`:未设置 `APIHUB_SECRET` 时生成的本地加密密钥 |
| 153 | +- `initial-admin-password.txt`:未设置 `APIHUB_ADMIN_PASSWORD` 时生成的首次登录密码 |
| 154 | + |
| 155 | +不要提交这些文件。 |
| 156 | + |
| 157 | +### 6. 部署前检查 |
| 158 | + |
| 159 | +```bash |
| 160 | +node --check server.js |
| 161 | +node --check public/app.js |
| 162 | +git status --short --ignored |
| 163 | +``` |
| 164 | + |
| 165 | +确认 `data/` 和 `verification/` 被忽略。 |
0 commit comments