kangwan/20260512-skg-tk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auto-save 2026-05-15 15:04 (~8)

Browse Source
This commit is contained in:
kang
2026-05-15 15:04:41 +08:00
parent 02d96e5a27
commit 59a0d10a8a
8 changed files with 47 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -15,6 +15,7 @@ __pycache__/
.logs/
.pids/
deploy/.env.production
deploy/.htpasswd
# api
api/.venv/

14
.memory/worklog.json
View File

@@ -1,12 +1,5 @@
{
"entries": [
{
"files_changed": 3,
"hash": "f291788",
"message": "auto-save 2026-05-13 23:34 (+1, ~1)",
"ts": "2026-05-13T23:35:05+08:00",
"type": "commit"
},
{
"files_changed": 5,
"hash": "b93693c",
@@ -3251,6 +3244,13 @@
"type": "session-heartbeat",
"message": "Codex 会话活跃 · 最近命令codex · 1 项未提交变更 · 最近提交auto-save 2026-05-15 14:53 (~6)",
"files_changed": 1
},
{
"ts": "2026-05-15T14:59:07+08:00",
"type": "commit",
"message": "auto-save 2026-05-15 14:58 (~1)",
"hash": "02d96e5",
"files_changed": 1
}
]
}

6
.project.json
View File

@@ -19,6 +19,12 @@
"name" : "VIDEO_API_KEY",
"storage" : "api/.env / deploy/.env.production",
"type" : "api_key"
},
{
"description" : "生产站点 Basic Auth 登录;用户名写 RULES.md密码只放服务器 /root/skg-marketing-studio-login.txtNginx 使用 deploy/.htpasswd 哈希文件",
"name" : "WEB_BASIC_AUTH",
"storage" : "/root/skg-marketing-studio-login.txt / deploy/.htpasswd",
"type" : "web_login"
}
],
"description" : "SKG AI 素材生产管线第二条思路验证TK 链接 → 拆轨 → 目标化关键帧 + ASR\/翻译 → 接 SKG 产品信息改写口播 → MiniMax 配音 → nano-banana-pro\/GPT Image 生图 → Seedance\/Kling\/Veo3 多模型生视频 → 合成带文案成品",

13
RULES.md
View File

@@ -14,21 +14,22 @@
## 部署事实
- 平台VPS `76.13.31.179`Ubuntu 24.04 / Docker Compose / Coolify Traefik
- 发布状态已部署并验证2026-05-15`https://marketing.skg.com` 首页 200`/api/health` 返回 `ok:true`
- 发布状态已部署并验证2026-05-15`https://marketing.skg.com` 已启用 Basic Auth认证后首页 200`/api/health` 返回 `ok:true`
- 主站 / 前端:`https://marketing.skg.com`
- API / 后端:`https://marketing.skg.com/api`
- 文档 / 解析:`docs/source-analysis.html`(项目内独立文档,不公开挂主应用路由)
- 管理后台:待定
- 服务器目录:`/opt/skg-marketing-studio`
- 生产启动:`docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -d --build`
- 生产架构:`web` 容器用 Nginx 承载 Next 静态导出并反代 `/api/``skg-marketing-api:4291``api` 容器跑 FastAPI 4291Traefik 通过 `coolify` 外部网络接入 80/443
- 生产架构:`web` 容器用 Nginx 承载 Next 静态导出并做 Basic Auth认证后反代 `/api/``skg-marketing-api:4291``api` 容器跑 FastAPI 4291Traefik 通过 `coolify` 外部网络接入 80/443
- 持久化目录:服务器 `./data/jobs` 挂载到后端 `/data/jobs`
- 登录凭证Nginx 使用服务器 `/opt/skg-marketing-studio/deploy/.htpasswd`;明文备份只放服务器 `/root/skg-marketing-studio-login.txt`
## 快捷登录
- 登录地址:待补充
- 用户名:待补充
- 密码:待补充
- 说明:这里只写项目专属网页登录数据库密码、API Key、服务器 root 密码不要写这里
- 登录地址:`https://marketing.skg.com`
- 用户名:`skg`
- 密码:见服务器 `/root/skg-marketing-studio-login.txt`(不入库)
- 说明:当前是生产入口 Basic Auth数据库密码、API Key、服务器 root 密码不要写这里
## 元数据回写清单
- 新增或变更公网地址后,必须同步更新 `.project.json.urls`

3
deploy/nginx.conf
View File

@@ -4,6 +4,9 @@ server {
client_max_body_size 2g;
auth_basic "SKG Marketing Studio";
auth_basic_user_file /etc/nginx/auth/.htpasswd;
gzip on;
gzip_types text/plain text/css application/json application/javascript application/xml image/svg+xml;

2
docker-compose.prod.yml
View File

@@ -26,6 +26,8 @@ services:
container_name: skg-marketing-web
depends_on:
- api
volumes:
- ./deploy/.htpasswd:/etc/nginx/auth/.htpasswd:ro
restart: unless-stopped
networks:
- skg-marketing-internal

9
docs/deploy-vps.md
View File

@@ -32,6 +32,13 @@ cp deploy/.env.production.example deploy/.env.production
Fill `deploy/.env.production` with the real production keys. Keep this file out of git.
Create the production login file. Replace the username and password as needed:
```bash
printf 'skg:%s\n' "$(openssl passwd -apr1 'change-this-password')" > deploy/.htpasswd
chmod 600 deploy/.htpasswd
```
Then start:
```bash
@@ -57,7 +64,7 @@ docker compose -f docker-compose.prod.yml --env-file deploy/.env.production up -
## Runtime Notes
- `web` is a static Next export served by Nginx.
- `web` proxies `/api/` to `skg-marketing-api:4291`; avoid the generic hostname `api` because the web container also joins the shared Coolify network.
- `web` requires Nginx Basic Auth for the whole site and then proxies `/api/` to `skg-marketing-api:4291`; avoid the generic hostname `api` because the web container also joins the shared Coolify network.
- `api` is only on the internal project network and stores jobs under `/data/jobs`.
- Server-side job files persist in `./data/jobs` on the VPS.
- Large uploads are allowed up to `2g` at the Nginx proxy layer.

14
docs/source-analysis.html
View File

@@ -536,7 +536,7 @@
<tr>
<td>生产站点</td>
<td><code>https://marketing.skg.com</code></td>
<td>公司域名已解析到 VPS <code>76.13.31.179</code>。线上由既有 Coolify / Traefik 负责 HTTPS 入口,项目 <code>web</code> 容器用 Nginx 承载静态前端并把 <code>/api/</code> 反代到 FastAPI。</td>
<td>公司域名已解析到 VPS <code>76.13.31.179</code>。线上由既有 Coolify / Traefik 负责 HTTPS 入口,项目 <code>web</code> 容器用 Nginx 承载静态前端、执行 Basic Auth 登录,并把 <code>/api/</code> 反代到 FastAPI。</td>
</tr>
<tr>
<td>生产部署</td>
@@ -939,6 +939,18 @@ SubjectAsset {
<h2>变更记录</h2>
<p>这个记录不是 git log 的替代品。它记录“产品理解发生了什么变化、影响了哪些源码、你以后描述需求时该怎么说”。后续每次改功能都要补一条。</p>
<div class="changelog">
<article class="change">
<header>
<h3>2026-05-15 · 生产站点增加登录保护</h3>
<span class="tag gray">Runtime</span>
<span class="tag blue">Security</span>
</header>
<div class="body">
<p><strong>问题:</strong>公司域名部署后任何人知道地址都能打开工作台并调用生成能力。</p>
<p><strong>改动:</strong>在生产 <code>web</code> Nginx 容器增加 Basic Auth整站和 <code>/api/</code> 统一要求账号密码;哈希文件挂载自服务器 <code>/opt/skg-marketing-studio/deploy/.htpasswd</code>,明文密码只保存在服务器 root 说明文件,不入库。</p>
<p><strong>影响:</strong><code>docker-compose.prod.yml</code><code>deploy/nginx.conf</code><code>.gitignore</code><code>.project.json</code><code>RULES.md</code><code>docs/deploy-vps.md</code><code>docs/source-analysis.html</code></p>
</div>
</article>
<article class="change">
<header>
<h3>2026-05-15 · 公司域名生产部署配置</h3>