AI-VideoAssistant/docs/content/deployment/production.md

# 生产环境部署

本文档介绍如何将 AI Video Assistant 部署到生产环境，包括 Nginx 配置、SSL 证书、性能优化等。

## Nginx 部署

### 1. 构建前端

```bash
cd web
npm run build
```

### 2. 部署静态文件

```bash
sudo mkdir -p /var/www/ai-assistant
sudo cp -r dist/* /var/www/ai-assistant/
```

### 3. 配置 Nginx

创建 `/etc/nginx/sites-available/ai-assistant`：

```nginx
server {
    listen 80;
    server_name your-domain.com;
    root /var/www/ai-assistant;
    index index.html;

    # Gzip 压缩
    gzip on;
    gzip_types text/plain text/css application/json application/javascript;

    # 静态文件缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # SPA 路由支持
    location / {
        try_files $uri $uri/ /index.html;
    }

    # API 反向代理
    location /api {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # WebSocket 代理
    location /ws {
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_read_timeout 86400;
    }
}
```

### 4. 启用站点

```bash
sudo ln -s /etc/nginx/sites-available/ai-assistant /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
```

## SSL 证书配置

### 使用 Let's Encrypt

```bash
# 安装 certbot
sudo apt install certbot python3-certbot-nginx

# 申请证书
sudo certbot --nginx -d your-domain.com

# 自动续期
sudo certbot renew --dry-run
```

### HTTPS 配置

```nginx
server {
    listen 443 ssl http2;
    server_name your-domain.com;

    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

    # SSL 安全配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000" always;

    # ... 其他配置同上
}

# HTTP 重定向到 HTTPS
server {
    listen 80;
    server_name your-domain.com;
    return 301 https://$server_name$request_uri;
}
```

## 性能优化

### Nginx 优化

```nginx
# 在 http 块中添加
worker_processes auto;
worker_connections 1024;

# 开启 sendfile
sendfile on;
tcp_nopush on;
tcp_nodelay on;

# 缓冲区设置
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
```

### 静态资源 CDN

如果使用 CDN，修改构建配置：

```env
# .env.production
VITE_CDN_URL=https://cdn.your-domain.com
```

## 监控与日志

### 访问日志

```nginx
access_log /var/log/nginx/ai-assistant.access.log;
error_log /var/log/nginx/ai-assistant.error.log;
```

### 日志轮转

```bash
# /etc/logrotate.d/nginx
/var/log/nginx/*.log {
    daily
    rotate 14
    compress
    delaycompress
    missingok
    notifempty
}
```

## 备份策略

### 数据库备份

```bash
# PostgreSQL 备份
pg_dump -U postgres ai_assistant > backup_$(date +%Y%m%d).sql

# 定时备份（crontab）
0 2 * * * pg_dump -U postgres ai_assistant > /backups/backup_$(date +\%Y\%m\%d).sql
```

## 高可用部署

对于高可用需求，建议：

1. **负载均衡** - 使用 Nginx upstream 或云负载均衡
2. **数据库主从** - PostgreSQL 主从复制
3. **Redis 集群** - 会话和缓存高可用
4. **健康检查** - 定期检测服务状态