fix(deploy): ???????????????????

Made-with: Cursor

scripts/lib-yh-compose-deploy.sh

@@ -17,6 +17,7 @@ ensure_host_deploy_env() {
   require_cmd ss
   require_cmd sed
   require_cmd awk
+  require_cmd curl
 }
 
 host_nginx_online() {
@@ -102,6 +103,8 @@ yh_install_host_nginx_site_conf() {
   local domain="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
   local tpl="$ROOT/nginx/yuheng.host.conf"
   local out="/etc/nginx/conf.d/${domain}.conf"
+  local ts
+  ts="$(date +%Y%m%d%H%M%S)"
 
   if [ ! -f "$tpl" ]; then
     echo "未找到 $tpl，跳过宿主机站点配置生成。"
@@ -109,6 +112,16 @@ yh_install_host_nginx_site_conf() {
   fi
 
   ensure_host_deploy_env
+
+  # 同域名冲突兜底：将 conf.d 下其他包含相同 server_name 的配置下线，避免错误 upstream 继续生效导致 502。
+  run_sudo sh -c "for f in /etc/nginx/conf.d/*.conf; do
+    [ -f \"\$f\" ] || continue
+    [ \"\$f\" = \"$out\" ] && continue
+    if grep -Eq '^[[:space:]]*server_name[[:space:]]+[^;]*${domain}([[:space:];]|$)' \"\$f\"; then
+      mv -f \"\$f\" \"\${f}.disabled_by_yh_${ts}\"
+    fi
+  done"
+
   mkdir -p "$ROOT/verify-root"
   sed "s|__VERIFY_ROOT__|$ROOT/verify-root|g" "$tpl" | run_sudo tee "$out" >/dev/null
 
@@ -123,3 +136,41 @@ yh_install_host_nginx_site_conf() {
     ensure_host_nginx_started
   fi
 }
+
+yh_post_deploy_healthcheck() {
+  local domain="${NGINX_DOMAIN:-yuheng.yuxindazhineng.com}"
+  local code=""
+
+  # 先验证上游容器端口（避免把 upstream 问题误判成 nginx 问题）
+  curl -fsS --max-time 6 http://127.0.0.1:9080/ >/dev/null || {
+    echo "错误: 前台上游 127.0.0.1:9080 不可用" >&2
+    return 1
+  }
+  curl -fsS --max-time 6 http://127.0.0.1:9081/ >/dev/null || {
+    echo "错误: 后台上游 127.0.0.1:9081 不可用" >&2
+    return 1
+  }
+  curl -fsS --max-time 6 http://127.0.0.1:8088/api/health | grep -q '"status":"ok"' || {
+    echo "错误: API 上游 127.0.0.1:8088/api/health 不可用" >&2
+    return 1
+  }
+
+  code="$(curl -k -sS -o /dev/null -w '%{http_code}' --max-time 10 "https://${domain}" || true)"
+  if [ "$code" = "502" ] || [ "$code" = "000" ]; then
+    echo "检测到 https://${domain} 返回 ${code}，尝试自动重载宿主机 Nginx 后重试..."
+    run_sudo systemctl reload nginx 2>/dev/null || true
+    sleep 1
+    code="$(curl -k -sS -o /dev/null -w '%{http_code}' --max-time 10 "https://${domain}" || true)"
+  fi
+
+  if [ "${code:-000}" -ge 500 ] || [ "${code:-000}" = "000" ]; then
+    echo "错误: https://${domain} 返回 ${code}，部署后健康检查失败。" >&2
+    echo "==== 诊断：80/443 监听 ====" >&2
+    run_sudo ss -tlnp | sed -n '1p;/\:80 \|:443 /p' >&2 || true
+    echo "==== 诊断：最近 Nginx 错误日志 ====" >&2
+    run_sudo sh -c 'tail -n 80 /var/log/nginx/error.log 2>/dev/null || true' >&2
+    return 1
+  fi
+
+  echo "健康检查通过：https://${domain} -> ${code}"
+}