部署指南
部署架构
用户请求
↓
nginx(HTTPS 443)
↓
Next.js(HTTP 127.0.0.1:3000)
↓
SQLite(./dev.db)
一、安装 nginx + certbot
apt update
apt install -y nginx certbot python3-certbot-nginx
二、申请 SSL 证书
确保 80 端口未被占用:
certbot --nginx -d
按提示输入邮箱,选 2(HTTP 自动跳转 HTTPS)。
三、nginx 反向代理配置
nano /etc/nginx/sites-available/homeletter
server {
listen 80;
server_name ;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ;
ssl_certificate /etc/letsencrypt/live//fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live//privkey.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_cache_bypass $http_upgrade;
}
}
四、启用配置
ln -s /etc/nginx/sites-available/homeletter /etc/nginx/sites-enabled/
nginx -t
systemctl reload nginx
五、防火墙
ufw allow 80
ufw allow 443
六、启动应用
# 进入项目目录
cd /path/to/homeletter
初始化数据库(首次)
DATABASE_URL=file:./dev.db npx prisma db push
启动(生产建议用 pm2)
npm run build
npm start
或开发模式
npm run dev
七、证书自动续期
certbot 安装后自动创建定时任务,手动测试:
certbot renew --dry-run
OAuth 回调地址
已注册的回调地址:
| 环境 | 地址 |
| 本地开发 | http://localhost:3000/api/auth/callback |
| 生产环境 | https:// |