feat(deploy): 容器网络架构改造 + 配置纳入版本控制

网络架构:
- iot-platform: host -> bridge (新增 -p 8887:8887 端口映射)
- taos-explorer: bridge (新增 /mnt/taos-explorer-data 数据持久化)
- tdengine-operator: 保持 host 网络

配置更新:
- TDengine URL: 127.0.0.1 -> 172.21.185.173 (宿主机内网 IP)
- Redis host: localhost -> ${REDIS_HOST:localhost} 环境变量
- taos.cfg fqdn: 127.0.0.1 -> 172.21.185.173
- explorer.toml cluster: localhost -> 172.21.185.173

部署脚本:
- REMOTE_DIR: /opt/iot-platform -> /mnt/iot-platform
- 日志目录: /opt/iot-platform/logs -> /mnt/iot-platform/logs
- 去掉自动回滚逻辑，保留容器用于排查
- 新增 -p 8887:8887 端口映射

新增服务器配置文件到仓库:
- deploy/Dockerfile
- deploy/start-container.sh
- deploy/config/taos.cfg
- deploy/config/explorer.toml
- deploy/config/tdengine-explorer.conf
- .env (移除 .gitignore 忽略)

.env

@@ -0,0 +1,24 @@
+# IoT 平台环境变量配置
+# 启动前自动加载：./start.sh start
+# 或手动加载：source .env
+
+# MySQL 数据库（主从共用）
+MYSQL_USERNAME=root
+MYSQL_PASSWORD="Zhu059300()__"
+
+# Redis
+REDIS_PASSWORD=
+
+# MQTT Broker
+MQTT_USERNAME=NjniyrEO
+MQTT_PASSWORD=2b577892f4824d466dbc323a1ee4dfe1902c55bb
+
+# TDengine 时序数据库
+TDENGINE_USERNAME=root
+TDENGINE_PASSWORD=taosdata
+
+# Druid 监控（生产环境建议设为 false 关闭）
+DRUID_STAT_ENABLED=true
+DRUID_USERNAME=ruoyi
+DRUID_PASSWORD=123456
+REDIS_HOST=172.21.185.173

.gitignore

@@ -50,5 +50,6 @@ nbdist/
 .claude/
 
 # Environment variables
-.env
+# .env is now tracked in git per user request
+# .env
 !.env.example

deploy/.env

@@ -0,0 +1,24 @@
+# IoT 平台环境变量配置
+# 启动前自动加载：./start.sh start
+# 或手动加载：source .env
+
+# MySQL 数据库（主从共用）
+MYSQL_USERNAME=root
+MYSQL_PASSWORD="Zhu059300()__"
+
+# Redis
+REDIS_PASSWORD=
+
+# MQTT Broker
+MQTT_USERNAME=NjniyrEO
+MQTT_PASSWORD=2b577892f4824d466dbc323a1ee4dfe1902c55bb
+
+# TDengine 时序数据库
+TDENGINE_USERNAME=root
+TDENGINE_PASSWORD=taosdata
+
+# Druid 监控（生产环境建议设为 false 关闭）
+DRUID_STAT_ENABLED=true
+DRUID_USERNAME=ruoyi
+DRUID_PASSWORD=123456
+REDIS_HOST=172.21.185.173

deploy/Dockerfile

@@ -0,0 +1,15 @@
+FROM tdengine/tdengine:3.3.6.13
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends openjdk-8-jre-headless && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt/iot-platform
+
+COPY iot-platform.jar .
+COPY .env .
+COPY start-container.sh .
+RUN chmod +x start-container.sh
+
+EXPOSE 8887
+
+ENTRYPOINT ["./start-container.sh"]

deploy/config/explorer.toml

@@ -0,0 +1,117 @@
+# This is a automacically generated configuration file for Explorer in [TOML](https://toml.io/) format.
+#
+# Here is a full list of available options.
+
+# Explorer server port to listen on.
+# Default is 6060.
+#
+port = 6060
+
+# IPv4 listen address.
+# Default is 0.0.0.0
+addr = "0.0.0.0"
+
+# IPv6 listen address.
+
+# ipv6 = "::1"
+
+# explorer server instance id
+# 
+# The instanceId of each instance is unique on the host
+# instanceId = 1
+
+# Explorer server log level.
+# Default is "info"
+# 
+# Deprecated: use log.level instead
+log_level = "info"
+
+# All data files are stored in this directory
+# data_dir = "/var/lib/taos/explorer" # Default for Linux
+# data_dir = "C:\\TDengine\\data\\explorer" # Default for Windows
+
+# REST API endpoint to connect to the cluster.
+# This configuration is also the target for data migration tasks.
+# 
+# Default is "http://localhost:6041" - the default endpoint for REST API.
+#
+cluster = "http://172.21.185.173:6041"
+
+# native endpoint to connect to the cluster.
+# Default is disabled. To enable it, set it to the native API URL like "taos://localhost:6030" and uncomment it.
+# If you enable it, you will get more performance for data migration tasks.
+# If modify this config item, you must relogin to clear the cache in browser local storage.
+#
+# cluster_native = "taos://localhost:6030"
+
+# API endpoint for data replication/backup/data sources. No default option.
+#   Set it to API URL like "http://localhost:6050".
+#
+x_api = "http://localhost:6050"
+
+# Please set it to same as the "grpc" parameter used by taosX Service; 
+# If "grpc" parameter is not set explicitly in taosX service, please set it to the default grpc address of taosX
+grpc = "http://localhost:6055"
+
+# CORS configuration switch, it allows cross-origin access
+cors = true
+
+# cloud open api.
+# cloud_open_api = "https://pre.ali.cloud.taosdata.com/openapi"
+
+# Enable ssl
+# If the following two files exist, enable ssl protocol
+#
+[ssl]
+
+# SSL certificate
+#
+# certificate = "/path/to/ca.file" # on linux/macOS
+# certificate = "C:\\path\\to\\ca.file" # on windows
+
+# SSL certificate key
+#
+# certificate_key = "/path/to/key.file" # on linux/macOS
+# certificate_key = "C:\\path\\to\\key.file" # on windows
+
+# log configuration
+[log]
+# All log files are stored in this directory
+# 
+# path = "/var/log/taos" # on linux/macOS
+# path = "C:\\TDengine\\log" # on windows
+
+# log filter level
+#
+# level = "info"
+
+# Compress archived log files or not
+# 
+# compress = false
+
+# The number of log files retained by the current explorer server instance in the `path` directory
+# 
+# rotationCount = 30
+
+# Rotate when the log file reaches this size
+# 
+# rotationSize = "1GB"
+
+# Log downgrade when the remaining disk space reaches this size, only logging `ERROR` level logs
+# 
+# reservedDiskSize = "1GB"
+
+# The number of days log files are retained
+#
+# keepDays = 30
+
+# integrated with Grafana
+[grafana]
+# The token of the Grafana server, which is used to access the Grafana server.
+#token = ""
+
+# The URL of the Grafana dashboard, which is used to display the monitoring data of the TDengine cluster.
+# You can configure multiple Grafana dashboards.
+[grafana.dashboards]
+#TDengine3 = "http://localhost:3000/d/000000001/tdengine3"
+#taosX = "http://localhost:3000/d/000000002/taosx"

deploy/config/taos.cfg

@@ -0,0 +1,2 @@
+fqdn 172.21.185.173
+serverPort 6031

deploy/config/tdengine-explorer.conf

@@ -0,0 +1,16 @@
+server {
+    listen 172.21.185.173:6060;
+    server_name 47.104.204.180;
+
+    location / {
+        proxy_pass http://127.0.0.1:6060;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout 300s;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

deploy/deploy.sh

@@ -15,7 +15,7 @@ set -e
 # 配置
 SERVER_HOST="${SERVER_HOST:-47.104.204.180}"
 SERVER_USER="${SERVER_USER:-root}"
-REMOTE_DIR="${REMOTE_DIR:-/opt/iot-platform}"
+REMOTE_DIR="${REMOTE_DIR:-/mnt/iot-platform}"
 APP_NAME="iot-platform"
 LOCAL_JAR=""
 DO_BUILD=false
@@ -133,9 +133,10 @@ echo -e "${YELLOW}[5/6] 启动容器...${NC}"
 ssh "${SERVER_USER}@${SERVER_HOST}" "
     podman run -d \
         --name ${APP_NAME} \
-        --network host \
+        --network bridge \
         --restart unless-stopped \
-        -v ${REMOTE_DIR}/logs:/opt/iot-platform/logs \
+        -p 8887:8887 \
+        -v /mnt/iot-platform/logs:/opt/iot-platform/logs \
         localhost/${APP_NAME}:latest >/dev/null 2>&1
 "
 sleep 5
@@ -163,40 +164,11 @@ if ssh "${SERVER_USER}@${SERVER_HOST}" "bash ${REMOTE_DIR}/bin/health-check.sh l
     exit 0
 else
     echo -e "${RED}[6/6] 健康检查失败!${NC}"
-
-    if [ "$NO_ROLLBACK" = true ]; then
-        echo -e "${YELLOW}[no-rollback] 已启用不回滚模式，保留新版本用于排查${NC}"
-        echo -e "${YELLOW}排查命令:${NC}"
-        echo "  ssh ${SERVER_USER}@${SERVER_HOST} 'podman logs -f ${APP_NAME}'"
-        echo "  ssh ${SERVER_USER}@${SERVER_HOST} 'podman ps | grep ${APP_NAME}'"
-        exit 1
-    fi
-
-    echo -e "${YELLOW}[rollback] 执行回滚...${NC}"
-    ssh "${SERVER_USER}@${SERVER_HOST}" "podman stop ${APP_NAME} >/dev/null 2>&1 && podman rm ${APP_NAME} >/dev/null 2>&1 || true"
-
-    if ssh "${SERVER_USER}@${SERVER_HOST}" "test -f ${REMOTE_DIR}/backup/${BACKUP_NAME}"; then
-        echo -e "${YELLOW}[rollback] 恢复旧版本...${NC}"
-        ssh "${SERVER_USER}@${SERVER_HOST}" "
-            cp ${REMOTE_DIR}/backup/${BACKUP_NAME} ${REMOTE_DIR}/${APP_NAME}.jar
-            cd ${REMOTE_DIR} && podman build -t ${APP_NAME}:latest . >/dev/null 2>&1
-            podman run -d \
-                --name ${APP_NAME} \
-                --network host \
-                --restart unless-stopped \
-                -v ${REMOTE_DIR}/logs:/opt/iot-platform/logs \
-                localhost/${APP_NAME}:latest >/dev/null 2>&1
-        "
-        sleep 5
-
-        if ssh "${SERVER_USER}@${SERVER_HOST}" "bash ${REMOTE_DIR}/bin/health-check.sh localhost 8887 60"; then
-            echo -e "${GREEN}[rollback] 回滚成功，旧版本已恢复${NC}"
-        else
-            echo -e "${RED}[rollback] 回滚后健康检查仍失败，请手动排查!${NC}"
-        fi
-    else
-        echo -e "${RED}[rollback] 无备份可回滚，请手动修复!${NC}"
-    fi
-
+    echo -e "${YELLOW}保留容器用于排查，不自动回滚${NC}"
+    echo ""
+    echo "排查命令:"
+    echo "  ssh ${SERVER_USER}@${SERVER_HOST} 'podman logs -f ${APP_NAME}'"
+    echo "  ssh ${SERVER_USER}@${SERVER_HOST} 'podman ps | grep ${APP_NAME}'"
+    echo "  ssh ${SERVER_USER}@${SERVER_HOST} 'curl -s http://localhost:8887/actuator/health'"
     exit 1
 fi

deploy/start-container.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -a
+source /opt/iot-platform/.env
+set +a
+
+cd /opt/iot-platform
+exec java -server -Duser.timezone=Asia/Shanghai -Dfile.encoding=UTF-8 -Xms1g -Xmx2g -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/iot-platform/logs/heapdump.hprof -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -jar iot-platform.jar --spring.profiles.include=online

iot-platform/src/main/java/com/iot/platform/config/IotProperties.java

@@ -115,7 +115,7 @@ public class IotProperties {
      * TDengine配置
      */
     public static class TDengine {
-        private String url = "jdbc:TAOS://127.0.0.1:6031/";
+        private String url = "jdbc:TAOS://172.21.185.173:6031/";
         private String username = "";
         private String password = "";
 

iot-platform/src/main/resources/application.yml

@@ -29,7 +29,7 @@ spring:
     restart:
       enabled: false
   redis:
-    host: localhost
+    host: ${REDIS_HOST:localhost}
     port: 6379
     database: 0
     password: ${REDIS_PASSWORD:}
@@ -70,6 +70,6 @@ iot:
     password: ${MQTT_PASSWORD:}
     charge-station-topic: ${MQTT_CHARGE_STATION_TOPIC:station/ChargeStation/device/+/post/json}
   tdengine:
-    url: jdbc:TAOS://127.0.0.1:6031/
+    url: jdbc:TAOS://172.21.185.173:6031/
     username: ${TDENGINE_USERNAME:}
     password: ${TDENGINE_PASSWORD:}