marketing-shibata50/9router
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9router/gitbook/content/vi/deployment/cloud.md
decolua fd92af77a0 Feat : Gitbook
2026-05-11 11:50:24 +07:00

8.5 KiB
Raw Blame History

☁️ Triển khai Cloud

Triển khai 9Router trên VPS hoặc Docker để truy cập từ xa và dùng trong production.

🖥️ Triển khai VPS

Yêu cầu

  • Ubuntu 20.04+ hoặc distro Linux tương tự
  • Node.js 20+
  • Git
  • Quyền root hoặc sudo

Bước 1: Clone Repository

git clone https://github.com/decolua/9router.git
cd 9router/app

Bước 2: Cài đặt Dependencies

npm install

Bước 3: Build Application

npm run build

Bước 4: Cấu hình biến môi trường

Tạo file .env hoặc export biến:

export JWT_SECRET="your-secure-secret-change-this-to-random-string"
export INITIAL_PASSWORD="your-secure-password"
export DATA_DIR="/var/lib/9router"
export NODE_ENV="production"

Biến môi trường:

Biến Mặc định Mô tả
JWT_SECRET Auto-generated PHẢI đổi trong production! Dùng để ký JWT token
INITIAL_PASSWORD 123456 Mật khẩu đăng nhập Dashboard
DATA_DIR ~/.9router Đường dẫn lưu database và data
NODE_ENV development Đặt production cho deployment
ENABLE_REQUEST_LOGS false Bật debug request/response logs

Bước 5: Tạo Data Directory

sudo mkdir -p /var/lib/9router
sudo chown $USER:$USER /var/lib/9router

Bước 6: Khởi động Application

npm run start

Bước 7: Setup PM2 cho Production

PM2 giữ application chạy và tự khởi động lại khi crash:

# Install PM2 globally
npm install -g pm2

# Start 9Router with PM2
pm2 start npm --name 9router -- start

# Save PM2 configuration
pm2 save

# Setup PM2 to start on system boot
pm2 startup
# Follow the instructions printed by the command above

Lệnh quản lý PM2:

# View logs
pm2 logs 9router

# Restart application
pm2 restart 9router

# Stop application
pm2 stop 9router

# View status
pm2 status

# Monitor resources
pm2 monit

🐳 Triển khai Docker

Cách 1: Dùng Dockerfile

Tạo Dockerfile trong thư mục app:

FROM node:20-alpine

WORKDIR /app

# Copy package files
COPY package*.json ./

# Install dependencies
RUN npm ci --only=production

# Copy application files
COPY . .

# Build application
RUN npm run build

# Expose ports
EXPOSE 3000 20128

# Set environment variables
ENV NODE_ENV=production
ENV DATA_DIR=/app/data

# Create data directory
RUN mkdir -p /app/data

# Start application
CMD ["npm", "run", "start"]

Build và Run:

# Build image
docker build -t 9router .

# Run container
docker run -d \
  --name 9router \
  -p 3000:3000 \
  -p 20128:20128 \
  -e JWT_SECRET="your-secure-secret-change-this" \
  -e INITIAL_PASSWORD="your-secure-password" \
  -v 9router-data:/app/data \
  9router

Cách 2: Docker Compose

Tạo docker-compose.yml:

version: '3.8'

services:
  9router:
    build: .
    container_name: 9router
    ports:
      - "3000:3000"
      - "20128:20128"
    environment:
      - NODE_ENV=production
      - JWT_SECRET=your-secure-secret-change-this
      - INITIAL_PASSWORD=your-secure-password
      - DATA_DIR=/app/data
    volumes:
      - 9router-data:/app/data
    restart: unless-stopped

volumes:
  9router-data:

Chạy với Docker Compose:

# Start services
docker-compose up -d

# View logs
docker-compose logs -f

# Stop services
docker-compose down

# Rebuild and restart
docker-compose up -d --build

🌐 Reverse Proxy với Nginx

Tại sao dùng Nginx?

  • Terminate SSL/TLS
  • Map domain
  • Load balancing
  • Bảo mật tốt hơn

Bước 1: Cài đặt Nginx

sudo apt update
sudo apt install nginx

Bước 2: Cấu hình Nginx

Tạo /etc/nginx/sites-available/9router:

server {
    listen 80;
    server_name your-domain.com;

    # Redirect HTTP to HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com;

    # SSL certificates (use certbot to generate)
    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

    # SSL configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Proxy to 9Router
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        
        # SSE support - CRITICAL for streaming
        proxy_buffering off;
        proxy_read_timeout 86400;
    }

    # API endpoint
    location /v1 {
        proxy_pass http://localhost:20128;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # SSE support - CRITICAL for streaming
        proxy_buffering off;
        proxy_read_timeout 86400;
    }
}

Bước 3: Enable Site

# Create symbolic link
sudo ln -s /etc/nginx/sites-available/9router /etc/nginx/sites-enabled/

# Test configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

Bước 4: Setup SSL với Let's Encrypt

# Install certbot
sudo apt install certbot python3-certbot-nginx

# Obtain SSL certificate
sudo certbot --nginx -d your-domain.com

# Auto-renewal is configured automatically
# Test renewal
sudo certbot renew --dry-run

🔒 Cân nhắc về Bảo mật

1. Đổi credentials mặc định

QUAN TRỌNG: Đổi JWT_SECRETINITIAL_PASSWORD trước khi deploy:

# Generate secure JWT secret
openssl rand -base64 32

# Use this value for JWT_SECRET
export JWT_SECRET="generated-secret-here"

2. Cấu hình Firewall

# Allow SSH
sudo ufw allow 22/tcp

# Allow HTTP/HTTPS (if using Nginx)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# If NOT using reverse proxy, allow 9Router ports
sudo ufw allow 3000/tcp
sudo ufw allow 20128/tcp

# Enable firewall
sudo ufw enable

3. Giới hạn truy cập Dashboard

Nếu chỉ cần truy cập API, giới hạn port dashboard:

# Only allow localhost access to dashboard
sudo ufw deny 3000/tcp

Truy cập dashboard qua SSH tunnel:

ssh -L 3000:localhost:3000 user@your-server.com
# Then open http://localhost:3000 in your browser

4. Cập nhật định kỳ

# Update system packages
sudo apt update && sudo apt upgrade -y

# Update 9Router
cd /path/to/9router/app
git pull
npm install
npm run build
pm2 restart 9router

5. Chiến lược Backup

# Backup data directory
tar -czf 9router-backup-$(date +%Y%m%d).tar.gz /var/lib/9router

# Automated daily backup (add to crontab)
0 2 * * * tar -czf /backups/9router-$(date +\%Y\%m\%d).tar.gz /var/lib/9router

📊 Giám sát

Kiểm tra trạng thái Application

# PM2 status
pm2 status

# View logs
pm2 logs 9router --lines 100

# Monitor resources
pm2 monit

Nginx Logs

# Access logs
sudo tail -f /var/log/nginx/access.log

# Error logs
sudo tail -f /var/log/nginx/error.log

Tài nguyên hệ thống

# CPU and memory usage
htop

# Disk usage
df -h

# Network connections
netstat -tulpn | grep -E '3000|20128'

🚨 Troubleshooting

Application không khởi động

# Check logs
pm2 logs 9router

# Check if ports are in use
sudo lsof -i :3000
sudo lsof -i :20128

# Check environment variables
pm2 env 9router

Nginx 502 Bad Gateway

# Check if 9Router is running
pm2 status

# Check Nginx error logs
sudo tail -f /var/log/nginx/error.log

# Test Nginx configuration
sudo nginx -t

SSE Streaming không hoạt động

Đảm bảo proxy_buffering off được set trong cấu hình Nginx để hỗ trợ SSE.

Lỗi Permission Denied

# Fix data directory permissions
sudo chown -R $USER:$USER /var/lib/9router
chmod 755 /var/lib/9router

🔗 Bước tiếp theo