34.5 部署上线
34.5.1 Docker 容器化
Dockerfile
# Dockerfile
# 阶段 1:构建
FROM node:22-slim AS builder
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN corepack enable && pnpm install --frozen-lockfile
COPY . .
RUN pnpm build
# 阶段 2:运行
FROM node:22-slim AS runtime
RUN groupadd -r miniclaw && useradd -r -g miniclaw -m miniclaw
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json .
COPY --from=builder /app/ui ./ui
# 非 root 用户运行
USER miniclaw
# 数据目录
VOLUME /home/miniclaw/.miniclaw
ENV NODE_ENV=production
EXPOSE 3000 8080
CMD ["node", "dist/index.js"]措施
说明
docker-compose.yml
启动命令
34.5.2 守护进程配置
systemd(Linux)
launchd(macOS)
34.5.3 安全加固
1. 认证保护
2. 工具安全
3. 输入消毒
4. 反向代理
安全检查清单
项目
状态
说明
本节小结
Last updated