feat: 初始化考培练系统项目

- 从服务器拉取完整代码
- 按框架规范整理项目结构
- 配置 Drone CI 测试环境部署
- 包含后端(FastAPI)、前端(Vue3)、管理端

技术栈: Vue3 + TypeScript + FastAPI + MySQL

deploy/nginx/conf.d/admin.conf

@@ -0,0 +1,91 @@
+# 考培练系统 SaaS 超级管理后台
+# 域名：admin.kpl.ireborn.com.cn
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name admin.kpl.ireborn.com.cn;
+    
+    # Let's Encrypt 证书验证
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name admin.kpl.ireborn.com.cn;
+    
+    # SSL 证书
+    ssl_certificate /etc/letsencrypt/live/admin.kpl.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/admin.kpl.ireborn.com.cn/privkey.pem;
+    
+    # SSL 配置
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:AdminSSL:10m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # Docker DNS resolver
+    resolver 127.0.0.11 valid=30s;
+    
+    # 动态 upstream 变量
+    set $admin_frontend kaopeilian-admin-frontend;
+    set $admin_backend kaopeilian-admin-backend;
+    
+    # API 路由 - 使用 rewrite 确保正确传递 URI
+    location /api/ {
+        rewrite ^/api/(.*)$ /api/$1 break;
+        proxy_pass http://$admin_backend:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 75s;
+        client_max_body_size 50M;
+    }
+    
+    # 健康检查
+    location = /health {
+        proxy_pass http://$admin_backend:8000/health;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 前端静态资源
+    location / {
+        proxy_pass http://$admin_frontend:80;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        
+        # HTML 不缓存
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+}

deploy/nginx/conf.d/ex.conf

@@ -0,0 +1,102 @@
+# 恩喜成都总院 (ex.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name ex.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name ex.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/ex.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ex.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://ex-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端服务（HTML 不缓存）
+    location / {
+        proxy_pass http://ex-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://ex-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://ex-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://ex-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/conf.d/fw.conf

@@ -0,0 +1,101 @@
+# 飞沃 (fw.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name fw.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name fw.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/fw.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/fw.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://fw-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端服务（HTML 不缓存）
+    location / {
+        proxy_pass http://fw-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://fw-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://fw-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://fw-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/conf.d/hl.conf

@@ -0,0 +1,101 @@
+# 武汉禾丽 (hl.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name hl.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name hl.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/hl.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hl.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://hl-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端服务（HTML 不缓存）
+    location / {
+        proxy_pass http://hl-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://hl-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://hl-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://hl-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/conf.d/hua.conf

@@ -0,0 +1,101 @@
+# 华尔倍丽 (hua.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name hua.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name hua.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/hua.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/hua.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://hua-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端服务（HTML 不缓存）
+    location / {
+        proxy_pass http://hua-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://hua-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://hua-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://hua-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/conf.d/kaopeilian.conf

@@ -0,0 +1,150 @@
+# 考陪练系统 Nginx 配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name aiedu.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name aiedu.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/aiedu.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/aiedu.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://kaopeilian-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端生产服务器（HTML 不缓存）
+    location / {
+        proxy_pass http://kaopeilian-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 修复前端localhost:8000请求的特殊处理
+    location ~* ^/localhost:8000/(.*)$ {
+        rewrite ^/localhost:8000/(.*)$ /$1 break;
+        proxy_pass http://kaopeilian-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 后端生产服务器 API
+    location /api/ {
+        proxy_pass http://kaopeilian-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 支持 WebSocket
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # 超时配置 - 增加到10分钟以支持AI试题生成等长时间处理
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 后端健康检查
+    location /health {
+        proxy_pass http://kaopeilian-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://kaopeilian-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+    
+    # GitHub Webhook处理
+    location /webhook {
+        proxy_pass http://172.18.0.1:9000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Webhook专用配置
+        proxy_read_timeout 60s;
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+    }
+
+    # Webhook状态检查
+    location /webhook/health {
+        proxy_pass http://172.18.0.1:9000/health;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+
+    location /webhook/status {
+        proxy_pass http://172.18.0.1:9000/status;
+        proxy_set_header Host $host;
+    }
+}
+
+
+

deploy/nginx/conf.d/kpl.conf

@@ -0,0 +1,118 @@
+# 瑞小美团队开发环境 Nginx 配置
+# 域名：kpl.ireborn.com.cn
+# 支持 HTTP 和 HTTPS 访问，热重载
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name kpl.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name kpl.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/kpl.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/kpl.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端服务（共享 dist 方案）
+    location / {
+        proxy_pass http://kpl-frontend-dev:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 不缓存
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # JS/CSS 静态资源（带 hash 可长期缓存）
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        proxy_pass http://kpl-frontend-dev:80;
+        proxy_set_header Host $host;
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 修复前端localhost:8000请求的特殊处理
+    location ~* ^/localhost:8000/(.*)$ {
+        rewrite ^/localhost:8000/(.*)$ /$1 break;
+        proxy_pass http://kpl-backend-dev:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 后端开发服务器 API
+    location /api/ {
+        proxy_pass http://kpl-backend-dev:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 支持 WebSocket
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # 超时配置 - 增加到10分钟以支持AI试题生成等长时间处理
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 后端健康检查
+    location /health {
+        proxy_pass http://kpl-backend-dev:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://kpl-backend-dev:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}
+

deploy/nginx/conf.d/pl.conf

@@ -0,0 +1,73 @@
+# 陪练试用版 Nginx配置
+# 域名: pl.ireborn.com.cn
+
+upstream pl_backend {
+    server 172.18.0.1:8020;
+}
+
+upstream pl_frontend {
+    server 172.18.0.1:3020;
+}
+
+# HTTP -> HTTPS 重定向
+server {
+    listen 80;
+    server_name pl.ireborn.com.cn;
+    
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS 服务
+server {
+    listen 443 ssl;
+    server_name pl.ireborn.com.cn;
+
+    ssl_certificate /etc/letsencrypt/live/pl.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/pl.ireborn.com.cn/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    access_log /var/log/nginx/pl_access.log;
+    error_log /var/log/nginx/pl_error.log;
+
+    location / {
+        proxy_pass http://pl_frontend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 禁用缓存
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        add_header Expires "0";
+    }
+
+    location /api/ {
+        proxy_pass http://pl_backend;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    location /@vite/ {
+        proxy_pass http://pl_frontend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+}

deploy/nginx/conf.d/pl.conf.disabled

@@ -0,0 +1,99 @@
+# 陪练试用版 Nginx配置
+# 域名: pl.ireborn.com.cn
+# 后端: peilian-backend:8000 (通过外部网络访问 host.docker.internal:8020)
+# 前端: peilian-frontend:3000 (通过外部网络访问 host.docker.internal:3020)
+
+upstream pl_backend {
+    server host.docker.internal:8020;
+}
+
+upstream pl_frontend {
+    server host.docker.internal:3020;
+}
+
+# HTTP -> HTTPS 重定向
+server {
+    listen 80;
+    server_name pl.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# HTTPS 服务
+server {
+    listen 443 ssl http2;
+    server_name pl.ireborn.com.cn;
+
+    # SSL证书
+    ssl_certificate /etc/letsencrypt/live/pl.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/pl.ireborn.com.cn/privkey.pem;
+    
+    # SSL配置
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+    ssl_prefer_server_ciphers off;
+
+    # 安全头
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # 日志
+    access_log /var/log/nginx/pl_access.log;
+    error_log /var/log/nginx/pl_error.log;
+
+    # 前端页面
+    location / {
+        proxy_pass http://pl_frontend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # API代理
+    location /api/ {
+        proxy_pass http://pl_backend;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 超时设置
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    # WebSocket代理（用于HMR）
+    location /_hmr {
+        proxy_pass http://pl_frontend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+
+    # Vite HMR WebSocket
+    location /@vite/ {
+        proxy_pass http://pl_frontend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+}

deploy/nginx/conf.d/xy.conf

@@ -0,0 +1,96 @@
+# 芯颜定制 (xy.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name xy.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name xy.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/xy.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/xy.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端服务 - HTML文件不缓存
+    location / {
+        proxy_pass http://xy-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML文件不缓存，确保获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # JS/CSS等静态资源（带hash的文件可长期缓存）
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        proxy_pass http://xy-frontend:80;
+        proxy_set_header Host $host;
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://xy-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://xy-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://xy-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/conf.d/yy.conf

@@ -0,0 +1,101 @@
+# 杨扬宠物 (yy.ireborn.com.cn) Nginx配置
+# 支持 HTTP 和 HTTPS 访问
+
+# HTTP 重定向到 HTTPS
+server {
+    listen 80;
+    server_name yy.ireborn.com.cn;
+    
+    # Let's Encrypt 验证路径
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    # 其他请求重定向到 HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS 配置
+server {
+    listen 443 ssl http2;
+    server_name yy.ireborn.com.cn;
+    
+    # SSL 证书配置
+    ssl_certificate /etc/letsencrypt/live/yy.ireborn.com.cn/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/yy.ireborn.com.cn/privkey.pem;
+    
+    # SSL 安全配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    # 安全头
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    
+    # 前端静态资源（带哈希，长期缓存）
+    location /assets/ {
+        proxy_pass http://yy-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # 带哈希的文件可以长期缓存
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        expires 1y;
+    }
+    
+    # 前端服务（HTML 不缓存）
+    location / {
+        proxy_pass http://yy-frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # HTML 文件不缓存，确保用户获取最新版本
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        expires 0;
+    }
+    
+    # 后端API
+    location /api/ {
+        proxy_pass http://yy-backend:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+    }
+    
+    # 健康检查
+    location /health {
+        proxy_pass http://yy-backend:8000;
+        proxy_set_header Host $host;
+        access_log off;
+    }
+    
+    # 静态文件上传
+    location /static/uploads/ {
+        proxy_pass http://yy-backend:8000;
+        proxy_set_header Host $host;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+}

deploy/nginx/nginx.conf

@@ -0,0 +1,53 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # 日志格式
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    # 基础配置
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    client_max_body_size 50M;
+
+    # Gzip压缩
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types
+        text/plain
+        text/css
+        text/xml
+        text/javascript
+        application/json
+        application/javascript
+        application/xml+rss
+        application/atom+xml
+        image/svg+xml;
+
+    # 包含站点配置
+    include /etc/nginx/conf.d/*.conf;
+}
+
+
+