diff --git a/01-init-env.sh b/01-init-env.sh index d7d5271..0dd3a80 100755 --- a/01-init-env.sh +++ b/01-init-env.sh @@ -68,7 +68,10 @@ REDIS_PORT=6379 REDIS_PASSWORD=openIM123 # ── Kafka(Docker 本地运行,KRaft 模式)──────────────────────────────────── +# KAFKA_PORT:本机 open-im-server / chat 等使用的 bootstrap(127.0.0.1:KAFKA_PORT) +# KAFKA_EXTERNAL_PORT:外网客户端 bootstrap(DEPLOY_TEST_IP:KAFKA_EXTERNAL_PORT),PLAINTEXT 无加密,须防火墙/安全组放行 KAFKA_PORT=9092 +KAFKA_EXTERNAL_PORT=9094 # ── Etcd(Docker 本地运行,服务发现注册中心)─────────────────────────────── ETCD_PORT=2379 diff --git a/03-start-infra.sh b/03-start-infra.sh index ec503d4..0d6d59d 100755 --- a/03-start-infra.sh +++ b/03-start-infra.sh @@ -63,36 +63,42 @@ start_docker_logger "dev-redis" step "Kafka (KRaft)" if docker ps --format '{{.Names}}' | grep -q '^dev-kafka$'; then - success "Kafka 已在运行 (container=dev-kafka) :${KAFKA_PORT}" + success "Kafka 已在运行 (container=dev-kafka) 本机 :${KAFKA_PORT} 外网 ${DEPLOY_TEST_IP}:${KAFKA_EXTERNAL_PORT:-9094}" elif docker ps -a --format '{{.Names}}' | grep -q '^dev-kafka$'; then info "重新启动已有容器 dev-kafka..." docker start dev-kafka > /dev/null else info "创建并启动 Kafka 容器(首次拉取镜像可能较慢)..." KAFKA_CLUSTER_ID="MkU3OEVBNTcwNTJENDM2Qk" + KAFKA_EXTERNAL_PORT="${KAFKA_EXTERNAL_PORT:-9094}" # bitnamilegacy/kafka 容器内以 uid=1001 运行,宿主目录需提前授权 mkdir -p "${DATA_DIR}/kafka" chown -R 1001:1001 "${DATA_DIR}/kafka" 2>/dev/null || \ chmod -R 777 "${DATA_DIR}/kafka" # 无 chown 权限时退回 777 + # 双 listener:INTERNAL 供本机服务(与 kafka.yml 127.0.0.1 一致);EXTERNAL 供公网 bootstrap(advertise DEPLOY_TEST_IP) docker run -d \ --name dev-kafka \ --restart unless-stopped \ -p "${KAFKA_PORT}:9092" \ + -p "${KAFKA_EXTERNAL_PORT}:9094" \ -v "${DATA_DIR}/kafka:/bitnami/kafka" \ -e KAFKA_CFG_NODE_ID=0 \ -e KAFKA_CFG_PROCESS_ROLES=controller,broker \ - -e KAFKA_CFG_LISTENERS="PLAINTEXT://:9092,CONTROLLER://:9093" \ - -e KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP="CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT" \ + -e KAFKA_CFG_LISTENERS="INTERNAL://:9092,EXTERNAL://:9094,CONTROLLER://:9093" \ + -e KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP="CONTROLLER:PLAINTEXT,INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT" \ -e KAFKA_CFG_CONTROLLER_QUORUM_VOTERS="0@localhost:9093" \ -e KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER \ - -e KAFKA_CFG_ADVERTISED_LISTENERS="PLAINTEXT://127.0.0.1:${KAFKA_PORT}" \ + -e KAFKA_CFG_INTER_BROKER_LISTENER_NAME=INTERNAL \ + -e KAFKA_CFG_ADVERTISED_LISTENERS="INTERNAL://127.0.0.1:${KAFKA_PORT},EXTERNAL://${DEPLOY_TEST_IP}:${KAFKA_EXTERNAL_PORT}" \ -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true \ -e KAFKA_KRAFT_CLUSTER_ID="$KAFKA_CLUSTER_ID" \ "${LOG_OPTS[@]}" \ bitnamilegacy/kafka:3.5.1 \ > /dev/null + info " 本机 bootstrap: 127.0.0.1:${KAFKA_PORT}(INTERNAL)" + info " 外网 bootstrap: ${DEPLOY_TEST_IP}:${KAFKA_EXTERNAL_PORT}(EXTERNAL,PLAINTEXT;请在安全组放行 TCP ${KAFKA_EXTERNAL_PORT})" fi start_docker_logger "dev-kafka" @@ -115,7 +121,7 @@ for _i in $(seq 1 45); do done echo "" # 清除 \r 留下的行 if [[ $_kafka_ready -eq 1 ]]; then - success "Kafka 已就绪 :${KAFKA_PORT}" + success "Kafka 已就绪 本机 127.0.0.1:${KAFKA_PORT} 外网 ${DEPLOY_TEST_IP}:${KAFKA_EXTERNAL_PORT:-9094}" else error "Kafka 90s 内未就绪,请检查日志: ./deploy-test/logs.sh kafka" exit 1 @@ -250,6 +256,7 @@ echo " Docker 容器日志: $DOCKER_LOG_DIR/" echo " 本脚本执行日志: $_CURRENT_SCRIPT_LOG" echo "" echo -e " LiveKit 公网: ${LIVEKIT_NODE_IP}:50000-51000/udp (WebRTC 媒体流)" +echo -e " Kafka 外网 bootstrap(若已映射): ${DEPLOY_TEST_IP}:${KAFKA_EXTERNAL_PORT:-9094} TCP PLAINTEXT" echo "" success "Docker 基础设施已就绪!" echo "" diff --git a/README.md b/README.md index 1676892..8c7233b 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,7 @@ BUILD_AWS_SECRET_KEY=xxx REDIS_PORT=6379 REDIS_PASSWORD=openIM123 KAFKA_PORT=9092 +KAFKA_EXTERNAL_PORT=9094 # 外网访问 Kafka bootstrap:DEPLOY_TEST_IP:KAFKA_EXTERNAL_PORT(须安全组放行) ETCD_PORT=2379 # ══ LiveKit(本机 Docker,使用公网 IP)════════════════════════ @@ -246,10 +247,12 @@ TENCENT_SDK_SECRET_KEY=xxx | 服务 | 端口 | |------|------| | Redis | :6379 | -| Kafka | :9092 | +| Kafka | 本机服务:`127.0.0.1:9092`(INTERNAL);外网客户端:`DEPLOY_TEST_IP:9094`(EXTERNAL,PLAINTEXT,默认 `KAFKA_EXTERNAL_PORT=9094`) | | Etcd | :2379 | | LiveKit | :7880 (API) / :7882 (TCP) / :50000-51000/udp (WebRTC) | +> **Kafka 外网**:`03-start-infra.sh` 使用双 listener。云主机安全组需放行 **TCP `KAFKA_EXTERNAL_PORT`**(默认 9094)。仅本机跑后端时仍连 `127.0.0.1:9092` 即可。**若曾用旧脚本建过 `dev-kafka` 单 listener,需** `docker rm -f dev-kafka` **并删除** `.deploy-test/docker-data/kafka` **后重新执行** `03-start-infra.sh`(或 `remove-infra.sh`)以应用新配置。公网 PLAINTEXT 无加密,生产请配合 VPN 或 SASL。 + --- ## LiveKit 说明 diff --git a/status.sh b/status.sh index d77665a..f16fbee 100755 --- a/status.sh +++ b/status.sh @@ -18,6 +18,7 @@ echo "" echo -e "${BOLD}[ Docker 基础设施 ]${NC}" print_container_status "Redis" "dev-redis" "${REDIS_PORT:-6379}" print_container_status "Kafka" "dev-kafka" "${KAFKA_PORT:-9092}" +printf " ${CYAN}◉${NC} %-10s Kafka 外网 bootstrap(EXTERNAL)%s:%s TCP PLAINTEXT\n" "" "${DEPLOY_TEST_IP:-?}" "${KAFKA_EXTERNAL_PORT:-9094}" print_container_status "Etcd" "dev-etcd" "${ETCD_PORT:-2379}" print_container_status "LiveKit" "dev-livekit" "7880" printf " ${CYAN}◉${NC} %-10s 公网 %s:50000-51000/udp (WebRTC)\n" "" "${LIVEKIT_NODE_IP:-?}"