chore(bridge): update SSH inspection script to target xworkmate-bridge.svc.plus and Caddy config

2026-04-17 16:28:22 +08:00 · 2026-04-17 16:28:22 +08:00 · f5b3d85a89
commit f5b3d85a89
parent 1fe7de82a9
2 changed files with 83 additions and 2 deletions
--- a/docs/architecture/unified-routing-architecture.md
+++ b/docs/architecture/unified-routing-architecture.md
@ -0,0 +1,70 @@
+# xworkmate-bridge 统一路由架构文档
+
+## 1. 架构概览 (Unified Routing Architecture)
+
+当前系统采用 `xworkmate-bridge.svc.plus` 作为统一入口，通过 Caddy 进行流量分发与强制鉴权。
+
+```mermaid
+graph TD
+    subgraph "External Access"
+        Client["xworkmate-app (Client)"]
+    end
+
+    subgraph "Unified Gateway (Caddy)"
+        Bridge_Domain["https://xworkmate-bridge.svc.plus"]
+    end
+
+    subgraph "Backend Services (Localhost)"
+        ManagedBridge["Managed Bridge Core<br/>(Port 8787 / Docker)"]
+        CodexProvider["Codex ACP Server<br/>(Port 9010 / Systemd)"]
+        OpenCodeProvider["OpenCode ACP Server<br/>(Port 3910 / Systemd)"]
+        GeminiAdapter["Gemini ACP Adapter<br/>(Port 8791 / Systemd)"]
+        OpenClawGateway["OpenClaw Gateway<br/>(Port 18789 / Process)"]
+    end
+
+    %% Routing Rules
+    Client -->|HTTPS/WSS| Bridge_Domain
+
+    Bridge_Domain -->|/| ManagedBridge
+    Bridge_Domain -->|/acp-server/codex/| CodexProvider
+    Bridge_Domain -->|/acp-server/opencode/| OpenCodeProvider
+    Bridge_Domain -->|/acp-server/gemini/| GeminiAdapter
+    Bridge_Domain -->|/gateway/openclaw/| OpenClawGateway
+
+    %% Service Connections
+    ManagedBridge -.->|Capabilities Discovery| Client
+    OpenClawGateway <-->|WSS| Client
+```
+
+## 2. 路由分发规则
+
+| 统一路径 | 转发目标 | 协议类型 | 备注 |
+| :--- | :--- | :--- | :--- |
+| `/` | `127.0.0.1:8787` | REST/RPC | Managed Bridge 核心，提供能力发现 |
+| `/acp-server/codex/` | `127.0.0.1:9010` | JSON-RPC (SSE) | 映射至 Codex Provider |
+| `/acp-server/opencode/` | `127.0.0.1:3910` | JSON-RPC (SSE) | 映射至 OpenCode Provider |
+| `/acp-server/gemini/` | `127.0.0.1:8791` | JSON-RPC (SSE) | 映射至 Gemini Adapter |
+| `/gateway/openclaw/` | `127.0.0.1:18789` | WSS / RPC | 映射至 OpenClaw Gateway |
+
+## 3. 运维配置优化
+
+### 3.1 统一鉴权
+所有通过 `xworkmate-bridge.svc.plus` 域名访问的请求（除 Caddy 内部 handle 外）均由 Caddy 强制校验：
+- **Header**: `Authorization: Bearer ***REMOVED-CREDENTIAL***`
+- **未授权响应**: `401 Unauthorized`
+
+### 3.2 SSE / WebSocket 优化
+所有反向代理均配置了 `flush_interval -1`，禁用了响应缓冲，以支持低延迟的 SSE 流式输出和稳定的 WebSocket 长连接。
+
+### 3.3 日志持久化 (Docker)
+`xworkmate-bridge-managed` 容器已配置日志挂载：
+- **宿主机路径**: `/var/log/xworkmate-bridge/`
+- **容器路径**: `/app/logs`
+- **轮转策略**: 单文件 50MB，保留最近 3 个文件。
+
+## 4. 后端服务启动参考
+
+- **Codex**: `/usr/local/bin/xworkmate-go-core serve --listen 127.0.0.1:9010`
+- **OpenCode**: `/usr/local/bin/xworkmate-go-core serve --listen 127.0.0.1:3910`
+- **Gemini**: `/usr/local/bin/xworkmate-go-core gemini-acp-adapter --listen 127.0.0.1:8791 ...`
+- **Gateway**: `openclaw-gateway run` (Port 18789)
--- a/scripts/check-xworkmate-bridge-service.sh
+++ b/scripts/check-xworkmate-bridge-service.sh
@ -6,8 +6,9 @@ if [[ -f .env ]]; then
  set -a && source ./.env && set +a
 fi

-SSH_TARGET="${XWORKMATE_TEST_SSH_TARGET:-root@p-xhttp-contabo.svc.plus}"
+SSH_TARGET="${XWORKMATE_TEST_SSH_TARGET:-root@xworkmate-bridge.svc.plus}"
 BRIDGE_SERVICE="${XWORKMATE_TEST_BRIDGE_SERVICE:-xworkmate-bridge.svc.plus}"
+CADDY_CONFIG="${XWORKMATE_TEST_CADDY_CONFIG:-/etc/caddy/conf.d/xworkmate-bridge.caddy}"
 SSH_BIN="${SSH_BIN:-ssh}"
 SSH_CONNECT_TIMEOUT="${XWORKMATE_TEST_SSH_CONNECT_TIMEOUT:-8}"
 SSH_EXTRA_OPTS="${XWORKMATE_TEST_SSH_OPTS:-}"
@ -20,11 +21,12 @@ echo "==> Inspecting ${BRIDGE_SERVICE} on ${SSH_TARGET}"
  -o BatchMode=yes \
  -o ConnectTimeout="${SSH_CONNECT_TIMEOUT}" \
  ${SSH_EXTRA_OPTS} \
-  "${SSH_TARGET}" bash -s -- "${BRIDGE_SERVICE}" "${JOURNAL_LINES}" <<'REMOTE'
+  "${SSH_TARGET}" bash -s -- "${BRIDGE_SERVICE}" "${JOURNAL_LINES}" "${CADDY_CONFIG}" <<'REMOTE'
 set -euo pipefail

 service_name="${1}"
 journal_lines="${2}"
+caddy_config="${3}"

 echo "## Access"
 echo "host=$(hostname -f 2>/dev/null || hostname)"
@ -32,6 +34,15 @@ echo "time=$(date -Is)"
 echo "kernel=$(uname -srmo)"
 echo

+echo "## Caddy Configuration"
+if [[ -f "${caddy_config}" ]]; then
+  echo "path: ${caddy_config}"
+  cat "${caddy_config}"
+else
+  echo "Caddy config not found at ${caddy_config}"
+fi
+echo
+
 echo "## System"
 systemctl is-system-running || true
 echo