From f5b3d85a898d1cb8390ab6b0b892ef38921a72a5 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Fri, 17 Apr 2026 16:28:22 +0800 Subject: [PATCH] chore(bridge): update SSH inspection script to target xworkmate-bridge.svc.plus and Caddy config --- .../unified-routing-architecture.md | 70 +++++++++++++++++++ scripts/check-xworkmate-bridge-service.sh | 15 +++- 2 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 docs/architecture/unified-routing-architecture.md diff --git a/docs/architecture/unified-routing-architecture.md b/docs/architecture/unified-routing-architecture.md new file mode 100644 index 00000000..c4bf3304 --- /dev/null +++ b/docs/architecture/unified-routing-architecture.md @@ -0,0 +1,70 @@ +# xworkmate-bridge 统一路由架构文档 + +## 1. 架构概览 (Unified Routing Architecture) + +当前系统采用 `xworkmate-bridge.svc.plus` 作为统一入口,通过 Caddy 进行流量分发与强制鉴权。 + +```mermaid +graph TD + subgraph "External Access" + Client["xworkmate-app (Client)"] + end + + subgraph "Unified Gateway (Caddy)" + Bridge_Domain["https://xworkmate-bridge.svc.plus"] + end + + subgraph "Backend Services (Localhost)" + ManagedBridge["Managed Bridge Core
(Port 8787 / Docker)"] + CodexProvider["Codex ACP Server
(Port 9010 / Systemd)"] + OpenCodeProvider["OpenCode ACP Server
(Port 3910 / Systemd)"] + GeminiAdapter["Gemini ACP Adapter
(Port 8791 / Systemd)"] + OpenClawGateway["OpenClaw Gateway
(Port 18789 / Process)"] + end + + %% Routing Rules + Client -->|HTTPS/WSS| Bridge_Domain + + Bridge_Domain -->|/| ManagedBridge + Bridge_Domain -->|/acp-server/codex/| CodexProvider + Bridge_Domain -->|/acp-server/opencode/| OpenCodeProvider + Bridge_Domain -->|/acp-server/gemini/| GeminiAdapter + Bridge_Domain -->|/gateway/openclaw/| OpenClawGateway + + %% Service Connections + ManagedBridge -.->|Capabilities Discovery| Client + OpenClawGateway <-->|WSS| Client +``` + +## 2. 路由分发规则 + +| 统一路径 | 转发目标 | 协议类型 | 备注 | +| :--- | :--- | :--- | :--- | +| `/` | `127.0.0.1:8787` | REST/RPC | Managed Bridge 核心,提供能力发现 | +| `/acp-server/codex/` | `127.0.0.1:9010` | JSON-RPC (SSE) | 映射至 Codex Provider | +| `/acp-server/opencode/` | `127.0.0.1:3910` | JSON-RPC (SSE) | 映射至 OpenCode Provider | +| `/acp-server/gemini/` | `127.0.0.1:8791` | JSON-RPC (SSE) | 映射至 Gemini Adapter | +| `/gateway/openclaw/` | `127.0.0.1:18789` | WSS / RPC | 映射至 OpenClaw Gateway | + +## 3. 运维配置优化 + +### 3.1 统一鉴权 +所有通过 `xworkmate-bridge.svc.plus` 域名访问的请求(除 Caddy 内部 handle 外)均由 Caddy 强制校验: +- **Header**: `Authorization: Bearer ***REMOVED-CREDENTIAL***` +- **未授权响应**: `401 Unauthorized` + +### 3.2 SSE / WebSocket 优化 +所有反向代理均配置了 `flush_interval -1`,禁用了响应缓冲,以支持低延迟的 SSE 流式输出和稳定的 WebSocket 长连接。 + +### 3.3 日志持久化 (Docker) +`xworkmate-bridge-managed` 容器已配置日志挂载: +- **宿主机路径**: `/var/log/xworkmate-bridge/` +- **容器路径**: `/app/logs` +- **轮转策略**: 单文件 50MB,保留最近 3 个文件。 + +## 4. 后端服务启动参考 + +- **Codex**: `/usr/local/bin/xworkmate-go-core serve --listen 127.0.0.1:9010` +- **OpenCode**: `/usr/local/bin/xworkmate-go-core serve --listen 127.0.0.1:3910` +- **Gemini**: `/usr/local/bin/xworkmate-go-core gemini-acp-adapter --listen 127.0.0.1:8791 ...` +- **Gateway**: `openclaw-gateway run` (Port 18789) diff --git a/scripts/check-xworkmate-bridge-service.sh b/scripts/check-xworkmate-bridge-service.sh index 331808ff..35808bdb 100755 --- a/scripts/check-xworkmate-bridge-service.sh +++ b/scripts/check-xworkmate-bridge-service.sh @@ -6,8 +6,9 @@ if [[ -f .env ]]; then set -a && source ./.env && set +a fi -SSH_TARGET="${XWORKMATE_TEST_SSH_TARGET:-root@p-xhttp-contabo.svc.plus}" +SSH_TARGET="${XWORKMATE_TEST_SSH_TARGET:-root@xworkmate-bridge.svc.plus}" BRIDGE_SERVICE="${XWORKMATE_TEST_BRIDGE_SERVICE:-xworkmate-bridge.svc.plus}" +CADDY_CONFIG="${XWORKMATE_TEST_CADDY_CONFIG:-/etc/caddy/conf.d/xworkmate-bridge.caddy}" SSH_BIN="${SSH_BIN:-ssh}" SSH_CONNECT_TIMEOUT="${XWORKMATE_TEST_SSH_CONNECT_TIMEOUT:-8}" SSH_EXTRA_OPTS="${XWORKMATE_TEST_SSH_OPTS:-}" @@ -20,11 +21,12 @@ echo "==> Inspecting ${BRIDGE_SERVICE} on ${SSH_TARGET}" -o BatchMode=yes \ -o ConnectTimeout="${SSH_CONNECT_TIMEOUT}" \ ${SSH_EXTRA_OPTS} \ - "${SSH_TARGET}" bash -s -- "${BRIDGE_SERVICE}" "${JOURNAL_LINES}" <<'REMOTE' + "${SSH_TARGET}" bash -s -- "${BRIDGE_SERVICE}" "${JOURNAL_LINES}" "${CADDY_CONFIG}" <<'REMOTE' set -euo pipefail service_name="${1}" journal_lines="${2}" +caddy_config="${3}" echo "## Access" echo "host=$(hostname -f 2>/dev/null || hostname)" @@ -32,6 +34,15 @@ echo "time=$(date -Is)" echo "kernel=$(uname -srmo)" echo +echo "## Caddy Configuration" +if [[ -f "${caddy_config}" ]]; then + echo "path: ${caddy_config}" + cat "${caddy_config}" +else + echo "Caddy config not found at ${caddy_config}" +fi +echo + echo "## System" systemctl is-system-running || true echo