remove secondary console domain

2026-04-12 16:41:07 +08:00 · 2026-04-12 16:41:07 +08:00 · 37c5788263
commit 37c5788263
parent b8cd175ecc
11 changed files with 8 additions and 34 deletions
--- a/.github/workflows/pipeline.yaml
+++ b/.github/workflows/pipeline.yaml
@ -43,7 +43,6 @@ concurrency:

 env:
  PRIMARY_DOMAIN: console.svc.plus
-  SECONDARY_DOMAIN: console.onwalk.net
  NEXT_PUBLIC_RUNTIME_ENVIRONMENT: prod
  NEXT_PUBLIC_RUNTIME_REGION: cn
  ACCOUNT_SERVICE_URL: https://accounts.svc.plus
@ -177,5 +176,4 @@ jobs:
      - name: Verify Frontend Release
        run: |
          bash scripts/github-actions/verify-frontend-release.sh \
-            "${PRIMARY_DOMAIN}" \
-            "${SECONDARY_DOMAIN}"
+            "${PRIMARY_DOMAIN}"
--- a/deploy/single-node/.env.runtime.example
+++ b/deploy/single-node/.env.runtime.example
@ -1,7 +1,6 @@
 # Compose settings
 FRONTEND_IMAGE=ghcr.io/cloud-neutral-toolkit/dashboard:replace-me
 PRIMARY_DOMAIN=cn-console.svc.plus
-SECONDARY_DOMAIN=cn-console.onwalk.net

 # Frontend runtime
 NODE_ENV=production
--- a/deploy/single-node/Caddyfile
+++ b/deploy/single-node/Caddyfile
@ -1,9 +1,6 @@
-{$PRIMARY_DOMAIN}, {$SECONDARY_DOMAIN} {
+{$PRIMARY_DOMAIN} {
  encode zstd gzip

-  @secondary host {$SECONDARY_DOMAIN}
-  redir @secondary https://{$PRIMARY_DOMAIN}{uri} permanent
-
  handle_path /_next/static/* {
    root * /srv
    header Cache-Control "public, max-age=31536000, immutable"
--- a/deploy/single-node/docker-compose.yml
+++ b/deploy/single-node/docker-compose.yml
@ -37,7 +37,6 @@ services:
      - "443:443"
    environment:
      PRIMARY_DOMAIN: ${PRIMARY_DOMAIN:?set PRIMARY_DOMAIN in .env.runtime}
-      SECONDARY_DOMAIN: ${SECONDARY_DOMAIN:?set SECONDARY_DOMAIN in .env.runtime}
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - frontend_static:/srv:ro
--- a/docs/en/deployment.md
+++ b/docs/en/deployment.md
@ -6,7 +6,6 @@
 - Deploy host: `root@cn-console.svc.plus`
 - Domains:
  - `cn-console.svc.plus`
-  - `cn-console.onwalk.net`
 - Frontend release workflow: `.github/workflows/service_release_frontend-deploy.yml`

 ## Operating Model
@ -21,7 +20,7 @@ The stack is static-first:
 - The Next.js standalone container serves dynamic HTML, auth endpoints, and API proxy routes. Static assets and hashed CSS/JS files are extracted by the `frontend-assets` helper task, so the runtime no longer needs to compile anything on the single-node host.
 - `docs.svc.plus` is the source of truth for rendered docs/blog pages; the browser does not call it directly.

-Releases are orchestrated through `.github/workflows/service_release_frontend-deploy.yml`. That workflow builds/pushes the image, renders `.env.runtime` including `DOCS_SERVICE_URL` / `DOCS_SERVICE_INTERNAL_URL`, and ships `docker-compose.yml`, `Caddyfile`, and the runtime env file to the host. The control-plane workflow `.github/workflows/service_release_apiserver-deploy.yml` then updates Cloudflare DNS for the release domain (via `scripts/github-actions/update-release-dns.sh`) so `cn-console.svc.plus` and the redirected alias `cn-console.onwalk.net` point at the new environment.
+Releases are orchestrated through `.github/workflows/service_release_frontend-deploy.yml`. That workflow builds/pushes the image, renders `.env.runtime` including `DOCS_SERVICE_URL` / `DOCS_SERVICE_INTERNAL_URL`, and ships `docker-compose.yml`, `Caddyfile`, and the runtime env file to the host. The control-plane workflow `.github/workflows/service_release_apiserver-deploy.yml` then updates Cloudflare DNS for the release domain (via `scripts/github-actions/update-release-dns.sh`) so `cn-console.svc.plus` points at the new environment.

 This baseline is intentional for the weak-IO single-node host `root@cn-console.svc.plus`. No images are built on the target machine, keeping the deployment lightweight: the host only logs into GHCR, pulls the `dashboard` image, extracts assets into `frontend_static`, and starts `dashboard` plus `caddy` containers via `docker compose`.

--- a/docs/usage/deployment.md
+++ b/docs/usage/deployment.md
@ -7,7 +7,6 @@
 - Deploy host: `root@cn-console.svc.plus`
 - Public domains:
  - `https://cn-console.svc.plus`
-  - `https://cn-console.onwalk.net`
 - Primary origin: `https://cn-console.svc.plus`

 ## Current Delivery Model
@ -24,7 +23,7 @@ This is intentionally static-first for the current weak-IO single-node host. Dyn

 ## Control Plane & DNS Stage

-The control repo (`github-org-x-evor`) tracks `console.svc.plus` through `console.svc.plus.code-workspace` and keeps the `subrepos/accounts.svc.plus` pointer in sync via `skills/cross-repo-upstream-submodule-sync`. Releases resolve metadata with that workspace and the `config/single-node-release` manifests. After `.github/workflows/service_release_frontend-deploy.yml` finishes pushing the new image, the control-plane workflow `.github/workflows/service_release_apiserver-deploy.yml` calls `scripts/github-actions/update-release-dns.sh` to update Cloudflare DNS so the new endpoint is reachable under `cn-console.svc.plus` and `cn-console.onwalk.net`.
+The control repo (`github-org-x-evor`) tracks `console.svc.plus` through `console.svc.plus.code-workspace` and keeps the `subrepos/accounts.svc.plus` pointer in sync via `skills/cross-repo-upstream-submodule-sync`. Releases resolve metadata with that workspace and the `config/single-node-release` manifests. After `.github/workflows/service_release_frontend-deploy.yml` finishes pushing the new image, the control-plane workflow `.github/workflows/service_release_apiserver-deploy.yml` calls `scripts/github-actions/update-release-dns.sh` to update Cloudflare DNS so the new endpoint is reachable under `cn-console.svc.plus`.

 ## Runtime Layout

@ -94,11 +93,11 @@ Repository/environment variables recommended:
 1. GitHub Actions checks out the repo.
 2. Docker builds the frontend image with the public `NEXT_PUBLIC_*` values needed at build time.
 3. The image is pushed to GHCR.
-4. The workflow runs a matrix DNS stage, updating one public domain per job.
+4. The workflow updates Cloudflare DNS for the release domain.
 5. The workflow renders `.env.runtime`, including docs service runtime endpoints and the `cn-console` origin settings.
 6. The workflow uploads `docker-compose.yml`, `Caddyfile`, and `.env.runtime` to the host.
 7. The host pulls the new image, refreshes the static asset volume, and starts `dashboard + caddy`.
-8. The workflow verifies `cn-console.svc.plus` and `cn-console.onwalk.net`.
+8. The workflow verifies `cn-console.svc.plus`.

 ## Verification Commands

@ -125,7 +124,6 @@ Remote checks:
 ssh root@cn-console.svc.plus "cd /opt/console-svc-plus && docker compose --env-file .env.runtime ps"
 ssh root@cn-console.svc.plus "curl -fsSI -H 'Host: cn-console.svc.plus' http://127.0.0.1/"
 curl -fsSIL https://cn-console.svc.plus
-curl -fsSIL https://cn-console.onwalk.net
 ```

 ## Failure Signatures
@ -136,8 +134,6 @@ curl -fsSIL https://cn-console.onwalk.net
  The image layout changed and no longer contains `/app/dashboard/static` or `/app/dashboard/public`.
 - `cn-console.svc.plus` returns `502`
  Caddy is up, but the `dashboard` container failed or is not reachable on port `3000`.
- `cn-console.onwalk.net` does not redirect
-  Check the deployed `Caddyfile` and domain DNS.

 ## Rollback

--- a/docs/zh/deployment.md
+++ b/docs/zh/deployment.md
@ -6,7 +6,6 @@
 - 目标主机: `root@cn-console.svc.plus`
 - 域名:
  - `cn-console.svc.plus`
-  - `cn-console.onwalk.net`
 - 前端独立发布流水线: `.github/workflows/service_release_frontend-deploy.yml`

 ## 运行方式
@ -21,7 +20,7 @@
 - Next.js standalone 容器只承接动态页面、认证接口和代理接口，`frontend-assets` 任务会把所有静态文件（包括哈希后的 CSS/JS）拷贝到 `frontend_static`。
 - `docs.svc.plus` 是 docs/blog 的运行时内容源，浏览器不会直接访问它。

-发布由 `.github/workflows/service_release_frontend-deploy.yml` 驱动，CI 构建/推送镜像、渲染包含 `DOCS_SERVICE_URL` / `DOCS_SERVICE_INTERNAL_URL` 的 `.env.runtime`，然后将 `docker-compose.yml`、`Caddyfile` 与运行时环境文件发送到主机。随后控制平面工作流 `.github/workflows/service_release_apiserver-deploy.yml` 通过 `scripts/github-actions/update-release-dns.sh` 更新 Cloudflare DNS，使 `cn-console.svc.plus` 与别名 `cn-console.onwalk.net` 指向更新后的环境。
+发布由 `.github/workflows/service_release_frontend-deploy.yml` 驱动，CI 构建/推送镜像、渲染包含 `DOCS_SERVICE_URL` / `DOCS_SERVICE_INTERNAL_URL` 的 `.env.runtime`，然后将 `docker-compose.yml`、`Caddyfile` 与运行时环境文件发送到主机。随后控制平面工作流 `.github/workflows/service_release_apiserver-deploy.yml` 通过 `scripts/github-actions/update-release-dns.sh` 更新 Cloudflare DNS，使 `cn-console.svc.plus` 指向更新后的环境。

 这是针对弱 IO 单机主机 `root@cn-console.svc.plus` 的部署权衡：主机不会在本地构建镜像，只需登录 GHCR、拉取 `dashboard` 镜像、解包静态资源到 `frontend_static`，再通过 `docker compose` 启动 `dashboard` 与 `caddy`。

--- a/scripts/github-actions/deploy-frontend-single-node.sh
+++ b/scripts/github-actions/deploy-frontend-single-node.sh
@ -22,7 +22,6 @@ require_env GHCR_USERNAME
 require_env GHCR_PASSWORD
 require_env FRONTEND_IMAGE
 require_env PRIMARY_DOMAIN
-require_env SECONDARY_DOMAIN

 GHCR_REGISTRY="${GHCR_REGISTRY:-ghcr.io}"

--- a/scripts/github-actions/render-frontend-runtime-env.sh
+++ b/scripts/github-actions/render-frontend-runtime-env.sh
@ -23,11 +23,9 @@ require_env() {

 require_env FRONTEND_IMAGE
 require_env PRIMARY_DOMAIN
-require_env SECONDARY_DOMAIN

 append_env FRONTEND_IMAGE "${FRONTEND_IMAGE}"
 append_env PRIMARY_DOMAIN "${PRIMARY_DOMAIN}"
-append_env SECONDARY_DOMAIN "${SECONDARY_DOMAIN}"

 append_env NODE_ENV "production"
 append_env PORT "${PORT:-3000}"
--- a/scripts/github-actions/run-console-deploy-playbook.sh
+++ b/scripts/github-actions/run-console-deploy-playbook.sh
@ -16,7 +16,6 @@ ansible_args=(
  -e "INTERNAL_SERVICE_TOKEN=${INTERNAL_SERVICE_TOKEN:?INTERNAL_SERVICE_TOKEN is required}"
  -e "ACCOUNT_SERVICE_URL=${ACCOUNT_SERVICE_URL:?ACCOUNT_SERVICE_URL is required}"
  -e "PRIMARY_DOMAIN=${PRIMARY_DOMAIN:?PRIMARY_DOMAIN is required}"
-  -e "SECONDARY_DOMAIN=${SECONDARY_DOMAIN:?SECONDARY_DOMAIN is required}"
  -e "NEXT_PUBLIC_RUNTIME_ENVIRONMENT=${NEXT_PUBLIC_RUNTIME_ENVIRONMENT:?NEXT_PUBLIC_RUNTIME_ENVIRONMENT is required}"
  -e "NEXT_PUBLIC_RUNTIME_REGION=${NEXT_PUBLIC_RUNTIME_REGION:?NEXT_PUBLIC_RUNTIME_REGION is required}"
  -e "CLOUDFLARE_ZONE_TAG=${CLOUDFLARE_ZONE_TAG:?CLOUDFLARE_ZONE_TAG is required}"
--- a/scripts/github-actions/verify-frontend-release.sh
+++ b/scripts/github-actions/verify-frontend-release.sh
@ -1,21 +1,12 @@
 #!/usr/bin/env bash
 set -euo pipefail

-PRIMARY_DOMAIN="${1:?usage: verify-frontend-release.sh <primary-domain> <secondary-domain>}"
-SECONDARY_DOMAIN="${2:?usage: verify-frontend-release.sh <primary-domain> <secondary-domain>}"
+PRIMARY_DOMAIN="${1:?usage: verify-frontend-release.sh <primary-domain>}"

 primary_url="https://${PRIMARY_DOMAIN}"
-secondary_url="https://${SECONDARY_DOMAIN}"

 curl -fsSIL "${primary_url}" >/dev/null

-secondary_headers="$(curl -fsSIL "${secondary_url}")"
-redirect_target="$(printf '%s\n' "${secondary_headers}" | awk 'tolower($1) == "location:" {print $2}' | tail -n 1 | tr -d '\r')"
-if [[ "${redirect_target}" != "https://${PRIMARY_DOMAIN}/" && "${redirect_target}" != "https://${PRIMARY_DOMAIN}" ]]; then
-  echo "Unexpected secondary redirect target: ${redirect_target}" >&2
-  exit 1
-fi
-
 homepage_html="$(curl -fsSL "${primary_url}")"
 asset_path="$(printf '%s' "${homepage_html}" | grep -Eo '/_next/static/[^"'"'"' ]+\.(css|js)' | head -n 1)"
 if [[ -z "${asset_path}" ]]; then