fix: 三节点部署脚本修复 + sub2api 容器代理透传

- GOST 下载 URL 修复：补全版本号 (gost_3.2.6_linux_amd64.tar.gz) - CN 中转机服务名改为 gost-sub2api-relay，避免与现有 gost-relay 冲突 - CN 中转机监听协议改为 http（兼容 node-tls-proxy 的 HTTP CONNECT） - 美国落地机服务名改为 gost-sub2api-exit - sub2api 容器透传 HTTPS_PROXY/HTTP_PROXY 环境变量（解决 OAuth 超时） - ops_cleanup 日志字段名避免触发 ERROR 误判 - 添加密码重置脚本和 SOCKS5 服务文件
2026-03-26 12:09:05 +08:00 · 2026-03-26 12:09:05 +08:00 · f5abc62fd3
commit f5abc62fd3
parent b3cb3ea345
6 changed files with 86 additions and 15 deletions
--- a/antigravity/maintenance/setup-node2-cn-relay.sh
+++ b/antigravity/maintenance/setup-node2-cn-relay.sh
@ -34,8 +34,9 @@ if ! command -v gost &>/dev/null; then
    ARCH=$(uname -m)
    [ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
    LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
+    VER="${LATEST#v}"
    wget -qO /tmp/gost.tar.gz \
-        "https://github.com/go-gost/gost/releases/download/${LATEST}/gost_linux_${GARCH}.tar.gz"
+        "https://github.com/go-gost/gost/releases/download/${LATEST}/gost_${VER}_linux_${GARCH}.tar.gz"
    tar xzf /tmp/gost.tar.gz -C /tmp/
    mv /tmp/gost /usr/local/bin/gost
    chmod +x /usr/local/bin/gost
@ -46,16 +47,16 @@ ok "GOST $(gost -V 2>/dev/null | head -1 || echo '已安装')"
 # 中转机职责：
 #   - 接收上海 sub2api 发来的 relay+tls 连接（:3456）
 #   - 将流量通过 relay+tls 转发到美国落地机（:8443）
-cat > /etc/systemd/system/gost-relay.service << EOF
+cat > /etc/systemd/system/gost-sub2api-relay.service << EOF
 [Unit]
-Description=GOST CN Relay - 接收上海转发到美国落地
+Description=GOST sub2api CN Relay - 接收上海转发到美国落地
 After=network.target

 [Service]
 Type=simple
 User=nobody
 ExecStart=/usr/local/bin/gost \\
-    -L "relay+tls://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT_FROM_SH}" \\
+    -L "http://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT_FROM_SH}" \\
    -F "relay+tls://${GOST_USER}:${GOST_PASS}@${US_LANDING_IP}:${LISTEN_PORT_TO_US}"
 Restart=always
 RestartSec=5
@ -66,10 +67,10 @@ WantedBy=multi-user.target
 EOF

 systemctl daemon-reload
-systemctl enable gost-relay
-systemctl restart gost-relay
+systemctl enable gost-sub2api-relay
+systemctl restart gost-sub2api-relay
 sleep 2
-ok "GOST 中转服务已启动"
+ok "GOST 中转服务已启动（服务名: gost-sub2api-relay，不影响现有 gost-relay）"

 # ── 3. 防火墙开放端口 ───────────────────────────────
 if command -v ufw &>/dev/null; then
@ -93,4 +94,4 @@ echo "【GOST 认证信息（勿泄露）】"
 echo "  用户名: ${GOST_USER}"
 echo "  密码:   ${GOST_PASS}"
 echo ""
-systemctl status gost-relay --no-pager -l | tail -5
+systemctl status gost-sub2api-relay --no-pager -l | tail -5
--- a/antigravity/maintenance/setup-node3-us-landing.sh
+++ b/antigravity/maintenance/setup-node3-us-landing.sh
@ -71,8 +71,9 @@ if ! command -v gost &>/dev/null; then
    [ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
    LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest \
              | grep '"tag_name"' | cut -d'"' -f4)
+    VER="${LATEST#v}"
    wget -qO /tmp/gost.tar.gz \
-        "https://github.com/go-gost/gost/releases/download/${LATEST}/gost_linux_${GARCH}.tar.gz"
+        "https://github.com/go-gost/gost/releases/download/${LATEST}/gost_${VER}_linux_${GARCH}.tar.gz"
    tar xzf /tmp/gost.tar.gz -C /tmp/
    mv /tmp/gost /usr/local/bin/gost
    chmod +x /usr/local/bin/gost
@ -86,9 +87,9 @@ fi

 # ── 6. 创建 GOST 出口服务 ──────────────────────────
 # 落地机职责：监听 CN中转机 relay+tls 连接，直接出口到 Anthropic/Google
-cat > /etc/systemd/system/gost-exit.service << EOF
+cat > /etc/systemd/system/gost-sub2api-exit.service << EOF
 [Unit]
-Description=GOST US Landing Exit - 接收中转，直连 Anthropic/Google
+Description=GOST sub2api US Landing Exit - 接收中转，直连 Anthropic/Google
 After=network.target

 [Service]
@ -105,8 +106,8 @@ WantedBy=multi-user.target
 EOF

 systemctl daemon-reload
-systemctl enable gost-exit
-systemctl restart gost-exit
+systemctl enable gost-sub2api-exit
+systemctl restart gost-sub2api-exit
 sleep 2
 ok "GOST 出口服务已启动"

@ -131,7 +132,7 @@ echo "  时区:        $(timedatectl show -p Timezone --value)"
 echo "  当前时间:    $(date)"
 echo ""
 echo "【GOST 服务状态】"
-systemctl status gost-exit --no-pager -l | tail -5
+systemctl status gost-sub2api-exit --no-pager -l | tail -5
 echo ""
 echo "【出口 IP 信息】"
 curl -sf ipinfo.io 2>/dev/null | python3 -c "
--- a/backend/internal/service/ops_cleanup_service.go
+++ b/backend/internal/service/ops_cleanup_service.go
@ -166,7 +166,7 @@ type opsCleanupDeletedCounts struct {

 func (c opsCleanupDeletedCounts) String() string {
 	return fmt.Sprintf(
-		"error_logs=%d retry_attempts=%d alert_events=%d system_logs=%d log_audits=%d system_metrics=%d hourly_preagg=%d daily_preagg=%d",
+		"err_logs=%d retry_attempts=%d alert_events=%d sys_logs=%d log_audits=%d sys_metrics=%d hourly_preagg=%d daily_preagg=%d",
 		c.errorLogs,
 		c.retryAttempts,
 		c.alertEvents,
--- a/deploy/docker-compose.tls-proxy.yml
+++ b/deploy/docker-compose.tls-proxy.yml
@ -22,6 +22,10 @@ services:
      - GATEWAY_NODE_TLS_PROXY_LISTEN_PORT=3456
      - GATEWAY_NODE_TLS_PROXY_LISTEN_HOST=node-tls-proxy
      - GATEWAY_NODE_TLS_PROXY_UPSTREAM_HOST=api.anthropic.com
+      # 全局代理：OAuth/GitHub 等外部请求走 GOST 中转
+      - HTTPS_PROXY=${HTTPS_PROXY:-}
+      - HTTP_PROXY=${HTTP_PROXY:-}
+      - NO_PROXY=localhost,127.0.0.1,node-tls-proxy,postgres,redis
    depends_on:
      node-tls-proxy:
        condition: service_healthy
--- a/gost-socks5.service
+++ b/gost-socks5.service
@ -0,0 +1,14 @@
+[Unit]
+Description=GOST SOCKS5 Proxy
+After=network.target
+
+[Service]
+Type=simple
+User=nobody
+ExecStart=/usr/local/bin/gost -L socks5://gostuser:fastapipwd@:1080
+Restart=always
+RestartSec=5
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
--- a/reset-password.sh
+++ b/reset-password.sh
@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# 重置用户密码脚本
+# 用法: bash reset-password.sh
+set -euo pipefail
+
+EMAIL="zfc9393@163.com"
+PASSWORD="zfc123.."
+DB_USER="sub2api"
+DB_NAME="sub2api"
+
+# 自动查找 docker-compose 文件所在目录
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+COMPOSE_DIR="$SCRIPT_DIR/deploy"
+if [ ! -f "$COMPOSE_DIR/docker-compose.yml" ]; then
+    COMPOSE_DIR="$SCRIPT_DIR"
+fi
+
+cd "$COMPOSE_DIR"
+echo "=== 重置密码: $EMAIL ==="
+
+# 1. 确保 pgcrypto 扩展存在
+docker compose exec -T postgres psql -U "$DB_USER" -d "$DB_NAME" -c \
+  "CREATE EXTENSION IF NOT EXISTS pgcrypto;" 2>/dev/null
+
+# 2. 检查用户是否存在
+EXISTS=$(docker compose exec -T postgres psql -U "$DB_USER" -d "$DB_NAME" -t -A -c \
+  "SELECT COUNT(1) FROM users WHERE email = '$EMAIL';")
+
+if [ "$EXISTS" -gt 0 ]; then
+    # 用户存在 → 更新密码
+    docker compose exec -T postgres psql -U "$DB_USER" -d "$DB_NAME" -c \
+      "UPDATE users SET password_hash = crypt('$PASSWORD', gen_salt('bf', 10)), updated_at = NOW() WHERE email = '$EMAIL';"
+    echo "✅ 密码已重置"
+else
+    # 用户不存在 → 创建管理员
+    docker compose exec -T postgres psql -U "$DB_USER" -d "$DB_NAME" -c \
+      "INSERT INTO users (email, password_hash, role, balance, concurrency, status, created_at, updated_at)
+       VALUES ('$EMAIL', crypt('$PASSWORD', gen_salt('bf', 10)), 'admin', 0, 5, 'active', NOW(), NOW());"
+    echo "✅ 管理员用户已创建"
+fi
+
+# 3. 验证
+echo ""
+echo "=== 用户信息 ==="
+docker compose exec -T postgres psql -U "$DB_USER" -d "$DB_NAME" -c \
+  "SELECT id, email, role, status FROM users WHERE email = '$EMAIL';"
+
+echo ""
+echo "登录信息:"
+echo "  邮箱: $EMAIL"
+echo "  密码: $PASSWORD"