Hyperf对接 部署到阿里云 ECS

整体架构 e 用户请求 ↓ 阿里云 SLB（负载均衡） ↓ ECS（Nginx 反向代理 → Docker 容器 Hyperf） ↓ RDS MySQL + Tair Redis（内网） --- 一、ECS 初始化1. 推荐配置 ┌──────┬─────────────────────────────┐ │ 项目 │ 推荐 │ ├──────┼─────────────────────────────┤ │ 系统 │ Ubuntu22.04LTS │ ├──────┼─────────────────────────────┤ │ 规格 │2核4G 起步，生产4核8G │ ├──────┼─────────────────────────────┤ │ 磁盘 │ 系统盘 40G SSD，数据盘按需 │ ├──────┼─────────────────────────────┤ │ 网络 │ 与 RDS/Redis 同 VPC、同地域 │ └──────┴─────────────────────────────┘2. 安全组规则 入方向：80TCP0.0.0.0/0 HTTP443TCP0.0.0.0/0 HTTPS22TCP 你的办公IP SSH（不要开放0.0.0.0/0） 出方向：全放通（或按需限制）3. 安装 Docker# Ubuntu 22.04curl-fsSLhttps://get.docker.com|bash# 配置阿里云镜像加速（国内 ECS 必须）mkdir-p/etc/dockercat>/etc/docker/daemon.json<<EOF{"registry-mirrors":["https://<你的加速地址>.mirror.aliyuncs.com"],"log-driver":"json-file","log-opts":{"max-size":"100m","max-file":"3"}}EOF systemctl daemon-reload&&systemctl restartdockersystemctlenabledocker▎ 加速地址在：阿里云控制台 → 容器镜像服务 → 镜像加速器 --- 二、项目 Dockerfile（多阶段构建）# ============ Stage 1: 依赖安装 ============FROM hyperf/hyperf:8.1-alpine-v3.18-swoole AS builder WORKDIR /app COPY composer.json composer.lock ./# 只安装生产依赖，跳过 devRUNcomposerinstall\--no-dev\--no-scripts\--no-autoloader\--prefer-dist\--optimize-autoloader COPY..RUNcomposerdump-autoload--optimize--no-dev# ============ Stage 2: 生产镜像 ============FROM hyperf/hyperf:8.1-alpine-v3.18-swoole LABELmaintainer="your-team"WORKDIR /app# 从 builder 拷贝完整项目（含 vendor）COPY--from=builder /app.# 生成 IDE 辅助文件（可选）# RUN php bin/hyperf.php ide-helper:generate# 时区ENVTZ=Asia/Shanghai# 清理 Hyperf 注解缓存（容器启动时重新生成）RUN php bin/hyperf.php vendor:publish--id=config2>/dev/null||trueEXPOSE9501CMD["php","bin/hyperf.php","start"]--- 三、docker-compose.yml（ECS 上运行） version:"3.8"services: app: image: registry.cn-hangzhou.aliyuncs.com/your-ns/your-app:${APP_VERSION:-latest}container_name: hyperf_app restart: always ports: -"9501:9501"volumes: - ./storage/logs:/app/storage/logs - ./.env:/app/.env:ro environment: -APP_ENV=production healthcheck: test:["CMD","curl","-f","http://localhost:9501/health"]interval: 30s timeout: 5s retries:3start_period: 10s deploy: resources: limits: memory: 512M nginx: image: nginx:1.25-alpine container_name: nginx restart: always ports: -"80:80"-"443:443"volumes: - ./deploy/nginx/conf.d:/etc/nginx/conf.d:ro - ./deploy/nginx/ssl:/etc/nginx/ssl:ro - ./storage/logs/nginx:/var/log/nginx depends_on: - app networks: default: driver: bridge --- 四、Nginx 配置 deploy/nginx/conf.d/app.conf upstream hyperf{server app:9501;keepalive32;}# HTTP → HTTPS 跳转server{listen80;server_name your-domain.com;return301https://$host$request_uri;}server{listen443ssl http2;server_name your-domain.com;# 阿里云 SSL 证书（从控制台下载 Nginx 格式）ssl_certificate /etc/nginx/ssl/your-domain.pem;ssl_certificate_key /etc/nginx/ssl/your-domain.key;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5;ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;# 安全头add_header X-Frame-Options SAMEORIGIN;add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection"1; mode=block";client_max_body_size 100m;location /{proxy_pass http://hyperf;proxy_http_version1.1;proxy_set_header Connection"";proxy_set_header Host$host;proxy_set_header X-Real-IP$remote_addr;proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto$scheme;proxy_read_timeout 120s;proxy_connect_timeout 5s;}# 健康检查不记日志location=/health{proxy_pass http://hyperf;access_log off;}access_log /var/log/nginx/access.log;error_log /var/log/nginx/error.log warn;}--- 五、Hyperf 健康检查接口 // app/Controller/HealthController.php<?php declare(strict_types=1);namespace App\Controller;use Hyperf\HttpServer\Annotation\Controller;use Hyperf\HttpServer\Annotation\GetMapping;#[Controller(prefix: '/')]class HealthController extends AbstractController{#[GetMapping(path: 'health')]publicfunctioncheck(): array{return['status'=>'ok','timestamp'=>time()];}}--- 六、CI/CD 流程（推荐：本地构建推 ACR）6.1推送镜像到阿里云 ACR# 登录 ACR（个人版免费，企业版更稳定）dockerlogin--username=your-aliyun-account\registry.cn-hangzhou.aliyuncs.com# 构建并打标签dockerbuild-tregistry.cn-hangzhou.aliyuncs.com/your-ns/your-app:v1.0.0.# 推送dockerpush registry.cn-hangzhou.aliyuncs.com/your-ns/your-app:v1.0.06.2ECS 上部署脚本 deploy/deploy.sh#!/bin/bashset-eAPP_VERSION=${1:-latest}IMAGE="registry.cn-hangzhou.aliyuncs.com/your-ns/your-app:${APP_VERSION}"echo">>> 拉取镜像${IMAGE}"dockerpull"${IMAGE}"echo">>> 更新 docker-compose"APP_VERSION="${APP_VERSION}"docker-composeup-d--no-deps appecho">>> 等待健康检查..."sleep5curl-sfhttp://localhost:9501/health&&echo">>> 部署成功"||echo">>> 健康检查失败，请检查日志"echo">>> 清理旧镜像"dockerimage prune-f# 本地执行部署sshroot@your-ecs-ip"cd /opt/app && bash deploy/deploy.sh v1.0.0"--- 七、Hyperf 生产配置要点 config/autoload/server.php — Worker 数量'settings'=>['worker_num'=>swoole_cpu_num()*2, // CPU核数 ×2'task_worker_num'=>swoole_cpu_num(),'max_request'=>100000, // 防内存泄漏，每个 Worker 处理10万请求后重启'open_tcp_nodelay'=>true,'socket_buffer_size'=>2*1024*1024,], config/autoload/logger.php — 日志'default'=>['handler'=>['class'=>\Monolog\Handler\RotatingFileHandler::class,'constructor'=>['filename'=>BASE_PATH.'/storage/logs/hyperf.log','maxFiles'=>7,'level'=>\Monolog\Logger::INFO,],],'formatter'=>['class'=>\Monolog\Formatter\JsonFormatter::class,],], .env 生产关键配置APP_ENV=productionAPP_DEBUG=false# 扫描缓存（生产必须开启，大幅提升启动速度）SCAN_CACHEABLE=true --- 八、零停机更新 Hyperf 基于 Swoole，支持信号平滑重启：# 方式1：Docker 滚动更新（推荐）docker-composeup-d--no-deps app# docker-compose 会先启动新容器，健康检查通过后停止旧容器# 方式2：容器内发送 SIGUSR1（平滑重启 Worker，不中断连接）dockerexechyperf_appkill-SIGUSR11# 方式3：完全重启（有短暂中断，配合 SLB 健康检查可无感）docker-composerestart app --- 九、目录结构 /opt/app/ ├── docker-compose.yml ├── .env# 生产环境变量（不进 Git）├── deploy/ │ ├── nginx/ │ │ ├── conf.d/app.conf │ │ └── ssl/# 阿里云 SSL 证书│ └── deploy.sh └── storage/ └── logs/# 挂载日志目录--- 十、生产检查清单 - ECS 安全组只开放80/443，SSH 限制来源 IP - .env 不进 Git，通过 SCP 或密钥管理服务下发 -APP_DEBUG=false，SCAN_CACHEABLE=true - Nginx 配置 HTTPS，HTTP 强制跳转 - SSL 证书来自阿里云 SSL 证书服务（免费 DV 证书可用） - Docker 日志限制大小（max-size: 100m） - max_request 设置防内存泄漏 - 挂载 storage/logs 到宿主机，方便排查 - 配置 SLB 健康检查，实现多实例无感更新 - ACR 镜像按版本打 tag，不要只用 latest --- 核心链路：多阶段 Dockerfile 构建精简镜像 → 推送 ACR → ECS 拉取运行 → Nginx 反向代理 → SLB 对外。SCAN_CACHEABLE=true 和 max_request 是生产环境最容易忽略的两个关键配置。