Files

IanShaw027 c1a3dd41dd feat(ops): 添加运维监控配置开关

- 在 .env.example 和 config.example.yaml 中添加 ops.enabled 配置项
- 默认值为 true，保持现有行为
- 当设置为 false 时，左侧栏隐藏运维监控菜单并禁用所有运维监控功能
- 修改后端 GetSettings API，让 ops_monitoring_enabled 受 config.ops.enabled 控制
- 数据清理和预聚合任务默认保持开启状态（通过运维监控设置对话框配置）

2026-01-11 20:10:08 +08:00

.env.example

feat(ops): 添加运维监控配置开关

2026-01-11 20:10:08 +08:00

Caddyfile

fix(流式): 提升SSE稳定性并统一超时配置

2026-01-04 19:49:59 +08:00

config.example.yaml

feat(ops): 添加运维监控配置开关

2026-01-11 20:10:08 +08:00

docker-compose-test.yml

feat(crs-sync): improve error messages and add private IP allowlist support

2026-01-05 12:57:03 +08:00

docker-compose.override.yml.example

Fix/multiple issues (#24 )

2026-01-02 17:47:49 +08:00

docker-compose.standalone.yml

feat(api-key): 添加 IP 白名单/黑名单限制功能 (#221 )

2026-01-09 21:59:32 +08:00

docker-compose.yml

fix(docker): 修改 Redis 配置以支持可选的密码设置

2026-01-09 17:28:55 +08:00

DOCKER.md

fix: add missing deploy/DOCKER.md for Docker workflow

2025-12-18 15:46:43 +08:00

flow.md

flow

2026-01-01 08:45:49 +08:00

install.sh

fix: 修复安装脚本通过 pipe 执行时 root 权限检查失效的问题

2025-12-28 12:25:55 +08:00

Makefile

feat: 还原误删的makefile

2025-12-30 10:29:26 +08:00

README.md

feat(backend): implement gemini quota simulation and rate limiting

2026-01-01 04:29:22 +08:00

sub2api.service

First commit

2025-12-18 13:50:39 +08:00

README.md

Sub2API Deployment Files

This directory contains files for deploying Sub2API on Linux servers.

Deployment Methods

Method	Best For	Setup Wizard
Docker Compose	Quick setup, all-in-one	Not needed (auto-setup)
Binary Install	Production servers, systemd	Web-based wizard

Files

File	Description
`docker-compose.yml`	Docker Compose configuration
`.env.example`	Docker environment variables template
`DOCKER.md`	Docker Hub documentation
`install.sh`	One-click binary installation script
`sub2api.service`	Systemd service unit file
`config.example.yaml`	Example configuration file

Docker Deployment (Recommended)

Quick Start

# Clone repository
git clone https://github.com/Wei-Shaw/sub2api.git
cd sub2api/deploy

# Configure environment
cp .env.example .env
nano .env  # Set POSTGRES_PASSWORD (required)

# Start all services
docker-compose up -d

# View logs (check for auto-generated admin password)
docker-compose logs -f sub2api

# Access Web UI
# http://localhost:8080

How Auto-Setup Works

When using Docker Compose with AUTO_SETUP=true:

On first run, the system automatically:
- Connects to PostgreSQL and Redis
- Applies database migrations (SQL files in backend/migrations/*.sql) and records them in schema_migrations
- Generates JWT secret (if not provided)
- Creates admin account (password auto-generated if not provided)
- Writes config.yaml
No manual Setup Wizard needed - just configure .env and start
If ADMIN_PASSWORD is not set, check logs for the generated password:
```
docker-compose logs sub2api | grep "admin password"
```

Database Migration Notes (PostgreSQL)

Migrations are applied in lexicographic order (e.g. 001_...sql, 002_...sql).
schema_migrations tracks applied migrations (filename + checksum).
Migrations are forward-only; rollback requires a DB backup restore or a manual compensating SQL script.

Verify users.allowed_groups → user_allowed_groups backfill

During the incremental GORM→Ent migration, users.allowed_groups (legacy BIGINT[]) is being replaced by a normalized join table user_allowed_groups(user_id, group_id).

Run this query to compare the legacy data vs the join table:

WITH old_pairs AS (
  SELECT DISTINCT u.id AS user_id, x.group_id
  FROM users u
  CROSS JOIN LATERAL unnest(u.allowed_groups) AS x(group_id)
  WHERE u.allowed_groups IS NOT NULL
)
SELECT
  (SELECT COUNT(*) FROM old_pairs)           AS old_pair_count,
  (SELECT COUNT(*) FROM user_allowed_groups) AS new_pair_count;

Commands

# Start services
docker-compose up -d

# Stop services
docker-compose down

# View logs
docker-compose logs -f sub2api

# Restart Sub2API only
docker-compose restart sub2api

# Update to latest version
docker-compose pull
docker-compose up -d

# Remove all data (caution!)
docker-compose down -v

Environment Variables

Variable	Required	Default	Description
`POSTGRES_PASSWORD`	Yes	-	PostgreSQL password
`SERVER_PORT`	No	`8080`	Server port
`ADMIN_EMAIL`	No	`admin@sub2api.local`	Admin email
`ADMIN_PASSWORD`	No	(auto-generated)	Admin password
`JWT_SECRET`	No	(auto-generated)	JWT secret
`TZ`	No	`Asia/Shanghai`	Timezone
`GEMINI_OAUTH_CLIENT_ID`	No	(builtin)	Google OAuth client ID (Gemini OAuth). Leave empty to use the built-in Gemini CLI client.
`GEMINI_OAUTH_CLIENT_SECRET`	No	(builtin)	Google OAuth client secret (Gemini OAuth). Leave empty to use the built-in Gemini CLI client.
`GEMINI_OAUTH_SCOPES`	No	(default)	OAuth scopes (Gemini OAuth)
`GEMINI_QUOTA_POLICY`	No	(empty)	JSON overrides for Gemini local quota simulation (Code Assist only).

See .env.example for all available options.

Gemini OAuth Configuration

Sub2API supports three methods to connect to Gemini:

Method 1: Code Assist OAuth (Recommended for GCP Users)

No configuration needed - always uses the built-in Gemini CLI OAuth client (public).

Leave GEMINI_OAUTH_CLIENT_ID and GEMINI_OAUTH_CLIENT_SECRET empty
In the Admin UI, create a Gemini OAuth account and select "Code Assist" type
Complete the OAuth flow in your browser

Note: Even if you configure GEMINI_OAUTH_CLIENT_ID / GEMINI_OAUTH_CLIENT_SECRET for AI Studio OAuth, Code Assist OAuth will still use the built-in Gemini CLI client.

Requirements:

Google account with access to Google Cloud Platform
A GCP project (auto-detected or manually specified)

How to get Project ID (if auto-detection fails):

Go to Google Cloud Console
Click the project dropdown at the top of the page
Copy the Project ID (not the project name) from the list
Common formats: my-project-123456 or cloud-ai-companion-xxxxx

Method 2: AI Studio OAuth (For Regular Google Accounts)

Requires your own OAuth client credentials.

Step 1: Create OAuth Client in Google Cloud Console

Go to Google Cloud Console - Credentials
Create a new project or select an existing one
Enable the Generative Language API:
- Go to "APIs & Services" → "Library"
- Search for "Generative Language API"
- Click "Enable"
Configure OAuth Consent Screen (if not done):
- Go to "APIs & Services" → "OAuth consent screen"
- Choose "External" user type
- Fill in app name, user support email, developer contact
- Add scopes: https://www.googleapis.com/auth/generative-language.retriever (and optionally https://www.googleapis.com/auth/cloud-platform)
- Add test users (your Google account email)
Create OAuth 2.0 credentials:
- Go to "APIs & Services" → "Credentials"
- Click "Create Credentials" → "OAuth client ID"
- Application type: Web application (or Desktop app)
- Name: e.g., "Sub2API Gemini"
- Authorized redirect URIs: Add http://localhost:1455/auth/callback
Copy the Client ID and Client Secret
⚠️ Publish to Production (IMPORTANT):
- Go to "APIs & Services" → "OAuth consent screen"
- Click "PUBLISH APP" to move from Testing to Production
- Testing mode limitations:
  - Only manually added test users can authenticate (max 100 users)
  - Refresh tokens expire after 7 days
  - Users must be re-added periodically
- Production mode: Any Google user can authenticate, tokens don't expire
- Note: For sensitive scopes, Google may require verification (demo video, privacy policy)

Step 2: Configure Environment Variables

GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-client-secret

Step 3: Create Account in Admin UI

Create a Gemini OAuth account and select "AI Studio" type
Complete the OAuth flow
- After consent, your browser will be redirected to http://localhost:1455/auth/callback?code=...&state=...
- Copy the full callback URL (recommended) or just the code and paste it back into the Admin UI

Method 3: API Key (Simplest)

Go to Google AI Studio
Click "Create API key"
In Admin UI, create a Gemini API Key account
Paste your API key (starts with AIza...)

Comparison Table

Feature	Code Assist OAuth	AI Studio OAuth	API Key
Setup Complexity	Easy (no config)	Medium (OAuth client)	Easy
GCP Project Required	Yes	No	No
Custom OAuth Client	No (built-in)	Yes (required)	N/A
Rate Limits	GCP quota	Standard	Standard
Best For	GCP developers	Regular users needing OAuth	Quick testing

Binary Installation

For production servers using systemd.

One-Line Installation

curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install.sh | sudo bash

Manual Installation

Download the latest release from GitHub Releases
Extract and copy the binary to /opt/sub2api/
Copy sub2api.service to /etc/systemd/system/

Run:

sudo systemctl daemon-reload
sudo systemctl enable sub2api
sudo systemctl start sub2api

Open the Setup Wizard in your browser to complete configuration

Commands

# Install
sudo ./install.sh

# Upgrade
sudo ./install.sh upgrade

# Uninstall
sudo ./install.sh uninstall

Service Management

# Start the service
sudo systemctl start sub2api

# Stop the service
sudo systemctl stop sub2api

# Restart the service
sudo systemctl restart sub2api

# Check status
sudo systemctl status sub2api

# View logs
sudo journalctl -u sub2api -f

# Enable auto-start on boot
sudo systemctl enable sub2api

Configuration

Server Address and Port

During installation, you will be prompted to configure the server listen address and port. These settings are stored in the systemd service file as environment variables.

To change after installation:

Edit the systemd service:
```
sudo systemctl edit sub2api
```

Add or modify:

[Service]
Environment=SERVER_HOST=0.0.0.0
Environment=SERVER_PORT=3000

Reload and restart:

sudo systemctl daemon-reload
sudo systemctl restart sub2api

Gemini OAuth Configuration

If you need to use AI Studio OAuth for Gemini accounts, add the OAuth client credentials to the systemd service file:

Edit the service file:

sudo nano /etc/systemd/system/sub2api.service

Add your OAuth credentials in the [Service] section (after the existing Environment= lines):

Environment=GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
Environment=GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-client-secret

Reload and restart:

sudo systemctl daemon-reload
sudo systemctl restart sub2api

Note: Code Assist OAuth does not require any configuration - it uses the built-in Gemini CLI client. See the Gemini OAuth Configuration section above for detailed setup instructions.

Application Configuration

The main config file is at /etc/sub2api/config.yaml (created by Setup Wizard).

Prerequisites

Linux server (Ubuntu 20.04+, Debian 11+, CentOS 8+, etc.)
PostgreSQL 14+
Redis 6+
systemd

Directory Structure

/opt/sub2api/
├── sub2api              # Main binary
├── sub2api.backup       # Backup (after upgrade)
└── data/                # Runtime data

/etc/sub2api/
└── config.yaml          # Configuration file

Troubleshooting

Docker

# Check container status
docker-compose ps

# View detailed logs
docker-compose logs --tail=100 sub2api

# Check database connection
docker-compose exec postgres pg_isready

# Check Redis connection
docker-compose exec redis redis-cli ping

# Restart all services
docker-compose restart

Binary Install

# Check service status
sudo systemctl status sub2api

# View recent logs
sudo journalctl -u sub2api -n 50

# Check config file
sudo cat /etc/sub2api/config.yaml

# Check PostgreSQL
sudo systemctl status postgresql

# Check Redis
sudo systemctl status redis

Common Issues

Port already in use: Change SERVER_PORT in .env or systemd config
Database connection failed: Check PostgreSQL is running and credentials are correct
Redis connection failed: Check Redis is running and password is correct
Permission denied: Ensure proper file ownership for binary install