目标:自建 OpenCode 服务端,支持团队协作和远程访问
部署架构
单机部署
直接启动
# 安装
npm install -g opencode-ai
# 启动服务端
opencode server --port 8080 --host 0.0.0.0
# 后台运行
nohup opencode server --port 8080 > /var/log/opencode.log 2>&1 &Systemd 服务
# /etc/systemd/system/opencode.service
[Unit]
Description=OpenCode Server
After=network.target
[Service]
Type=simple
User=opencode
ExecStart=/usr/local/bin/opencode server --port 8080
Restart=always
RestartSec=5
Environment="NODE_ENV=production"
[Install]
WantedBy=multi-user.targetsudo systemctl enable opencode
sudo systemctl start opencode
sudo systemctl status opencodeDocker 部署
Dockerfile
FROM node:20-alpine
# 安装 OpenCode
RUN npm install -g opencode-ai
# 创建非 root 用户
RUN addgroup -g 1000 opencode && \
adduser -D -u 1000 -G opencode opencode
USER opencode
# 暴露端口
EXPOSE 8080
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s \
CMD opencode health || exit 1
CMD ["opencode", "server", "--port", "8080", "--host", "0.0.0.0"]Docker Compose
# docker-compose.yml
version: '3.8'
services:
opencode:
build: .
ports:
- "8080:8080"
environment:
- NODE_ENV=production
- OPENCODE_API_KEY=${OPENCODE_API_KEY}
volumes:
- ./config:/home/opencode/.config/opencode
- ./data:/home/opencode/.local/share/opencode
restart: unless-stopped
healthcheck:
test: ["CMD", "opencode", "health"]
interval: 30s
timeout: 3s
retries: 3
redis:
image: redis:7-alpine
volumes:
- redis-data:/data
restart: unless-stopped
volumes:
redis-data:docker-compose up -d
docker-compose logs -f opencodeKubernetes 部署
Deployment
# k8s-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: opencode
labels:
app: opencode
spec:
replicas: 3
selector:
matchLabels:
app: opencode
template:
metadata:
labels:
app: opencode
spec:
containers:
- name: opencode
image: ghcr.io/anomalyco/opencode:latest
ports:
- containerPort: 8080
env:
- name: NODE_ENV
value: "production"
- name: OPENCODE_API_KEY
valueFrom:
secretKeyRef:
name: opencode-secrets
key: api-key
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: opencode
spec:
selector:
app: opencode
ports:
- port: 80
targetPort: 8080
type: ClusterIP应用配置
# 创建密钥
kubectl create secret generic opencode-secrets \
--from-literal=api-key=your-api-key
# 部署
kubectl apply -f k8s-deployment.yaml
# 查看状态
kubectl get pods -l app=opencode
kubectl logs -l app=opencode --tail=100Nginx 反向代理 + SSL
Nginx 配置
# /etc/nginx/sites-available/opencode
upstream opencode_backend {
server 127.0.0.1:8080;
server 127.0.0.1:8081;
server 127.0.0.1:8082;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name opencode.company.com;
# SSL
ssl_certificate /etc/letsencrypt/live/opencode.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/opencode.company.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# WebSocket 支持
location /ws {
proxy_pass http://opencode_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# SSE 流式支持
location /stream {
proxy_pass http://opencode_backend;
proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 3600s;
}
# 普通 API
location / {
proxy_pass http://opencode_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name opencode.company.com;
return 301 https://$server_name$request_uri;
}远程配置端点
组织可通过 .well-known/opencode 统一团队配置:
配置端点实现
# Flask 示例
from flask import Flask, jsonify
app = Flask(__name__)
@app.route('/.well-known/opencode')
def opencode_config():
return jsonify({
"model": "anthropic/claude-sonnet-4-5",
"mcp": {
"internal-docs": {
"url": "https://docs.company.com/mcp"
}
},
"rules": [
"遵循公司代码规范 v2.0",
"所有 API 需要认证中间件"
],
"permission": {
"bash": "ask",
"edit": "allow"
}
})
if __name__ == '__main__':
app.run(port=5000)客户端配置
{
"remoteConfig": {
"url": "https://company.com/.well-known/opencode",
"refreshInterval": 3600
}
}监控与告警
Prometheus 指标
# prometheus.yml
scrape_configs:
- job_name: 'opencode'
static_configs:
- targets: ['opencode:8080']
metrics_path: /metrics关键指标
| 指标 | 说明 | 告警阈值 |
|---|---|---|
opencode_requests_total | 总请求数 | - |
opencode_request_duration_seconds | 请求延迟 | > 10s |
opencode_active_connections | 活跃连接 | > 100 |
opencode_token_usage_total | Token 消耗 | > 1M/天 |
opencode_errors_total | 错误数 | > 10/分钟 |
生产环境检查清单
- SSL/TLS 配置正确
- 防火墙仅开放必要端口
- 日志轮转配置
- 自动备份策略
- 监控告警就绪
- 灾难恢复方案
- 资源限制(CPU/内存)
- 健康检查端点
- 自动扩缩容(K8s HPA)
下一篇:20. LSP 与 ACP