[{"data":1,"prerenderedAt":1997},["ShallowReactive",2],{"blog-\u002Fblog\u002Fcomparison\u002Fhttps-yuanli-zhengshu":3,"blog-related-\u002Fblog\u002Fcomparison\u002Fhttps-yuanli-zhengshu":412},{"id":4,"title":5,"author":6,"body":7,"category":382,"cover":383,"date":384,"description":385,"draft":386,"extension":387,"faq":388,"featured":386,"image":383,"keywords":398,"meta":403,"navigation":404,"path":405,"seo":406,"sitemap":407,"stem":408,"tags":409,"updated":384,"__hash__":411},"blog\u002Fblog\u002Fcomparison\u002Fhttps-yuanli-zhengshu.md","HTTPS的原理和证书类型","HNREIS",{"type":8,"value":9,"toc":362},"minimark",[10,19,22,27,30,41,44,48,51,56,59,62,66,69,76,80,83,87,127,130,198,204,210,216,219,222,228,231,237,240,246,249,266,269,314,317,320,353,356],[11,12,13,14,18],"p",{},"HTTPS 加密网站传输，",[15,16,17],"strong",{},"保护安全、提升信任，是网站标配。"," 这篇讲清原理和证书。",[11,20,21],{},"打开任何主流网站，地址栏都有个小锁图标，URL 以 https:\u002F\u002F 开头——这就是 HTTPS。HTTPS 现在是网站的标配，不上 HTTPS 的网站会被浏览器标记\"不安全\"，用户看了就跑。但 HTTPS 不仅仅是\"装个证书\"那么简单，它背后的加密机制、证书类型、信任体系有讲究。这篇把 HTTPS 的原理、证书类型和部署方法讲清楚。",[23,24,26],"h2",{"id":25},"https是什么","HTTPS是什么",[11,28,29],{},"HTTPS = HTTP + SSL\u002FTLS 加密。HTTP 是明文传输协议——浏览器和服务器之间的数据以明文形式传输，任何能截获流量的人（同一 WiFi 的黑客、ISP、中间人）都能直接看到内容。HTTPS 在 HTTP 之上加了 SSL\u002FTLS 加密层，把明文变成密文。",[31,32,37],"pre",{"className":33,"code":35,"language":36},[34],"language-text","浏览器 ←加密传输→ 服务器（HTTPS）\n（而不是明文HTTP）\n","text",[38,39,35],"code",{"__ignoreMap":40},"",[11,42,43],{},"没有 HTTPS 的网站，用户输入的密码、支付信息、个人资料都是明文传输，被截获就裸奔。HTTPS 让这些数据加密传输，即使被截获也看不到内容。",[23,45,47],{"id":46},"https的原理","HTTPS的原理",[11,49,50],{},"HTTPS 提供三个核心保障：",[52,53,55],"h3",{"id":54},"_1-加密传输","1. 加密传输",[11,57,58],{},"数据在浏览器和服务器之间加密传输，第三方无法窃听内容。即使黑客截获了流量，看到的只是乱码，解不开。这保护了用户的密码、支付信息、个人数据等敏感内容。",[11,60,61],{},"加密过程：浏览器和服务器通过 TLS 握手协商加密算法和密钥（用非对称加密安全交换对称密钥），然后用对称加密传输数据（速度快）。这就是前面\"对称 vs 非对称加密\"的实际应用。",[52,63,65],{"id":64},"_2-身份验证","2. 身份验证",[11,67,68],{},"证书验证服务器身份——浏览器通过服务器提供的证书，确认\"我连接的确实是真正的 example.com，而不是冒充的钓鱼网站\"。这防止了中间人攻击和钓鱼。",[11,70,71,72,75],{},"没有身份验证，黑客可以伪装成你的银行网站骗用户输入密码。HTTPS 的证书机制让这种伪装无法得逞——浏览器会校验证书是否由可信 CA 签发、是否过期、域名是否匹配，任何一项不符都会警告用户。",[15,73,74],{},"防钓鱼","——用户看到地址栏的安全锁和证书信息，能确认网站真实性。",[52,77,79],{"id":78},"_3-完整性","3. 完整性",[11,81,82],{},"数据在传输过程中无法被篡改——如果有人在传输中修改了数据（比如修改支付金额、注入广告、植入恶意代码），HTTPS 能检测到篡改并拒绝。保证用户看到的内容就是服务器发送的原始内容。",[23,84,86],{"id":85},"为什么上https","为什么上HTTPS",[88,89,90,97,103,109,115,121],"ul",{},[91,92,93,96],"li",{},[15,94,95],{},"安全","：加密保护数据——这是 HTTPS 的核心价值。",[91,98,99,102],{},[15,100,101],{},"信任","：浏览器显示安全锁，用户看到锁就放心。没锁或\"不安全\"标记会让用户警惕。",[91,104,105,108],{},[15,106,107],{},"不上 HTTPS","：浏览器标\"不安全\"，用户看到这个标记很可能直接关掉——等于告诉用户\"这个网站不安全，别用\"。",[91,110,111,114],{},[15,112,113],{},"SEO","：Google 等搜索引擎优先收录 HTTPS 网站，HTTP 网站排名会受影响。",[91,116,117,120],{},[15,118,119],{},"功能限制","：很多现代 Web 功能（地理位置、摄像头、Service Worker、HTTP\u002F2）要求 HTTPS 才能用。",[91,122,123,126],{},[15,124,125],{},"标配","：现在网站基本都要上 HTTPS，不上反而是异类。",[23,128,129],{"id":129},"证书类型",[131,132,133,152],"table",{},[134,135,136],"thead",{},[137,138,139,143,146,149],"tr",{},[140,141,142],"th",{},"类型",[140,144,145],{},"验证",[140,147,148],{},"适合",[140,150,151],{},"成本",[153,154,155,170,184],"tbody",{},[137,156,157,161,164,167],{},[158,159,160],"td",{},"DV",[158,162,163],{},"域名",[158,165,166],{},"普通网站",[158,168,169],{},"免费\u002F便宜",[137,171,172,175,178,181],{},[158,173,174],{},"OV",[158,176,177],{},"域名+企业",[158,179,180],{},"企业官网\u002F电商",[158,182,183],{},"几百到几千\u002F年",[137,185,186,189,192,195],{},[158,187,188],{},"EV",[158,190,191],{},"最严格",[158,193,194],{},"金融\u002F高信任",[158,196,197],{},"较贵",[11,199,200,203],{},[15,201,202],{},"DV（Domain Validation，域名验证）","——CA 只验证申请者对域名的控制权（通过 DNS、邮件、文件验证）。颁发快（几分钟到几小时），便宜甚至免费。适合个人网站、博客、小型项目。",[11,205,206,209],{},[15,207,208],{},"OV（Organization Validation，组织验证）","——CA 除了验证域名控制权，还验证申请企业的真实身份（营业执照、电话核实）。颁发需要几天。证书里包含企业信息，用户点击证书详情能看到。适合企业官网、电商、品牌站——用户能确认网站背后是真实企业，可信度更高。",[11,211,212,215],{},[15,213,214],{},"EV（Extended Validation，扩展验证）","——最严格的验证，CA 做全面的企业背景调查。颁发需要一两周。过去 EV 证书会在浏览器地址栏显示企业名（绿色条），现在多数浏览器简化了这个显示，但点击证书仍能看到。适合金融、支付、高价值交易场景——最高级别的信任背书。",[23,217,218],{"id":218},"怎么选证书",[52,220,160],{"id":221},"dv",[11,223,148,224,227],{},[15,225,226],{},"普通网站、博客、个人项目","。快速、免费、够用。Let's Encrypt 提供免费 DV 证书（90 天有效期，可自动续期），阿里云、腾讯云也提供免费 DV 证书（1 年有效期）。绝大多数展示型网站用 DV 完全够。",[52,229,174],{"id":230},"ov",[11,232,148,233,236],{},[15,234,235],{},"企业官网、电商、品牌站","。验证企业身份，证书里能看到企业信息，可信度比 DV 高。客户点击证书详情能确认\"这家公司确实是注册的真实企业\"，对建立信任有帮助。几百到几千一年，看证书品牌和保障金额。",[52,238,188],{"id":239},"ev",[11,241,148,242,245],{},[15,243,244],{},"金融、支付、高价值交易","。最严格的验证，最高级别的信任。但 EV 证书较贵（几千到几万一年），且现代浏览器简化了 EV 的视觉提示（不再显示绿色企业名条），性价比相对下降。是否用 EV 要看具体业务需求。",[23,247,248],{"id":248},"别踩的坑",[11,250,251,253,254,257,258,261,262,265],{},[15,252,107],{},"——不安全 + 浏览器警告 + 影响 SEO + 功能受限。现在几乎没有理由不上 HTTPS，免费 DV 证书让成本几乎为零。",[15,255,256],{},"证书过期","——证书有有效期（DV 通常 90 天到 1 年，OV\u002FEV 1 到 2 年），过期不续期网站会报错，用户看到\"证书已过期\"警告就不敢用。要设置自动续期或提醒。",[15,259,260],{},"该用 OV 用 DV","——企业官网或电商用 DV 证书，可信度不够。用户看不到企业信息，对交易型网站不放心。",[15,263,264],{},"忽视混合内容","——HTTPS 页面里加载 HTTP 资源（图片、脚本、CSS），浏览器会警告\"混合内容\"，部分资源被阻止加载，页面破损。要把所有资源都改成 HTTPS。",[23,267,268],{"id":268},"成本参考",[131,270,271,283],{},[134,272,273],{},[137,274,275,278,281],{},[140,276,277],{},"证书",[140,279,280],{},"说明",[140,282,151],{},[153,284,285,296,305],{},[137,286,287,290,293],{},[158,288,289],{},"DV（免费）",[158,291,292],{},"Let's Encrypt\u002F云厂商",[158,294,295],{},"免费",[137,297,298,300,303],{},[158,299,174],{},[158,301,302],{},"企业验证",[158,304,183],{},[137,306,307,309,312],{},[158,308,188],{},[158,310,311],{},"扩展验证",[158,313,197],{},[11,315,316],{},"DV 免费是主流选择——Let's Encrypt 完全免费，云厂商的免费 DV 证书也够用。OV 几百到几千一年，看品牌（DigiCert、GlobalSign 等国际品牌较贵，国产证书较便宜）和保障金额。EV 几千到几万一年，适合对信任要求极高的场景。",[23,318,319],{"id":319},"怎么上",[321,322,323,329,335,341,347],"ol",{},[91,324,325,328],{},[15,326,327],{},"选证书类型","——根据网站类型选 DV\u002FOV\u002FEV。",[91,330,331,334],{},[15,332,333],{},"申请证书","——DV 可以自助申请（Let's Encrypt、云厂商），OV\u002FEV 要提交企业资料给 CA 审核签发。",[91,336,337,340],{},[15,338,339],{},"部署到服务器","——把证书和私钥部署到 Web 服务器（Nginx、Apache、CDN）。",[91,342,343,346],{},[15,344,345],{},"HTTP 跳转 HTTPS","——配置服务器，让所有 HTTP 请求自动跳转到 HTTPS，确保用户访问的都是加密版本。",[91,348,349,352],{},[15,350,351],{},"注意证书续期","——DV 设置自动续期（Let's Encrypt 的 certbot 工具支持），OV\u002FEV 提前续期避免过期。",[11,354,355],{},"按这个流程走，HTTPS 部署不复杂。免费 DV 证书 + 自动续期，是绝大多数网站的最佳选择。企业官网和电商建议上 OV，提升可信度。",[357,358,359],"blockquote",{},[11,360,361],{},"广州市汉诺雷斯（HNREIS）帮企业上HTTPS和证书管理，网站默认HTTPS。把你的网站安全需求告诉我们，我们给出方案。",{"title":40,"searchDepth":363,"depth":363,"links":364},2,[365,366,372,373,374,379,380,381],{"id":25,"depth":363,"text":26},{"id":46,"depth":363,"text":47,"children":367},[368,370,371],{"id":54,"depth":369,"text":55},3,{"id":64,"depth":369,"text":65},{"id":78,"depth":369,"text":79},{"id":85,"depth":363,"text":86},{"id":129,"depth":363,"text":129},{"id":218,"depth":363,"text":218,"children":375},[376,377,378],{"id":221,"depth":369,"text":160},{"id":230,"depth":369,"text":174},{"id":239,"depth":369,"text":188},{"id":248,"depth":363,"text":248},{"id":268,"depth":363,"text":268},{"id":319,"depth":363,"text":319},"comparison",null,"2025-01-25","HTTPS加密网站传输，保护数据安全。本文讲清HTTPS的原理、证书类型（DV\u002FOV\u002FEV）和企业怎么上。",false,"md",[389,392,395],{"q":390,"a":391},"HTTPS是什么，为什么要上？","HTTPS是加密的HTTP——在HTTP上加SSL\u002FTLS加密，保护传输数据不被窃听篡改。不上HTTPS，数据明文传输，有安全风险；而且浏览器会标\"不安全\"，影响信任和SEO。现在网站基本都要上HTTPS，是标配。",{"q":393,"a":394},"HTTPS证书有哪几种？","主要三种：DV（域名验证，只验证域名，快速便宜\u002F免费）、OV（组织验证，验证企业身份）、EV（扩展验证，最严格，地址栏显示企业名）。普通网站DV够，企业官网\u002F电商建议OV，金融\u002F高信任建议EV。",{"q":396,"a":397},"上HTTPS要花多少钱？","DV证书有免费（Let's Encrypt等），OV\u002FEV证书几百到几千\u002F年（看类型和品牌）。云厂商提供免费DV证书。建议普通网站用免费DV，企业\u002F电商用OV。HTTPS本身成本不高，是必备。",[399,400,401,402],"HTTPS原理","SSL证书","DV OV EV","网站加密",{},true,"\u002Fblog\u002Fcomparison\u002Fhttps-yuanli-zhengshu",{"title":5,"description":385},{"loc":405},"blog\u002Fcomparison\u002Fhttps-yuanli-zhengshu",[410,95,277],"HTTPS","nPKta9nSpTZq6yqMEjFJrtnhMgqmnkWP1nae-zlX244",[413,817,1234,1601],{"id":414,"title":415,"author":6,"body":416,"category":382,"cover":383,"date":790,"description":791,"draft":386,"extension":387,"faq":792,"featured":386,"image":383,"keywords":802,"meta":807,"navigation":404,"path":808,"seo":809,"sitemap":810,"stem":811,"tags":812,"updated":790,"__hash__":816},"blog\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye.md","API、接口、集成这些词到底是什么意思",{"type":8,"value":417,"toc":770},[418,424,428,434,437,448,453,456,459,465,468,473,475,486,491,494,497,511,514,528,533,536,540,554,557,568,571,576,579,586,603,608,611,614,636,641,644,681,687,690,716,719,722,748,751,765],[11,419,420,421],{},"老板常被 API、接口、集成这些技术词绕晕。",[15,422,423],{},"这篇用大白话讲清，帮老板听懂技术沟通。",[23,425,427],{"id":426},"api-是什么大白话","API 是什么（大白话）",[11,429,430,433],{},[15,431,432],{},"API 是两个软件\"对话\"的通道","。",[11,435,436],{},"例子：",[88,438,439,442,445],{},[91,440,441],{},"你的小程序要查物流 → 通过物流公司 API 问\"单号到哪了\" → 物流系统回\"已签收\"。",[91,443,444],{},"你的官网要收款 → 通过支付 API 让客户付款 → 支付系统回\"付款成功\"。",[91,446,447],{},"你的系统要发短信 → 通过短信 API 发 → 短信平台发出去。",[11,449,450,433],{},[15,451,452],{},"API 让不同软件自动互通数据，不用人工搬",[11,454,455],{},"打个比方：API 像餐厅的\"服务员\"——你（小程序）告诉服务员（API）要什么，服务员告诉厨房（另一个系统），厨房做好端回来。你不用自己进厨房。",[23,457,458],{"id":458},"接口是什么",[11,460,461,464],{},[15,462,463],{},"接口就是 API","（同义词）。技术人员说\"做个接口\"\"对接接口\"，就是做 API 让系统互通。",[23,466,467],{"id":467},"集成是什么",[11,469,470,433],{},[15,471,472],{},"集成 = 把多个系统通过 API 连起来，数据自动流通",[11,474,436],{},[88,476,477,480,483],{},[91,478,479],{},"独立站 + ERP 集成：独立站订单自动进 ERP，ERP 库存自动同步独立站。",[91,481,482],{},"小程序 + CRM 集成：小程序客户数据自动进 CRM。",[91,484,485],{},"系统 + 支付集成：系统通过支付 API 收款。",[11,487,488,433],{},[15,489,490],{},"集成让数据自动流，替代人工搬数据",[23,492,493],{"id":493},"企业为什么要做接口集成",[52,495,496],{"id":496},"不集成的问题",[88,498,499,502,505,508],{},[91,500,501],{},"多个系统（独立站\u002FERP\u002FCRM\u002F物流），数据不通。",[91,503,504],{},"人工把数据从一个系统搬到另一个（累、易错）。",[91,506,507],{},"数据不同步（独立站卖了 ERP 库存没减，超卖）。",[91,509,510],{},"效率低。",[52,512,513],{"id":513},"集成的好处",[88,515,516,519,522,525],{},[91,517,518],{},"数据自动流通（订单\u002F库存\u002F客户自动同步）。",[91,520,521],{},"替代人工（省人力、避错）。",[91,523,524],{},"实时同步（不超卖、不漏单）。",[91,526,527],{},"数据统一（可分析）。",[11,529,530,433],{},[15,531,532],{},"系统越多，集成价值越大",[23,534,535],{"id":535},"常见的集成场景",[52,537,539],{"id":538},"电商独立站","电商\u002F独立站",[88,541,542,545,548,551],{},[91,543,544],{},"独立站 ↔ ERP（订单\u002F库存同步）。",[91,546,547],{},"独立站 ↔ 物流（发货\u002F追踪）。",[91,549,550],{},"独立站 ↔ 支付（收款）。",[91,552,553],{},"独立站 ↔ CRM（客户管理）。",[52,555,556],{"id":556},"企业内部",[88,558,559,562,565],{},[91,560,561],{},"系统 ↔ OA（审批\u002F通知）。",[91,563,564],{},"系统 ↔ 财务（对账\u002F开票）。",[91,566,567],{},"系统 ↔ 企微\u002F钉钉（消息\u002F工作流）。",[52,569,570],{"id":570},"数据",[88,572,573],{},[91,574,575],{},"系统 ↔ 数据分析（数据汇总\u002F报表）。",[23,577,578],{"id":578},"集成怎么实现",[11,580,581,582,585],{},"通过 ",[15,583,584],{},"API 对接","：",[321,587,588,591,594,597,600],{},[91,589,590],{},"确认要对接的系统（ERP\u002F物流\u002F支付）。",[91,592,593],{},"看各系统是否提供 API（文档）。",[91,595,596],{},"开发对接（系统间调 API 传数据）。",[91,598,599],{},"测试（数据准确、异常处理）。",[91,601,602],{},"上线 + 监控。",[11,604,605,433],{},[15,606,607],{},"自建系统（Nuxt\u002FVue）能灵活对接任意系统，这是它比 SaaS 的优势",[23,609,610],{"id":610},"老板该懂什么",[11,612,613],{},"老板不用懂代码，懂这些：",[88,615,616,621,626,631],{},[91,617,618,433],{},[15,619,620],{},"API = 软件之间自动传数据的通道",[91,622,623,433],{},[15,624,625],{},"集成 = 多系统数据自动流通",[91,627,628,433],{},[15,629,630],{},"集成能替代人工、提效避错",[91,632,633,433],{},[15,634,635],{},"集成成本看系统数量和复杂度",[11,637,638,433],{},[15,639,640],{},"懂这些，就能和技术\u002F服务商沟通集成需求",[23,642,643],{"id":643},"集成的成本",[131,645,646,655],{},[134,647,648],{},[137,649,650,653],{},[140,651,652],{},"集成类型",[140,654,151],{},[153,656,657,665,673],{},[137,658,659,662],{},[158,660,661],{},"对接一个系统（如 ERP）",[158,663,664],{},"1-3 万",[137,666,667,670],{},[158,668,669],{},"多系统集成",[158,671,672],{},"3-8 万",[137,674,675,678],{},[158,676,677],{},"复杂（双向同步\u002F多系统\u002F定制）",[158,679,680],{},"8 万+",[11,682,683,686],{},[15,684,685],{},"ROI 明确","（替代人工、提效、避错）。",[23,688,689],{"id":689},"常见误区",[88,691,692,698,704,710],{},[91,693,694,697],{},[15,695,696],{},"\"接口很复杂不用懂\"","：老板懂概念就行（API = 数据通道）。",[91,699,700,703],{},[15,701,702],{},"\"不集成也能用\"","：人工搬数据累易错，不可持续。",[91,705,706,709],{},[15,707,708],{},"\"集成是一次性的\"","：系统升级\u002F业务变化，集成要维护。",[91,711,712,715],{},[15,713,714],{},"\"SaaS 不用集成\"","：SaaS 也要和其他系统打通。",[23,717,718],{"id":718},"怎么判断要不要集成",[11,720,721],{},"问自己：",[321,723,724,730,736,742],{},[91,725,726,729],{},[15,727,728],{},"有多个系统吗？"," 有 → 可能要集成。",[91,731,732,735],{},[15,733,734],{},"人工搬数据吗？"," 搬 → 该集成。",[91,737,738,741],{},[15,739,740],{},"数据需要同步吗？"," 需要 → 集成。",[91,743,744,747],{},[15,745,746],{},"集成 ROI 划算吗？","（省的人力 > 投入）划算 → 做。",[23,749,750],{"id":750},"怎么做",[321,752,753,756,759,762],{},[91,754,755],{},"梳理要对接的系统 + 数据流。",[91,757,758],{},"确认各系统 API。",[91,760,761],{},"开发对接。",[91,763,764],{},"测试 + 监控。",[357,766,767],{},[11,768,769],{},"广州市汉诺雷斯（HNREIS）提供系统集成（API 对接 ERP\u002F物流\u002F支付\u002FCRM），帮企业打通数据。把你的系统情况告诉我们，我们设计集成方案。",{"title":40,"searchDepth":363,"depth":363,"links":771},[772,773,774,775,779,784,785,786,787,788,789],{"id":426,"depth":363,"text":427},{"id":458,"depth":363,"text":458},{"id":467,"depth":363,"text":467},{"id":493,"depth":363,"text":493,"children":776},[777,778],{"id":496,"depth":369,"text":496},{"id":513,"depth":369,"text":513},{"id":535,"depth":363,"text":535,"children":780},[781,782,783],{"id":538,"depth":369,"text":539},{"id":556,"depth":369,"text":556},{"id":570,"depth":369,"text":570},{"id":578,"depth":363,"text":578},{"id":610,"depth":363,"text":610},{"id":643,"depth":363,"text":643},{"id":689,"depth":363,"text":689},{"id":718,"depth":363,"text":718},{"id":750,"depth":363,"text":750},"2024-05-15","老板常被 API、接口、集成这些技术词绕晕。本文用大白话讲清这些概念和企业集成场景，帮老板听懂技术沟通。",[793,796,799],{"q":794,"a":795},"API 到底是什么，大白话说？","API 是两个软件\"对话\"的通道。比如你的小程序要查物流，就通过物流公司的 API 问\"这个单号到哪了\"，物流系统通过 API 回\"已签收\"。API 让不同软件能互通数据，不用人工搬。你不用懂代码，只要知道\"API = 软件之间自动传数据的通道\"。",{"q":797,"a":798},"我们为什么要做接口集成？","因为你的多个系统要互通。比如独立站订单要进 ERP、库存要同步、物流要追踪，不集成就要人工把数据从一个系统搬到另一个（累、易错）。集成后数据自动流通，提效准确。系统越多，集成价值越大。",{"q":800,"a":801},"接口集成要多少钱？","看对接的系统数量和复杂度。对接一个系统（如 ERP）通常 1-3 万；多系统集成（ERP+物流+支付+CRM）3-8 万。集成能替代人工、提效避错，ROI 明确。",[803,804,805,806],"API接口通俗解释","什么是API","接口集成","系统对接",{},"\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye",{"title":415,"description":791},{"loc":808},"blog\u002Fcomparison\u002Fapi-jiekou-shiye",[813,814,815],"API","概念","通俗","A7Jdt6jv4eTPYhdWviHOSLSzOR5pN0xxO_6QT9M2ODg",{"id":818,"title":819,"author":6,"body":820,"category":382,"cover":383,"date":1208,"description":1209,"draft":386,"extension":387,"faq":1210,"featured":386,"image":383,"keywords":1220,"meta":1225,"navigation":404,"path":1226,"seo":1227,"sitemap":1228,"stem":1229,"tags":1230,"updated":1208,"__hash__":1233},"blog\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme.md","API网关是什么",{"type":8,"value":821,"toc":1192},[822,829,832,835,838,844,847,850,856,860,874,878,892,896,910,914,928,932,946,950,958,961,1007,1010,1014,1017,1062,1087,1089,1115,1117,1155,1158,1161,1187],[11,823,824,825,828],{},"API 网关是系统架构里常见的组件，",[15,826,827],{},"通俗说就是系统的\"统一前台\"。"," 这篇讲清是什么、解决什么、要不要用。",[23,830,819],{"id":831},"api网关是什么",[11,833,834],{},"在微服务架构里，后端可能拆分成几十个甚至上百个服务。如果每个服务都直接对外提供接口，客户端要记住每个服务的地址、每个服务都要自己处理鉴权限流——这会非常混乱。API 网关就是解决这个问题的。",[11,836,837],{},"所有外部请求先到网关，网关统一处理后转发到后端：",[31,839,842],{"className":840,"code":841,"language":36},[34],"客户端 → API网关（鉴权\u002F限流\u002F监控）→ 后端服务\n",[38,843,841],{"__ignoreMap":40},[11,845,846],{},"类比公司前台：访客（客户端请求）先到前台登记（鉴权\u002F限流），前台再引导到对应部门（转发到后端服务）。访客不用记每个部门在哪，部门也不用自己设前台。",[23,848,849],{"id":849},"网关做什么",[11,851,852,853,433],{},"API 网关的核心职责是",[15,854,855],{},"把各服务都要做的\"公共事\"统一收口",[52,857,859],{"id":858},"_1-统一入口","1. 统一入口",[88,861,862,868],{},[91,863,864,867],{},[15,865,866],{},"所有请求统一入口","：客户端只需要知道网关地址，不用记每个服务的地址。",[91,869,870,873],{},[15,871,872],{},"后端服务不直接暴露","：后端服务可以部署在内网，只把网关暴露在外网，安全风险降低。",[52,875,877],{"id":876},"_2-鉴权","2. 鉴权",[88,879,880,886],{},[91,881,882,885],{},[15,883,884],{},"统一身份验证","：所有请求的鉴权在网关统一做，比如验证 token、校验权限。",[91,887,888,891],{},[15,889,890],{},"后端不用各自鉴权","：后端服务可以信任网关已通过的请求，专注业务逻辑，不用重复写鉴权代码。",[52,893,895],{"id":894},"_3-限流","3. 限流",[88,897,898,904],{},[91,899,900,903],{},[15,901,902],{},"防止过载和恶意请求","：网关按规则限制每个客户端、每个接口的调用频率，防止恶意刷接口或突发流量压垮后端。",[91,905,906,909],{},[15,907,908],{},"保护后端","：流量超出后端承受能力时，网关可以拒绝或排队，保护后端不被打挂。",[52,911,913],{"id":912},"_4-路由转发","4. 路由转发",[88,915,916,922],{},[91,917,918,921],{},[15,919,920],{},"请求转发到对应服务","：网关根据请求路径、头部等信息，把请求转发到正确的后端服务。",[91,923,924,927],{},[15,925,926],{},"负载均衡","：一个服务有多个实例时，网关把请求分发到不同实例，提升整体处理能力。",[52,929,931],{"id":930},"_5-监控日志","5. 监控日志",[88,933,934,940],{},[91,935,936,939],{},[15,937,938],{},"统一监控和日志","：所有请求的调用量、响应时间、错误率在网关统一采集，不用每个服务各自做。",[91,941,942,945],{},[15,943,944],{},"可观测性","：网关的监控数据是排查问题、优化性能的重要依据。",[52,947,949],{"id":948},"_6-协议转换","6. 协议转换",[88,951,952],{},[91,953,954,957],{},[15,955,956],{},"不同协议转换","：客户端用 HTTP，后端用 gRPC 或 Dubbo，网关可以做协议转换，让前后端用各自适合的协议。",[23,959,960],{"id":960},"为什么用网关",[131,962,963,973],{},[134,964,965],{},[137,966,967,970],{},[140,968,969],{},"问题",[140,971,972],{},"网关解决",[153,974,975,983,991,999],{},[137,976,977,980],{},[158,978,979],{},"鉴权散在各服务",[158,981,982],{},"统一鉴权",[137,984,985,988],{},[158,986,987],{},"服务直接暴露",[158,989,990],{},"统一入口保护",[137,992,993,996],{},[158,994,995],{},"流量过载",[158,997,998],{},"限流",[137,1000,1001,1004],{},[158,1002,1003],{},"监控散",[158,1005,1006],{},"统一监控",[11,1008,1009],{},"不用网关的情况下，每个服务都要自己实现鉴权、限流、监控、日志，代码重复、维护成本高，还容易出不一致的问题。网关把这些公共能力收口，后端服务可以更专注业务。",[23,1011,1013],{"id":1012},"用-vs-不用","用 vs 不用",[11,1015,1016],{},"网关不是所有系统都需要，要看规模和复杂度。",[131,1018,1019,1029],{},[134,1020,1021],{},[137,1022,1023,1026],{},[140,1024,1025],{},"情况",[140,1027,1028],{},"建议",[153,1030,1031,1039,1047,1055],{},[137,1032,1033,1036],{},[158,1034,1035],{},"服务少\u002F简单",[158,1037,1038],{},"不一定需要",[137,1040,1041,1044],{},[158,1042,1043],{},"微服务\u002F服务多",[158,1045,1046],{},"价值大",[137,1048,1049,1052],{},[158,1050,1051],{},"开放API",[158,1053,1054],{},"需要",[137,1056,1057,1060],{},[158,1058,1059],{},"多端接入",[158,1061,1054],{},[88,1063,1064,1070,1076,1082],{},[91,1065,1066,1069],{},[15,1067,1068],{},"服务少、简单","：比如一个单体应用就两三个接口，上不上网关差别不大，反而增加复杂度。",[91,1071,1072,1075],{},[15,1073,1074],{},"微服务、服务多","：服务一多，没有网关统一管理会很痛苦，网关价值就体现出来了。",[91,1077,1078,1081],{},[15,1079,1080],{},"开放 API","：对外提供 API 的场景，网关几乎是必需品——鉴权、限流、文档、监控都要在网关层做。",[91,1083,1084,1086],{},[15,1085,1059],{},"：APP、小程序、Web、第三方多端接入，网关统一入口能简化接入复杂度。",[23,1088,248],{"id":248},[88,1090,1091,1097,1103,1109],{},[91,1092,1093,1096],{},[15,1094,1095],{},"简单系统上重网关","：就两三个服务的简单系统，非要上 Kong 或 APISIX 这种重网关，属于过度设计，增加运维负担。",[91,1098,1099,1102],{},[15,1100,1101],{},"自己从头开发","：网关是成熟领域，有很多开源和商业产品（Kong、APISIX、云厂商网关），自己从头开发既慢又容易出问题。",[91,1104,1105,1108],{},[15,1106,1107],{},"网关成单点","：网关挂了整个系统就访问不了，必须做高可用部署（多实例、负载均衡）。",[91,1110,1111,1114],{},[15,1112,1113],{},"鉴权还散在各服务","：上了网关但鉴权还在各服务自己做，等于没用上网关的核心价值。",[23,1116,268],{"id":268},[131,1118,1119,1131],{},[134,1120,1121],{},[137,1122,1123,1126,1128],{},[140,1124,1125],{},"方案",[140,1127,280],{},[140,1129,1130],{},"成本量级",[153,1132,1133,1144],{},[137,1134,1135,1138,1141],{},[158,1136,1137],{},"开源\u002F云网关",[158,1139,1140],{},"Kong\u002FAPISIX\u002F云厂商",[158,1142,1143],{},"低到中",[137,1145,1146,1149,1152],{},[158,1147,1148],{},"定制集成",[158,1150,1151],{},"和业务深度集成",[158,1153,1154],{},"中",[11,1156,1157],{},"主流网关产品（Kong、APISIX）开源免费，主要成本是部署运维。云厂商的网关服务（阿里云、腾讯云、AWS）按量计费，用量不大的话成本不高。自己定制集成成本中等，适合有特殊需求的场景。",[23,1159,1160],{"id":1160},"怎么选",[321,1162,1163,1169,1175,1181],{},[91,1164,1165,1168],{},[15,1166,1167],{},"评估服务数量和复杂度","：服务多、架构复杂才考虑网关。",[91,1170,1171,1174],{},[15,1172,1173],{},"简单系统不一定需要","：两三个服务的单体应用不用上网关。",[91,1176,1177,1180],{},[15,1178,1179],{},"微服务\u002F开放API用网关","：服务多、对外开放的场景，网关价值大。",[91,1182,1183,1186],{},[15,1184,1185],{},"优先成熟产品","：用 Kong、APISIX、云厂商网关，不要自己从头开发。",[357,1188,1189],{},[11,1190,1191],{},"广州市汉诺雷斯（HNREIS）帮企业做系统架构设计，含API网关选型和集成。把你的系统需求告诉我们，我们给出架构建议。",{"title":40,"searchDepth":363,"depth":363,"links":1193},[1194,1195,1203,1204,1205,1206,1207],{"id":831,"depth":363,"text":819},{"id":849,"depth":363,"text":849,"children":1196},[1197,1198,1199,1200,1201,1202],{"id":858,"depth":369,"text":859},{"id":876,"depth":369,"text":877},{"id":894,"depth":369,"text":895},{"id":912,"depth":369,"text":913},{"id":930,"depth":369,"text":931},{"id":948,"depth":369,"text":949},{"id":960,"depth":363,"text":960},{"id":1012,"depth":363,"text":1013},{"id":248,"depth":363,"text":248},{"id":268,"depth":363,"text":268},{"id":1160,"depth":363,"text":1160},"2024-05-28","API网关是系统的统一入口，负责转发、鉴权、限流和监控。本文用通俗方式讲清API网关是什么、解决什么问题、企业要不要用。",[1211,1214,1217],{"q":1212,"a":1213},"API网关是什么，简单说？","API网关是系统的\"统一前台\"——所有外部请求先到网关，网关再转发到后端服务。它统一处理鉴权、限流、监控、日志这些公共事，后端服务专注业务。类比公司前台，访客先到前台登记再进去。",{"q":1215,"a":1216},"企业一定要用API网关吗？","不一定。系统简单、服务少，不一定需要网关。服务多（微服务）、要统一鉴权限流监控、对外开放API、多端接入时，网关价值大。建议按规模和复杂度选，不要为用而用。",{"q":1218,"a":1219},"API网关要花多少钱？","看方式。用开源\u002F云网关产品（如Kong\u002FAPISIX\u002F云厂商网关）成本较低，按量或自建运维；定制集成成本中等。建议优先用成熟网关产品，而不是自己从头开发。",[1221,1222,1223,1224],"API网关","网关是什么","API管理","微服务网关",{},"\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",{"title":819,"description":1209},{"loc":1226},"blog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",[813,1231,1232],"网关","架构","CInYK4Or6VhknVKica8mjtvcuqr1CPVLRxjpJ0II3Fc",{"id":1235,"title":1236,"author":6,"body":1237,"category":382,"cover":383,"date":1577,"description":1578,"draft":386,"extension":387,"faq":1579,"featured":386,"image":383,"keywords":1589,"meta":1593,"navigation":404,"path":1594,"seo":1595,"sitemap":1596,"stem":1597,"tags":1598,"updated":1577,"__hash__":1600},"blog\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git.md","代码版本控制（Git）是什么",{"type":8,"value":1238,"toc":1563},[1239,1246,1249,1253,1256,1262,1268,1274,1278,1282,1285,1295,1299,1302,1312,1316,1319,1333,1337,1347,1351,1421,1424,1427,1433,1439,1445,1451,1453,1471,1473,1476,1523,1526,1529,1555,1558],[11,1240,1241,1242,1245],{},"Git 是开发团队的必备工具，",[15,1243,1244],{},"通俗说是代码的\"时光机\"和\"协作台\"。"," 这篇讲清老板需要了解的。",[11,1247,1248],{},"软件开发是个高度协作的工作——几个甚至几十个开发同时改同一份代码，如果没有版本控制工具，光是\"谁改了什么\"\"怎么合并\"\"改坏了怎么回退\"这些问题就能让团队崩溃。Git 就是为了解决这些问题而生的工具，它已经成为软件开发行业的标准配置。这篇用通俗方式讲清 Git 是什么、为什么开发要用、老板需要关心什么。",[23,1250,1252],{"id":1251},"git是什么","Git是什么",[11,1254,1255],{},"Git 是代码版本控制工具，核心做三件事：",[11,1257,1258,1261],{},[15,1259,1260],{},"记录历史","——代码的每次改动都有记录（谁、什么时候、改了什么），能回到任何历史版本。相当于代码的\"时光机\"，改坏了随时回退。",[11,1263,1264,1267],{},[15,1265,1266],{},"多人协作","——多个开发同时改代码，Git 能自动合并、识别冲突。相当于代码的\"协作台\"，让团队并行开发而不互相踩踏。",[11,1269,1270,1273],{},[15,1271,1272],{},"分支","——从主线分出独立分支，在分支上做新功能，做完再合并回主线。相当于代码的\"平行宇宙\"，多个功能同时开发互不影响。",[23,1275,1277],{"id":1276},"为什么用git","为什么用Git",[52,1279,1281],{"id":1280},"_1-记录历史","1. 记录历史",[11,1283,1284],{},"代码的每一次改动（commit）都有完整记录——谁改的、什么时候改的、改了哪些文件、改了什么内容。这条记录链形成代码的完整历史。",[11,1286,1287,1290,1291,1294],{},[15,1288,1289],{},"改坏了能回退","——新功能改崩了，一条命令就能回到之前的稳定版本，不用从头再来。",[15,1292,1293],{},"知道谁改了什么","——出问题时能追溯到具体是哪次改动引入的 bug、谁改的，便于排查和复盘。历史记录还让代码审计、合规追溯成为可能——金融、医疗等强监管行业对代码变更有审计要求，Git 历史是天然的审计日志。",[52,1296,1298],{"id":1297},"_2-多人协作","2. 多人协作",[11,1300,1301],{},"没有版本控制时，多人改同一份代码要靠\"文件传来传去\"或\"共享文件夹\"，冲突频发、改动丢失、版本混乱。Git 让多人协作规范化——每个人在本地改，改完提交，Git 自动合并或识别冲突。",[11,1303,1304,1307,1308,1311],{},[15,1305,1306],{},"多人同时开发不冲突","——Git 的合并机制能自动合并不同部分的改动，相同部分的冲突会明确标出，让开发者手动解决。",[15,1309,1310],{},"合并代码规范","——通过 pull request（PR）或 merge request（MR）流程，代码合并前要经过 review（代码审查），保证质量。",[52,1313,1315],{"id":1314},"_3-分支","3. 分支",[11,1317,1318],{},"分支是 Git 的杀手级特性。从主线（main\u002Fmaster）分出独立分支，在分支上开发新功能，开发完成、测试通过后再合并回主线。",[11,1320,1321,1324,1325,1328,1329,1332],{},[15,1322,1323],{},"同时做多个功能","——开发 A 做支付功能、开发 B 做用户中心，两人各自在自己的分支上开发，互不影响。",[15,1326,1327],{},"互不影响","——某个功能开发中出了问题，不会污染主线，主线始终保持稳定。",[15,1330,1331],{},"测试稳定再合并","——功能在分支上开发测试，稳定后才合并到主线，主线始终是可发布的状态。",[52,1334,1336],{"id":1335},"_4-备份","4. 备份",[11,1338,1339,1342,1343,1346],{},[15,1340,1341],{},"代码在远程仓库备份","——本地代码 push 到远程仓库（GitHub、GitLab、Gitee），相当于异地备份。本地电脑坏了、丢了，代码还在远程仓库。",[15,1344,1345],{},"不怕丢","——多人协作时每个人都有一份完整副本，任何一份丢失都能从其他人恢复。",[23,1348,1350],{"id":1349},"git-vs-不用版本控制","Git vs 不用版本控制",[131,1352,1353,1366],{},[134,1354,1355],{},[137,1356,1357,1360,1363],{},[140,1358,1359],{},"维度",[140,1361,1362],{},"Git",[140,1364,1365],{},"不用",[153,1367,1368,1379,1390,1401,1410],{},[137,1369,1370,1373,1376],{},[158,1371,1372],{},"历史",[158,1374,1375],{},"完整记录",[158,1377,1378],{},"没有",[137,1380,1381,1384,1387],{},[158,1382,1383],{},"协作",[158,1385,1386],{},"规范",[158,1388,1389],{},"手动易冲突",[137,1391,1392,1395,1398],{},[158,1393,1394],{},"回退",[158,1396,1397],{},"能",[158,1399,1400],{},"不能",[137,1402,1403,1405,1408],{},[158,1404,1272],{},[158,1406,1407],{},"支持",[158,1409,1378],{},[137,1411,1412,1415,1418],{},[158,1413,1414],{},"专业性",[158,1416,1417],{},"行业标准",[158,1419,1420],{},"不规范",[11,1422,1423],{},"不用版本控制的开发方式现在已经很少见——连个人开发者都用 Git 管理代码。如果一个开发团队不用 Git，基本可以判断为不规范。",[23,1425,1426],{"id":1426},"老板要了解的",[11,1428,1429,1432],{},[15,1430,1431],{},"规范团队都用 Git","——这是判断开发团队专业性的基本标准。用 Git 意味着团队有规范的开发流程（分支管理、代码审查、持续集成），而不是各自为政。反映专业性。",[11,1434,1435,1438],{},[15,1436,1437],{},"代码资产","——Git 仓库是企业的重要数字资产。仓库里不只是当前代码，还有完整的开发历史、设计决策、问题修复过程。这些是企业知识资产的重要组成部分。",[11,1440,1441,1444],{},[15,1442,1443],{},"源码交付","——服务商交付源码时，Git 仓库（含完整版本记录）是重要资产。只有当前代码没有历史记录，等于丢了开发过程的上下文。规范的源码交付应该包含 Git 仓库。源码含完整版本记录。",[11,1446,1447,1450],{},[15,1448,1449],{},"协作规范","——多人开发有据可查——谁做了什么、什么时候做的、为什么这么做，都有记录。出问题能追溯，避免推诿。",[23,1452,248],{"id":248},[11,1454,1455,1458,1459,1462,1463,1466,1467,1470],{},[15,1456,1457],{},"不用版本控制","——不规范、易丢代码。现在几乎没团队这么做了，但仍有个别服务商交付\"散落的代码文件\"而不是 Git 仓库，要注意。",[15,1460,1461],{},"不提交远程","——只在本地用 Git，不 push 到远程仓库，电脑坏了代码全丢。规范的团队都有远程仓库。",[15,1464,1465],{},"不分分支","——所有改动直接在主线做，功能混在一起乱、出问题难回退。规范团队都有分支策略（如 Git Flow、GitHub Flow）。",[15,1468,1469],{},"不写提交说明","——每次提交不写说明或写\"update\"\"fix\"这种无意义内容，不知道改了什么。规范团队要求写有意义的提交说明。",[23,1472,268],{"id":268},[11,1474,1475],{},"Git 本身免费（开源），成本在团队规范使用：",[131,1477,1478,1489],{},[134,1479,1480],{},[137,1481,1482,1485,1487],{},[140,1483,1484],{},"方面",[140,1486,280],{},[140,1488,151],{},[153,1490,1491,1501,1512],{},[137,1492,1493,1496,1499],{},[158,1494,1495],{},"Git工具",[158,1497,1498],{},"开源免费",[158,1500,295],{},[137,1502,1503,1506,1509],{},[158,1504,1505],{},"托管平台",[158,1507,1508],{},"GitHub\u002FGitLab等",[158,1510,1511],{},"免费\u002F订阅",[137,1513,1514,1517,1520],{},[158,1515,1516],{},"团队规范",[158,1518,1519],{},"培训使用",[158,1521,1522],{},"低",[11,1524,1525],{},"Git 工具完全免费。托管平台有免费档（GitHub 公开仓库免费、GitLab 免费版）和付费档（私有仓库、企业版），按团队规模每月几美元到几十美元。团队规范使用要培训，但 Git 已经是开发行业基础技能，招聘时默认会，培训成本很低。",[23,1527,1528],{"id":1528},"怎么确认团队规范",[321,1530,1531,1537,1543,1549],{},[91,1532,1533,1536],{},[15,1534,1535],{},"确认团队用 Git 管理代码","——这是基本标准。问\"代码在哪个仓库\"\"分支策略是什么\"能快速判断。",[91,1538,1539,1542],{},[15,1540,1541],{},"代码在远程仓库（备份）","——有远程托管（GitHub、GitLab、Gitee 或自建），不只本地。",[91,1544,1545,1548],{},[15,1546,1547],{},"有分支和提交记录","——查看仓库历史，有没有规范的分支、有意义的提交说明、代码审查记录。",[91,1550,1551,1554],{},[15,1552,1553],{},"源码交付含 Git 仓库","——服务商交付时应该交付 Git 仓库（含完整历史），不只是当前代码文件。",[11,1556,1557],{},"按这几点核对，能快速判断开发团队是否规范。规范的 Git 使用是专业开发的基本标志，也是代码资产安全的基本保障。",[357,1559,1560],{},[11,1561,1562],{},"广州市汉诺雷斯（HNREIS）用Git规范管理代码，源码完整交付（含版本记录）。把你的项目需求告诉我们，我们规范交付。",{"title":40,"searchDepth":363,"depth":363,"links":1564},[1565,1566,1572,1573,1574,1575,1576],{"id":1251,"depth":363,"text":1252},{"id":1276,"depth":363,"text":1277,"children":1567},[1568,1569,1570,1571],{"id":1280,"depth":369,"text":1281},{"id":1297,"depth":369,"text":1298},{"id":1314,"depth":369,"text":1315},{"id":1335,"depth":369,"text":1336},{"id":1349,"depth":363,"text":1350},{"id":1426,"depth":363,"text":1426},{"id":248,"depth":363,"text":248},{"id":268,"depth":363,"text":268},{"id":1528,"depth":363,"text":1528},"2024-06-06","Git是代码版本控制工具，记录历史、支持协作和分支。本文用通俗方式讲清Git是什么、为什么开发要用、老板要了解什么。",[1580,1583,1586],{"q":1581,"a":1582},"Git是什么，简单说？","Git是代码版本控制工具，通俗说是代码的\"时光机\"和\"协作台\"——记录每次改动的历史（能回到任何版本）、多人同时改不冲突、支持分支（同时做多个功能）。开发团队用Git管理代码是行业标准。",{"q":1584,"a":1585},"老板为什么要了解Git？","Git关系到代码资产管理和交付。用Git意味着代码有完整历史、多人协作规范、源码可交付（有完整版本记录）。规范的开发团队都用Git，这反映团队专业性。源码交付时Git仓库是重要资产。",{"q":1587,"a":1588},"不用Git会怎样？","不用版本控制，代码改动没记录（改坏了回不去）、多人协作靠手动合并（易冲突丢代码）、没有分支（难同时做多功能）。现在专业开发都用Git，不用版本控制是不规范的表现。",[1362,1590,1591,1592],"版本控制","代码管理","代码版本",{},"\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git",{"title":1236,"description":1578},{"loc":1594},"blog\u002Fcomparison\u002Fbanben-kongzhi-git",[1362,1590,1599],"开发","DDOY-P0lE1QLrLUQlE8ZQ8GpIAjcQnAG0lviW8QNo_I",{"id":1602,"title":1603,"author":6,"body":1604,"category":382,"cover":383,"date":1973,"description":1974,"draft":386,"extension":387,"faq":1975,"featured":386,"image":383,"keywords":1985,"meta":1988,"navigation":404,"path":1989,"seo":1990,"sitemap":1991,"stem":1992,"tags":1993,"updated":1973,"__hash__":1996},"blog\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan.md","本地部署和云部署的区别",{"type":8,"value":1605,"toc":1954},[1606,1613,1616,1620,1702,1704,1707,1710,1730,1733,1753,1755,1758,1761,1787,1790,1810,1812,1816,1827,1830,1841,1844,1852,1854,1880,1882,1929,1932,1949],[11,1607,1608,1609,1612],{},"软件部署在自己机房（本地）还是云上？",[15,1610,1611],{},"两者数据位置、成本、运维、弹性不同。"," 这篇讲清区别和选择。",[11,1614,1615],{},"很多企业在做信息化决策时，第一道选择题就是\"上云还是私有化部署\"。这件事看起来只是技术选型，实际上牵涉到数据归属、合规边界、运维投入、长期成本以及未来扩展性。如果一开始选错方向，后期再迁移会付出很大代价——数据迁移、接口改造、业务中断、人员重新培训。所以我们建议在动手之前，把两种方式的本质差异理清楚，再结合自身的数据敏感度、规模和运维能力做选择。",[23,1617,1619],{"id":1618},"本地部署-vs-云部署","本地部署 vs 云部署",[131,1621,1622,1634],{},[134,1623,1624],{},[137,1625,1626,1628,1631],{},[140,1627,1359],{},[140,1629,1630],{},"本地部署",[140,1632,1633],{},"云部署",[153,1635,1636,1647,1658,1669,1680,1691],{},[137,1637,1638,1641,1644],{},[158,1639,1640],{},"数据位置",[158,1642,1643],{},"自己机房",[158,1645,1646],{},"云厂商",[137,1648,1649,1652,1655],{},[158,1650,1651],{},"可控性",[158,1653,1654],{},"高",[158,1656,1657],{},"依赖云厂商",[137,1659,1660,1663,1666],{},[158,1661,1662],{},"初期成本",[158,1664,1665],{},"高（买服务器）",[158,1667,1668],{},"低（按需付费）",[137,1670,1671,1674,1677],{},[158,1672,1673],{},"运维",[158,1675,1676],{},"自己负责",[158,1678,1679],{},"云厂商负责部分",[137,1681,1682,1685,1688],{},[158,1683,1684],{},"弹性",[158,1686,1687],{},"难（要买硬件）",[158,1689,1690],{},"强（随时扩容）",[137,1692,1693,1696,1699],{},[158,1694,1695],{},"上线速度",[158,1697,1698],{},"慢",[158,1700,1701],{},"快",[23,1703,1630],{"id":1630},[11,1705,1706],{},"本地部署也叫私有化部署，是把软件连同数据库完整安装在客户自己机房的服务器上，所有数据从产生、存储到流转都在客户自己的硬件和网络环境里。云厂商或其他第三方无法直接访问到这些数据。",[52,1708,1709],{"id":1709},"优势",[88,1711,1712,1718,1724],{},[91,1713,1714,1717],{},[15,1715,1716],{},"数据自主","：数据完全在自己机房，物理上和网络上都可控，敏感行业（金融、政务、医疗、能源、核心商业数据）的合规要求通常通过本地部署满足。",[91,1719,1720,1723],{},[15,1721,1722],{},"完全可控","：不依赖云厂商，不会因为云厂商故障、停服、政策调整影响业务；网络策略、访问权限、加密方式都可以按自己的标准来制定。",[91,1725,1726,1729],{},[15,1727,1728],{},"长期固定成本","：初期一次性投入后，主要成本是电费、机房和运维人员工资，规模上来之后单位成本会被摊薄，长期运营相对划算。",[52,1731,1732],{"id":1732},"劣势",[88,1734,1735,1741,1747],{},[91,1736,1737,1740],{},[15,1738,1739],{},"初期贵","：要买服务器、存储、网络设备，还要准备机房或机柜、UPS、空调、带宽等配套，光硬件投入就是几万到几十万，再加上软件授权和实施，初期门槛较高。",[91,1742,1743,1746],{},[15,1744,1745],{},"要运维","：硬件会坏、系统要打补丁、网络要排查、备份要做、安全要防护，需要专门的运维人员，小企业养一支运维团队成本不低。",[91,1748,1749,1752],{},[15,1750,1751],{},"弹性差","：业务量突然上涨，本地机房很难快速扩容——采购周期、上架、配置都要时间；业务量下降，已买的硬件也退不掉，资源闲置。",[23,1754,1633],{"id":1633},[11,1756,1757],{},"云部署是把软件部署在云厂商提供的服务器上（阿里云、腾讯云、华为云、AWS 等），按使用量付费。硬件、机房、网络、基础安全都由云厂商负责，客户只关注应用本身。",[52,1759,1709],{"id":1760},"优势-1",[88,1762,1763,1769,1775,1781],{},[91,1764,1765,1768],{},[15,1766,1767],{},"初期便宜","：按需付费，不用一次性买服务器，一台云主机从几十元到几百元每月起步，小企业或初创项目几乎零门槛。",[91,1770,1771,1774],{},[15,1772,1773],{},"省运维","：云厂商负责硬件、网络、机房、基础安全，客户只需要关注应用配置和数据，运维压力大幅下降，小团队也能跑稳生产环境。",[91,1776,1777,1780],{},[15,1778,1779],{},"弹性强","：业务高峰可以临时扩容（加机器、加带宽、加存储），低谷再缩容，按实际用量结算，特别适合季节性、活动型、流量波动大的业务。",[91,1782,1783,1786],{},[15,1784,1785],{},"上线快","：开通云主机几分钟，配合容器化部署可以做到当天开服、当天上线，对快速验证、敏捷迭代非常友好。",[52,1788,1732],{"id":1789},"劣势-1",[88,1791,1792,1798,1804],{},[91,1793,1794,1797],{},[15,1795,1796],{},"数据在云","：数据物理上存在云厂商机房，依赖云厂商的安全能力和商业稳定性，敏感行业和强合规场景需要谨慎评估。",[91,1799,1800,1803],{},[15,1801,1802],{},"持续付费","：云资源按月或按年计费，长期累积下来可能比一次性买硬件更贵，规模越大、运行越久越明显。",[91,1805,1806,1809],{},[15,1807,1808],{},"合规限制","：部分行业（金融、政务、医疗、关键信息基础设施）的数据不允许上公有云，或只能上指定云、政务云、行业云。",[23,1811,1160],{"id":1160},[52,1813,1815],{"id":1814},"选本地私有化","选本地（私有化）",[88,1817,1818,1821,1824],{},[91,1819,1820],{},"数据高度敏感，比如金融交易、政务数据、医疗档案、核心商业数据、客户隐私。",[91,1822,1823],{},"要完全自主可控，对外部依赖、对供应商锁定特别敏感。",[91,1825,1826],{},"规模大、长期固定负载，本地部署的总账算下来比持续上云更划算。",[52,1828,1829],{"id":1829},"选云",[88,1831,1832,1835,1838],{},[91,1833,1834],{},"数据不敏感，或合规允许上云，希望轻装上阵。",[91,1836,1837],{},"业务有明显弹性，需要快速扩容、缩容，或处于快速验证阶段。",[91,1839,1840],{},"中小规模，没有专业的运维团队，希望把硬件和网络都外包出去。",[52,1842,1843],{"id":1843},"混合",[88,1845,1846,1849],{},[91,1847,1848],{},"敏感数据放本地（如核心交易、客户隐私），一般业务上云（如官网、营销、内部办公）。",[91,1850,1851],{},"通过专线、VPN、API 网关打通，做到\"敏感在内、弹性在外\"，是很多中大型企业的主流选择。",[23,1853,248],{"id":248},[88,1855,1856,1862,1868,1874],{},[91,1857,1858,1861],{},[15,1859,1860],{},"敏感数据上云","：忽视合规要求把不该上云的数据放公有云，可能面临监管处罚、整改甚至停业。",[91,1863,1864,1867],{},[15,1865,1866],{},"小规模本地部署","：业务量不大却硬上私有化，硬件折旧和运维成本根本摊不开，反而比上云贵。",[91,1869,1870,1873],{},[15,1871,1872],{},"只比单价不算总账","：云单价便宜不等于长期便宜，本地初期贵不等于长期贵，要按 3 年、5 年总成本（TCO）来算。",[91,1875,1876,1879],{},[15,1877,1878],{},"忽视云持续费用","：带宽、存储、CDN、增值服务都会按月累计，业务量起来后账单会快速上涨。",[23,1881,268],{"id":268},[131,1883,1884,1896],{},[134,1885,1886],{},[137,1887,1888,1891,1893],{},[140,1889,1890],{},"方式",[140,1892,280],{},[140,1894,1895],{},"成本特点",[153,1897,1898,1909,1920],{},[137,1899,1900,1903,1906],{},[158,1901,1902],{},"本地",[158,1904,1905],{},"服务器+机房+运维",[158,1907,1908],{},"初期高，长期固定",[137,1910,1911,1914,1917],{},[158,1912,1913],{},"云",[158,1915,1916],{},"按需付费",[158,1918,1919],{},"初期低，持续",[137,1921,1922,1924,1927],{},[158,1923,1843],{},[158,1925,1926],{},"敏感本地+一般云",[158,1928,1154],{},[23,1930,1160],{"id":1931},"怎么选-1",[321,1933,1934,1937,1940,1943,1946],{},[91,1935,1936],{},"评估数据敏感度——是否涉及个人信息、重要数据、行业强合规。",[91,1938,1939],{},"评估规模和弹性需求——是稳定负载还是波动剧烈。",[91,1941,1942],{},"算总账（初期 + 长期 3-5 年），不只看月费。",[91,1944,1945],{},"评估运维能力——有没有专门的运维团队。",[91,1947,1948],{},"按需求选本地 \u002F 云 \u002F 混合，必要时分数据域分别部署。",[357,1950,1951],{},[11,1952,1953],{},"广州市汉诺雷斯（HNREIS）帮企业做部署方案，从云部署到本地私有化，按数据合规和成本需求选。把你的部署需求告诉我们，我们给出建议。",{"title":40,"searchDepth":363,"depth":363,"links":1955},[1956,1957,1961,1965,1970,1971,1972],{"id":1618,"depth":363,"text":1619},{"id":1630,"depth":363,"text":1630,"children":1958},[1959,1960],{"id":1709,"depth":369,"text":1709},{"id":1732,"depth":369,"text":1732},{"id":1633,"depth":363,"text":1633,"children":1962},[1963,1964],{"id":1760,"depth":369,"text":1709},{"id":1789,"depth":369,"text":1732},{"id":1160,"depth":363,"text":1160,"children":1966},[1967,1968,1969],{"id":1814,"depth":369,"text":1815},{"id":1829,"depth":369,"text":1829},{"id":1843,"depth":369,"text":1843},{"id":248,"depth":363,"text":248},{"id":268,"depth":363,"text":268},{"id":1931,"depth":363,"text":1160},"2024-06-18","软件可以部署在自己机房（本地）或云上，两者数据、成本、运维和弹性不同。本文讲清本地部署和云部署的区别和选择。",[1976,1979,1982],{"q":1977,"a":1978},"本地部署和云部署什么区别？","本地部署是软件装在自己机房的服务器上，数据在自己手里，可控但要自己买服务器和维护；云部署是装在云服务器上（阿里云\u002F腾讯云等），不用买服务器、弹性扩容、按需付费，但数据在云厂商。核心区别在数据位置和运维责任。",{"q":1980,"a":1981},"企业该选本地还是云？","看数据敏感度和需求。数据高度敏感、要完全自主（金融\u002F政务\u002F核心商业数据），选本地（私有化）；要弹性、省运维、快速上线，选云。很多企业混合——敏感本地、一般云。建议按数据合规和成本需求选。",{"q":1983,"a":1984},"本地部署比云贵吗？","看规模。本地部署要一次性买服务器（几万到几十万）+持续电费机房运维，初期贵但量大后固定；云部署按需付费，初期便宜但长期持续付费，量大可能累积贵。要算总账，不是简单比单价。",[1630,1633,1986,1987],"部署方式","私有化部署",{},"\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan",{"title":1603,"description":1974},{"loc":1989},"blog\u002Fcomparison\u002Fbendibu-vs-yunduan",[1994,1913,1995],"部署","选型","2aw6C_2og_Eq04KLDnHPhU-NwU6cTqAJMhy_gQJj7tc",1781688908380]