[{"data":1,"prerenderedAt":1947},["ShallowReactive",2],{"blog-\u002Fblog\u002Fcomparison\u002Foauth-disanfang-denglu":3,"blog-related-\u002Fblog\u002Fcomparison\u002Foauth-disanfang-denglu":363},{"id":4,"title":5,"author":6,"body":7,"category":335,"cover":336,"date":337,"description":338,"draft":339,"extension":340,"faq":341,"featured":339,"image":336,"keywords":351,"meta":354,"navigation":355,"path":356,"seo":357,"sitemap":358,"stem":359,"tags":360,"updated":337,"__hash__":362},"blog\u002Fblog\u002Fcomparison\u002Foauth-disanfang-denglu.md","OAuth和第三方登录是什么","HNREIS",{"type":8,"value":9,"toc":312},"minimark",[10,19,22,27,34,45,48,51,55,60,66,72,76,82,88,92,99,103,106,109,131,138,141,147,153,159,162,183,186,190,194,197,201,204,208,211,214,232,235,238,283,286,289,303,306],[11,12,13,14,18],"p",{},"OAuth 是授权协议，",[15,16,17],"strong",{},"第三方登录（微信\u002FGoogle）用它实现。"," 这篇讲清是什么。",[11,20,21],{},"打开任何 APP，登录页几乎都有\"微信登录\"\"QQ 登录\"\"Google 登录\"这些选项。用户点一下就能登录，不用填手机号、设密码、收验证码，方便到不行。这背后用的就是 OAuth 协议。但 OAuth 的应用远不止登录——任何\"授权第三方应用访问你的数据\"场景（如授权某工具访问你的日历、授权某应用读取你的通讯录）都用 OAuth。这篇把 OAuth 和第三方登录讲清楚。",[23,24,26],"h2",{"id":25},"oauth是什么","OAuth是什么",[11,28,29,30,33],{},"OAuth 是一种",[15,31,32],{},"授权协议","——让用户授权第三方应用有限访问自己的资源，而不用把账号密码给第三方。",[35,36,41],"pre",{"className":37,"code":39,"language":40},[38],"language-text","用户 → 授权第三方（OAuth）→ 第三方拿到授权令牌（不是密码）→ 访问资源\n","text",[42,43,39],"code",{"__ignoreMap":44},"",[11,46,47],{},"传统方式是用户把账号密码给第三方，第三方用账号密码登录访问资源。这种方式问题很多：第三方拿到密码就能做任何事（权限过大）、密码泄露风险高、用户无法精细控制授权范围、无法单独撤销某个第三方的权限。",[11,49,50],{},"OAuth 用**令牌（Token）**代替密码：用户在服务商（如微信）的页面上授权第三方访问某些资源，服务商给第三方一个令牌，第三方用令牌访问资源。令牌有范围（只能访问授权的资源）、有时效（过期失效）、可撤销（用户能随时取消授权），比给密码安全得多。",[23,52,54],{"id":53},"为什么用oauth","为什么用OAuth",[56,57,59],"h3",{"id":58},"_1-安全","1. 安全",[11,61,62,65],{},[15,63,64],{},"不给第三方密码","是 OAuth 最核心的安全价值。第三方永远拿不到你的密码，即使第三方被黑、令牌泄露，你的密码仍然安全。",[11,67,68,71],{},[15,69,70],{},"令牌有限授权","——授权时可以指定范围（scope），比如只授权获取昵称头像、不授权发朋友圈。第三方只能做授权范围内的事，权限被严格限制。",[56,73,75],{"id":74},"_2-便利","2. 便利",[11,77,78,81],{},[15,79,80],{},"一次授权多次用","——授权一次后，第三方在令牌有效期内可以多次访问资源，不用用户反复确认。",[11,83,84,87],{},[15,85,86],{},"可撤销","——用户能在服务商（如微信）的设置里查看所有已授权的第三方应用，随时撤销某个应用的授权。撤销后第三方立即失去访问权限。",[56,89,91],{"id":90},"_3-标准","3. 标准",[11,93,94,95,98],{},"OAuth 是",[15,96,97],{},"行业标准协议","（OAuth 2.0 是当前主流版本），几乎所有大平台（微信、QQ、Google、Apple、Facebook、GitHub）都支持。这意味着开发者用统一的协议对接多个平台，不用为每个平台学一套独立方案。",[23,100,102],{"id":101},"第三方登录oauth应用","第三方登录（OAuth应用）",[11,104,105],{},"第三方登录是 OAuth 最常见的应用场景。用户点\"微信登录\"，不用在 APP 注册新账号，直接用微信身份登录。",[56,107,108],{"id":108},"流程",[110,111,112,116,119,122,125,128],"ol",{},[113,114,115],"li",{},"用户点\"微信登录\"——APP 发起 OAuth 流程。",[113,117,118],{},"跳转微信授权页——APP 把用户跳转到微信的授权页面（注意：是微信的页面，不是 APP 自己的页面）。",[113,120,121],{},"用户同意授权——在微信页面确认授权 APP 访问哪些信息（如昵称、头像、openid）。",[113,123,124],{},"微信返回授权令牌——授权成功后，微信把授权码返回给 APP。",[113,126,127],{},"APP 用令牌拿用户信息——APP 后端用授权码换取 access token，再用 token 调微信接口拿用户信息。",[113,129,130],{},"登录——APP 用拿到的用户信息（如 openid）匹配或创建本地用户，完成登录。",[11,132,133,134,137],{},"整个流程中，",[15,135,136],{},"APP 永远接触不到用户的微信密码","——用户在微信页面输入密码，APP 只拿到令牌和授权范围内的信息。这是 OAuth 安全性的核心。",[56,139,140],{"id":140},"优势",[11,142,143,146],{},[15,144,145],{},"便利","——用户不用注册新账号、记新密码，点一下就能登录。对用户来说，少一次注册就是少一次流失——很多用户因为嫌注册麻烦而放弃使用。",[11,148,149,152],{},[15,150,151],{},"安全","——APP 拿不到用户的微信密码，即使 APP 被黑也不会泄露用户的微信账号。",[11,154,155,158],{},[15,156,157],{},"转化","——降低注册门槛直接提升转化率。A\u002FB 测试显示，支持第三方登录的 APP 注册转化率比只有账号注册的高 20% 到 50%。",[23,160,161],{"id":161},"常见第三方登录",[163,164,165,171,177],"ul",{},[113,166,167,170],{},[15,168,169],{},"微信\u002FQQ","（国内）——国内 APP 的标配，微信登录覆盖率最高。",[113,172,173,176],{},[15,174,175],{},"Google\u002FApple\u002FFacebook","（海外）——海外 APP 主流，Google 和 Apple 在 iOS 上尤其重要（Apple 要求支持 Sign in with Apple）。",[113,178,179,182],{},[15,180,181],{},"微博\u002F支付宝","——特定场景使用，支付宝登录适合支付相关应用。",[11,184,185],{},"国内 APP 通常至少支持微信登录，海外 APP 要支持 Google 和 Apple。具体接哪些看目标用户群体。",[23,187,189],{"id":188},"oauth的应用","OAuth的应用",[56,191,193],{"id":192},"_1-第三方登录","1. 第三方登录",[11,195,196],{},"最常见应用——微信\u002FGoogle 登录。用户授权 APP 获取基本信息（昵称、头像、唯一标识），实现免注册登录。",[56,198,200],{"id":199},"_2-授权访问","2. 授权访问",[11,202,203],{},"第三方应用访问你的数据——如授权某日程管理工具访问你的日历、授权某客户管理工具访问你的通讯录、授权某分析工具访问你的电商数据。OAuth 让这种跨应用的数据访问安全可控。",[56,205,207],{"id":206},"_3-开放平台","3. 开放平台",[11,209,210],{},"平台开放 API 给第三方——如微信开放平台让第三方接入微信能力（支付、分享、登录），淘宝开放平台让第三方管理店铺，每个开放平台都用 OAuth 做授权。",[23,212,213],{"id":213},"别踩的坑",[11,215,216,219,220,223,224,227,228,231],{},[15,217,218],{},"不支持第三方登录","——面向消费者的 APP 不支持微信\u002FGoogle 登录，注册门槛高，转化率低。用户不愿意为了一个 APP 记新密码。",[15,221,222],{},"OAuth 配置不当","——回调地址配置错误、scope 设置过大、state 参数缺失，都会带来安全风险。要按规范配置。",[15,225,226],{},"令牌管理乱","——access token 存储不加密、过期不刷新、泄露不撤销，都是安全风险。要有规范的令牌管理。",[15,229,230],{},"过度授权","——只需要昵称头像却申请了发朋友圈的权限，违反最小授权原则，用户会警惕甚至拒绝授权。",[23,233,234],{"id":234},"成本参考",[11,236,237],{},"OAuth 是标准协议，开源库支持：",[239,240,241,257],"table",{},[242,243,244],"thead",{},[245,246,247,251,254],"tr",{},[248,249,250],"th",{},"方面",[248,252,253],{},"说明",[248,255,256],{},"成本",[258,259,260,272],"tbody",{},[245,261,262,266,269],{},[263,264,265],"td",{},"OAuth实现",[263,267,268],{},"开源库",[263,270,271],{},"低（开发）",[245,273,274,277,280],{},[263,275,276],{},"第三方登录",[263,278,279],{},"接微信\u002FGoogle等",[263,281,282],{},"低（接入）",[11,284,285],{},"OAuth 的技术实现成本很低——各大语言都有成熟的开源库（如 Passport.js、Spring Security OAuth、NextAuth），开发工作量小。第三方登录的接入成本也低——微信、Google 等都有完善的开发者文档，几个工作日就能接入。主要成本是申请第三方平台的开发者账号（部分平台要审核）和后续的令牌管理维护。",[23,287,288],{"id":288},"怎么用",[110,290,291,294,297,300],{},[113,292,293],{},"面向消费者的 APP 支持第三方登录——降低注册门槛、提升转化。",[113,295,296],{},"接微信\u002FGoogle 等主流平台——按目标用户群体选。",[113,298,299],{},"规范 OAuth 配置——回调地址、scope、state 参数都要按规范。",[113,301,302],{},"安全管理令牌——加密存储、定期刷新、泄露及时撤销。",[11,304,305],{},"按这个流程走，能安全地用上第三方登录的便利。OAuth 是成熟协议，规范使用风险可控，不规范使用就是安全漏洞。",[307,308,309],"blockquote",{},[11,310,311],{},"广州市汉诺雷斯（HNREIS）帮企业接入第三方登录和OAuth（微信\u002FGoogle等）。把你的登录需求告诉我们，我们给出方案。",{"title":44,"searchDepth":313,"depth":313,"links":314},2,[315,316,322,326,327,332,333,334],{"id":25,"depth":313,"text":26},{"id":53,"depth":313,"text":54,"children":317},[318,320,321],{"id":58,"depth":319,"text":59},3,{"id":74,"depth":319,"text":75},{"id":90,"depth":319,"text":91},{"id":101,"depth":313,"text":102,"children":323},[324,325],{"id":108,"depth":319,"text":108},{"id":140,"depth":319,"text":140},{"id":161,"depth":313,"text":161},{"id":188,"depth":313,"text":189,"children":328},[329,330,331],{"id":192,"depth":319,"text":193},{"id":199,"depth":319,"text":200},{"id":206,"depth":319,"text":207},{"id":213,"depth":313,"text":213},{"id":234,"depth":313,"text":234},{"id":288,"depth":313,"text":288},"comparison",null,"2025-04-02","OAuth是授权协议，第三方登录（微信\u002FGoogle）用它实现。本文用通俗方式讲清OAuth是什么和第三方登录原理。",false,"md",[342,345,348],{"q":343,"a":344},"OAuth是什么，简单说？","OAuth是授权协议，让用户授权第三方应用有限访问自己的资源，而不用把密码给第三方。比如用微信登录某APP，APP拿不到你的微信密码，只是你授权它获取你的微信信息。安全且便利。",{"q":346,"a":347},"第三方登录（微信\u002FGoogle）怎么实现？","用OAuth。用户点\"微信登录\"→跳转微信授权→微信返回授权→APP拿到用户信息（你授权的）→登录。APP不接触你的微信密码，安全。第三方登录便利（不用注册新账号）且安全（OAuth）。",{"q":349,"a":350},"企业要不要支持第三方登录？","看场景。面向消费者的APP\u002F网站，支持微信\u002FGoogle等第三方登录能降低注册门槛、提升转化（用户不想记新账号）。企业内部系统不一定需要。建议面向消费者的支持第三方登录。",[352,276,353,32],"OAuth","微信登录",{},true,"\u002Fblog\u002Fcomparison\u002Foauth-disanfang-denglu",{"title":5,"description":338},{"loc":356},"blog\u002Fcomparison\u002Foauth-disanfang-denglu",[352,361,151],"登录","W-Zt9ss0nc1bVnjqhr5Le12obBeF9Wjdd24euIf7-PY",[364,768,1185,1552],{"id":365,"title":366,"author":6,"body":367,"category":335,"cover":336,"date":741,"description":742,"draft":339,"extension":340,"faq":743,"featured":339,"image":336,"keywords":753,"meta":758,"navigation":355,"path":759,"seo":760,"sitemap":761,"stem":762,"tags":763,"updated":741,"__hash__":767},"blog\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye.md","API、接口、集成这些词到底是什么意思",{"type":8,"value":368,"toc":721},[369,375,379,385,388,399,404,407,410,416,419,424,426,437,442,445,448,462,465,479,484,487,491,505,508,519,522,527,530,537,554,559,562,565,587,592,595,632,638,641,667,670,673,699,702,716],[11,370,371,372],{},"老板常被 API、接口、集成这些技术词绕晕。",[15,373,374],{},"这篇用大白话讲清，帮老板听懂技术沟通。",[23,376,378],{"id":377},"api-是什么大白话","API 是什么（大白话）",[11,380,381,384],{},[15,382,383],{},"API 是两个软件\"对话\"的通道","。",[11,386,387],{},"例子：",[163,389,390,393,396],{},[113,391,392],{},"你的小程序要查物流 → 通过物流公司 API 问\"单号到哪了\" → 物流系统回\"已签收\"。",[113,394,395],{},"你的官网要收款 → 通过支付 API 让客户付款 → 支付系统回\"付款成功\"。",[113,397,398],{},"你的系统要发短信 → 通过短信 API 发 → 短信平台发出去。",[11,400,401,384],{},[15,402,403],{},"API 让不同软件自动互通数据，不用人工搬",[11,405,406],{},"打个比方：API 像餐厅的\"服务员\"——你（小程序）告诉服务员（API）要什么，服务员告诉厨房（另一个系统），厨房做好端回来。你不用自己进厨房。",[23,408,409],{"id":409},"接口是什么",[11,411,412,415],{},[15,413,414],{},"接口就是 API","（同义词）。技术人员说\"做个接口\"\"对接接口\"，就是做 API 让系统互通。",[23,417,418],{"id":418},"集成是什么",[11,420,421,384],{},[15,422,423],{},"集成 = 把多个系统通过 API 连起来，数据自动流通",[11,425,387],{},[163,427,428,431,434],{},[113,429,430],{},"独立站 + ERP 集成：独立站订单自动进 ERP，ERP 库存自动同步独立站。",[113,432,433],{},"小程序 + CRM 集成：小程序客户数据自动进 CRM。",[113,435,436],{},"系统 + 支付集成：系统通过支付 API 收款。",[11,438,439,384],{},[15,440,441],{},"集成让数据自动流，替代人工搬数据",[23,443,444],{"id":444},"企业为什么要做接口集成",[56,446,447],{"id":447},"不集成的问题",[163,449,450,453,456,459],{},[113,451,452],{},"多个系统（独立站\u002FERP\u002FCRM\u002F物流），数据不通。",[113,454,455],{},"人工把数据从一个系统搬到另一个（累、易错）。",[113,457,458],{},"数据不同步（独立站卖了 ERP 库存没减，超卖）。",[113,460,461],{},"效率低。",[56,463,464],{"id":464},"集成的好处",[163,466,467,470,473,476],{},[113,468,469],{},"数据自动流通（订单\u002F库存\u002F客户自动同步）。",[113,471,472],{},"替代人工（省人力、避错）。",[113,474,475],{},"实时同步（不超卖、不漏单）。",[113,477,478],{},"数据统一（可分析）。",[11,480,481,384],{},[15,482,483],{},"系统越多，集成价值越大",[23,485,486],{"id":486},"常见的集成场景",[56,488,490],{"id":489},"电商独立站","电商\u002F独立站",[163,492,493,496,499,502],{},[113,494,495],{},"独立站 ↔ ERP（订单\u002F库存同步）。",[113,497,498],{},"独立站 ↔ 物流（发货\u002F追踪）。",[113,500,501],{},"独立站 ↔ 支付（收款）。",[113,503,504],{},"独立站 ↔ CRM（客户管理）。",[56,506,507],{"id":507},"企业内部",[163,509,510,513,516],{},[113,511,512],{},"系统 ↔ OA（审批\u002F通知）。",[113,514,515],{},"系统 ↔ 财务（对账\u002F开票）。",[113,517,518],{},"系统 ↔ 企微\u002F钉钉（消息\u002F工作流）。",[56,520,521],{"id":521},"数据",[163,523,524],{},[113,525,526],{},"系统 ↔ 数据分析（数据汇总\u002F报表）。",[23,528,529],{"id":529},"集成怎么实现",[11,531,532,533,536],{},"通过 ",[15,534,535],{},"API 对接","：",[110,538,539,542,545,548,551],{},[113,540,541],{},"确认要对接的系统（ERP\u002F物流\u002F支付）。",[113,543,544],{},"看各系统是否提供 API（文档）。",[113,546,547],{},"开发对接（系统间调 API 传数据）。",[113,549,550],{},"测试（数据准确、异常处理）。",[113,552,553],{},"上线 + 监控。",[11,555,556,384],{},[15,557,558],{},"自建系统（Nuxt\u002FVue）能灵活对接任意系统，这是它比 SaaS 的优势",[23,560,561],{"id":561},"老板该懂什么",[11,563,564],{},"老板不用懂代码，懂这些：",[163,566,567,572,577,582],{},[113,568,569,384],{},[15,570,571],{},"API = 软件之间自动传数据的通道",[113,573,574,384],{},[15,575,576],{},"集成 = 多系统数据自动流通",[113,578,579,384],{},[15,580,581],{},"集成能替代人工、提效避错",[113,583,584,384],{},[15,585,586],{},"集成成本看系统数量和复杂度",[11,588,589,384],{},[15,590,591],{},"懂这些，就能和技术\u002F服务商沟通集成需求",[23,593,594],{"id":594},"集成的成本",[239,596,597,606],{},[242,598,599],{},[245,600,601,604],{},[248,602,603],{},"集成类型",[248,605,256],{},[258,607,608,616,624],{},[245,609,610,613],{},[263,611,612],{},"对接一个系统（如 ERP）",[263,614,615],{},"1-3 万",[245,617,618,621],{},[263,619,620],{},"多系统集成",[263,622,623],{},"3-8 万",[245,625,626,629],{},[263,627,628],{},"复杂（双向同步\u002F多系统\u002F定制）",[263,630,631],{},"8 万+",[11,633,634,637],{},[15,635,636],{},"ROI 明确","（替代人工、提效、避错）。",[23,639,640],{"id":640},"常见误区",[163,642,643,649,655,661],{},[113,644,645,648],{},[15,646,647],{},"\"接口很复杂不用懂\"","：老板懂概念就行（API = 数据通道）。",[113,650,651,654],{},[15,652,653],{},"\"不集成也能用\"","：人工搬数据累易错，不可持续。",[113,656,657,660],{},[15,658,659],{},"\"集成是一次性的\"","：系统升级\u002F业务变化，集成要维护。",[113,662,663,666],{},[15,664,665],{},"\"SaaS 不用集成\"","：SaaS 也要和其他系统打通。",[23,668,669],{"id":669},"怎么判断要不要集成",[11,671,672],{},"问自己：",[110,674,675,681,687,693],{},[113,676,677,680],{},[15,678,679],{},"有多个系统吗？"," 有 → 可能要集成。",[113,682,683,686],{},[15,684,685],{},"人工搬数据吗？"," 搬 → 该集成。",[113,688,689,692],{},[15,690,691],{},"数据需要同步吗？"," 需要 → 集成。",[113,694,695,698],{},[15,696,697],{},"集成 ROI 划算吗？","（省的人力 > 投入）划算 → 做。",[23,700,701],{"id":701},"怎么做",[110,703,704,707,710,713],{},[113,705,706],{},"梳理要对接的系统 + 数据流。",[113,708,709],{},"确认各系统 API。",[113,711,712],{},"开发对接。",[113,714,715],{},"测试 + 监控。",[307,717,718],{},[11,719,720],{},"广州市汉诺雷斯（HNREIS）提供系统集成（API 对接 ERP\u002F物流\u002F支付\u002FCRM），帮企业打通数据。把你的系统情况告诉我们，我们设计集成方案。",{"title":44,"searchDepth":313,"depth":313,"links":722},[723,724,725,726,730,735,736,737,738,739,740],{"id":377,"depth":313,"text":378},{"id":409,"depth":313,"text":409},{"id":418,"depth":313,"text":418},{"id":444,"depth":313,"text":444,"children":727},[728,729],{"id":447,"depth":319,"text":447},{"id":464,"depth":319,"text":464},{"id":486,"depth":313,"text":486,"children":731},[732,733,734],{"id":489,"depth":319,"text":490},{"id":507,"depth":319,"text":507},{"id":521,"depth":319,"text":521},{"id":529,"depth":313,"text":529},{"id":561,"depth":313,"text":561},{"id":594,"depth":313,"text":594},{"id":640,"depth":313,"text":640},{"id":669,"depth":313,"text":669},{"id":701,"depth":313,"text":701},"2024-05-15","老板常被 API、接口、集成这些技术词绕晕。本文用大白话讲清这些概念和企业集成场景，帮老板听懂技术沟通。",[744,747,750],{"q":745,"a":746},"API 到底是什么，大白话说？","API 是两个软件\"对话\"的通道。比如你的小程序要查物流，就通过物流公司的 API 问\"这个单号到哪了\"，物流系统通过 API 回\"已签收\"。API 让不同软件能互通数据，不用人工搬。你不用懂代码，只要知道\"API = 软件之间自动传数据的通道\"。",{"q":748,"a":749},"我们为什么要做接口集成？","因为你的多个系统要互通。比如独立站订单要进 ERP、库存要同步、物流要追踪，不集成就要人工把数据从一个系统搬到另一个（累、易错）。集成后数据自动流通，提效准确。系统越多，集成价值越大。",{"q":751,"a":752},"接口集成要多少钱？","看对接的系统数量和复杂度。对接一个系统（如 ERP）通常 1-3 万；多系统集成（ERP+物流+支付+CRM）3-8 万。集成能替代人工、提效避错，ROI 明确。",[754,755,756,757],"API接口通俗解释","什么是API","接口集成","系统对接",{},"\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye",{"title":366,"description":742},{"loc":759},"blog\u002Fcomparison\u002Fapi-jiekou-shiye",[764,765,766],"API","概念","通俗","A7Jdt6jv4eTPYhdWviHOSLSzOR5pN0xxO_6QT9M2ODg",{"id":769,"title":770,"author":6,"body":771,"category":335,"cover":336,"date":1159,"description":1160,"draft":339,"extension":340,"faq":1161,"featured":339,"image":336,"keywords":1171,"meta":1176,"navigation":355,"path":1177,"seo":1178,"sitemap":1179,"stem":1180,"tags":1181,"updated":1159,"__hash__":1184},"blog\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme.md","API网关是什么",{"type":8,"value":772,"toc":1143},[773,780,783,786,789,795,798,801,807,811,825,829,843,847,861,865,879,883,897,901,909,912,958,961,965,968,1013,1038,1040,1066,1068,1106,1109,1112,1138],[11,774,775,776,779],{},"API 网关是系统架构里常见的组件，",[15,777,778],{},"通俗说就是系统的\"统一前台\"。"," 这篇讲清是什么、解决什么、要不要用。",[23,781,770],{"id":782},"api网关是什么",[11,784,785],{},"在微服务架构里，后端可能拆分成几十个甚至上百个服务。如果每个服务都直接对外提供接口，客户端要记住每个服务的地址、每个服务都要自己处理鉴权限流——这会非常混乱。API 网关就是解决这个问题的。",[11,787,788],{},"所有外部请求先到网关，网关统一处理后转发到后端：",[35,790,793],{"className":791,"code":792,"language":40},[38],"客户端 → API网关（鉴权\u002F限流\u002F监控）→ 后端服务\n",[42,794,792],{"__ignoreMap":44},[11,796,797],{},"类比公司前台：访客（客户端请求）先到前台登记（鉴权\u002F限流），前台再引导到对应部门（转发到后端服务）。访客不用记每个部门在哪，部门也不用自己设前台。",[23,799,800],{"id":800},"网关做什么",[11,802,803,804,384],{},"API 网关的核心职责是",[15,805,806],{},"把各服务都要做的\"公共事\"统一收口",[56,808,810],{"id":809},"_1-统一入口","1. 统一入口",[163,812,813,819],{},[113,814,815,818],{},[15,816,817],{},"所有请求统一入口","：客户端只需要知道网关地址，不用记每个服务的地址。",[113,820,821,824],{},[15,822,823],{},"后端服务不直接暴露","：后端服务可以部署在内网，只把网关暴露在外网，安全风险降低。",[56,826,828],{"id":827},"_2-鉴权","2. 鉴权",[163,830,831,837],{},[113,832,833,836],{},[15,834,835],{},"统一身份验证","：所有请求的鉴权在网关统一做，比如验证 token、校验权限。",[113,838,839,842],{},[15,840,841],{},"后端不用各自鉴权","：后端服务可以信任网关已通过的请求，专注业务逻辑，不用重复写鉴权代码。",[56,844,846],{"id":845},"_3-限流","3. 限流",[163,848,849,855],{},[113,850,851,854],{},[15,852,853],{},"防止过载和恶意请求","：网关按规则限制每个客户端、每个接口的调用频率，防止恶意刷接口或突发流量压垮后端。",[113,856,857,860],{},[15,858,859],{},"保护后端","：流量超出后端承受能力时，网关可以拒绝或排队，保护后端不被打挂。",[56,862,864],{"id":863},"_4-路由转发","4. 路由转发",[163,866,867,873],{},[113,868,869,872],{},[15,870,871],{},"请求转发到对应服务","：网关根据请求路径、头部等信息，把请求转发到正确的后端服务。",[113,874,875,878],{},[15,876,877],{},"负载均衡","：一个服务有多个实例时，网关把请求分发到不同实例，提升整体处理能力。",[56,880,882],{"id":881},"_5-监控日志","5. 监控日志",[163,884,885,891],{},[113,886,887,890],{},[15,888,889],{},"统一监控和日志","：所有请求的调用量、响应时间、错误率在网关统一采集，不用每个服务各自做。",[113,892,893,896],{},[15,894,895],{},"可观测性","：网关的监控数据是排查问题、优化性能的重要依据。",[56,898,900],{"id":899},"_6-协议转换","6. 协议转换",[163,902,903],{},[113,904,905,908],{},[15,906,907],{},"不同协议转换","：客户端用 HTTP，后端用 gRPC 或 Dubbo，网关可以做协议转换，让前后端用各自适合的协议。",[23,910,911],{"id":911},"为什么用网关",[239,913,914,924],{},[242,915,916],{},[245,917,918,921],{},[248,919,920],{},"问题",[248,922,923],{},"网关解决",[258,925,926,934,942,950],{},[245,927,928,931],{},[263,929,930],{},"鉴权散在各服务",[263,932,933],{},"统一鉴权",[245,935,936,939],{},[263,937,938],{},"服务直接暴露",[263,940,941],{},"统一入口保护",[245,943,944,947],{},[263,945,946],{},"流量过载",[263,948,949],{},"限流",[245,951,952,955],{},[263,953,954],{},"监控散",[263,956,957],{},"统一监控",[11,959,960],{},"不用网关的情况下，每个服务都要自己实现鉴权、限流、监控、日志，代码重复、维护成本高，还容易出不一致的问题。网关把这些公共能力收口，后端服务可以更专注业务。",[23,962,964],{"id":963},"用-vs-不用","用 vs 不用",[11,966,967],{},"网关不是所有系统都需要，要看规模和复杂度。",[239,969,970,980],{},[242,971,972],{},[245,973,974,977],{},[248,975,976],{},"情况",[248,978,979],{},"建议",[258,981,982,990,998,1006],{},[245,983,984,987],{},[263,985,986],{},"服务少\u002F简单",[263,988,989],{},"不一定需要",[245,991,992,995],{},[263,993,994],{},"微服务\u002F服务多",[263,996,997],{},"价值大",[245,999,1000,1003],{},[263,1001,1002],{},"开放API",[263,1004,1005],{},"需要",[245,1007,1008,1011],{},[263,1009,1010],{},"多端接入",[263,1012,1005],{},[163,1014,1015,1021,1027,1033],{},[113,1016,1017,1020],{},[15,1018,1019],{},"服务少、简单","：比如一个单体应用就两三个接口，上不上网关差别不大，反而增加复杂度。",[113,1022,1023,1026],{},[15,1024,1025],{},"微服务、服务多","：服务一多，没有网关统一管理会很痛苦，网关价值就体现出来了。",[113,1028,1029,1032],{},[15,1030,1031],{},"开放 API","：对外提供 API 的场景，网关几乎是必需品——鉴权、限流、文档、监控都要在网关层做。",[113,1034,1035,1037],{},[15,1036,1010],{},"：APP、小程序、Web、第三方多端接入，网关统一入口能简化接入复杂度。",[23,1039,213],{"id":213},[163,1041,1042,1048,1054,1060],{},[113,1043,1044,1047],{},[15,1045,1046],{},"简单系统上重网关","：就两三个服务的简单系统，非要上 Kong 或 APISIX 这种重网关，属于过度设计，增加运维负担。",[113,1049,1050,1053],{},[15,1051,1052],{},"自己从头开发","：网关是成熟领域，有很多开源和商业产品（Kong、APISIX、云厂商网关），自己从头开发既慢又容易出问题。",[113,1055,1056,1059],{},[15,1057,1058],{},"网关成单点","：网关挂了整个系统就访问不了，必须做高可用部署（多实例、负载均衡）。",[113,1061,1062,1065],{},[15,1063,1064],{},"鉴权还散在各服务","：上了网关但鉴权还在各服务自己做，等于没用上网关的核心价值。",[23,1067,234],{"id":234},[239,1069,1070,1082],{},[242,1071,1072],{},[245,1073,1074,1077,1079],{},[248,1075,1076],{},"方案",[248,1078,253],{},[248,1080,1081],{},"成本量级",[258,1083,1084,1095],{},[245,1085,1086,1089,1092],{},[263,1087,1088],{},"开源\u002F云网关",[263,1090,1091],{},"Kong\u002FAPISIX\u002F云厂商",[263,1093,1094],{},"低到中",[245,1096,1097,1100,1103],{},[263,1098,1099],{},"定制集成",[263,1101,1102],{},"和业务深度集成",[263,1104,1105],{},"中",[11,1107,1108],{},"主流网关产品（Kong、APISIX）开源免费，主要成本是部署运维。云厂商的网关服务（阿里云、腾讯云、AWS）按量计费，用量不大的话成本不高。自己定制集成成本中等，适合有特殊需求的场景。",[23,1110,1111],{"id":1111},"怎么选",[110,1113,1114,1120,1126,1132],{},[113,1115,1116,1119],{},[15,1117,1118],{},"评估服务数量和复杂度","：服务多、架构复杂才考虑网关。",[113,1121,1122,1125],{},[15,1123,1124],{},"简单系统不一定需要","：两三个服务的单体应用不用上网关。",[113,1127,1128,1131],{},[15,1129,1130],{},"微服务\u002F开放API用网关","：服务多、对外开放的场景，网关价值大。",[113,1133,1134,1137],{},[15,1135,1136],{},"优先成熟产品","：用 Kong、APISIX、云厂商网关，不要自己从头开发。",[307,1139,1140],{},[11,1141,1142],{},"广州市汉诺雷斯（HNREIS）帮企业做系统架构设计，含API网关选型和集成。把你的系统需求告诉我们，我们给出架构建议。",{"title":44,"searchDepth":313,"depth":313,"links":1144},[1145,1146,1154,1155,1156,1157,1158],{"id":782,"depth":313,"text":770},{"id":800,"depth":313,"text":800,"children":1147},[1148,1149,1150,1151,1152,1153],{"id":809,"depth":319,"text":810},{"id":827,"depth":319,"text":828},{"id":845,"depth":319,"text":846},{"id":863,"depth":319,"text":864},{"id":881,"depth":319,"text":882},{"id":899,"depth":319,"text":900},{"id":911,"depth":313,"text":911},{"id":963,"depth":313,"text":964},{"id":213,"depth":313,"text":213},{"id":234,"depth":313,"text":234},{"id":1111,"depth":313,"text":1111},"2024-05-28","API网关是系统的统一入口，负责转发、鉴权、限流和监控。本文用通俗方式讲清API网关是什么、解决什么问题、企业要不要用。",[1162,1165,1168],{"q":1163,"a":1164},"API网关是什么，简单说？","API网关是系统的\"统一前台\"——所有外部请求先到网关，网关再转发到后端服务。它统一处理鉴权、限流、监控、日志这些公共事，后端服务专注业务。类比公司前台，访客先到前台登记再进去。",{"q":1166,"a":1167},"企业一定要用API网关吗？","不一定。系统简单、服务少，不一定需要网关。服务多（微服务）、要统一鉴权限流监控、对外开放API、多端接入时，网关价值大。建议按规模和复杂度选，不要为用而用。",{"q":1169,"a":1170},"API网关要花多少钱？","看方式。用开源\u002F云网关产品（如Kong\u002FAPISIX\u002F云厂商网关）成本较低，按量或自建运维；定制集成成本中等。建议优先用成熟网关产品，而不是自己从头开发。",[1172,1173,1174,1175],"API网关","网关是什么","API管理","微服务网关",{},"\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",{"title":770,"description":1160},{"loc":1177},"blog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",[764,1182,1183],"网关","架构","CInYK4Or6VhknVKica8mjtvcuqr1CPVLRxjpJ0II3Fc",{"id":1186,"title":1187,"author":6,"body":1188,"category":335,"cover":336,"date":1528,"description":1529,"draft":339,"extension":340,"faq":1530,"featured":339,"image":336,"keywords":1540,"meta":1544,"navigation":355,"path":1545,"seo":1546,"sitemap":1547,"stem":1548,"tags":1549,"updated":1528,"__hash__":1551},"blog\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git.md","代码版本控制（Git）是什么",{"type":8,"value":1189,"toc":1514},[1190,1197,1200,1204,1207,1213,1219,1225,1229,1233,1236,1246,1250,1253,1263,1267,1270,1284,1288,1298,1302,1372,1375,1378,1384,1390,1396,1402,1404,1422,1424,1427,1474,1477,1480,1506,1509],[11,1191,1192,1193,1196],{},"Git 是开发团队的必备工具，",[15,1194,1195],{},"通俗说是代码的\"时光机\"和\"协作台\"。"," 这篇讲清老板需要了解的。",[11,1198,1199],{},"软件开发是个高度协作的工作——几个甚至几十个开发同时改同一份代码，如果没有版本控制工具，光是\"谁改了什么\"\"怎么合并\"\"改坏了怎么回退\"这些问题就能让团队崩溃。Git 就是为了解决这些问题而生的工具，它已经成为软件开发行业的标准配置。这篇用通俗方式讲清 Git 是什么、为什么开发要用、老板需要关心什么。",[23,1201,1203],{"id":1202},"git是什么","Git是什么",[11,1205,1206],{},"Git 是代码版本控制工具，核心做三件事：",[11,1208,1209,1212],{},[15,1210,1211],{},"记录历史","——代码的每次改动都有记录（谁、什么时候、改了什么），能回到任何历史版本。相当于代码的\"时光机\"，改坏了随时回退。",[11,1214,1215,1218],{},[15,1216,1217],{},"多人协作","——多个开发同时改代码，Git 能自动合并、识别冲突。相当于代码的\"协作台\"，让团队并行开发而不互相踩踏。",[11,1220,1221,1224],{},[15,1222,1223],{},"分支","——从主线分出独立分支，在分支上做新功能，做完再合并回主线。相当于代码的\"平行宇宙\"，多个功能同时开发互不影响。",[23,1226,1228],{"id":1227},"为什么用git","为什么用Git",[56,1230,1232],{"id":1231},"_1-记录历史","1. 记录历史",[11,1234,1235],{},"代码的每一次改动（commit）都有完整记录——谁改的、什么时候改的、改了哪些文件、改了什么内容。这条记录链形成代码的完整历史。",[11,1237,1238,1241,1242,1245],{},[15,1239,1240],{},"改坏了能回退","——新功能改崩了，一条命令就能回到之前的稳定版本，不用从头再来。",[15,1243,1244],{},"知道谁改了什么","——出问题时能追溯到具体是哪次改动引入的 bug、谁改的，便于排查和复盘。历史记录还让代码审计、合规追溯成为可能——金融、医疗等强监管行业对代码变更有审计要求，Git 历史是天然的审计日志。",[56,1247,1249],{"id":1248},"_2-多人协作","2. 多人协作",[11,1251,1252],{},"没有版本控制时，多人改同一份代码要靠\"文件传来传去\"或\"共享文件夹\"，冲突频发、改动丢失、版本混乱。Git 让多人协作规范化——每个人在本地改，改完提交，Git 自动合并或识别冲突。",[11,1254,1255,1258,1259,1262],{},[15,1256,1257],{},"多人同时开发不冲突","——Git 的合并机制能自动合并不同部分的改动，相同部分的冲突会明确标出，让开发者手动解决。",[15,1260,1261],{},"合并代码规范","——通过 pull request（PR）或 merge request（MR）流程，代码合并前要经过 review（代码审查），保证质量。",[56,1264,1266],{"id":1265},"_3-分支","3. 分支",[11,1268,1269],{},"分支是 Git 的杀手级特性。从主线（main\u002Fmaster）分出独立分支，在分支上开发新功能，开发完成、测试通过后再合并回主线。",[11,1271,1272,1275,1276,1279,1280,1283],{},[15,1273,1274],{},"同时做多个功能","——开发 A 做支付功能、开发 B 做用户中心，两人各自在自己的分支上开发，互不影响。",[15,1277,1278],{},"互不影响","——某个功能开发中出了问题，不会污染主线，主线始终保持稳定。",[15,1281,1282],{},"测试稳定再合并","——功能在分支上开发测试，稳定后才合并到主线，主线始终是可发布的状态。",[56,1285,1287],{"id":1286},"_4-备份","4. 备份",[11,1289,1290,1293,1294,1297],{},[15,1291,1292],{},"代码在远程仓库备份","——本地代码 push 到远程仓库（GitHub、GitLab、Gitee），相当于异地备份。本地电脑坏了、丢了，代码还在远程仓库。",[15,1295,1296],{},"不怕丢","——多人协作时每个人都有一份完整副本，任何一份丢失都能从其他人恢复。",[23,1299,1301],{"id":1300},"git-vs-不用版本控制","Git vs 不用版本控制",[239,1303,1304,1317],{},[242,1305,1306],{},[245,1307,1308,1311,1314],{},[248,1309,1310],{},"维度",[248,1312,1313],{},"Git",[248,1315,1316],{},"不用",[258,1318,1319,1330,1341,1352,1361],{},[245,1320,1321,1324,1327],{},[263,1322,1323],{},"历史",[263,1325,1326],{},"完整记录",[263,1328,1329],{},"没有",[245,1331,1332,1335,1338],{},[263,1333,1334],{},"协作",[263,1336,1337],{},"规范",[263,1339,1340],{},"手动易冲突",[245,1342,1343,1346,1349],{},[263,1344,1345],{},"回退",[263,1347,1348],{},"能",[263,1350,1351],{},"不能",[245,1353,1354,1356,1359],{},[263,1355,1223],{},[263,1357,1358],{},"支持",[263,1360,1329],{},[245,1362,1363,1366,1369],{},[263,1364,1365],{},"专业性",[263,1367,1368],{},"行业标准",[263,1370,1371],{},"不规范",[11,1373,1374],{},"不用版本控制的开发方式现在已经很少见——连个人开发者都用 Git 管理代码。如果一个开发团队不用 Git，基本可以判断为不规范。",[23,1376,1377],{"id":1377},"老板要了解的",[11,1379,1380,1383],{},[15,1381,1382],{},"规范团队都用 Git","——这是判断开发团队专业性的基本标准。用 Git 意味着团队有规范的开发流程（分支管理、代码审查、持续集成），而不是各自为政。反映专业性。",[11,1385,1386,1389],{},[15,1387,1388],{},"代码资产","——Git 仓库是企业的重要数字资产。仓库里不只是当前代码，还有完整的开发历史、设计决策、问题修复过程。这些是企业知识资产的重要组成部分。",[11,1391,1392,1395],{},[15,1393,1394],{},"源码交付","——服务商交付源码时，Git 仓库（含完整版本记录）是重要资产。只有当前代码没有历史记录，等于丢了开发过程的上下文。规范的源码交付应该包含 Git 仓库。源码含完整版本记录。",[11,1397,1398,1401],{},[15,1399,1400],{},"协作规范","——多人开发有据可查——谁做了什么、什么时候做的、为什么这么做，都有记录。出问题能追溯，避免推诿。",[23,1403,213],{"id":213},[11,1405,1406,1409,1410,1413,1414,1417,1418,1421],{},[15,1407,1408],{},"不用版本控制","——不规范、易丢代码。现在几乎没团队这么做了，但仍有个别服务商交付\"散落的代码文件\"而不是 Git 仓库，要注意。",[15,1411,1412],{},"不提交远程","——只在本地用 Git，不 push 到远程仓库，电脑坏了代码全丢。规范的团队都有远程仓库。",[15,1415,1416],{},"不分分支","——所有改动直接在主线做，功能混在一起乱、出问题难回退。规范团队都有分支策略（如 Git Flow、GitHub Flow）。",[15,1419,1420],{},"不写提交说明","——每次提交不写说明或写\"update\"\"fix\"这种无意义内容，不知道改了什么。规范团队要求写有意义的提交说明。",[23,1423,234],{"id":234},[11,1425,1426],{},"Git 本身免费（开源），成本在团队规范使用：",[239,1428,1429,1439],{},[242,1430,1431],{},[245,1432,1433,1435,1437],{},[248,1434,250],{},[248,1436,253],{},[248,1438,256],{},[258,1440,1441,1452,1463],{},[245,1442,1443,1446,1449],{},[263,1444,1445],{},"Git工具",[263,1447,1448],{},"开源免费",[263,1450,1451],{},"免费",[245,1453,1454,1457,1460],{},[263,1455,1456],{},"托管平台",[263,1458,1459],{},"GitHub\u002FGitLab等",[263,1461,1462],{},"免费\u002F订阅",[245,1464,1465,1468,1471],{},[263,1466,1467],{},"团队规范",[263,1469,1470],{},"培训使用",[263,1472,1473],{},"低",[11,1475,1476],{},"Git 工具完全免费。托管平台有免费档（GitHub 公开仓库免费、GitLab 免费版）和付费档（私有仓库、企业版），按团队规模每月几美元到几十美元。团队规范使用要培训，但 Git 已经是开发行业基础技能，招聘时默认会，培训成本很低。",[23,1478,1479],{"id":1479},"怎么确认团队规范",[110,1481,1482,1488,1494,1500],{},[113,1483,1484,1487],{},[15,1485,1486],{},"确认团队用 Git 管理代码","——这是基本标准。问\"代码在哪个仓库\"\"分支策略是什么\"能快速判断。",[113,1489,1490,1493],{},[15,1491,1492],{},"代码在远程仓库（备份）","——有远程托管（GitHub、GitLab、Gitee 或自建），不只本地。",[113,1495,1496,1499],{},[15,1497,1498],{},"有分支和提交记录","——查看仓库历史，有没有规范的分支、有意义的提交说明、代码审查记录。",[113,1501,1502,1505],{},[15,1503,1504],{},"源码交付含 Git 仓库","——服务商交付时应该交付 Git 仓库（含完整历史），不只是当前代码文件。",[11,1507,1508],{},"按这几点核对，能快速判断开发团队是否规范。规范的 Git 使用是专业开发的基本标志，也是代码资产安全的基本保障。",[307,1510,1511],{},[11,1512,1513],{},"广州市汉诺雷斯（HNREIS）用Git规范管理代码，源码完整交付（含版本记录）。把你的项目需求告诉我们，我们规范交付。",{"title":44,"searchDepth":313,"depth":313,"links":1515},[1516,1517,1523,1524,1525,1526,1527],{"id":1202,"depth":313,"text":1203},{"id":1227,"depth":313,"text":1228,"children":1518},[1519,1520,1521,1522],{"id":1231,"depth":319,"text":1232},{"id":1248,"depth":319,"text":1249},{"id":1265,"depth":319,"text":1266},{"id":1286,"depth":319,"text":1287},{"id":1300,"depth":313,"text":1301},{"id":1377,"depth":313,"text":1377},{"id":213,"depth":313,"text":213},{"id":234,"depth":313,"text":234},{"id":1479,"depth":313,"text":1479},"2024-06-06","Git是代码版本控制工具，记录历史、支持协作和分支。本文用通俗方式讲清Git是什么、为什么开发要用、老板要了解什么。",[1531,1534,1537],{"q":1532,"a":1533},"Git是什么，简单说？","Git是代码版本控制工具，通俗说是代码的\"时光机\"和\"协作台\"——记录每次改动的历史（能回到任何版本）、多人同时改不冲突、支持分支（同时做多个功能）。开发团队用Git管理代码是行业标准。",{"q":1535,"a":1536},"老板为什么要了解Git？","Git关系到代码资产管理和交付。用Git意味着代码有完整历史、多人协作规范、源码可交付（有完整版本记录）。规范的开发团队都用Git，这反映团队专业性。源码交付时Git仓库是重要资产。",{"q":1538,"a":1539},"不用Git会怎样？","不用版本控制，代码改动没记录（改坏了回不去）、多人协作靠手动合并（易冲突丢代码）、没有分支（难同时做多功能）。现在专业开发都用Git，不用版本控制是不规范的表现。",[1313,1541,1542,1543],"版本控制","代码管理","代码版本",{},"\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git",{"title":1187,"description":1529},{"loc":1545},"blog\u002Fcomparison\u002Fbanben-kongzhi-git",[1313,1541,1550],"开发","DDOY-P0lE1QLrLUQlE8ZQ8GpIAjcQnAG0lviW8QNo_I",{"id":1553,"title":1554,"author":6,"body":1555,"category":335,"cover":336,"date":1923,"description":1924,"draft":339,"extension":340,"faq":1925,"featured":339,"image":336,"keywords":1935,"meta":1938,"navigation":355,"path":1939,"seo":1940,"sitemap":1941,"stem":1942,"tags":1943,"updated":1923,"__hash__":1946},"blog\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan.md","本地部署和云部署的区别",{"type":8,"value":1556,"toc":1904},[1557,1564,1567,1571,1653,1655,1658,1660,1680,1683,1703,1705,1708,1711,1737,1740,1760,1762,1766,1777,1780,1791,1794,1802,1804,1830,1832,1879,1882,1899],[11,1558,1559,1560,1563],{},"软件部署在自己机房（本地）还是云上？",[15,1561,1562],{},"两者数据位置、成本、运维、弹性不同。"," 这篇讲清区别和选择。",[11,1565,1566],{},"很多企业在做信息化决策时，第一道选择题就是\"上云还是私有化部署\"。这件事看起来只是技术选型，实际上牵涉到数据归属、合规边界、运维投入、长期成本以及未来扩展性。如果一开始选错方向，后期再迁移会付出很大代价——数据迁移、接口改造、业务中断、人员重新培训。所以我们建议在动手之前，把两种方式的本质差异理清楚，再结合自身的数据敏感度、规模和运维能力做选择。",[23,1568,1570],{"id":1569},"本地部署-vs-云部署","本地部署 vs 云部署",[239,1572,1573,1585],{},[242,1574,1575],{},[245,1576,1577,1579,1582],{},[248,1578,1310],{},[248,1580,1581],{},"本地部署",[248,1583,1584],{},"云部署",[258,1586,1587,1598,1609,1620,1631,1642],{},[245,1588,1589,1592,1595],{},[263,1590,1591],{},"数据位置",[263,1593,1594],{},"自己机房",[263,1596,1597],{},"云厂商",[245,1599,1600,1603,1606],{},[263,1601,1602],{},"可控性",[263,1604,1605],{},"高",[263,1607,1608],{},"依赖云厂商",[245,1610,1611,1614,1617],{},[263,1612,1613],{},"初期成本",[263,1615,1616],{},"高（买服务器）",[263,1618,1619],{},"低（按需付费）",[245,1621,1622,1625,1628],{},[263,1623,1624],{},"运维",[263,1626,1627],{},"自己负责",[263,1629,1630],{},"云厂商负责部分",[245,1632,1633,1636,1639],{},[263,1634,1635],{},"弹性",[263,1637,1638],{},"难（要买硬件）",[263,1640,1641],{},"强（随时扩容）",[245,1643,1644,1647,1650],{},[263,1645,1646],{},"上线速度",[263,1648,1649],{},"慢",[263,1651,1652],{},"快",[23,1654,1581],{"id":1581},[11,1656,1657],{},"本地部署也叫私有化部署，是把软件连同数据库完整安装在客户自己机房的服务器上，所有数据从产生、存储到流转都在客户自己的硬件和网络环境里。云厂商或其他第三方无法直接访问到这些数据。",[56,1659,140],{"id":140},[163,1661,1662,1668,1674],{},[113,1663,1664,1667],{},[15,1665,1666],{},"数据自主","：数据完全在自己机房，物理上和网络上都可控，敏感行业（金融、政务、医疗、能源、核心商业数据）的合规要求通常通过本地部署满足。",[113,1669,1670,1673],{},[15,1671,1672],{},"完全可控","：不依赖云厂商，不会因为云厂商故障、停服、政策调整影响业务；网络策略、访问权限、加密方式都可以按自己的标准来制定。",[113,1675,1676,1679],{},[15,1677,1678],{},"长期固定成本","：初期一次性投入后，主要成本是电费、机房和运维人员工资，规模上来之后单位成本会被摊薄，长期运营相对划算。",[56,1681,1682],{"id":1682},"劣势",[163,1684,1685,1691,1697],{},[113,1686,1687,1690],{},[15,1688,1689],{},"初期贵","：要买服务器、存储、网络设备，还要准备机房或机柜、UPS、空调、带宽等配套，光硬件投入就是几万到几十万，再加上软件授权和实施，初期门槛较高。",[113,1692,1693,1696],{},[15,1694,1695],{},"要运维","：硬件会坏、系统要打补丁、网络要排查、备份要做、安全要防护，需要专门的运维人员，小企业养一支运维团队成本不低。",[113,1698,1699,1702],{},[15,1700,1701],{},"弹性差","：业务量突然上涨，本地机房很难快速扩容——采购周期、上架、配置都要时间；业务量下降，已买的硬件也退不掉，资源闲置。",[23,1704,1584],{"id":1584},[11,1706,1707],{},"云部署是把软件部署在云厂商提供的服务器上（阿里云、腾讯云、华为云、AWS 等），按使用量付费。硬件、机房、网络、基础安全都由云厂商负责，客户只关注应用本身。",[56,1709,140],{"id":1710},"优势-1",[163,1712,1713,1719,1725,1731],{},[113,1714,1715,1718],{},[15,1716,1717],{},"初期便宜","：按需付费，不用一次性买服务器，一台云主机从几十元到几百元每月起步，小企业或初创项目几乎零门槛。",[113,1720,1721,1724],{},[15,1722,1723],{},"省运维","：云厂商负责硬件、网络、机房、基础安全，客户只需要关注应用配置和数据，运维压力大幅下降，小团队也能跑稳生产环境。",[113,1726,1727,1730],{},[15,1728,1729],{},"弹性强","：业务高峰可以临时扩容（加机器、加带宽、加存储），低谷再缩容，按实际用量结算，特别适合季节性、活动型、流量波动大的业务。",[113,1732,1733,1736],{},[15,1734,1735],{},"上线快","：开通云主机几分钟，配合容器化部署可以做到当天开服、当天上线，对快速验证、敏捷迭代非常友好。",[56,1738,1682],{"id":1739},"劣势-1",[163,1741,1742,1748,1754],{},[113,1743,1744,1747],{},[15,1745,1746],{},"数据在云","：数据物理上存在云厂商机房，依赖云厂商的安全能力和商业稳定性，敏感行业和强合规场景需要谨慎评估。",[113,1749,1750,1753],{},[15,1751,1752],{},"持续付费","：云资源按月或按年计费，长期累积下来可能比一次性买硬件更贵，规模越大、运行越久越明显。",[113,1755,1756,1759],{},[15,1757,1758],{},"合规限制","：部分行业（金融、政务、医疗、关键信息基础设施）的数据不允许上公有云，或只能上指定云、政务云、行业云。",[23,1761,1111],{"id":1111},[56,1763,1765],{"id":1764},"选本地私有化","选本地（私有化）",[163,1767,1768,1771,1774],{},[113,1769,1770],{},"数据高度敏感，比如金融交易、政务数据、医疗档案、核心商业数据、客户隐私。",[113,1772,1773],{},"要完全自主可控，对外部依赖、对供应商锁定特别敏感。",[113,1775,1776],{},"规模大、长期固定负载，本地部署的总账算下来比持续上云更划算。",[56,1778,1779],{"id":1779},"选云",[163,1781,1782,1785,1788],{},[113,1783,1784],{},"数据不敏感，或合规允许上云，希望轻装上阵。",[113,1786,1787],{},"业务有明显弹性，需要快速扩容、缩容，或处于快速验证阶段。",[113,1789,1790],{},"中小规模，没有专业的运维团队，希望把硬件和网络都外包出去。",[56,1792,1793],{"id":1793},"混合",[163,1795,1796,1799],{},[113,1797,1798],{},"敏感数据放本地（如核心交易、客户隐私），一般业务上云（如官网、营销、内部办公）。",[113,1800,1801],{},"通过专线、VPN、API 网关打通，做到\"敏感在内、弹性在外\"，是很多中大型企业的主流选择。",[23,1803,213],{"id":213},[163,1805,1806,1812,1818,1824],{},[113,1807,1808,1811],{},[15,1809,1810],{},"敏感数据上云","：忽视合规要求把不该上云的数据放公有云，可能面临监管处罚、整改甚至停业。",[113,1813,1814,1817],{},[15,1815,1816],{},"小规模本地部署","：业务量不大却硬上私有化，硬件折旧和运维成本根本摊不开，反而比上云贵。",[113,1819,1820,1823],{},[15,1821,1822],{},"只比单价不算总账","：云单价便宜不等于长期便宜，本地初期贵不等于长期贵，要按 3 年、5 年总成本（TCO）来算。",[113,1825,1826,1829],{},[15,1827,1828],{},"忽视云持续费用","：带宽、存储、CDN、增值服务都会按月累计，业务量起来后账单会快速上涨。",[23,1831,234],{"id":234},[239,1833,1834,1846],{},[242,1835,1836],{},[245,1837,1838,1841,1843],{},[248,1839,1840],{},"方式",[248,1842,253],{},[248,1844,1845],{},"成本特点",[258,1847,1848,1859,1870],{},[245,1849,1850,1853,1856],{},[263,1851,1852],{},"本地",[263,1854,1855],{},"服务器+机房+运维",[263,1857,1858],{},"初期高，长期固定",[245,1860,1861,1864,1867],{},[263,1862,1863],{},"云",[263,1865,1866],{},"按需付费",[263,1868,1869],{},"初期低，持续",[245,1871,1872,1874,1877],{},[263,1873,1793],{},[263,1875,1876],{},"敏感本地+一般云",[263,1878,1105],{},[23,1880,1111],{"id":1881},"怎么选-1",[110,1883,1884,1887,1890,1893,1896],{},[113,1885,1886],{},"评估数据敏感度——是否涉及个人信息、重要数据、行业强合规。",[113,1888,1889],{},"评估规模和弹性需求——是稳定负载还是波动剧烈。",[113,1891,1892],{},"算总账（初期 + 长期 3-5 年），不只看月费。",[113,1894,1895],{},"评估运维能力——有没有专门的运维团队。",[113,1897,1898],{},"按需求选本地 \u002F 云 \u002F 混合，必要时分数据域分别部署。",[307,1900,1901],{},[11,1902,1903],{},"广州市汉诺雷斯（HNREIS）帮企业做部署方案，从云部署到本地私有化，按数据合规和成本需求选。把你的部署需求告诉我们，我们给出建议。",{"title":44,"searchDepth":313,"depth":313,"links":1905},[1906,1907,1911,1915,1920,1921,1922],{"id":1569,"depth":313,"text":1570},{"id":1581,"depth":313,"text":1581,"children":1908},[1909,1910],{"id":140,"depth":319,"text":140},{"id":1682,"depth":319,"text":1682},{"id":1584,"depth":313,"text":1584,"children":1912},[1913,1914],{"id":1710,"depth":319,"text":140},{"id":1739,"depth":319,"text":1682},{"id":1111,"depth":313,"text":1111,"children":1916},[1917,1918,1919],{"id":1764,"depth":319,"text":1765},{"id":1779,"depth":319,"text":1779},{"id":1793,"depth":319,"text":1793},{"id":213,"depth":313,"text":213},{"id":234,"depth":313,"text":234},{"id":1881,"depth":313,"text":1111},"2024-06-18","软件可以部署在自己机房（本地）或云上，两者数据、成本、运维和弹性不同。本文讲清本地部署和云部署的区别和选择。",[1926,1929,1932],{"q":1927,"a":1928},"本地部署和云部署什么区别？","本地部署是软件装在自己机房的服务器上，数据在自己手里，可控但要自己买服务器和维护；云部署是装在云服务器上（阿里云\u002F腾讯云等），不用买服务器、弹性扩容、按需付费，但数据在云厂商。核心区别在数据位置和运维责任。",{"q":1930,"a":1931},"企业该选本地还是云？","看数据敏感度和需求。数据高度敏感、要完全自主（金融\u002F政务\u002F核心商业数据），选本地（私有化）；要弹性、省运维、快速上线，选云。很多企业混合——敏感本地、一般云。建议按数据合规和成本需求选。",{"q":1933,"a":1934},"本地部署比云贵吗？","看规模。本地部署要一次性买服务器（几万到几十万）+持续电费机房运维，初期贵但量大后固定；云部署按需付费，初期便宜但长期持续付费，量大可能累积贵。要算总账，不是简单比单价。",[1581,1584,1936,1937],"部署方式","私有化部署",{},"\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan",{"title":1554,"description":1924},{"loc":1939},"blog\u002Fcomparison\u002Fbendibu-vs-yunduan",[1944,1863,1945],"部署","选型","2aw6C_2og_Eq04KLDnHPhU-NwU6cTqAJMhy_gQJj7tc",1781688908445]