[{"data":1,"prerenderedAt":1988},["ShallowReactive",2],{"blog-\u002Fblog\u002Fcomparison\u002Fpki-jichu":3,"blog-related-\u002Fblog\u002Fcomparison\u002Fpki-jichu":404},{"id":4,"title":5,"author":6,"body":7,"category":374,"cover":375,"date":376,"description":377,"draft":378,"extension":379,"faq":380,"featured":378,"image":375,"keywords":390,"meta":395,"navigation":396,"path":397,"seo":398,"sitemap":399,"stem":400,"tags":401,"updated":376,"__hash__":403},"blog\u002Fblog\u002Fcomparison\u002Fpki-jichu.md","公钥基础设施（PKI）基础","HNREIS",{"type":8,"value":9,"toc":352},"minimark",[10,19,22,27,30,52,55,59,64,75,78,82,85,88,92,107,110,114,125,128,131,135,139,142,145,149,152,155,159,162,166,169,173,199,202,205,223,226,229,285,288,291,311,314,317,343,346],[11,12,13,14,18],"p",{},"PKI 是互联网信任体系的基础，",[15,16,17],"strong",{},"HTTPS 和电子签都基于它。"," 这篇讲清是什么。",[11,20,21],{},"互联网上两个陌生人（浏览器和服务器）怎么确认对方身份？怎么在不安全的网络里安全通信？PKI（Public Key Infrastructure，公钥基础设施）就是为解决这些问题而生的基础设施。你每天用的 HTTPS 网站、电子合同、数字签名，背后都是 PKI 在支撑。这篇用通俗方式把 PKI 讲清楚。",[23,24,26],"h2",{"id":25},"pki是什么","PKI是什么",[11,28,29],{},"公钥基础设施——用公私钥 + 证书 + CA 构成的信任体系：",[31,32,33,40,46],"ul",{},[34,35,36,39],"li",{},[15,37,38],{},"公私钥","：一对钥匙（公钥公开，私钥保密）——这是密码学的基础工具。",[34,41,42,45],{},[15,43,44],{},"证书","：证明身份（含公钥）——把公钥和身份绑定起来的\"身份证\"。",[34,47,48,51],{},[15,49,50],{},"CA","：证书颁发机构（可信第三方）——给证书背书的权威机构。",[11,53,54],{},"PKI 的核心思想是\"信任传递\"——我们信任 CA，CA 验证身份并签发证书，我们通过证书确认对方身份。这就像现实中的身份证体系：公安局（CA）给公民（服务器）发身份证（证书），其他人通过身份证确认公民身份。",[23,56,58],{"id":57},"pki的核心组成","PKI的核心组成",[60,61,63],"h3",{"id":62},"_1-公私钥","1. 公私钥",[11,65,66,67,70,71,74],{},"公私钥是非对称加密的基础——",[15,68,69],{},"公钥加密\u002F验签","：公钥可以公开，任何人都能用公钥加密数据或验证签名。",[15,72,73],{},"私钥解密\u002F签名","：私钥要严格保密，只有持有者能解密数据或生成签名。",[11,76,77],{},"公私钥的妙处在于：公钥公开不会影响安全（公钥不能反推私钥），但能用来加密和验签。这让陌生人之间也能安全通信——你用对方的公钥加密，只有对方用私钥能解开。",[60,79,81],{"id":80},"_2-数字证书","2. 数字证书",[11,83,84],{},"数字证书是把\"公钥\"和\"身份\"绑定的电子文件——证书里包含：持有者身份信息（域名、组织名）、持有者的公钥、有效期、签发者（CA）、CA 的数字签名。",[11,86,87],{},"证书的作用是证明\"这个公钥确实属于这个域名\u002F组织\"，防止有人冒充。没有证书，你用某网站的公钥加密数据，结果这个公钥是黑客冒充的，数据就被黑客解开了。证书通过 CA 的背书，让公钥的可信度有保障。",[60,89,91],{"id":90},"_3-ca证书颁发机构","3. CA（证书颁发机构）",[11,93,94,95,98,99,102,103,106],{},"CA 是 PKI 的信任核心——",[15,96,97],{},"可信第三方","：CA 是公认的权威机构（如 DigiCert、GlobalSign、Let's Encrypt），它们的根证书被预装在操作系统和浏览器里。",[15,100,101],{},"签发证书","：CA 验证申请者身份后签发证书，证书里有 CA 的数字签名。",[15,104,105],{},"建立信任","：因为浏览器\u002F操作系统信任 CA（预装了 CA 的根证书），所以也信任 CA 签发的证书——这就是信任传递。",[11,108,109],{},"CA 的可信度是整个 PKI 体系的基石。如果 CA 作恶或被攻破，签发了虚假证书，整个信任体系就崩塌。所以 CA 要接受严格的审计和监管。",[60,111,113],{"id":112},"_4-信任链","4. 信任链",[115,116,121],"pre",{"className":117,"code":119,"language":120},[118],"language-text","CA → 证书 → 身份\n","text",[122,123,119],"code",{"__ignoreMap":124},"",[11,126,127],{},"信任链是 PKI 的工作机制：浏览器\u002F操作系统信任根 CA → 根 CA 签发中间 CA 证书 → 中间 CA 签发终端证书（网站证书）→ 浏览器通过这条信任链验证终端证书的有效性。",[11,129,130],{},"这条链的任何一环出问题（CA 被攻破、证书过期、私钥泄露），信任就断裂。所以 CA 的安全、证书的管理都至关重要。",[23,132,134],{"id":133},"pki用来做什么","PKI用来做什么",[60,136,138],{"id":137},"_1-https","1. HTTPS",[11,140,141],{},"HTTPS 是 PKI 最常见的应用——网站加密 + 身份验证。网站向 CA 申请证书，CA 验证网站身份后签发证书，网站部署证书后浏览器就能通过 PKI 验证网站身份并建立加密通信。",[11,143,144],{},"没有 PKI 支撑，HTTPS 无法验证网站真实性——你可能连接的是冒充的钓鱼网站。PKI 让浏览器能确认\"我连接的确实是真正的 example.com\"。",[60,146,148],{"id":147},"_2-电子签名","2. 电子签名",[11,150,151],{},"电子签名和电子签章基于 PKI——签名者用私钥对文档签名，验证者用签名者的公钥（通过证书获取）验证签名。签名不可伪造（没有私钥就签不了）、不可篡改（文档改动签名失效）、不可抵赖（只有私钥持有者能签）。",[11,153,154],{},"合规的电子签平台（e签宝、法大大）都基于 PKI——用 CA 签发的证书确保签名者的身份可信，让电子签名有法律效力。",[60,156,158],{"id":157},"_3-身份认证","3. 身份认证",[11,160,161],{},"数字证书可以证明身份——企业给员工发证书，员工用证书登录内部系统（比密码更安全）；服务器之间用证书互认（比 API key 更安全）；智能设备用证书接入物联网平台。这种基于证书的身份认证比传统密码更安全、更便捷。",[60,163,165],{"id":164},"_4-加密通信","4. 加密通信",[11,167,168],{},"PKI 让陌生人之间能安全交换对称密钥，从而实现加密通信——HTTPS、VPN、SSH、邮件加密（S\u002FMIME）都用这套机制。没有 PKI，在不安全的网络里安全交换密钥几乎不可能。",[23,170,172],{"id":171},"为什么需要pki","为什么需要PKI",[31,174,175,181,187,193],{},[34,176,177,180],{},[15,178,179],{},"身份验证","：确认对方是谁——防止冒充和钓鱼。",[34,182,183,186],{},[15,184,185],{},"加密","：安全通信——保护数据不被窃听。",[34,188,189,192],{},[15,190,191],{},"签名","：不可抵赖——签名者不能否认签过。",[34,194,195,198],{},[15,196,197],{},"信任","：CA 建立信任——让陌生人之间能互相信任。",[11,200,201],{},"这四个能力是现代互联网安全的基础。没有 PKI，网购、网银、电子合同、在线政务都不可能安全运行。",[23,203,204],{"id":204},"别踩的坑",[11,206,207,210,211,214,215,218,219,222],{},[15,208,209],{},"证书过期不管","——证书有有效期，过期不续期网站会报\"证书无效\"错误，用户看到就不敢用。要设置提醒或自动续期。",[15,212,213],{},"私钥泄露","——私钥是 PKI 安全的核心，一旦泄露，加密、签名、身份认证全部失效。私钥要严格保护（加密存储、最小权限、不暴露在代码里）。",[15,216,217],{},"该用证书不用","——内部系统、API 调用、设备接入该用证书认证却用简单密码，安全不足。",[15,220,221],{},"自建 PKI","——企业自建 PKI 极其复杂（要建 CA、管理证书撤销、维护信任链），一般用现成的（CA 机构或云服务）。",[23,224,225],{"id":225},"成本参考",[11,227,228],{},"企业一般用现成 PKI（不自建）：",[230,231,232,248],"table",{},[233,234,235],"thead",{},[236,237,238,242,245],"tr",{},[239,240,241],"th",{},"方面",[239,243,244],{},"说明",[239,246,247],{},"成本",[249,250,251,263,274],"tbody",{},[236,252,253,257,260],{},[254,255,256],"td",{},"HTTPS证书",[254,258,259],{},"CA\u002F云",[254,261,262],{},"免费\u002F便宜",[236,264,265,268,271],{},[254,266,267],{},"电子签",[254,269,270],{},"合规平台",[254,272,273],{},"按量",[236,275,276,279,282],{},[254,277,278],{},"证书管理",[254,280,281],{},"申请\u002F续期\u002F部署",[254,283,284],{},"流程",[11,286,287],{},"HTTPS 证书免费（Let's Encrypt）或低价（OV\u002FEV 几百到几千一年）。电子签按合同量计费（几元到几十元一份）。证书管理主要是流程成本（申请、部署、续期），用自动化工具（如 certbot）能降低人力成本。",[23,289,290],{"id":290},"老板要关心的",[31,292,293,299,305],{},[34,294,295,298],{},[15,296,297],{},"网站上 HTTPS（CA 证书）","——这是基本安全要求，不上 HTTPS 的网站会被浏览器标记\"不安全\"。",[34,300,301,304],{},[15,302,303],{},"电子合同用合规电子签","——签重要合同要用基于 PKI 的合规电子签平台，确保法律效力。",[34,306,307,310],{},[15,308,309],{},"管理证书（续期）","——证书要按时续期，过期会导致服务中断。要有证书管理流程或工具。",[11,312,313],{},"老板不需要懂 PKI 的技术细节，但要确认这些安全措施到位——HTTPS、合规电子签、证书管理，这些是企业数字安全的基础。",[23,315,316],{"id":316},"怎么做",[318,319,320,325,331,337],"ol",{},[34,321,322,324],{},[15,323,297],{},"——用免费 DV 或付费 OV\u002FEV 证书，所有网站都要上 HTTPS。",[34,326,327,330],{},[15,328,329],{},"电子签用合规平台","——签重要合同用基于 PKI 的合规平台（e签宝、法大大等）。",[34,332,333,336],{},[15,334,335],{},"管理证书续期","——设置提醒或用自动化工具（certbot），确保证书不过期。",[34,338,339,342],{},[15,340,341],{},"保护私钥","——私钥加密存储、最小权限、不在代码里硬编码。",[11,344,345],{},"按这几步做，企业能用好 PKI 的安全能力，不用自己建复杂的 PKI 基础设施。",[347,348,349],"blockquote",{},[11,350,351],{},"广州市汉诺雷斯（HNREIS）帮企业做安全（HTTPS\u002F证书管理），PKI基础设施用现成方案。把你的安全需求告诉我们，我们给出方案。",{"title":124,"searchDepth":353,"depth":353,"links":354},2,[355,356,363,369,370,371,372,373],{"id":25,"depth":353,"text":26},{"id":57,"depth":353,"text":58,"children":357},[358,360,361,362],{"id":62,"depth":359,"text":63},3,{"id":80,"depth":359,"text":81},{"id":90,"depth":359,"text":91},{"id":112,"depth":359,"text":113},{"id":133,"depth":353,"text":134,"children":364},[365,366,367,368],{"id":137,"depth":359,"text":138},{"id":147,"depth":359,"text":148},{"id":157,"depth":359,"text":158},{"id":164,"depth":359,"text":165},{"id":171,"depth":353,"text":172},{"id":204,"depth":353,"text":204},{"id":225,"depth":353,"text":225},{"id":290,"depth":353,"text":290},{"id":316,"depth":353,"text":316},"comparison",null,"2025-04-27","PKI是证书\u002FCA\u002F公私钥构成的信任体系，是HTTPS和电子签的基础。本文用通俗方式讲清PKI是什么。",false,"md",[381,384,387],{"q":382,"a":383},"PKI是什么，简单说？","PKI（公钥基础设施）是用公私钥+证书+CA构成的信任体系。通俗说是互联网\"身份验证的基础设施\"——HTTPS、电子签、数字证书都基于PKI。它解决\"怎么确认对方身份\"和\"怎么安全通信\"的问题。",{"q":385,"a":386},"PKI用来做什么？","几个核心应用：HTTPS（网站加密+身份验证）、电子签名\u002F电子签章（签名验证）、数字证书（身份证明）、身份认证。PKI是这些安全机制的基础设施。老板了解概念即可，细节是技术的事。",{"q":388,"a":389},"企业要管PKI吗？","一般不用自己建PKI（复杂），用现成的（CA机构发证书\u002F云服务）。企业要做的是：网站上HTTPS（用CA证书）、电子合同用合规电子签（CA证书）、管理好证书（申请\u002F续期\u002F部署）。证书过期或管理不当会导致问题。",[391,392,393,394],"PKI","公钥基础设施","CA证书","数字证书",{},true,"\u002Fblog\u002Fcomparison\u002Fpki-jichu",{"title":5,"description":377},{"loc":397},"blog\u002Fcomparison\u002Fpki-jichu",[391,402,44],"安全","r7XPSo5cCMUnL1-vGElnCl1nP4T9zEwsyPAzIsRkU2o",[405,808,1225,1592],{"id":406,"title":407,"author":6,"body":408,"category":374,"cover":375,"date":781,"description":782,"draft":378,"extension":379,"faq":783,"featured":378,"image":375,"keywords":793,"meta":798,"navigation":396,"path":799,"seo":800,"sitemap":801,"stem":802,"tags":803,"updated":781,"__hash__":807},"blog\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye.md","API、接口、集成这些词到底是什么意思",{"type":8,"value":409,"toc":761},[410,416,420,426,429,440,445,448,451,457,460,465,467,478,483,486,489,503,506,520,525,528,532,546,549,560,563,568,571,578,595,600,603,606,628,633,636,673,679,682,708,711,714,740,742,756],[11,411,412,413],{},"老板常被 API、接口、集成这些技术词绕晕。",[15,414,415],{},"这篇用大白话讲清，帮老板听懂技术沟通。",[23,417,419],{"id":418},"api-是什么大白话","API 是什么（大白话）",[11,421,422,425],{},[15,423,424],{},"API 是两个软件\"对话\"的通道","。",[11,427,428],{},"例子：",[31,430,431,434,437],{},[34,432,433],{},"你的小程序要查物流 → 通过物流公司 API 问\"单号到哪了\" → 物流系统回\"已签收\"。",[34,435,436],{},"你的官网要收款 → 通过支付 API 让客户付款 → 支付系统回\"付款成功\"。",[34,438,439],{},"你的系统要发短信 → 通过短信 API 发 → 短信平台发出去。",[11,441,442,425],{},[15,443,444],{},"API 让不同软件自动互通数据，不用人工搬",[11,446,447],{},"打个比方：API 像餐厅的\"服务员\"——你（小程序）告诉服务员（API）要什么，服务员告诉厨房（另一个系统），厨房做好端回来。你不用自己进厨房。",[23,449,450],{"id":450},"接口是什么",[11,452,453,456],{},[15,454,455],{},"接口就是 API","（同义词）。技术人员说\"做个接口\"\"对接接口\"，就是做 API 让系统互通。",[23,458,459],{"id":459},"集成是什么",[11,461,462,425],{},[15,463,464],{},"集成 = 把多个系统通过 API 连起来，数据自动流通",[11,466,428],{},[31,468,469,472,475],{},[34,470,471],{},"独立站 + ERP 集成：独立站订单自动进 ERP，ERP 库存自动同步独立站。",[34,473,474],{},"小程序 + CRM 集成：小程序客户数据自动进 CRM。",[34,476,477],{},"系统 + 支付集成：系统通过支付 API 收款。",[11,479,480,425],{},[15,481,482],{},"集成让数据自动流，替代人工搬数据",[23,484,485],{"id":485},"企业为什么要做接口集成",[60,487,488],{"id":488},"不集成的问题",[31,490,491,494,497,500],{},[34,492,493],{},"多个系统（独立站\u002FERP\u002FCRM\u002F物流），数据不通。",[34,495,496],{},"人工把数据从一个系统搬到另一个（累、易错）。",[34,498,499],{},"数据不同步（独立站卖了 ERP 库存没减，超卖）。",[34,501,502],{},"效率低。",[60,504,505],{"id":505},"集成的好处",[31,507,508,511,514,517],{},[34,509,510],{},"数据自动流通（订单\u002F库存\u002F客户自动同步）。",[34,512,513],{},"替代人工（省人力、避错）。",[34,515,516],{},"实时同步（不超卖、不漏单）。",[34,518,519],{},"数据统一（可分析）。",[11,521,522,425],{},[15,523,524],{},"系统越多，集成价值越大",[23,526,527],{"id":527},"常见的集成场景",[60,529,531],{"id":530},"电商独立站","电商\u002F独立站",[31,533,534,537,540,543],{},[34,535,536],{},"独立站 ↔ ERP（订单\u002F库存同步）。",[34,538,539],{},"独立站 ↔ 物流（发货\u002F追踪）。",[34,541,542],{},"独立站 ↔ 支付（收款）。",[34,544,545],{},"独立站 ↔ CRM（客户管理）。",[60,547,548],{"id":548},"企业内部",[31,550,551,554,557],{},[34,552,553],{},"系统 ↔ OA（审批\u002F通知）。",[34,555,556],{},"系统 ↔ 财务（对账\u002F开票）。",[34,558,559],{},"系统 ↔ 企微\u002F钉钉（消息\u002F工作流）。",[60,561,562],{"id":562},"数据",[31,564,565],{},[34,566,567],{},"系统 ↔ 数据分析（数据汇总\u002F报表）。",[23,569,570],{"id":570},"集成怎么实现",[11,572,573,574,577],{},"通过 ",[15,575,576],{},"API 对接","：",[318,579,580,583,586,589,592],{},[34,581,582],{},"确认要对接的系统（ERP\u002F物流\u002F支付）。",[34,584,585],{},"看各系统是否提供 API（文档）。",[34,587,588],{},"开发对接（系统间调 API 传数据）。",[34,590,591],{},"测试（数据准确、异常处理）。",[34,593,594],{},"上线 + 监控。",[11,596,597,425],{},[15,598,599],{},"自建系统（Nuxt\u002FVue）能灵活对接任意系统，这是它比 SaaS 的优势",[23,601,602],{"id":602},"老板该懂什么",[11,604,605],{},"老板不用懂代码，懂这些：",[31,607,608,613,618,623],{},[34,609,610,425],{},[15,611,612],{},"API = 软件之间自动传数据的通道",[34,614,615,425],{},[15,616,617],{},"集成 = 多系统数据自动流通",[34,619,620,425],{},[15,621,622],{},"集成能替代人工、提效避错",[34,624,625,425],{},[15,626,627],{},"集成成本看系统数量和复杂度",[11,629,630,425],{},[15,631,632],{},"懂这些，就能和技术\u002F服务商沟通集成需求",[23,634,635],{"id":635},"集成的成本",[230,637,638,647],{},[233,639,640],{},[236,641,642,645],{},[239,643,644],{},"集成类型",[239,646,247],{},[249,648,649,657,665],{},[236,650,651,654],{},[254,652,653],{},"对接一个系统（如 ERP）",[254,655,656],{},"1-3 万",[236,658,659,662],{},[254,660,661],{},"多系统集成",[254,663,664],{},"3-8 万",[236,666,667,670],{},[254,668,669],{},"复杂（双向同步\u002F多系统\u002F定制）",[254,671,672],{},"8 万+",[11,674,675,678],{},[15,676,677],{},"ROI 明确","（替代人工、提效、避错）。",[23,680,681],{"id":681},"常见误区",[31,683,684,690,696,702],{},[34,685,686,689],{},[15,687,688],{},"\"接口很复杂不用懂\"","：老板懂概念就行（API = 数据通道）。",[34,691,692,695],{},[15,693,694],{},"\"不集成也能用\"","：人工搬数据累易错，不可持续。",[34,697,698,701],{},[15,699,700],{},"\"集成是一次性的\"","：系统升级\u002F业务变化，集成要维护。",[34,703,704,707],{},[15,705,706],{},"\"SaaS 不用集成\"","：SaaS 也要和其他系统打通。",[23,709,710],{"id":710},"怎么判断要不要集成",[11,712,713],{},"问自己：",[318,715,716,722,728,734],{},[34,717,718,721],{},[15,719,720],{},"有多个系统吗？"," 有 → 可能要集成。",[34,723,724,727],{},[15,725,726],{},"人工搬数据吗？"," 搬 → 该集成。",[34,729,730,733],{},[15,731,732],{},"数据需要同步吗？"," 需要 → 集成。",[34,735,736,739],{},[15,737,738],{},"集成 ROI 划算吗？","（省的人力 > 投入）划算 → 做。",[23,741,316],{"id":316},[318,743,744,747,750,753],{},[34,745,746],{},"梳理要对接的系统 + 数据流。",[34,748,749],{},"确认各系统 API。",[34,751,752],{},"开发对接。",[34,754,755],{},"测试 + 监控。",[347,757,758],{},[11,759,760],{},"广州市汉诺雷斯（HNREIS）提供系统集成（API 对接 ERP\u002F物流\u002F支付\u002FCRM），帮企业打通数据。把你的系统情况告诉我们，我们设计集成方案。",{"title":124,"searchDepth":353,"depth":353,"links":762},[763,764,765,766,770,775,776,777,778,779,780],{"id":418,"depth":353,"text":419},{"id":450,"depth":353,"text":450},{"id":459,"depth":353,"text":459},{"id":485,"depth":353,"text":485,"children":767},[768,769],{"id":488,"depth":359,"text":488},{"id":505,"depth":359,"text":505},{"id":527,"depth":353,"text":527,"children":771},[772,773,774],{"id":530,"depth":359,"text":531},{"id":548,"depth":359,"text":548},{"id":562,"depth":359,"text":562},{"id":570,"depth":353,"text":570},{"id":602,"depth":353,"text":602},{"id":635,"depth":353,"text":635},{"id":681,"depth":353,"text":681},{"id":710,"depth":353,"text":710},{"id":316,"depth":353,"text":316},"2024-05-15","老板常被 API、接口、集成这些技术词绕晕。本文用大白话讲清这些概念和企业集成场景，帮老板听懂技术沟通。",[784,787,790],{"q":785,"a":786},"API 到底是什么，大白话说？","API 是两个软件\"对话\"的通道。比如你的小程序要查物流，就通过物流公司的 API 问\"这个单号到哪了\"，物流系统通过 API 回\"已签收\"。API 让不同软件能互通数据，不用人工搬。你不用懂代码，只要知道\"API = 软件之间自动传数据的通道\"。",{"q":788,"a":789},"我们为什么要做接口集成？","因为你的多个系统要互通。比如独立站订单要进 ERP、库存要同步、物流要追踪，不集成就要人工把数据从一个系统搬到另一个（累、易错）。集成后数据自动流通，提效准确。系统越多，集成价值越大。",{"q":791,"a":792},"接口集成要多少钱？","看对接的系统数量和复杂度。对接一个系统（如 ERP）通常 1-3 万；多系统集成（ERP+物流+支付+CRM）3-8 万。集成能替代人工、提效避错，ROI 明确。",[794,795,796,797],"API接口通俗解释","什么是API","接口集成","系统对接",{},"\u002Fblog\u002Fcomparison\u002Fapi-jiekou-shiye",{"title":407,"description":782},{"loc":799},"blog\u002Fcomparison\u002Fapi-jiekou-shiye",[804,805,806],"API","概念","通俗","A7Jdt6jv4eTPYhdWviHOSLSzOR5pN0xxO_6QT9M2ODg",{"id":809,"title":810,"author":6,"body":811,"category":374,"cover":375,"date":1199,"description":1200,"draft":378,"extension":379,"faq":1201,"featured":378,"image":375,"keywords":1211,"meta":1216,"navigation":396,"path":1217,"seo":1218,"sitemap":1219,"stem":1220,"tags":1221,"updated":1199,"__hash__":1224},"blog\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme.md","API网关是什么",{"type":8,"value":812,"toc":1183},[813,820,823,826,829,835,838,841,847,851,865,869,883,887,901,905,919,923,937,941,949,952,998,1001,1005,1008,1053,1078,1080,1106,1108,1146,1149,1152,1178],[11,814,815,816,819],{},"API 网关是系统架构里常见的组件，",[15,817,818],{},"通俗说就是系统的\"统一前台\"。"," 这篇讲清是什么、解决什么、要不要用。",[23,821,810],{"id":822},"api网关是什么",[11,824,825],{},"在微服务架构里，后端可能拆分成几十个甚至上百个服务。如果每个服务都直接对外提供接口，客户端要记住每个服务的地址、每个服务都要自己处理鉴权限流——这会非常混乱。API 网关就是解决这个问题的。",[11,827,828],{},"所有外部请求先到网关，网关统一处理后转发到后端：",[115,830,833],{"className":831,"code":832,"language":120},[118],"客户端 → API网关（鉴权\u002F限流\u002F监控）→ 后端服务\n",[122,834,832],{"__ignoreMap":124},[11,836,837],{},"类比公司前台：访客（客户端请求）先到前台登记（鉴权\u002F限流），前台再引导到对应部门（转发到后端服务）。访客不用记每个部门在哪，部门也不用自己设前台。",[23,839,840],{"id":840},"网关做什么",[11,842,843,844,425],{},"API 网关的核心职责是",[15,845,846],{},"把各服务都要做的\"公共事\"统一收口",[60,848,850],{"id":849},"_1-统一入口","1. 统一入口",[31,852,853,859],{},[34,854,855,858],{},[15,856,857],{},"所有请求统一入口","：客户端只需要知道网关地址，不用记每个服务的地址。",[34,860,861,864],{},[15,862,863],{},"后端服务不直接暴露","：后端服务可以部署在内网，只把网关暴露在外网，安全风险降低。",[60,866,868],{"id":867},"_2-鉴权","2. 鉴权",[31,870,871,877],{},[34,872,873,876],{},[15,874,875],{},"统一身份验证","：所有请求的鉴权在网关统一做，比如验证 token、校验权限。",[34,878,879,882],{},[15,880,881],{},"后端不用各自鉴权","：后端服务可以信任网关已通过的请求，专注业务逻辑，不用重复写鉴权代码。",[60,884,886],{"id":885},"_3-限流","3. 限流",[31,888,889,895],{},[34,890,891,894],{},[15,892,893],{},"防止过载和恶意请求","：网关按规则限制每个客户端、每个接口的调用频率，防止恶意刷接口或突发流量压垮后端。",[34,896,897,900],{},[15,898,899],{},"保护后端","：流量超出后端承受能力时，网关可以拒绝或排队，保护后端不被打挂。",[60,902,904],{"id":903},"_4-路由转发","4. 路由转发",[31,906,907,913],{},[34,908,909,912],{},[15,910,911],{},"请求转发到对应服务","：网关根据请求路径、头部等信息，把请求转发到正确的后端服务。",[34,914,915,918],{},[15,916,917],{},"负载均衡","：一个服务有多个实例时，网关把请求分发到不同实例，提升整体处理能力。",[60,920,922],{"id":921},"_5-监控日志","5. 监控日志",[31,924,925,931],{},[34,926,927,930],{},[15,928,929],{},"统一监控和日志","：所有请求的调用量、响应时间、错误率在网关统一采集，不用每个服务各自做。",[34,932,933,936],{},[15,934,935],{},"可观测性","：网关的监控数据是排查问题、优化性能的重要依据。",[60,938,940],{"id":939},"_6-协议转换","6. 协议转换",[31,942,943],{},[34,944,945,948],{},[15,946,947],{},"不同协议转换","：客户端用 HTTP，后端用 gRPC 或 Dubbo，网关可以做协议转换，让前后端用各自适合的协议。",[23,950,951],{"id":951},"为什么用网关",[230,953,954,964],{},[233,955,956],{},[236,957,958,961],{},[239,959,960],{},"问题",[239,962,963],{},"网关解决",[249,965,966,974,982,990],{},[236,967,968,971],{},[254,969,970],{},"鉴权散在各服务",[254,972,973],{},"统一鉴权",[236,975,976,979],{},[254,977,978],{},"服务直接暴露",[254,980,981],{},"统一入口保护",[236,983,984,987],{},[254,985,986],{},"流量过载",[254,988,989],{},"限流",[236,991,992,995],{},[254,993,994],{},"监控散",[254,996,997],{},"统一监控",[11,999,1000],{},"不用网关的情况下，每个服务都要自己实现鉴权、限流、监控、日志，代码重复、维护成本高，还容易出不一致的问题。网关把这些公共能力收口，后端服务可以更专注业务。",[23,1002,1004],{"id":1003},"用-vs-不用","用 vs 不用",[11,1006,1007],{},"网关不是所有系统都需要，要看规模和复杂度。",[230,1009,1010,1020],{},[233,1011,1012],{},[236,1013,1014,1017],{},[239,1015,1016],{},"情况",[239,1018,1019],{},"建议",[249,1021,1022,1030,1038,1046],{},[236,1023,1024,1027],{},[254,1025,1026],{},"服务少\u002F简单",[254,1028,1029],{},"不一定需要",[236,1031,1032,1035],{},[254,1033,1034],{},"微服务\u002F服务多",[254,1036,1037],{},"价值大",[236,1039,1040,1043],{},[254,1041,1042],{},"开放API",[254,1044,1045],{},"需要",[236,1047,1048,1051],{},[254,1049,1050],{},"多端接入",[254,1052,1045],{},[31,1054,1055,1061,1067,1073],{},[34,1056,1057,1060],{},[15,1058,1059],{},"服务少、简单","：比如一个单体应用就两三个接口，上不上网关差别不大，反而增加复杂度。",[34,1062,1063,1066],{},[15,1064,1065],{},"微服务、服务多","：服务一多，没有网关统一管理会很痛苦，网关价值就体现出来了。",[34,1068,1069,1072],{},[15,1070,1071],{},"开放 API","：对外提供 API 的场景，网关几乎是必需品——鉴权、限流、文档、监控都要在网关层做。",[34,1074,1075,1077],{},[15,1076,1050],{},"：APP、小程序、Web、第三方多端接入，网关统一入口能简化接入复杂度。",[23,1079,204],{"id":204},[31,1081,1082,1088,1094,1100],{},[34,1083,1084,1087],{},[15,1085,1086],{},"简单系统上重网关","：就两三个服务的简单系统，非要上 Kong 或 APISIX 这种重网关，属于过度设计，增加运维负担。",[34,1089,1090,1093],{},[15,1091,1092],{},"自己从头开发","：网关是成熟领域，有很多开源和商业产品（Kong、APISIX、云厂商网关），自己从头开发既慢又容易出问题。",[34,1095,1096,1099],{},[15,1097,1098],{},"网关成单点","：网关挂了整个系统就访问不了，必须做高可用部署（多实例、负载均衡）。",[34,1101,1102,1105],{},[15,1103,1104],{},"鉴权还散在各服务","：上了网关但鉴权还在各服务自己做，等于没用上网关的核心价值。",[23,1107,225],{"id":225},[230,1109,1110,1122],{},[233,1111,1112],{},[236,1113,1114,1117,1119],{},[239,1115,1116],{},"方案",[239,1118,244],{},[239,1120,1121],{},"成本量级",[249,1123,1124,1135],{},[236,1125,1126,1129,1132],{},[254,1127,1128],{},"开源\u002F云网关",[254,1130,1131],{},"Kong\u002FAPISIX\u002F云厂商",[254,1133,1134],{},"低到中",[236,1136,1137,1140,1143],{},[254,1138,1139],{},"定制集成",[254,1141,1142],{},"和业务深度集成",[254,1144,1145],{},"中",[11,1147,1148],{},"主流网关产品（Kong、APISIX）开源免费，主要成本是部署运维。云厂商的网关服务（阿里云、腾讯云、AWS）按量计费，用量不大的话成本不高。自己定制集成成本中等，适合有特殊需求的场景。",[23,1150,1151],{"id":1151},"怎么选",[318,1153,1154,1160,1166,1172],{},[34,1155,1156,1159],{},[15,1157,1158],{},"评估服务数量和复杂度","：服务多、架构复杂才考虑网关。",[34,1161,1162,1165],{},[15,1163,1164],{},"简单系统不一定需要","：两三个服务的单体应用不用上网关。",[34,1167,1168,1171],{},[15,1169,1170],{},"微服务\u002F开放API用网关","：服务多、对外开放的场景，网关价值大。",[34,1173,1174,1177],{},[15,1175,1176],{},"优先成熟产品","：用 Kong、APISIX、云厂商网关，不要自己从头开发。",[347,1179,1180],{},[11,1181,1182],{},"广州市汉诺雷斯（HNREIS）帮企业做系统架构设计，含API网关选型和集成。把你的系统需求告诉我们，我们给出架构建议。",{"title":124,"searchDepth":353,"depth":353,"links":1184},[1185,1186,1194,1195,1196,1197,1198],{"id":822,"depth":353,"text":810},{"id":840,"depth":353,"text":840,"children":1187},[1188,1189,1190,1191,1192,1193],{"id":849,"depth":359,"text":850},{"id":867,"depth":359,"text":868},{"id":885,"depth":359,"text":886},{"id":903,"depth":359,"text":904},{"id":921,"depth":359,"text":922},{"id":939,"depth":359,"text":940},{"id":951,"depth":353,"text":951},{"id":1003,"depth":353,"text":1004},{"id":204,"depth":353,"text":204},{"id":225,"depth":353,"text":225},{"id":1151,"depth":353,"text":1151},"2024-05-28","API网关是系统的统一入口，负责转发、鉴权、限流和监控。本文用通俗方式讲清API网关是什么、解决什么问题、企业要不要用。",[1202,1205,1208],{"q":1203,"a":1204},"API网关是什么，简单说？","API网关是系统的\"统一前台\"——所有外部请求先到网关，网关再转发到后端服务。它统一处理鉴权、限流、监控、日志这些公共事，后端服务专注业务。类比公司前台，访客先到前台登记再进去。",{"q":1206,"a":1207},"企业一定要用API网关吗？","不一定。系统简单、服务少，不一定需要网关。服务多（微服务）、要统一鉴权限流监控、对外开放API、多端接入时，网关价值大。建议按规模和复杂度选，不要为用而用。",{"q":1209,"a":1210},"API网关要花多少钱？","看方式。用开源\u002F云网关产品（如Kong\u002FAPISIX\u002F云厂商网关）成本较低，按量或自建运维；定制集成成本中等。建议优先用成熟网关产品，而不是自己从头开发。",[1212,1213,1214,1215],"API网关","网关是什么","API管理","微服务网关",{},"\u002Fblog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",{"title":810,"description":1200},{"loc":1217},"blog\u002Fcomparison\u002Fapi-wangguan-shi-shenme",[804,1222,1223],"网关","架构","CInYK4Or6VhknVKica8mjtvcuqr1CPVLRxjpJ0II3Fc",{"id":1226,"title":1227,"author":6,"body":1228,"category":374,"cover":375,"date":1568,"description":1569,"draft":378,"extension":379,"faq":1570,"featured":378,"image":375,"keywords":1580,"meta":1584,"navigation":396,"path":1585,"seo":1586,"sitemap":1587,"stem":1588,"tags":1589,"updated":1568,"__hash__":1591},"blog\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git.md","代码版本控制（Git）是什么",{"type":8,"value":1229,"toc":1554},[1230,1237,1240,1244,1247,1253,1259,1265,1269,1273,1276,1286,1290,1293,1303,1307,1310,1324,1328,1338,1342,1412,1415,1418,1424,1430,1436,1442,1444,1462,1464,1467,1514,1517,1520,1546,1549],[11,1231,1232,1233,1236],{},"Git 是开发团队的必备工具，",[15,1234,1235],{},"通俗说是代码的\"时光机\"和\"协作台\"。"," 这篇讲清老板需要了解的。",[11,1238,1239],{},"软件开发是个高度协作的工作——几个甚至几十个开发同时改同一份代码，如果没有版本控制工具，光是\"谁改了什么\"\"怎么合并\"\"改坏了怎么回退\"这些问题就能让团队崩溃。Git 就是为了解决这些问题而生的工具，它已经成为软件开发行业的标准配置。这篇用通俗方式讲清 Git 是什么、为什么开发要用、老板需要关心什么。",[23,1241,1243],{"id":1242},"git是什么","Git是什么",[11,1245,1246],{},"Git 是代码版本控制工具，核心做三件事：",[11,1248,1249,1252],{},[15,1250,1251],{},"记录历史","——代码的每次改动都有记录（谁、什么时候、改了什么），能回到任何历史版本。相当于代码的\"时光机\"，改坏了随时回退。",[11,1254,1255,1258],{},[15,1256,1257],{},"多人协作","——多个开发同时改代码，Git 能自动合并、识别冲突。相当于代码的\"协作台\"，让团队并行开发而不互相踩踏。",[11,1260,1261,1264],{},[15,1262,1263],{},"分支","——从主线分出独立分支，在分支上做新功能，做完再合并回主线。相当于代码的\"平行宇宙\"，多个功能同时开发互不影响。",[23,1266,1268],{"id":1267},"为什么用git","为什么用Git",[60,1270,1272],{"id":1271},"_1-记录历史","1. 记录历史",[11,1274,1275],{},"代码的每一次改动（commit）都有完整记录——谁改的、什么时候改的、改了哪些文件、改了什么内容。这条记录链形成代码的完整历史。",[11,1277,1278,1281,1282,1285],{},[15,1279,1280],{},"改坏了能回退","——新功能改崩了，一条命令就能回到之前的稳定版本，不用从头再来。",[15,1283,1284],{},"知道谁改了什么","——出问题时能追溯到具体是哪次改动引入的 bug、谁改的，便于排查和复盘。历史记录还让代码审计、合规追溯成为可能——金融、医疗等强监管行业对代码变更有审计要求，Git 历史是天然的审计日志。",[60,1287,1289],{"id":1288},"_2-多人协作","2. 多人协作",[11,1291,1292],{},"没有版本控制时，多人改同一份代码要靠\"文件传来传去\"或\"共享文件夹\"，冲突频发、改动丢失、版本混乱。Git 让多人协作规范化——每个人在本地改，改完提交，Git 自动合并或识别冲突。",[11,1294,1295,1298,1299,1302],{},[15,1296,1297],{},"多人同时开发不冲突","——Git 的合并机制能自动合并不同部分的改动，相同部分的冲突会明确标出，让开发者手动解决。",[15,1300,1301],{},"合并代码规范","——通过 pull request（PR）或 merge request（MR）流程，代码合并前要经过 review（代码审查），保证质量。",[60,1304,1306],{"id":1305},"_3-分支","3. 分支",[11,1308,1309],{},"分支是 Git 的杀手级特性。从主线（main\u002Fmaster）分出独立分支，在分支上开发新功能，开发完成、测试通过后再合并回主线。",[11,1311,1312,1315,1316,1319,1320,1323],{},[15,1313,1314],{},"同时做多个功能","——开发 A 做支付功能、开发 B 做用户中心，两人各自在自己的分支上开发，互不影响。",[15,1317,1318],{},"互不影响","——某个功能开发中出了问题，不会污染主线，主线始终保持稳定。",[15,1321,1322],{},"测试稳定再合并","——功能在分支上开发测试，稳定后才合并到主线，主线始终是可发布的状态。",[60,1325,1327],{"id":1326},"_4-备份","4. 备份",[11,1329,1330,1333,1334,1337],{},[15,1331,1332],{},"代码在远程仓库备份","——本地代码 push 到远程仓库（GitHub、GitLab、Gitee），相当于异地备份。本地电脑坏了、丢了，代码还在远程仓库。",[15,1335,1336],{},"不怕丢","——多人协作时每个人都有一份完整副本，任何一份丢失都能从其他人恢复。",[23,1339,1341],{"id":1340},"git-vs-不用版本控制","Git vs 不用版本控制",[230,1343,1344,1357],{},[233,1345,1346],{},[236,1347,1348,1351,1354],{},[239,1349,1350],{},"维度",[239,1352,1353],{},"Git",[239,1355,1356],{},"不用",[249,1358,1359,1370,1381,1392,1401],{},[236,1360,1361,1364,1367],{},[254,1362,1363],{},"历史",[254,1365,1366],{},"完整记录",[254,1368,1369],{},"没有",[236,1371,1372,1375,1378],{},[254,1373,1374],{},"协作",[254,1376,1377],{},"规范",[254,1379,1380],{},"手动易冲突",[236,1382,1383,1386,1389],{},[254,1384,1385],{},"回退",[254,1387,1388],{},"能",[254,1390,1391],{},"不能",[236,1393,1394,1396,1399],{},[254,1395,1263],{},[254,1397,1398],{},"支持",[254,1400,1369],{},[236,1402,1403,1406,1409],{},[254,1404,1405],{},"专业性",[254,1407,1408],{},"行业标准",[254,1410,1411],{},"不规范",[11,1413,1414],{},"不用版本控制的开发方式现在已经很少见——连个人开发者都用 Git 管理代码。如果一个开发团队不用 Git，基本可以判断为不规范。",[23,1416,1417],{"id":1417},"老板要了解的",[11,1419,1420,1423],{},[15,1421,1422],{},"规范团队都用 Git","——这是判断开发团队专业性的基本标准。用 Git 意味着团队有规范的开发流程（分支管理、代码审查、持续集成），而不是各自为政。反映专业性。",[11,1425,1426,1429],{},[15,1427,1428],{},"代码资产","——Git 仓库是企业的重要数字资产。仓库里不只是当前代码，还有完整的开发历史、设计决策、问题修复过程。这些是企业知识资产的重要组成部分。",[11,1431,1432,1435],{},[15,1433,1434],{},"源码交付","——服务商交付源码时，Git 仓库（含完整版本记录）是重要资产。只有当前代码没有历史记录，等于丢了开发过程的上下文。规范的源码交付应该包含 Git 仓库。源码含完整版本记录。",[11,1437,1438,1441],{},[15,1439,1440],{},"协作规范","——多人开发有据可查——谁做了什么、什么时候做的、为什么这么做，都有记录。出问题能追溯，避免推诿。",[23,1443,204],{"id":204},[11,1445,1446,1449,1450,1453,1454,1457,1458,1461],{},[15,1447,1448],{},"不用版本控制","——不规范、易丢代码。现在几乎没团队这么做了，但仍有个别服务商交付\"散落的代码文件\"而不是 Git 仓库，要注意。",[15,1451,1452],{},"不提交远程","——只在本地用 Git，不 push 到远程仓库，电脑坏了代码全丢。规范的团队都有远程仓库。",[15,1455,1456],{},"不分分支","——所有改动直接在主线做，功能混在一起乱、出问题难回退。规范团队都有分支策略（如 Git Flow、GitHub Flow）。",[15,1459,1460],{},"不写提交说明","——每次提交不写说明或写\"update\"\"fix\"这种无意义内容，不知道改了什么。规范团队要求写有意义的提交说明。",[23,1463,225],{"id":225},[11,1465,1466],{},"Git 本身免费（开源），成本在团队规范使用：",[230,1468,1469,1479],{},[233,1470,1471],{},[236,1472,1473,1475,1477],{},[239,1474,241],{},[239,1476,244],{},[239,1478,247],{},[249,1480,1481,1492,1503],{},[236,1482,1483,1486,1489],{},[254,1484,1485],{},"Git工具",[254,1487,1488],{},"开源免费",[254,1490,1491],{},"免费",[236,1493,1494,1497,1500],{},[254,1495,1496],{},"托管平台",[254,1498,1499],{},"GitHub\u002FGitLab等",[254,1501,1502],{},"免费\u002F订阅",[236,1504,1505,1508,1511],{},[254,1506,1507],{},"团队规范",[254,1509,1510],{},"培训使用",[254,1512,1513],{},"低",[11,1515,1516],{},"Git 工具完全免费。托管平台有免费档（GitHub 公开仓库免费、GitLab 免费版）和付费档（私有仓库、企业版），按团队规模每月几美元到几十美元。团队规范使用要培训，但 Git 已经是开发行业基础技能，招聘时默认会，培训成本很低。",[23,1518,1519],{"id":1519},"怎么确认团队规范",[318,1521,1522,1528,1534,1540],{},[34,1523,1524,1527],{},[15,1525,1526],{},"确认团队用 Git 管理代码","——这是基本标准。问\"代码在哪个仓库\"\"分支策略是什么\"能快速判断。",[34,1529,1530,1533],{},[15,1531,1532],{},"代码在远程仓库（备份）","——有远程托管（GitHub、GitLab、Gitee 或自建），不只本地。",[34,1535,1536,1539],{},[15,1537,1538],{},"有分支和提交记录","——查看仓库历史，有没有规范的分支、有意义的提交说明、代码审查记录。",[34,1541,1542,1545],{},[15,1543,1544],{},"源码交付含 Git 仓库","——服务商交付时应该交付 Git 仓库（含完整历史），不只是当前代码文件。",[11,1547,1548],{},"按这几点核对，能快速判断开发团队是否规范。规范的 Git 使用是专业开发的基本标志，也是代码资产安全的基本保障。",[347,1550,1551],{},[11,1552,1553],{},"广州市汉诺雷斯（HNREIS）用Git规范管理代码，源码完整交付（含版本记录）。把你的项目需求告诉我们，我们规范交付。",{"title":124,"searchDepth":353,"depth":353,"links":1555},[1556,1557,1563,1564,1565,1566,1567],{"id":1242,"depth":353,"text":1243},{"id":1267,"depth":353,"text":1268,"children":1558},[1559,1560,1561,1562],{"id":1271,"depth":359,"text":1272},{"id":1288,"depth":359,"text":1289},{"id":1305,"depth":359,"text":1306},{"id":1326,"depth":359,"text":1327},{"id":1340,"depth":353,"text":1341},{"id":1417,"depth":353,"text":1417},{"id":204,"depth":353,"text":204},{"id":225,"depth":353,"text":225},{"id":1519,"depth":353,"text":1519},"2024-06-06","Git是代码版本控制工具，记录历史、支持协作和分支。本文用通俗方式讲清Git是什么、为什么开发要用、老板要了解什么。",[1571,1574,1577],{"q":1572,"a":1573},"Git是什么，简单说？","Git是代码版本控制工具，通俗说是代码的\"时光机\"和\"协作台\"——记录每次改动的历史（能回到任何版本）、多人同时改不冲突、支持分支（同时做多个功能）。开发团队用Git管理代码是行业标准。",{"q":1575,"a":1576},"老板为什么要了解Git？","Git关系到代码资产管理和交付。用Git意味着代码有完整历史、多人协作规范、源码可交付（有完整版本记录）。规范的开发团队都用Git，这反映团队专业性。源码交付时Git仓库是重要资产。",{"q":1578,"a":1579},"不用Git会怎样？","不用版本控制，代码改动没记录（改坏了回不去）、多人协作靠手动合并（易冲突丢代码）、没有分支（难同时做多功能）。现在专业开发都用Git，不用版本控制是不规范的表现。",[1353,1581,1582,1583],"版本控制","代码管理","代码版本",{},"\u002Fblog\u002Fcomparison\u002Fbanben-kongzhi-git",{"title":1227,"description":1569},{"loc":1585},"blog\u002Fcomparison\u002Fbanben-kongzhi-git",[1353,1581,1590],"开发","DDOY-P0lE1QLrLUQlE8ZQ8GpIAjcQnAG0lviW8QNo_I",{"id":1593,"title":1594,"author":6,"body":1595,"category":374,"cover":375,"date":1964,"description":1965,"draft":378,"extension":379,"faq":1966,"featured":378,"image":375,"keywords":1976,"meta":1979,"navigation":396,"path":1980,"seo":1981,"sitemap":1982,"stem":1983,"tags":1984,"updated":1964,"__hash__":1987},"blog\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan.md","本地部署和云部署的区别",{"type":8,"value":1596,"toc":1945},[1597,1604,1607,1611,1693,1695,1698,1701,1721,1724,1744,1746,1749,1752,1778,1781,1801,1803,1807,1818,1821,1832,1835,1843,1845,1871,1873,1920,1923,1940],[11,1598,1599,1600,1603],{},"软件部署在自己机房（本地）还是云上？",[15,1601,1602],{},"两者数据位置、成本、运维、弹性不同。"," 这篇讲清区别和选择。",[11,1605,1606],{},"很多企业在做信息化决策时，第一道选择题就是\"上云还是私有化部署\"。这件事看起来只是技术选型，实际上牵涉到数据归属、合规边界、运维投入、长期成本以及未来扩展性。如果一开始选错方向，后期再迁移会付出很大代价——数据迁移、接口改造、业务中断、人员重新培训。所以我们建议在动手之前，把两种方式的本质差异理清楚，再结合自身的数据敏感度、规模和运维能力做选择。",[23,1608,1610],{"id":1609},"本地部署-vs-云部署","本地部署 vs 云部署",[230,1612,1613,1625],{},[233,1614,1615],{},[236,1616,1617,1619,1622],{},[239,1618,1350],{},[239,1620,1621],{},"本地部署",[239,1623,1624],{},"云部署",[249,1626,1627,1638,1649,1660,1671,1682],{},[236,1628,1629,1632,1635],{},[254,1630,1631],{},"数据位置",[254,1633,1634],{},"自己机房",[254,1636,1637],{},"云厂商",[236,1639,1640,1643,1646],{},[254,1641,1642],{},"可控性",[254,1644,1645],{},"高",[254,1647,1648],{},"依赖云厂商",[236,1650,1651,1654,1657],{},[254,1652,1653],{},"初期成本",[254,1655,1656],{},"高（买服务器）",[254,1658,1659],{},"低（按需付费）",[236,1661,1662,1665,1668],{},[254,1663,1664],{},"运维",[254,1666,1667],{},"自己负责",[254,1669,1670],{},"云厂商负责部分",[236,1672,1673,1676,1679],{},[254,1674,1675],{},"弹性",[254,1677,1678],{},"难（要买硬件）",[254,1680,1681],{},"强（随时扩容）",[236,1683,1684,1687,1690],{},[254,1685,1686],{},"上线速度",[254,1688,1689],{},"慢",[254,1691,1692],{},"快",[23,1694,1621],{"id":1621},[11,1696,1697],{},"本地部署也叫私有化部署，是把软件连同数据库完整安装在客户自己机房的服务器上，所有数据从产生、存储到流转都在客户自己的硬件和网络环境里。云厂商或其他第三方无法直接访问到这些数据。",[60,1699,1700],{"id":1700},"优势",[31,1702,1703,1709,1715],{},[34,1704,1705,1708],{},[15,1706,1707],{},"数据自主","：数据完全在自己机房，物理上和网络上都可控，敏感行业（金融、政务、医疗、能源、核心商业数据）的合规要求通常通过本地部署满足。",[34,1710,1711,1714],{},[15,1712,1713],{},"完全可控","：不依赖云厂商，不会因为云厂商故障、停服、政策调整影响业务；网络策略、访问权限、加密方式都可以按自己的标准来制定。",[34,1716,1717,1720],{},[15,1718,1719],{},"长期固定成本","：初期一次性投入后，主要成本是电费、机房和运维人员工资，规模上来之后单位成本会被摊薄，长期运营相对划算。",[60,1722,1723],{"id":1723},"劣势",[31,1725,1726,1732,1738],{},[34,1727,1728,1731],{},[15,1729,1730],{},"初期贵","：要买服务器、存储、网络设备，还要准备机房或机柜、UPS、空调、带宽等配套，光硬件投入就是几万到几十万，再加上软件授权和实施，初期门槛较高。",[34,1733,1734,1737],{},[15,1735,1736],{},"要运维","：硬件会坏、系统要打补丁、网络要排查、备份要做、安全要防护，需要专门的运维人员，小企业养一支运维团队成本不低。",[34,1739,1740,1743],{},[15,1741,1742],{},"弹性差","：业务量突然上涨，本地机房很难快速扩容——采购周期、上架、配置都要时间；业务量下降，已买的硬件也退不掉，资源闲置。",[23,1745,1624],{"id":1624},[11,1747,1748],{},"云部署是把软件部署在云厂商提供的服务器上（阿里云、腾讯云、华为云、AWS 等），按使用量付费。硬件、机房、网络、基础安全都由云厂商负责，客户只关注应用本身。",[60,1750,1700],{"id":1751},"优势-1",[31,1753,1754,1760,1766,1772],{},[34,1755,1756,1759],{},[15,1757,1758],{},"初期便宜","：按需付费，不用一次性买服务器，一台云主机从几十元到几百元每月起步，小企业或初创项目几乎零门槛。",[34,1761,1762,1765],{},[15,1763,1764],{},"省运维","：云厂商负责硬件、网络、机房、基础安全，客户只需要关注应用配置和数据，运维压力大幅下降，小团队也能跑稳生产环境。",[34,1767,1768,1771],{},[15,1769,1770],{},"弹性强","：业务高峰可以临时扩容（加机器、加带宽、加存储），低谷再缩容，按实际用量结算，特别适合季节性、活动型、流量波动大的业务。",[34,1773,1774,1777],{},[15,1775,1776],{},"上线快","：开通云主机几分钟，配合容器化部署可以做到当天开服、当天上线，对快速验证、敏捷迭代非常友好。",[60,1779,1723],{"id":1780},"劣势-1",[31,1782,1783,1789,1795],{},[34,1784,1785,1788],{},[15,1786,1787],{},"数据在云","：数据物理上存在云厂商机房，依赖云厂商的安全能力和商业稳定性，敏感行业和强合规场景需要谨慎评估。",[34,1790,1791,1794],{},[15,1792,1793],{},"持续付费","：云资源按月或按年计费，长期累积下来可能比一次性买硬件更贵，规模越大、运行越久越明显。",[34,1796,1797,1800],{},[15,1798,1799],{},"合规限制","：部分行业（金融、政务、医疗、关键信息基础设施）的数据不允许上公有云，或只能上指定云、政务云、行业云。",[23,1802,1151],{"id":1151},[60,1804,1806],{"id":1805},"选本地私有化","选本地（私有化）",[31,1808,1809,1812,1815],{},[34,1810,1811],{},"数据高度敏感，比如金融交易、政务数据、医疗档案、核心商业数据、客户隐私。",[34,1813,1814],{},"要完全自主可控，对外部依赖、对供应商锁定特别敏感。",[34,1816,1817],{},"规模大、长期固定负载，本地部署的总账算下来比持续上云更划算。",[60,1819,1820],{"id":1820},"选云",[31,1822,1823,1826,1829],{},[34,1824,1825],{},"数据不敏感，或合规允许上云，希望轻装上阵。",[34,1827,1828],{},"业务有明显弹性，需要快速扩容、缩容，或处于快速验证阶段。",[34,1830,1831],{},"中小规模，没有专业的运维团队，希望把硬件和网络都外包出去。",[60,1833,1834],{"id":1834},"混合",[31,1836,1837,1840],{},[34,1838,1839],{},"敏感数据放本地（如核心交易、客户隐私），一般业务上云（如官网、营销、内部办公）。",[34,1841,1842],{},"通过专线、VPN、API 网关打通，做到\"敏感在内、弹性在外\"，是很多中大型企业的主流选择。",[23,1844,204],{"id":204},[31,1846,1847,1853,1859,1865],{},[34,1848,1849,1852],{},[15,1850,1851],{},"敏感数据上云","：忽视合规要求把不该上云的数据放公有云，可能面临监管处罚、整改甚至停业。",[34,1854,1855,1858],{},[15,1856,1857],{},"小规模本地部署","：业务量不大却硬上私有化，硬件折旧和运维成本根本摊不开，反而比上云贵。",[34,1860,1861,1864],{},[15,1862,1863],{},"只比单价不算总账","：云单价便宜不等于长期便宜，本地初期贵不等于长期贵，要按 3 年、5 年总成本（TCO）来算。",[34,1866,1867,1870],{},[15,1868,1869],{},"忽视云持续费用","：带宽、存储、CDN、增值服务都会按月累计，业务量起来后账单会快速上涨。",[23,1872,225],{"id":225},[230,1874,1875,1887],{},[233,1876,1877],{},[236,1878,1879,1882,1884],{},[239,1880,1881],{},"方式",[239,1883,244],{},[239,1885,1886],{},"成本特点",[249,1888,1889,1900,1911],{},[236,1890,1891,1894,1897],{},[254,1892,1893],{},"本地",[254,1895,1896],{},"服务器+机房+运维",[254,1898,1899],{},"初期高，长期固定",[236,1901,1902,1905,1908],{},[254,1903,1904],{},"云",[254,1906,1907],{},"按需付费",[254,1909,1910],{},"初期低，持续",[236,1912,1913,1915,1918],{},[254,1914,1834],{},[254,1916,1917],{},"敏感本地+一般云",[254,1919,1145],{},[23,1921,1151],{"id":1922},"怎么选-1",[318,1924,1925,1928,1931,1934,1937],{},[34,1926,1927],{},"评估数据敏感度——是否涉及个人信息、重要数据、行业强合规。",[34,1929,1930],{},"评估规模和弹性需求——是稳定负载还是波动剧烈。",[34,1932,1933],{},"算总账（初期 + 长期 3-5 年），不只看月费。",[34,1935,1936],{},"评估运维能力——有没有专门的运维团队。",[34,1938,1939],{},"按需求选本地 \u002F 云 \u002F 混合，必要时分数据域分别部署。",[347,1941,1942],{},[11,1943,1944],{},"广州市汉诺雷斯（HNREIS）帮企业做部署方案，从云部署到本地私有化，按数据合规和成本需求选。把你的部署需求告诉我们，我们给出建议。",{"title":124,"searchDepth":353,"depth":353,"links":1946},[1947,1948,1952,1956,1961,1962,1963],{"id":1609,"depth":353,"text":1610},{"id":1621,"depth":353,"text":1621,"children":1949},[1950,1951],{"id":1700,"depth":359,"text":1700},{"id":1723,"depth":359,"text":1723},{"id":1624,"depth":353,"text":1624,"children":1953},[1954,1955],{"id":1751,"depth":359,"text":1700},{"id":1780,"depth":359,"text":1723},{"id":1151,"depth":353,"text":1151,"children":1957},[1958,1959,1960],{"id":1805,"depth":359,"text":1806},{"id":1820,"depth":359,"text":1820},{"id":1834,"depth":359,"text":1834},{"id":204,"depth":353,"text":204},{"id":225,"depth":353,"text":225},{"id":1922,"depth":353,"text":1151},"2024-06-18","软件可以部署在自己机房（本地）或云上，两者数据、成本、运维和弹性不同。本文讲清本地部署和云部署的区别和选择。",[1967,1970,1973],{"q":1968,"a":1969},"本地部署和云部署什么区别？","本地部署是软件装在自己机房的服务器上，数据在自己手里，可控但要自己买服务器和维护；云部署是装在云服务器上（阿里云\u002F腾讯云等），不用买服务器、弹性扩容、按需付费，但数据在云厂商。核心区别在数据位置和运维责任。",{"q":1971,"a":1972},"企业该选本地还是云？","看数据敏感度和需求。数据高度敏感、要完全自主（金融\u002F政务\u002F核心商业数据），选本地（私有化）；要弹性、省运维、快速上线，选云。很多企业混合——敏感本地、一般云。建议按数据合规和成本需求选。",{"q":1974,"a":1975},"本地部署比云贵吗？","看规模。本地部署要一次性买服务器（几万到几十万）+持续电费机房运维，初期贵但量大后固定；云部署按需付费，初期便宜但长期持续付费，量大可能累积贵。要算总账，不是简单比单价。",[1621,1624,1977,1978],"部署方式","私有化部署",{},"\u002Fblog\u002Fcomparison\u002Fbendibu-vs-yunduan",{"title":1594,"description":1965},{"loc":1980},"blog\u002Fcomparison\u002Fbendibu-vs-yunduan",[1985,1904,1986],"部署","选型","2aw6C_2og_Eq04KLDnHPhU-NwU6cTqAJMhy_gQJj7tc",1781688908459]