https://blog.frank-zhang.com/zh/tags/mac-mini/Recent content in Mac Mini on 张帆 | 人工智能与我Hugo -- gohugo.iozh-cn© 2026 Frank ZhangSat, 18 Apr 2026 00:00:00 +0000https://blog.frank-zhang.com/zh/blog/low-cost-cloudflare-tunnel-+-mac-mini-build-ai-infrastructure/Sat, 18 Apr 2026 00:00:00 +0000https://blog.frank-zhang.com/zh/blog/low-cost-cloudflare-tunnel-+-mac-mini-build-ai-infrastructure/<p>本文记录如何利用本地硬件（Mac mini）配合 Cloudflare 边缘网络，在不开启路由器入站端口的前提下，构建一个具备公网访问能力的 AI 博客与后端服务系统。</p> <h2 class="relative group">1. 基础设施成本与选型 <div id="1-基础设施成本与选型" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#1-%e5%9f%ba%e7%a1%80%e8%ae%be%e6%96%bd%e6%88%90%e6%9c%ac%e4%b8%8e%e9%80%89%e5%9e%8b" aria-label="锚点">#</a> </span> </h2> <p><strong>域名采购</strong></p> <ul> <li><strong>成本</strong>：在 Cloudflare 注册/转入域名（如 <code>frank-zhang.com</code>）仅需 <code>$10.42/yr</code>（按批发价提供，无加价）。</li> <li><strong>优势</strong>：直接集成在 Cloudflare 生态内，简化 DNSSEC 和隧道配置。</li> </ul> <p><strong>为什么选择 Cloudflare？</strong></p> <ul> <li><strong>Free Plan 额度慷慨</strong>：对于个人工程师，免费版已涵盖无限流量的 Tunnel、基础 WAF 和 CDN。</li> <li><strong>零信任安全 (Zero Trust)</strong>：Tunnel 采用由内向外的连接方式，隐藏源站真实 IP，彻底规避 DDoS 攻击。</li> <li><strong>全球 CDN 加速</strong>：利用 Anycast 技术，手机端访问 <code>www</code> 或 <code>ai</code> 子域名时自动连接最近的边缘节点。</li> </ul> <h2 class="relative group">2. 逻辑架构 (Logical Architecture) <div id="2-逻辑架构-logical-architecture" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#2-%e9%80%bb%e8%be%91%e6%9e%b6%e6%9e%84-logical-architecture" aria-label="锚点">#</a> </span> </h2> <ul> <li><strong>Endpoint</strong>: Mac mini (M-series)</li> <li><strong>Stack</strong>: <ul> <li><strong>Port 1313</strong>: Hugo (Static Site)</li> <li><strong>Port 6180</strong>: FastAPI + <code>uv</code> (AI Agent Backend)</li> </ul> </li> <li><strong>Tunnel</strong>: <code>cloudflared</code> 进程作为 Connector 将本地端口映射至公网 Hostname。</li> </ul> <h2 class="relative group">3. 部署步骤 (Step-by-Step) <div id="3-部署步骤-step-by-step" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#3-%e9%83%a8%e7%bd%b2%e6%ad%a5%e9%aa%a4-step-by-step" aria-label="锚点">#</a> </span> </h2> <h3 class="relative group">A. 环境初始化 <div id="a-环境初始化" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#a-%e7%8e%af%e5%a2%83%e5%88%9d%e5%a7%8b%e5%8c%96" aria-label="锚点">#</a> </span> </h3> <div class="highlight-wrapper"><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 1. 安装驱动</span> </span></span><span style="display:flex;"><span>brew install cloudflared </span></span><span style="display:flex;"><span>cloudflared tunnel login </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 2. 创建隧道</span> </span></span><span style="display:flex;"><span>cloudflared tunnel create mac-vps</span></span></code></pre></div></div> <h3 class="relative group">B. Ingress 规则配置 (config.yml) <div id="b-ingress-规则配置-configyml" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#b-ingress-%e8%a7%84%e5%88%99%e9%85%8d%e7%bd%ae-configyml" aria-label="锚点">#</a> </span> </h3> <p>在 <code>~/.cloudflared/</code> 下编辑配置文件，实现流量分发：</p>