docs: 更新 Docker 部署文档强调 JWT_SECRET 配置重要性

- docker-compose.yml: 添加注释说明设置固定 JWT_SECRET 可防止容器重启后登录失效
- .env.example: 添加 openssl rand -hex 32 生成安全密钥的命令

deploy/.env.example

@@ -54,7 +54,10 @@ ADMIN_PASSWORD=
 # -----------------------------------------------------------------------------
 # JWT Configuration
 # -----------------------------------------------------------------------------
-# Leave empty to auto-generate (recommended)
+# IMPORTANT: Set a fixed JWT_SECRET to prevent login sessions from being
+# invalidated after container restarts. If left empty, a random secret will
+# be generated on each startup, causing all users to be logged out.
+# Generate a secure secret: openssl rand -hex 32
 JWT_SECRET=
 JWT_EXPIRE_HOUR=24
 

deploy/docker-compose.yml

@@ -72,7 +72,10 @@ services:
       # =======================================================================
       # JWT Configuration
       # =======================================================================
-      # Leave empty to auto-generate (recommended)
+      # IMPORTANT: Set a fixed JWT_SECRET to prevent login sessions from being
+      # invalidated after container restarts. If left empty, a random secret
+      # will be generated on each startup.
+      # Generate a secure secret: openssl rand -hex 32
       - JWT_SECRET=${JWT_SECRET:-}
       - JWT_EXPIRE_HOUR=${JWT_EXPIRE_HOUR:-24}