diff --git a/.env.production.example b/.env.production.example index 7fbfbe0..78781b9 100644 --- a/.env.production.example +++ b/.env.production.example @@ -7,7 +7,9 @@ # ============================================================ # Database (MUST use strong password in production) # ============================================================ +POSTGRES_USER=postgres POSTGRES_PASSWORD=CHANGE_ME_strong_pg_password_32chars! +POSTGRES_DB=geo_platform DATABASE_URL=postgresql+asyncpg://postgres:CHANGE_ME_strong_pg_password_32chars!@db:5432/geo_platform # ============================================================ @@ -55,6 +57,7 @@ DOUBAO_ENDPOINT_ID= # Rate Limiting # ============================================================ API_RATE_LIMIT_RPM=10 +RATE_LIMIT_BACKEND=redis # ============================================================ # Payment / Distribution / Email (set to real mode in production) @@ -62,3 +65,14 @@ API_RATE_LIMIT_RPM=10 PAYMENT_MODE=mock DISTRIBUTION_MODE=mock EMAIL_MODE=mock + +# ============================================================ +# Monitoring +# ============================================================ +SENTRY_DSN= +ENVIRONMENT=production + +# ============================================================ +# Playwright (for E2E testing only, not needed in production) +# ============================================================ +PLAYWRIGHT_BROWSERS_PATH=/ms-playwright diff --git a/backend/Dockerfile b/backend/Dockerfile index 916a03e..f5e6034 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -20,6 +20,20 @@ CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload FROM base AS runtime +RUN pip install --no-cache-dir -r requirements.txt + +COPY . . + +EXPOSE 8000 + +HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ + CMD curl -f http://localhost:8000/health || exit 1 + +CMD ["gunicorn", "app.main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", \ + "--bind", "0.0.0.0:8000", "--timeout", "120", "--access-logfile", "-"] + +FROM runtime AS e2e + RUN apt-get update && apt-get install -y --no-install-recommends \ wget \ gnupg \ @@ -40,17 +54,5 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ libasound2 \ && rm -rf /var/lib/apt/lists/* -RUN pip install --no-cache-dir -r requirements.txt - RUN playwright install chromium RUN playwright install-deps chromium - -COPY . . - -EXPOSE 8000 - -HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ - CMD curl -f http://localhost:8000/health || exit 1 - -CMD ["gunicorn", "app.main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", \ - "--bind", "0.0.0.0:8000", "--timeout", "120", "--access-logfile", "-"] diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index df6ee8c..3cab2e0 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -13,8 +13,6 @@ # 5. 使用 docker compose -f docker-compose.prod.yml up -d 启动 # ============================================================ -version: "3.9" - services: db: image: pgvector/pgvector:pg15 @@ -75,6 +73,7 @@ services: build: context: ./backend dockerfile: Dockerfile + target: runtime container_name: geo_backend_prod restart: always expose: @@ -87,6 +86,12 @@ services: condition: service_healthy redis: condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s # 使用 Dockerfile 中定义的 gunicorn 启动命令 deploy: resources: @@ -113,6 +118,12 @@ services: # 生产环境不挂载源代码目录 depends_on: - backend + healthcheck: + test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/auth/session"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s deploy: resources: limits: diff --git a/docker-compose.yml b/docker-compose.yml index 3e532c4..3797557 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -61,6 +61,7 @@ services: environment: DATABASE_URL: postgresql+asyncpg://postgres:${POSTGRES_PASSWORD:-geo_pg_dev_2026}@db:5432/geo_platform REDIS_URL: redis://:${REDIS_PASSWORD:-geo_redis_dev_2026}@redis:6379/0 + RATE_LIMIT_DISABLED: ${RATE_LIMIT_DISABLED:-0} volumes: - ./backend:/app depends_on: @@ -105,10 +106,10 @@ services: deploy: resources: limits: - memory: 256m - cpus: '0.5' + memory: 2g + cpus: '2.0' reservations: - memory: 128m + memory: 512m volumes: postgres_data: