# ============================================================ # GEO Platform — 生产环境 Docker Compose 配置 # # 生产部署前必须完成的配置: # 1. 创建 .env.production 文件(参考 .env.example),配置真实密钥: # - SECRET_KEY / NEXTAUTH_SECRET(使用随机强密码) # - DATABASE_URL(建议使用托管数据库,如 RDS / Cloud SQL) # - REDIS_URL(建议使用托管 Redis,如 ElastiCache) # - LLM API Keys(DASHSCOPE_API_KEY 等) # 2. 配置反向代理(Nginx / Caddy)并启用 HTTPS # 3. 将数据库和 Redis 卷挂载到持久化存储(或使用托管服务) # 4. 检查防火墙规则,生产环境不应暴露 5432 / 6379 端口到公网 # 5. 使用 docker compose -f docker-compose.prod.yml up -d 启动 # ============================================================ version: "3.9" services: db: image: postgres:15-alpine container_name: geo_db_prod restart: always environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: ${POSTGRES_DB:-geo_platform} # 生产环境不对外暴露数据库端口 expose: - "5432" volumes: - postgres_data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB:-geo_platform}"] interval: 10s timeout: 5s retries: 5 start_period: 30s deploy: resources: limits: memory: 1g cpus: '1.0' reservations: memory: 512m networks: - geo_internal redis: image: redis:7-alpine container_name: geo_redis_prod restart: always # 使用密码保护 Redis(生产必须配置) command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 200mb --maxmemory-policy allkeys-lru expose: - "6379" volumes: - redis_data:/data healthcheck: test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"] interval: 10s timeout: 5s retries: 5 start_period: 15s deploy: resources: limits: memory: 256m cpus: '0.5' reservations: memory: 128m networks: - geo_internal backend: build: context: ./backend dockerfile: Dockerfile container_name: geo_backend_prod restart: always expose: - "8000" env_file: - .env.production # 生产环境不挂载源代码目录,镜像内已包含完整代码 depends_on: db: condition: service_healthy redis: condition: service_healthy # 使用 Dockerfile 中定义的 gunicorn 启动命令 deploy: resources: limits: memory: 1g cpus: '2.0' reservations: memory: 512m networks: - geo_internal - geo_public frontend: build: context: ./frontend dockerfile: Dockerfile container_name: geo_frontend_prod restart: always ports: # 通过反向代理访问,本地仅绑定 127.0.0.1 - "127.0.0.1:3000:3000" env_file: - .env.production # 生产环境不挂载源代码目录 depends_on: - backend deploy: resources: limits: memory: 512m cpus: '1.0' reservations: memory: 256m networks: - geo_internal - geo_public volumes: postgres_data: driver: local redis_data: driver: local networks: # 内部网络:服务间通信,不对外暴露 geo_internal: driver: bridge internal: true # 公共网络:frontend/backend 对外提供服务 geo_public: driver: bridge