geo/docker-compose.prod.yml

141 lines
3.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ============================================================
# GEO Platform — 生产环境 Docker Compose 配置
#
# 生产部署前必须完成的配置:
# 1. 创建 .env.production 文件(参考 .env.example配置真实密钥
# - SECRET_KEY / NEXTAUTH_SECRET使用随机强密码
# - DATABASE_URL建议使用托管数据库如 RDS / Cloud SQL
# - REDIS_URL建议使用托管 Redis如 ElastiCache
# - LLM API KeysDASHSCOPE_API_KEY 等)
# 2. 配置反向代理Nginx / Caddy并启用 HTTPS
# 3. 将数据库和 Redis 卷挂载到持久化存储(或使用托管服务)
# 4. 检查防火墙规则,生产环境不应暴露 5432 / 6379 端口到公网
# 5. 使用 docker compose -f docker-compose.prod.yml up -d 启动
# ============================================================
version: "3.9"
services:
db:
image: pgvector/pgvector:pg15
container_name: geo_db_prod
restart: always
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB:-geo_platform}
# 生产环境不对外暴露数据库端口
expose:
- "5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB:-geo_platform}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
deploy:
resources:
limits:
memory: 1g
cpus: '1.0'
reservations:
memory: 512m
networks:
- geo_internal
redis:
image: redis:7-alpine
container_name: geo_redis_prod
restart: always
# 使用密码保护 Redis生产必须配置
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 200mb --maxmemory-policy allkeys-lru
expose:
- "6379"
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 15s
deploy:
resources:
limits:
memory: 256m
cpus: '0.5'
reservations:
memory: 128m
networks:
- geo_internal
backend:
build:
context: ./backend
dockerfile: Dockerfile
container_name: geo_backend_prod
restart: always
expose:
- "8000"
env_file:
- .env.production
# 生产环境不挂载源代码目录,镜像内已包含完整代码
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
# 使用 Dockerfile 中定义的 gunicorn 启动命令
deploy:
resources:
limits:
memory: 1g
cpus: '2.0'
reservations:
memory: 512m
networks:
- geo_internal
- geo_public
frontend:
build:
context: ./frontend
dockerfile: Dockerfile
container_name: geo_frontend_prod
restart: always
ports:
# 通过反向代理访问,本地仅绑定 127.0.0.1
- "127.0.0.1:3000:3000"
env_file:
- .env.production
# 生产环境不挂载源代码目录
depends_on:
- backend
deploy:
resources:
limits:
memory: 512m
cpus: '1.0'
reservations:
memory: 256m
networks:
- geo_internal
- geo_public
volumes:
postgres_data:
driver: local
redis_data:
driver: local
networks:
# 内部网络:服务间通信,不对外暴露
geo_internal:
driver: bridge
internal: true
# 公共网络frontend/backend 对外提供服务
geo_public:
driver: bridge