152 lines
4.0 KiB
YAML
152 lines
4.0 KiB
YAML
# ============================================================
|
||
# GEO Platform — 生产环境 Docker Compose 配置
|
||
#
|
||
# 生产部署前必须完成的配置:
|
||
# 1. 创建 .env.production 文件(参考 .env.example),配置真实密钥:
|
||
# - SECRET_KEY / NEXTAUTH_SECRET(使用随机强密码)
|
||
# - DATABASE_URL(建议使用托管数据库,如 RDS / Cloud SQL)
|
||
# - REDIS_URL(建议使用托管 Redis,如 ElastiCache)
|
||
# - LLM API Keys(DASHSCOPE_API_KEY 等)
|
||
# 2. 配置反向代理(Nginx / Caddy)并启用 HTTPS
|
||
# 3. 将数据库和 Redis 卷挂载到持久化存储(或使用托管服务)
|
||
# 4. 检查防火墙规则,生产环境不应暴露 5432 / 6379 端口到公网
|
||
# 5. 使用 docker compose -f docker-compose.prod.yml up -d 启动
|
||
# ============================================================
|
||
|
||
services:
|
||
db:
|
||
image: pgvector/pgvector:pg15
|
||
container_name: geo_db_prod
|
||
restart: always
|
||
environment:
|
||
POSTGRES_USER: ${POSTGRES_USER}
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||
POSTGRES_DB: ${POSTGRES_DB:-geo_platform}
|
||
# 生产环境不对外暴露数据库端口
|
||
expose:
|
||
- "5432"
|
||
volumes:
|
||
- postgres_data:/var/lib/postgresql/data
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB:-geo_platform}"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
start_period: 30s
|
||
deploy:
|
||
resources:
|
||
limits:
|
||
memory: 1g
|
||
cpus: '1.0'
|
||
reservations:
|
||
memory: 512m
|
||
networks:
|
||
- geo_internal
|
||
|
||
redis:
|
||
image: redis:7-alpine
|
||
container_name: geo_redis_prod
|
||
restart: always
|
||
# 使用密码保护 Redis(生产必须配置)
|
||
command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 200mb --maxmemory-policy allkeys-lru
|
||
expose:
|
||
- "6379"
|
||
volumes:
|
||
- redis_data:/data
|
||
healthcheck:
|
||
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
start_period: 15s
|
||
deploy:
|
||
resources:
|
||
limits:
|
||
memory: 256m
|
||
cpus: '0.5'
|
||
reservations:
|
||
memory: 128m
|
||
networks:
|
||
- geo_internal
|
||
|
||
backend:
|
||
build:
|
||
context: ./backend
|
||
dockerfile: Dockerfile
|
||
target: runtime
|
||
container_name: geo_backend_prod
|
||
restart: always
|
||
expose:
|
||
- "8000"
|
||
env_file:
|
||
- .env.production
|
||
# 生产环境不挂载源代码目录,镜像内已包含完整代码
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
redis:
|
||
condition: service_healthy
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 30s
|
||
# 使用 Dockerfile 中定义的 gunicorn 启动命令
|
||
deploy:
|
||
resources:
|
||
limits:
|
||
memory: 1g
|
||
cpus: '2.0'
|
||
reservations:
|
||
memory: 512m
|
||
networks:
|
||
- geo_internal
|
||
- geo_public
|
||
|
||
frontend:
|
||
build:
|
||
context: ./frontend
|
||
dockerfile: Dockerfile
|
||
container_name: geo_frontend_prod
|
||
restart: always
|
||
ports:
|
||
# 通过反向代理访问,本地仅绑定 127.0.0.1
|
||
- "127.0.0.1:3000:3000"
|
||
env_file:
|
||
- .env.production
|
||
# 生产环境不挂载源代码目录
|
||
depends_on:
|
||
- backend
|
||
healthcheck:
|
||
test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/auth/session"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 30s
|
||
deploy:
|
||
resources:
|
||
limits:
|
||
memory: 512m
|
||
cpus: '1.0'
|
||
reservations:
|
||
memory: 256m
|
||
networks:
|
||
- geo_internal
|
||
- geo_public
|
||
|
||
volumes:
|
||
postgres_data:
|
||
driver: local
|
||
redis_data:
|
||
driver: local
|
||
|
||
networks:
|
||
# 内部网络:服务间通信,不对外暴露
|
||
geo_internal:
|
||
driver: bridge
|
||
internal: true
|
||
# 公共网络:frontend/backend 对外提供服务
|
||
geo_public:
|
||
driver: bridge
|