# Docker Compose生产环境配置文件 # 若依框架前后端分离Docker部署方案 - 生产环境 # Requirements: 5.3, 6.5 version: '3.8' services: # MySQL数据库服务 - 生产环境配置 anxin-mysql: image: mysql:8.0 container_name: anxin-mysql-prod restart: always environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: ${DB_NAME:-anxin_prod} MYSQL_USER: ${DB_USER:-anxin_prod} MYSQL_PASSWORD: ${DB_PASSWORD} TZ: Asia/Shanghai ports: - "127.0.0.1:${DB_PORT:-3306}:3306" # 生产环境仅绑定本地接口 volumes: - mysql-data-prod:/var/lib/mysql - ./database/init:/docker-entrypoint-initdb.d:ro - ./configs/my.cnf.prod:/etc/mysql/conf.d/my.cnf:ro - mysql-logs-prod:/var/log/mysql networks: - anxin-prod-network deploy: resources: limits: memory: ${DATABASE_MEMORY_LIMIT:-1024M} cpus: '${DATABASE_CPU_LIMIT:-1.0}' reservations: memory: 512M cpus: '0.5' healthcheck: test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"] timeout: 20s retries: 10 interval: 30s start_period: 60s logging: driver: "json-file" options: max-size: "${LOG_MAX_SIZE:-200m}" max-file: "${LOG_MAX_FILES:-15}" security_opt: - no-new-privileges:true read_only: true tmpfs: - /tmp - /var/run/mysqld # Spring Boot后端服务 - 生产环境配置 anxin-backend: build: context: ../ dockerfile: docker/backend/Dockerfile target: production image: anxin-backend:prod container_name: anxin-backend-prod restart: always environment: SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod} SPRING_DATASOURCE_URL: jdbc:mysql://anxin-mysql:3306/${DB_NAME:-anxin_prod}?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&requireSSL=true SPRING_DATASOURCE_USERNAME: ${DB_USER:-anxin_prod} SPRING_DATASOURCE_PASSWORD: ${DB_PASSWORD} JAVA_OPTS: ${JAVA_OPTS:--Xms1024m -Xmx2048m -Djava.security.egd=file:/dev/./urandom -XX:+UseG1GC -XX:+UseStringDeduplication} LOG_LEVEL: ${LOG_LEVEL:-WARN} TZ: Asia/Shanghai # 生产环境特有配置 MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE: health,info,metrics MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS: never LOGGING_LEVEL_COM_RUOYI: WARN LOGGING_LEVEL_ROOT: WARN # 安全配置 SPRING_SECURITY_REQUIRE_SSL: true SERVER_SSL_ENABLED: false # 通过反向代理处理SSL ports: - "127.0.0.1:${BACKEND_PORT:-8080}:8080" # 生产环境仅绑定本地接口 volumes: - backend-logs-prod:/app/logs - backend-uploads-prod:/app/uploadPath - ./configs:/app/config:ro networks: - anxin-prod-network depends_on: anxin-mysql: condition: service_healthy deploy: resources: limits: memory: ${BACKEND_MEMORY_LIMIT:-2048M} cpus: '${BACKEND_CPU_LIMIT:-2.0}' reservations: memory: 1024M cpus: '1.0' replicas: ${BACKEND_REPLICAS:-1} healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health || exit 1"] timeout: 30s retries: 5 interval: 30s start_period: 120s logging: driver: "json-file" options: max-size: "${LOG_MAX_SIZE:-200m}" max-file: "${LOG_MAX_FILES:-15}" security_opt: - no-new-privileges:true read_only: true tmpfs: - /tmp # Vue3前端服务 - 生产环境配置 anxin-frontend: build: context: ../ dockerfile: docker/frontend/Dockerfile target: production args: API_BASE_URL: ${API_BASE_URL:-https://api.anxin.com} NODE_ENV: production image: anxin-frontend:prod container_name: anxin-frontend-prod restart: always environment: TZ: Asia/Shanghai NODE_ENV: production ports: - "${FRONTEND_PORT:-80}:80" - "${FRONTEND_SSL_PORT:-443}:443" volumes: - frontend-logs-prod:/var/log/nginx - ./configs/nginx.conf.prod:/etc/nginx/conf.d/default.conf:ro - ./configs/ssl:/etc/nginx/ssl:ro # SSL证书 networks: - anxin-prod-network depends_on: anxin-backend: condition: service_healthy deploy: resources: limits: memory: ${FRONTEND_MEMORY_LIMIT:-512M} cpus: '${FRONTEND_CPU_LIMIT:-1.0}' reservations: memory: 256M cpus: '0.5' replicas: ${FRONTEND_REPLICAS:-1} healthcheck: test: ["CMD-SHELL", "curl -f http://localhost/ || exit 1"] timeout: 10s retries: 3 interval: 30s start_period: 30s logging: driver: "json-file" options: max-size: "${LOG_MAX_SIZE:-200m}" max-file: "${LOG_MAX_FILES:-15}" security_opt: - no-new-privileges:true # 生产环境专用服务 - 数据库备份服务 anxin-db-backup: image: mysql:8.0 container_name: anxin-db-backup-prod restart: always environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} BACKUP_SCHEDULE: ${BACKUP_SCHEDULE:-0 2 * * *} # 每天凌晨2点备份 BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-30} volumes: - mysql-data-prod:/var/lib/mysql:ro - backup-data-prod:/backup - ./scripts/backup-prod.sh:/backup.sh:ro networks: - anxin-prod-network depends_on: anxin-mysql: condition: service_healthy command: > sh -c " echo 'Starting database backup service for production environment...' echo '${BACKUP_SCHEDULE} /backup.sh' | crontab - crond -f " deploy: resources: limits: memory: 256M cpus: '0.2' logging: driver: "json-file" options: max-size: "50m" max-file: "5" # 生产环境专用服务 - 监控服务 anxin-monitor: image: prom/node-exporter:latest container_name: anxin-monitor-prod restart: always ports: - "127.0.0.1:9100:9100" volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro networks: - anxin-prod-network command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' deploy: resources: limits: memory: 128M cpus: '0.1' logging: driver: "json-file" options: max-size: "10m" max-file: "3" # 网络配置 - 生产环境 networks: anxin-prod-network: name: ${NETWORK_NAME:-anxin-prod-network} driver: bridge ipam: driver: default config: - subnet: ${SUBNET:-172.23.0.0/16} gateway: ${GATEWAY:-172.23.0.1} driver_opts: com.docker.network.bridge.name: anxin-prod-br0 # 卷配置 - 生产环境 volumes: # 数据库数据持久化卷 mysql-data-prod: driver: local driver_opts: type: none o: bind device: ${MYSQL_DATA_PATH:-/var/lib/anxin/mysql} # 数据库日志卷 mysql-logs-prod: driver: local driver_opts: type: none o: bind device: ${MYSQL_LOG_PATH:-/var/log/anxin/mysql} # 后端应用日志卷 backend-logs-prod: driver: local driver_opts: type: none o: bind device: ${BACKEND_LOG_PATH:-/var/log/anxin/backend} # 后端文件上传卷 backend-uploads-prod: driver: local driver_opts: type: none o: bind device: ${BACKEND_UPLOAD_PATH:-/var/lib/anxin/uploads} # 前端Nginx日志卷 frontend-logs-prod: driver: local driver_opts: type: none o: bind device: ${FRONTEND_LOG_PATH:-/var/log/anxin/nginx} # 数据库备份卷 backup-data-prod: driver: local driver_opts: type: none o: bind device: ${BACKUP_DATA_PATH:-/var/lib/anxin/backups}