291 lines
8.0 KiB
YAML
291 lines
8.0 KiB
YAML
# Docker Compose生产环境配置文件
|
|
# 若依框架前后端分离Docker部署方案 - 生产环境
|
|
# Requirements: 5.3, 6.5
|
|
|
|
version: '3.8'
|
|
|
|
services:
|
|
# MySQL数据库服务 - 生产环境配置
|
|
anxin-mysql:
|
|
image: mysql:8.0
|
|
container_name: anxin-mysql-prod
|
|
restart: always
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
|
|
MYSQL_DATABASE: ${DB_NAME:-anxin_prod}
|
|
MYSQL_USER: ${DB_USER:-anxin_prod}
|
|
MYSQL_PASSWORD: ${DB_PASSWORD}
|
|
TZ: Asia/Shanghai
|
|
ports:
|
|
- "127.0.0.1:${DB_PORT:-3306}:3306" # 生产环境仅绑定本地接口
|
|
volumes:
|
|
- mysql-data-prod:/var/lib/mysql
|
|
- ./database/init:/docker-entrypoint-initdb.d:ro
|
|
- ./configs/my.cnf.prod:/etc/mysql/conf.d/my.cnf:ro
|
|
- mysql-logs-prod:/var/log/mysql
|
|
networks:
|
|
- anxin-prod-network
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: ${DATABASE_MEMORY_LIMIT:-1024M}
|
|
cpus: '${DATABASE_CPU_LIMIT:-1.0}'
|
|
reservations:
|
|
memory: 512M
|
|
cpus: '0.5'
|
|
healthcheck:
|
|
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"]
|
|
timeout: 20s
|
|
retries: 10
|
|
interval: 30s
|
|
start_period: 60s
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "${LOG_MAX_SIZE:-200m}"
|
|
max-file: "${LOG_MAX_FILES:-15}"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
- /var/run/mysqld
|
|
|
|
# Spring Boot后端服务 - 生产环境配置
|
|
anxin-backend:
|
|
build:
|
|
context: ../
|
|
dockerfile: docker/backend/Dockerfile
|
|
target: production
|
|
image: anxin-backend:prod
|
|
container_name: anxin-backend-prod
|
|
restart: always
|
|
environment:
|
|
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod}
|
|
SPRING_DATASOURCE_URL: jdbc:mysql://anxin-mysql:3306/${DB_NAME:-anxin_prod}?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&requireSSL=true
|
|
SPRING_DATASOURCE_USERNAME: ${DB_USER:-anxin_prod}
|
|
SPRING_DATASOURCE_PASSWORD: ${DB_PASSWORD}
|
|
JAVA_OPTS: ${JAVA_OPTS:--Xms1024m -Xmx2048m -Djava.security.egd=file:/dev/./urandom -XX:+UseG1GC -XX:+UseStringDeduplication}
|
|
LOG_LEVEL: ${LOG_LEVEL:-WARN}
|
|
TZ: Asia/Shanghai
|
|
# 生产环境特有配置
|
|
MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE: health,info,metrics
|
|
MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS: never
|
|
LOGGING_LEVEL_COM_RUOYI: WARN
|
|
LOGGING_LEVEL_ROOT: WARN
|
|
# 安全配置
|
|
SPRING_SECURITY_REQUIRE_SSL: true
|
|
SERVER_SSL_ENABLED: false # 通过反向代理处理SSL
|
|
ports:
|
|
- "127.0.0.1:${BACKEND_PORT:-8080}:8080" # 生产环境仅绑定本地接口
|
|
volumes:
|
|
- backend-logs-prod:/app/logs
|
|
- backend-uploads-prod:/app/uploadPath
|
|
- ./configs:/app/config:ro
|
|
networks:
|
|
- anxin-prod-network
|
|
depends_on:
|
|
anxin-mysql:
|
|
condition: service_healthy
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: ${BACKEND_MEMORY_LIMIT:-2048M}
|
|
cpus: '${BACKEND_CPU_LIMIT:-2.0}'
|
|
reservations:
|
|
memory: 1024M
|
|
cpus: '1.0'
|
|
replicas: ${BACKEND_REPLICAS:-1}
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health || exit 1"]
|
|
timeout: 30s
|
|
retries: 5
|
|
interval: 30s
|
|
start_period: 120s
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "${LOG_MAX_SIZE:-200m}"
|
|
max-file: "${LOG_MAX_FILES:-15}"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
|
|
# Vue3前端服务 - 生产环境配置
|
|
anxin-frontend:
|
|
build:
|
|
context: ../
|
|
dockerfile: docker/frontend/Dockerfile
|
|
target: production
|
|
args:
|
|
API_BASE_URL: ${API_BASE_URL:-https://api.anxin.com}
|
|
NODE_ENV: production
|
|
image: anxin-frontend:prod
|
|
container_name: anxin-frontend-prod
|
|
restart: always
|
|
environment:
|
|
TZ: Asia/Shanghai
|
|
NODE_ENV: production
|
|
ports:
|
|
- "${FRONTEND_PORT:-80}:80"
|
|
- "${FRONTEND_SSL_PORT:-443}:443"
|
|
volumes:
|
|
- frontend-logs-prod:/var/log/nginx
|
|
- ./configs/nginx.conf.prod:/etc/nginx/conf.d/default.conf:ro
|
|
- ./configs/ssl:/etc/nginx/ssl:ro # SSL证书
|
|
networks:
|
|
- anxin-prod-network
|
|
depends_on:
|
|
anxin-backend:
|
|
condition: service_healthy
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: ${FRONTEND_MEMORY_LIMIT:-512M}
|
|
cpus: '${FRONTEND_CPU_LIMIT:-1.0}'
|
|
reservations:
|
|
memory: 256M
|
|
cpus: '0.5'
|
|
replicas: ${FRONTEND_REPLICAS:-1}
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost/ || exit 1"]
|
|
timeout: 10s
|
|
retries: 3
|
|
interval: 30s
|
|
start_period: 30s
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "${LOG_MAX_SIZE:-200m}"
|
|
max-file: "${LOG_MAX_FILES:-15}"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
# 生产环境专用服务 - 数据库备份服务
|
|
anxin-db-backup:
|
|
image: mysql:8.0
|
|
container_name: anxin-db-backup-prod
|
|
restart: always
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
|
|
BACKUP_SCHEDULE: ${BACKUP_SCHEDULE:-0 2 * * *} # 每天凌晨2点备份
|
|
BACKUP_RETENTION_DAYS: ${BACKUP_RETENTION_DAYS:-30}
|
|
volumes:
|
|
- mysql-data-prod:/var/lib/mysql:ro
|
|
- backup-data-prod:/backup
|
|
- ./scripts/backup-prod.sh:/backup.sh:ro
|
|
networks:
|
|
- anxin-prod-network
|
|
depends_on:
|
|
anxin-mysql:
|
|
condition: service_healthy
|
|
command: >
|
|
sh -c "
|
|
echo 'Starting database backup service for production environment...'
|
|
echo '${BACKUP_SCHEDULE} /backup.sh' | crontab -
|
|
crond -f
|
|
"
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
cpus: '0.2'
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "50m"
|
|
max-file: "5"
|
|
|
|
# 生产环境专用服务 - 监控服务
|
|
anxin-monitor:
|
|
image: prom/node-exporter:latest
|
|
container_name: anxin-monitor-prod
|
|
restart: always
|
|
ports:
|
|
- "127.0.0.1:9100:9100"
|
|
volumes:
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
- /:/rootfs:ro
|
|
networks:
|
|
- anxin-prod-network
|
|
command:
|
|
- '--path.procfs=/host/proc'
|
|
- '--path.rootfs=/rootfs'
|
|
- '--path.sysfs=/host/sys'
|
|
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 128M
|
|
cpus: '0.1'
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# 网络配置 - 生产环境
|
|
networks:
|
|
anxin-prod-network:
|
|
name: ${NETWORK_NAME:-anxin-prod-network}
|
|
driver: bridge
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: ${SUBNET:-172.23.0.0/16}
|
|
gateway: ${GATEWAY:-172.23.0.1}
|
|
driver_opts:
|
|
com.docker.network.bridge.name: anxin-prod-br0
|
|
|
|
# 卷配置 - 生产环境
|
|
volumes:
|
|
# 数据库数据持久化卷
|
|
mysql-data-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${MYSQL_DATA_PATH:-/var/lib/anxin/mysql}
|
|
|
|
# 数据库日志卷
|
|
mysql-logs-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${MYSQL_LOG_PATH:-/var/log/anxin/mysql}
|
|
|
|
# 后端应用日志卷
|
|
backend-logs-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${BACKEND_LOG_PATH:-/var/log/anxin/backend}
|
|
|
|
# 后端文件上传卷
|
|
backend-uploads-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${BACKEND_UPLOAD_PATH:-/var/lib/anxin/uploads}
|
|
|
|
# 前端Nginx日志卷
|
|
frontend-logs-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${FRONTEND_LOG_PATH:-/var/log/anxin/nginx}
|
|
|
|
# 数据库备份卷
|
|
backup-data-prod:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${BACKUP_DATA_PATH:-/var/lib/anxin/backups} |