wangys/urbanLifeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docker初步构想

Browse Source
This commit is contained in:
wangys
2025-12-28 18:30:17 +08:00
parent 0beb631512
commit 154ac7f61c
2300 changed files with 8729 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

276
docker/infra/docker-compose.yml Normal file
View File

@@ -0,0 +1,276 @@
# ================================================
# Level 1: 基础设施服务
# Nacos, MinIO, Nginx, Jitsi Meet
# ================================================
services:
# ====================== Nginx 反向代理 ======================
nginx:
image: urban-lifeline-web:${IMAGE_VERSION:-latest}
container_name: urban-lifeline-nginx
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "80:80"
- "443:443"
environment:
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/nginx/logs:/var/log/nginx
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
# SSL 证书(可选)
# - ./nginx/ssl:/etc/nginx/ssl:ro
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# ====================== Nacos 注册中心 ======================
nacos:
image: nacos/nacos-server:v3.1.0
container_name: urban-lifeline-nacos
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "8081:8080"
- "8848:8848"
- "9848:9848"
- "9849:9849"
environment:
MODE: standalone
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: ${MYSQL_HOST:-host.docker.internal}
MYSQL_SERVICE_PORT: ${MYSQL_PORT:-3306}
MYSQL_SERVICE_DB_NAME: nacos_config
MYSQL_SERVICE_USER: ${MYSQL_USER:-root}
MYSQL_SERVICE_PASSWORD: ${MYSQL_PASSWORD:-123456}
MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false
JVM_XMS: 512m
JVM_XMX: 512m
JVM_XMN: 256m
NACOS_AUTH_ENABLE: "false"
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
volumes:
- ${DATA_ROOT:-../volumes}/nacos/data:/home/nacos/data
- ${DATA_ROOT:-../volumes}/nacos/logs:/home/nacos/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
extra_hosts:
- "host.docker.internal:host-gateway"
# ====================== MinIO 对象存储 ======================
minio:
image: minio/minio:latest
container_name: urban-lifeline-minio
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123}
MINIO_CONSOLE_ADDRESS: ":9001"
MINIO_ADDRESS: ":9000"
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/minio/data:/data
- ${DATA_ROOT:-../volumes}/minio/config:/root/.minio
command: server /data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
start_period: 30s
# ====================== Jitsi Meet 视频会议 ======================
jitsi-web:
image: jitsi/web:stable-9584
container_name: urban-lifeline-jitsi-web
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
ports:
- "8280:80"
- "8443:443"
environment:
TZ: Asia/Shanghai
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi}
ENABLE_HTTPS: 0
ENABLE_HTTP_REDIRECT: 0
DISABLE_HTTPS: 1
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
ENABLE_AUTH: 1
ENABLE_GUESTS: 0
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
ENABLE_RECORDING: 0
ENABLE_TRANSCRIPTIONS: 0
ENABLE_SUBDOMAINS: 0
ENABLE_XMPP_WEBSOCKET: 1
ENABLE_SCTP: 1
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/web:/config
- ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
jitsi-prosody:
image: jitsi/prosody:stable-9584
container_name: urban-lifeline-jitsi-prosody
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
expose:
- "5222"
- "5347"
- "5280"
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
ENABLE_AUTH: 1
ENABLE_GUESTS: 0
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
LOG_LEVEL: info
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi}
JWT_DISABLE_AUTO_MODERATOR: true
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config
- ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
healthcheck:
test: ["CMD", "prosodyctl", "status"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
jitsi-jicofo:
image: jitsi/jicofo:stable-9584
container_name: urban-lifeline-jitsi-jicofo
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password
AUTH_TYPE: jwt
JVB_BREWERY_MUC: jvbbrewery
JICOFO_ENABLE_HEALTH_CHECKS: true
JICOFO_ENABLE_AUTO_OWNER: false
JICOFO_ENABLE_AUTO_LOGIN: false
JICOFO_CONFERENCE_INITIAL_OWNER: ""
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
jitsi-jvb:
image: jitsi/jvb:stable-9584
container_name: urban-lifeline-jitsi-jvb
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
ports:
- "10000:10000/udp"
- "4443:4443/tcp"
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
JVB_BREWERY_MUC: jvbbrewery
JVB_PORT: 10000
JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302
DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS:-192.168.0.253}
JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS:-192.168.0.253}
JVB_ENABLE_APIS: rest,colibri
JVB_TCP_HARVESTER_DISABLED: "false"
JVB_TCP_PORT: 4443
JVB_TCP_MAPPED_PORT: 4443
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jvb:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
networks:
urban-lifeline:
external: true

83
docker/infra/nginx/conf.d/default.conf Normal file
View File

@@ -0,0 +1,83 @@
# ================================================
# Urban Lifeline - 站点配置
# ================================================
# 上游服务定义
upstream gateway {
server gateway:8080;
keepalive 32;
}
upstream platform {
server platform:80;
}
upstream workcase-web {
server workcase-web:80;
}
server {
listen 80;
server_name localhost;
# 健康检查端点
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# ====================== 前端应用代理 ======================
# Platform 管理平台
location /platform/ {
proxy_pass http://platform/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Workcase 工单系统
location /workcase/ {
proxy_pass http://workcase-web/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 默认首页(重定向到 platform
location = / {
return 302 /platform/;
}
# ====================== API 代理 ======================
# 后端 API 代理
location /urban-lifeline/ {
proxy_pass http://gateway/urban-lifeline/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# ====================== 错误页面 ======================
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

47
docker/infra/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,47 @@
# ================================================
# Urban Lifeline - Nginx 主配置
# ================================================
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 性能优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript
application/xml application/xml+rss text/javascript application/x-javascript;
# 上传文件大小限制
client_max_body_size 100M;
# 引入站点配置
include /etc/nginx/conf.d/*.conf;
}