diff --git a/docker/example/Dockerfile.base-serv b/docker/example/Dockerfile.base-serv deleted file mode 100644 index 62446fcf..00000000 --- a/docker/example/Dockerfile.base-serv +++ /dev/null @@ -1,118 +0,0 @@ -# ==================================== -# 后端基础镜像 - Base Serv -# 包含:JRE + Python + 系统工具 + 爬虫依赖 -# 用途:作为后端服务镜像的基础,避免每次都安装依赖 -# ==================================== -FROM eclipse-temurin:21-jre - -# 设置环境变量 -ENV LANG=C.UTF-8 \ - LC_ALL=C.UTF-8 \ - TZ=Asia/Shanghai \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple \ - PIP_TRUSTED_HOST=pypi.tuna.tsinghua.edu.cn - -# 安装系统依赖和工具 -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - # Python环境 - python3 \ - python3-pip \ - python3-venv \ - python3-dev \ - # 编译工具 - build-essential \ - # 网络和诊断工具 - netcat-traditional \ - curl \ - wget \ - dnsutils \ - iputils-ping \ - # 系统工具 - procps \ - htop \ - vim \ - less \ - # 数据库客户端 - default-mysql-client \ - # 字体和图形库 - fonts-liberation \ - fonts-noto-color-emoji \ - fonts-noto-cjk \ - # Chrome依赖 - libxss1 \ - libx11-xcb1 \ - libxcb1 \ - libxcomposite1 \ - libxcursor1 \ - libxdamage1 \ - libxi6 \ - libxtst6 \ - libnss3 \ - libcups2 \ - libxrandr2 \ - libasound2t64 \ - libatk1.0-0 \ - libatk-bridge2.0-0 \ - libpangocairo-1.0-0 \ - libgtk-3-0 \ - # 图片处理 - libjpeg-dev \ - zlib1g-dev \ - libpng-dev \ - # 其他依赖 - libffi-dev \ - libssl-dev \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && echo "Asia/Shanghai" > /etc/timezone - -# 设置Python3为默认Python -RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ - && update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 - -WORKDIR /app - -# 配置pip使用清华源 -RUN mkdir -p /etc/pip && \ - echo "[global]" > /etc/pip/pip.conf && \ - echo "index-url = https://pypi.tuna.tsinghua.edu.cn/simple" >> /etc/pip/pip.conf && \ - echo "trusted-host = pypi.tuna.tsinghua.edu.cn" >> /etc/pip/pip.conf - -# 安装常用Python工具和爬虫依赖 -COPY schoolNewsCrawler/requirements.txt /tmp/requirements.txt - -RUN echo "========================================" && \ - echo "安装Python爬虫依赖到基础镜像" && \ - echo "========================================" && \ - # 直接安装依赖(使用系统pip,不升级以避免破坏系统) - python3 -m pip install --no-cache-dir --break-system-packages -r /tmp/requirements.txt && \ - # 清理缓存 - python3 -m pip cache purge && \ - # 验证安装 - echo "" && \ - echo "✅ 爬虫依赖安装完成" && \ - python3 -m pip list | grep -E "(beautifulsoup4|crawl4ai|selenium|pydantic|requests|loguru)" && \ - # 清理临时文件 - rm -f /tmp/requirements.txt - -# 创建应用目录结构 -RUN mkdir -p /app/config /app/logs /app/uploads /app/crawler - -# 健康检查 -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD curl -f http://localhost:8080/actuator/health || exit 1 - -# 镜像元数据 -LABEL maintainer="School News Team" \ - description="Base image for school-news backend service with Python dependencies" \ - version="1.0" - -# 暴露端口(文档用途) -EXPOSE 8081 - -# 默认命令(会被子镜像覆盖) -CMD ["echo", "This is base image, please use school-news-serv image"] diff --git a/docker/example/Dockerfile.mysql b/docker/example/Dockerfile.mysql deleted file mode 100644 index b3057ecd..00000000 --- a/docker/example/Dockerfile.mysql +++ /dev/null @@ -1,112 +0,0 @@ -# 校园新闻管理系统 - MySQL数据库镜像 -# 基于reInit.sh的数据库初始化方案 -FROM mysql:8.0 - -# 设置环境变量 -ENV LANG=C.UTF-8 \ - TZ=Asia/Shanghai - -# 注意:MySQL配置有两种方式 -# 1. 通过docker-compose.yml的command参数(基础配置) -# 2. 通过挂载my.cnf文件(高级配置,可选) -# docker-compose.yml中可以取消注释: ./mysql/my.cnf:/etc/mysql/conf.d/my.cnf - -# 创建SQL目录 -RUN mkdir -p /docker-entrypoint-initdb.d /opt/sql - -# 复制所有SQL文件(保持目录结构) -COPY schoolNewsServ/.bin/mysql/sql/ /opt/sql/ - -# 复制并调整reInit.sh为Docker环境,设置执行权限 -COPY schoolNewsServ/.bin/mysql/sql/reInit.sh /opt/sql/ -RUN sed -i 's/DB_HOST="localhost"/DB_HOST="localhost"/' /opt/sql/reInit.sh && \ - sed -i 's/DB_PORT="3306"/DB_PORT="3306"/' /opt/sql/reInit.sh && \ - sed -i 's/DB_USER="root"/DB_USER="root"/' /opt/sql/reInit.sh && \ - sed -i 's/DB_PASSWORD="123456"/DB_PASSWORD="${MYSQL_ROOT_PASSWORD}"/' /opt/sql/reInit.sh && \ - sed -i 's/DB_NAME="school_news"/DB_NAME="${MYSQL_DATABASE}"/' /opt/sql/reInit.sh && \ - sed -i 's|LOG_FILE="$SCRIPT_DIR/reInit.log"|LOG_FILE="/tmp/reInit.log"|' /opt/sql/reInit.sh && \ - chmod +x /opt/sql/reInit.sh && \ - chmod +x /opt/sql/sensitiveData/importSensitiveWords.sh -# 创建Docker初始化适配脚本 -RUN cat > /docker-entrypoint-initdb.d/01-init-database.sh <<'EOF' -#!/bin/bash -set -e - -echo "==========================================" -echo "校园新闻管理系统 - 数据库初始化" -echo "使用 reInit.sh + Docker配置更新" -echo "==========================================" - -# 等待MySQL完全启动 -echo "等待MySQL启动..." -until mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1" >/dev/null 2>&1; do - sleep 1 -done -echo "MySQL已就绪" - -# 切换到SQL目录 -cd /opt/sql - -# 设置环境变量供reInit.sh使用 -export DB_HOST="localhost" -export DB_PORT="3306" -export DB_USER="root" -export DB_PASSWORD="${MYSQL_ROOT_PASSWORD}" -export DB_NAME="${MYSQL_DATABASE}" -export MYSQL_PWD="${MYSQL_ROOT_PASSWORD}" - -# Source reInit.sh并调用其初始化函数 -echo "执行数据库初始化(使用reInit.sh)..." -source reInit.sh - -# 调用reInit.sh的核心函数(跳过备份和删除) -execute_init_script # 执行initAll.sql -import_sensitive_words # 导入敏感词 - -# Docker环境特定配置:更新爬虫路径并标记初始化状态 -echo "更新Docker环境配置..." -mysql -uroot "${MYSQL_DATABASE}" < /etc/timezone && \ - # 创建必要目录 - mkdir -p /app/dist /app/config /app/logs - -# 设置工作目录 -WORKDIR /app - -# 2. 安装依赖(这层在package*.json不变时会使用缓存) -COPY schoolNewsWeb/package*.json ./ -RUN npm ci --only=production && \ - npm install -g vite - -# 3. 复制静态配置和启动脚本(这些文件不常变化) -COPY schoolNewsWeb/public/app-config.js /app/config/app-config.js.template -COPY schoolNewsWeb/docker/start.sh /app/start.sh -RUN chmod +x /app/start.sh - -# 4. 复制构建产物(这行变化最频繁,放在最后) -# 注意:确保在主机上已经执行过构建(npm run build) -COPY schoolNewsWeb/dist/ /app/dist/ - -# 5. 确保dist中有默认配置文件 -RUN if [ ! -f /app/dist/app-config.js ]; then \ - cp /app/config/app-config.js.template /app/dist/app-config.js; \ - fi - -# 暴露端口(Vite preview默认4173) -EXPOSE 4173 - -# 健康检查 -HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \ - CMD curl -f http://localhost:4173/ || exit 1 - -# 启动应用 -CMD ["/app/start.sh"] diff --git a/docker/infra/docker-compose.yml b/docker/infra/docker-compose.yml deleted file mode 100644 index 3ff07132..00000000 --- a/docker/infra/docker-compose.yml +++ /dev/null @@ -1,346 +0,0 @@ -# ================================================ -# Level 1: 基础设施服务 -# Nacos, MinIO, Nginx, Jitsi Meet -# ================================================ - -services: - # ====================== Nginx 反向代理 ====================== - nginx: - image: nginx:alpine - container_name: urban-lifeline-nginx - restart: unless-stopped - profiles: ["infra", "all"] - networks: - - urban-lifeline - ports: - - "80:80" - - "443:443" - environment: - TZ: Asia/Shanghai - volumes: - - ${DATA_ROOT:-../volumes}/nginx/logs:/var/log/nginx - - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - ./nginx/conf.d:/etc/nginx/conf.d:ro - # SSL 证书(可选) - # - ./nginx/ssl:/etc/nginx/ssl:ro - depends_on: - - urban-lifeline-serv - - urban-lifeline-web - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 30s - - # ====================== 后端服务 All-in-One ====================== - urban-lifeline-serv: - image: urban-lifeline-serv:${IMAGE_VERSION:-latest} - container_name: urban-lifeline-serv - restart: unless-stopped - profiles: ["infra", "serv", "all"] - networks: - - urban-lifeline - expose: - - "8080" - - "8081" - - "8082" - - "8083" - - "8084" - - "8085" - - "8086" - - "8087" - - "8088" - - "8089" - - "8090" - environment: - TZ: Asia/Shanghai - SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod} - NACOS_SERVER_ADDR: nacos:8848 - NACOS_NAMESPACE: ${NACOS_NAMESPACE:-} - volumes: - - ${DATA_ROOT:-../volumes}/logs/serv:/app/logs - depends_on: - nacos: - condition: service_healthy - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080/actuator/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 180s - - # ====================== 前端服务 All-in-One ====================== - urban-lifeline-web: - image: urban-lifeline-web:${IMAGE_VERSION:-latest} - container_name: urban-lifeline-web - restart: unless-stopped - profiles: ["infra", "web", "all"] - networks: - - urban-lifeline - expose: - - "8000" - - "8001" - - "8002" - - "8003" - - "8004" - environment: - TZ: Asia/Shanghai - SHARED_PORT: 8000 - PLATFORM_PORT: 8001 - WORKCASE_PORT: 8002 - BIDDING_PORT: 8003 - WORKCASE_WECHAT_PORT: 8004 - volumes: - - ${DATA_ROOT:-../volumes}/logs/web:/app/logs - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8000/"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 30s - - # ====================== Nacos 注册中心 ====================== - nacos: - image: nacos/nacos-server:v3.1.0 - container_name: urban-lifeline-nacos - restart: unless-stopped - profiles: ["infra", "all"] - networks: - - urban-lifeline - ports: - - "8081:8080" - - "8848:8848" - - "9848:9848" - - "9849:9849" - environment: - MODE: standalone - SPRING_DATASOURCE_PLATFORM: mysql - MYSQL_SERVICE_HOST: ${MYSQL_HOST:-host.docker.internal} - MYSQL_SERVICE_PORT: ${MYSQL_PORT:-3306} - MYSQL_SERVICE_DB_NAME: nacos_config - MYSQL_SERVICE_USER: ${MYSQL_USER:-root} - MYSQL_SERVICE_PASSWORD: ${MYSQL_PASSWORD:-123456} - MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false - JVM_XMS: 512m - JVM_XMX: 512m - JVM_XMN: 256m - NACOS_AUTH_ENABLE: "false" - NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==} - NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==} - NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==} - volumes: - - ${DATA_ROOT:-../volumes}/nacos/data:/home/nacos/data - - ${DATA_ROOT:-../volumes}/nacos/logs:/home/nacos/logs - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"] - interval: 30s - timeout: 10s - retries: 5 - start_period: 60s - extra_hosts: - - "host.docker.internal:host-gateway" - - # ====================== MinIO 对象存储 ====================== - minio: - image: minio/minio:latest - container_name: urban-lifeline-minio - restart: unless-stopped - profiles: ["infra", "all"] - networks: - - urban-lifeline - ports: - - "9000:9000" - - "9001:9001" - environment: - MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin} - MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123} - MINIO_CONSOLE_ADDRESS: ":9001" - MINIO_ADDRESS: ":9000" - TZ: Asia/Shanghai - volumes: - - ${DATA_ROOT:-../volumes}/minio/data:/data - - ${DATA_ROOT:-../volumes}/minio/config:/root/.minio - command: server /data --console-address ":9001" - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] - interval: 30s - timeout: 20s - retries: 3 - start_period: 30s - - # ====================== Jitsi Meet 视频会议 ====================== - jitsi-web: - image: jitsi/web:stable-9584 - container_name: urban-lifeline-jitsi-web - restart: unless-stopped - profiles: ["infra", "jitsi", "all"] - networks: - - urban-lifeline - ports: - - "8280:80" - - "8443:443" - environment: - TZ: Asia/Shanghai - PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi} - ENABLE_HTTPS: 0 - ENABLE_HTTP_REDIRECT: 0 - DISABLE_HTTPS: 1 - XMPP_DOMAIN: meet.jitsi - XMPP_AUTH_DOMAIN: auth.meet.jitsi - XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280 - XMPP_MUC_DOMAIN: muc.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi - XMPP_GUEST_DOMAIN: guest.meet.jitsi - JICOFO_COMPONENT_SECRET: jicofo-secret - JICOFO_AUTH_USER: focus - JVB_AUTH_USER: jvb - JVB_AUTH_PASSWORD: jvb-password - ENABLE_AUTH: 1 - ENABLE_GUESTS: 0 - AUTH_TYPE: jwt - JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline} - JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256} - JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline} - JWT_ACCEPTED_AUDIENCES: jitsi - JWT_ALLOW_EMPTY: 0 - JWT_AUTH_TYPE: token - JWT_TOKEN_AUTH_MODULE: token_verification - ENABLE_RECORDING: 0 - ENABLE_TRANSCRIPTIONS: 0 - ENABLE_SUBDOMAINS: 0 - ENABLE_XMPP_WEBSOCKET: 1 - ENABLE_SCTP: 1 - volumes: - - ${DATA_ROOT:-../volumes}/jitsi/web:/config - - ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts - depends_on: - - jitsi-prosody - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:80/"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - - jitsi-prosody: - image: jitsi/prosody:stable-9584 - container_name: urban-lifeline-jitsi-prosody - restart: unless-stopped - profiles: ["infra", "jitsi", "all"] - networks: - - urban-lifeline - expose: - - "5222" - - "5347" - - "5280" - environment: - TZ: Asia/Shanghai - XMPP_DOMAIN: meet.jitsi - XMPP_AUTH_DOMAIN: auth.meet.jitsi - XMPP_MUC_DOMAIN: muc.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi - XMPP_GUEST_DOMAIN: guest.meet.jitsi - JICOFO_COMPONENT_SECRET: jicofo-secret - JICOFO_AUTH_USER: focus - JICOFO_AUTH_PASSWORD: focus-password - JVB_AUTH_USER: jvb - JVB_AUTH_PASSWORD: jvb-password - ENABLE_AUTH: 1 - ENABLE_GUESTS: 0 - AUTH_TYPE: jwt - JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline} - JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256} - JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline} - JWT_ACCEPTED_AUDIENCES: jitsi - JWT_ALLOW_EMPTY: 0 - JWT_AUTH_TYPE: token - JWT_TOKEN_AUTH_MODULE: token_verification - LOG_LEVEL: info - PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi} - JWT_DISABLE_AUTO_MODERATOR: true - volumes: - - ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config - - ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom - healthcheck: - test: ["CMD", "prosodyctl", "status"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 90s - - jitsi-jicofo: - image: jitsi/jicofo:stable-9584 - container_name: urban-lifeline-jitsi-jicofo - restart: unless-stopped - profiles: ["infra", "jitsi", "all"] - networks: - - urban-lifeline - environment: - TZ: Asia/Shanghai - XMPP_DOMAIN: meet.jitsi - XMPP_AUTH_DOMAIN: auth.meet.jitsi - XMPP_MUC_DOMAIN: muc.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi - XMPP_SERVER: jitsi-prosody - JICOFO_COMPONENT_SECRET: jicofo-secret - JICOFO_AUTH_USER: focus - JICOFO_AUTH_PASSWORD: focus-password - AUTH_TYPE: jwt - JVB_BREWERY_MUC: jvbbrewery - JICOFO_ENABLE_HEALTH_CHECKS: true - JICOFO_ENABLE_AUTO_OWNER: false - JICOFO_ENABLE_AUTO_LOGIN: false - JICOFO_CONFERENCE_INITIAL_OWNER: "" - volumes: - - ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config - depends_on: - - jitsi-prosody - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 90s - - jitsi-jvb: - image: jitsi/jvb:stable-9584 - container_name: urban-lifeline-jitsi-jvb - restart: unless-stopped - profiles: ["infra", "jitsi", "all"] - networks: - - urban-lifeline - ports: - - "10000:10000/udp" - - "4443:4443/tcp" - environment: - TZ: Asia/Shanghai - XMPP_DOMAIN: meet.jitsi - XMPP_AUTH_DOMAIN: auth.meet.jitsi - XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi - XMPP_SERVER: jitsi-prosody - JVB_AUTH_USER: jvb - JVB_AUTH_PASSWORD: jvb-password - JVB_BREWERY_MUC: jvbbrewery - JVB_PORT: 10000 - JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302 - DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS:-192.168.0.253} - JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS:-192.168.0.253} - JVB_ENABLE_APIS: rest,colibri - JVB_TCP_HARVESTER_DISABLED: "false" - JVB_TCP_PORT: 4443 - JVB_TCP_MAPPED_PORT: 4443 - volumes: - - ${DATA_ROOT:-../volumes}/jitsi/jvb:/config - depends_on: - - jitsi-prosody - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 90s - -networks: - urban-lifeline: - external: true diff --git a/docker/infra/nginx/conf.d/default.conf b/docker/infra/nginx/conf.d/default.conf deleted file mode 100644 index 28ad83e9..00000000 --- a/docker/infra/nginx/conf.d/default.conf +++ /dev/null @@ -1,131 +0,0 @@ -# ================================================ -# Urban Lifeline - 站点配置 (All-in-One 模式) -# ================================================ - -# 上游服务定义 - 后端 All-in-One 容器 -upstream gateway { - server urban-lifeline-serv:8080; - keepalive 32; -} - -# 上游服务定义 - 前端 All-in-One 容器 -upstream shared { - server urban-lifeline-web:8000; -} - -upstream platform { - server urban-lifeline-web:8001; -} - -upstream workcase-web { - server urban-lifeline-web:8002; -} - -upstream bidding-web { - server urban-lifeline-web:8003; -} - -upstream workcase-wechat { - server urban-lifeline-web:8004; -} - -server { - listen 80; - server_name localhost; - - # 健康检查端点 - location /health { - access_log off; - return 200 "healthy\n"; - add_header Content-Type text/plain; - } - - # ====================== 前端应用代理 ====================== - - # Shared 公共模块 (Module Federation 远程模块) - location /shared/ { - proxy_pass http://shared/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # 允许跨域 (Module Federation 需要) - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, OPTIONS"; - add_header Access-Control-Allow-Headers "Origin, Content-Type, Accept"; - } - - # Platform 管理平台 - location /platform/ { - proxy_pass http://platform/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Workcase 工单系统 PC端 - location /workcase/ { - proxy_pass http://workcase-web/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Bidding 招标系统 - location /bidding/ { - proxy_pass http://bidding-web/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Workcase 工单系统微信端 - location /workcase-wechat/ { - proxy_pass http://workcase-wechat/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # 默认首页(重定向到 platform) - location = / { - return 302 /platform/; - } - - # ====================== API 代理 ====================== - - # 后端 API 代理 - location /urban-lifeline/ { - proxy_pass http://gateway/urban-lifeline/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # WebSocket 支持 - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # 超时设置 - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - } - - # ====================== 错误页面 ====================== - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/docker/infra/nginx/nginx.conf b/docker/infra/nginx/nginx.conf deleted file mode 100644 index ed8a2477..00000000 --- a/docker/infra/nginx/nginx.conf +++ /dev/null @@ -1,47 +0,0 @@ -# ================================================ -# Urban Lifeline - Nginx 主配置 -# ================================================ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # 日志格式 - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - # 性能优化 - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - # Gzip 压缩 - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types text/plain text/css text/xml application/json application/javascript - application/xml application/xml+rss text/javascript application/x-javascript; - - # 上传文件大小限制 - client_max_body_size 100M; - - # 引入站点配置 - include /etc/nginx/conf.d/*.conf; -} diff --git a/docker/jitsi/.env.example b/docker/jitsi/.env.example new file mode 100644 index 00000000..71509a4e --- /dev/null +++ b/docker/jitsi/.env.example @@ -0,0 +1,62 @@ +# ================================================ +# Jitsi Meet - 环境变量配置 +# 复制此文件为 .env 并修改配置 +# ================================================ + +# 时区 +TZ=Asia/Shanghai + +# 数据目录 +DATA_ROOT=../volumes + +# ==================== 镜像版本 ==================== +JITSI_IMAGE_TAG=stable-9584 + +# ==================== 公网访问 ==================== +# Jitsi 公网访问地址 (必须配置) +JITSI_PUBLIC_URL=https://meet.example.com + +# JVB 公网 IP (必须配置,用于 WebRTC 媒体流) +JVB_HOST_ADDRESS=192.168.0.253 + +# ==================== 端口配置 ==================== +# Web 端口 +JITSI_WEB_HTTP_PORT=8280 +JITSI_WEB_HTTPS_PORT=8443 + +# JVB 端口 (UDP 用于媒体流,TCP 用于备用) +JVB_PORT=10000 +JVB_TCP_PORT=4443 + +# ==================== JWT 认证 ==================== +# JWT App ID (与后端服务保持一致) +JWT_APP_ID=urbanLifeline + +# JWT 密钥 (生产环境必须修改!) +JWT_APP_SECRET=your-jwt-secret-key-change-in-production + +# ==================== 功能开关 ==================== +# 是否启用认证 (1=启用, 0=禁用) +JITSI_ENABLE_AUTH=1 + +# 是否允许访客 (1=允许, 0=禁止) +JITSI_ENABLE_GUESTS=0 + +# 是否启用 HTTPS (容器内) +JITSI_ENABLE_HTTPS=0 +JITSI_DISABLE_HTTPS=1 + +# 是否启用录制 +JITSI_ENABLE_RECORDING=0 + +# 日志级别 +JITSI_LOG_LEVEL=info + +# ==================== 组件密码 ==================== +# 内部组件认证密码 (生产环境建议修改) +JICOFO_COMPONENT_SECRET=jicofo-secret +JICOFO_AUTH_PASSWORD=focus-password +JVB_AUTH_PASSWORD=jvb-password + +# ==================== STUN 服务器 ==================== +JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302 diff --git a/docker/jitsi/docker-compose.yml b/docker/jitsi/docker-compose.yml new file mode 100644 index 00000000..2f403d5c --- /dev/null +++ b/docker/jitsi/docker-compose.yml @@ -0,0 +1,198 @@ +# ================================================ +# Jitsi Meet 视频会议服务 +# +# 使用方式: +# docker compose up -d +# +# 环境变量配置: +# 复制 .env.example 为 .env 并修改 +# ================================================ + +services: + # ====================== Jitsi Web ====================== + jitsi-web: + image: jitsi/web:${JITSI_IMAGE_TAG:-stable-9584} + container_name: urban-lifeline-jitsi-web + restart: unless-stopped + networks: + - urban-lifeline + ports: + - "${JITSI_WEB_HTTP_PORT:-8280}:80" + - "${JITSI_WEB_HTTPS_PORT:-8443}:443" + environment: + TZ: ${TZ:-Asia/Shanghai} + PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com} + ENABLE_HTTPS: ${JITSI_ENABLE_HTTPS:-0} + ENABLE_HTTP_REDIRECT: 0 + DISABLE_HTTPS: ${JITSI_DISABLE_HTTPS:-1} + # XMPP 配置 + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280 + XMPP_MUC_DOMAIN: muc.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_GUEST_DOMAIN: guest.meet.jitsi + # 组件认证 + JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret} + JICOFO_AUTH_USER: focus + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password} + # JWT 认证 + ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1} + ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0} + AUTH_TYPE: jwt + JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline} + JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production} + JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline} + JWT_ACCEPTED_AUDIENCES: jitsi + JWT_ALLOW_EMPTY: 0 + JWT_AUTH_TYPE: token + JWT_TOKEN_AUTH_MODULE: token_verification + # 功能开关 + ENABLE_RECORDING: ${JITSI_ENABLE_RECORDING:-0} + ENABLE_TRANSCRIPTIONS: 0 + ENABLE_SUBDOMAINS: 0 + ENABLE_XMPP_WEBSOCKET: 1 + ENABLE_SCTP: 1 + volumes: + - ${DATA_ROOT:-../volumes}/jitsi/web:/config + - ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts + depends_on: + - jitsi-prosody + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:80/"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + + # ====================== Jitsi Prosody (XMPP) ====================== + jitsi-prosody: + image: jitsi/prosody:${JITSI_IMAGE_TAG:-stable-9584} + container_name: urban-lifeline-jitsi-prosody + restart: unless-stopped + networks: + - urban-lifeline + expose: + - "5222" + - "5347" + - "5280" + environment: + TZ: ${TZ:-Asia/Shanghai} + PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com} + # XMPP 配置 + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_GUEST_DOMAIN: guest.meet.jitsi + # 组件认证 + JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret} + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password} + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password} + # JWT 认证 + ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1} + ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0} + AUTH_TYPE: jwt + JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline} + JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production} + JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline} + JWT_ACCEPTED_AUDIENCES: jitsi + JWT_ALLOW_EMPTY: 0 + JWT_AUTH_TYPE: token + JWT_TOKEN_AUTH_MODULE: token_verification + JWT_DISABLE_AUTO_MODERATOR: true + LOG_LEVEL: ${JITSI_LOG_LEVEL:-info} + volumes: + - ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config + - ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom + healthcheck: + test: ["CMD", "prosodyctl", "status"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 90s + + # ====================== Jitsi Jicofo (会议焦点) ====================== + jitsi-jicofo: + image: jitsi/jicofo:${JITSI_IMAGE_TAG:-stable-9584} + container_name: urban-lifeline-jitsi-jicofo + restart: unless-stopped + networks: + - urban-lifeline + environment: + TZ: ${TZ:-Asia/Shanghai} + # XMPP 配置 + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_MUC_DOMAIN: muc.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: jitsi-prosody + # 组件认证 + JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret} + JICOFO_AUTH_USER: focus + JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password} + AUTH_TYPE: jwt + JVB_BREWERY_MUC: jvbbrewery + # 功能配置 + JICOFO_ENABLE_HEALTH_CHECKS: true + JICOFO_ENABLE_AUTO_OWNER: false + JICOFO_ENABLE_AUTO_LOGIN: false + JICOFO_CONFERENCE_INITIAL_OWNER: "" + volumes: + - ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config + depends_on: + - jitsi-prosody + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 90s + + # ====================== Jitsi JVB (视频桥接) ====================== + jitsi-jvb: + image: jitsi/jvb:${JITSI_IMAGE_TAG:-stable-9584} + container_name: urban-lifeline-jitsi-jvb + restart: unless-stopped + networks: + - urban-lifeline + ports: + - "${JVB_PORT:-10000}:10000/udp" + - "${JVB_TCP_PORT:-4443}:4443/tcp" + environment: + TZ: ${TZ:-Asia/Shanghai} + # XMPP 配置 + XMPP_DOMAIN: meet.jitsi + XMPP_AUTH_DOMAIN: auth.meet.jitsi + XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi + XMPP_SERVER: jitsi-prosody + # 组件认证 + JVB_AUTH_USER: jvb + JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password} + JVB_BREWERY_MUC: jvbbrewery + # 网络配置 + JVB_PORT: ${JVB_PORT:-10000} + JVB_STUN_SERVERS: ${JVB_STUN_SERVERS:-stun.l.google.com:19302,stun1.l.google.com:19302} + DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS} + JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS} + JVB_ENABLE_APIS: rest,colibri + JVB_TCP_HARVESTER_DISABLED: "false" + JVB_TCP_PORT: ${JVB_TCP_PORT:-4443} + JVB_TCP_MAPPED_PORT: ${JVB_TCP_PORT:-4443} + volumes: + - ${DATA_ROOT:-../volumes}/jitsi/jvb:/config + depends_on: + - jitsi-prosody + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 90s + +networks: + urban-lifeline: + name: urban-lifeline diff --git a/docker/minio/.env.example b/docker/minio/.env.example new file mode 100644 index 00000000..3066f4b9 --- /dev/null +++ b/docker/minio/.env.example @@ -0,0 +1,36 @@ +# ================================================ +# MinIO 配置 +# 复制此文件为 .env 并修改配置 +# ================================================ + +# ------------------------------ +# MinIO 版本 +# ------------------------------ +MINIO_VERSION=latest + +# ------------------------------ +# 端口配置 +# ------------------------------ +# API 端口 +MINIO_API_PORT=9000 +# 控制台端口 +MINIO_CONSOLE_PORT=9001 + +# ------------------------------ +# 认证配置 +# ------------------------------ +MINIO_ROOT_USER=minioadmin +MINIO_ROOT_PASSWORD=minioadmin123 + +# ------------------------------ +# 域名配置(可选,用于反向代理) +# ------------------------------ +# 控制台重定向 URL(通过反向代理访问时设置) +# MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com +# API 服务 URL(通过反向代理访问时设置) +# MINIO_SERVER_URL=https://minio.example.com + +# ------------------------------ +# 数据目录 +# ------------------------------ +DATA_ROOT=../volumes diff --git a/docker/minio/docker-compose.yml b/docker/minio/docker-compose.yml new file mode 100644 index 00000000..ec206c23 --- /dev/null +++ b/docker/minio/docker-compose.yml @@ -0,0 +1,35 @@ +services: + +# ====================== MinIO 对象存储 ====================== + minio: + image: minio/minio:${MINIO_VERSION:-latest} + container_name: urban-lifeline-minio + restart: unless-stopped + env_file: + - .env + networks: + - urban-lifeline + ports: + - "${MINIO_API_PORT:-9000}:9000" + - "${MINIO_CONSOLE_PORT:-9001}:9001" + environment: + MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin} + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123} + MINIO_CONSOLE_ADDRESS: ":9001" + MINIO_ADDRESS: ":9000" + MINIO_BROWSER_REDIRECT_URL: ${MINIO_BROWSER_REDIRECT_URL:-} + MINIO_SERVER_URL: ${MINIO_SERVER_URL:-} + TZ: Asia/Shanghai + volumes: + - ${DATA_ROOT:-../volumes}/minio/data:/data + - ${DATA_ROOT:-../volumes}/minio/config:/root/.minio + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + start_period: 30s +networks: + urban-lifeline: + name: urban-lifeline \ No newline at end of file diff --git a/docker/nacos/.env.example b/docker/nacos/.env.example new file mode 100644 index 00000000..9bc41369 --- /dev/null +++ b/docker/nacos/.env.example @@ -0,0 +1,50 @@ +# ================================================ +# Nacos 配置 +# 复制此文件为 .env 并修改配置 +# ================================================ + +# ------------------------------ +# MySQL 配置 +# ------------------------------ +MYSQL_VERSION=8.0 +MYSQL_ROOT_PASSWORD=root123456 +MYSQL_USER=nacos +MYSQL_PASSWORD=nacos123456 +# 暴露到主机的端口(避免与主机 MySQL 冲突) +MYSQL_EXPOSE_PORT=3307 + +# ------------------------------ +# Nacos 版本和模式 +# ------------------------------ +NACOS_VERSION=v3.1.0 +NACOS_MODE=standalone +NACOS_DB_NAME=nacos_config + +# ------------------------------ +# Nacos 端口配置 +# ------------------------------ +NACOS_CONSOLE_PORT=8081 +NACOS_PORT=8848 +NACOS_GRPC_PORT=9848 +NACOS_RAFT_PORT=9849 + +# ------------------------------ +# JVM 配置 +# ------------------------------ +NACOS_JVM_XMS=512m +NACOS_JVM_XMX=512m +NACOS_JVM_XMN=256m + +# ------------------------------ +# 认证配置 +# ------------------------------ +NACOS_AUTH_ENABLE=false +# 生产环境请修改以下密钥 +NACOS_AUTH_TOKEN=ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ== +NACOS_AUTH_IDENTITY_KEY=serverIdentity +NACOS_AUTH_IDENTITY_VALUE=security + +# ------------------------------ +# 数据目录 +# ------------------------------ +DATA_ROOT=../volumes diff --git a/docker/nacos/docker-compose.yml b/docker/nacos/docker-compose.yml new file mode 100644 index 00000000..2ce94855 --- /dev/null +++ b/docker/nacos/docker-compose.yml @@ -0,0 +1,76 @@ +services: +# ====================== MySQL 数据库 ====================== + mysql: + image: mysql:${MYSQL_VERSION:-8.0} + container_name: urban-lifeline-nacos-mysql + restart: unless-stopped + networks: + - urban-lifeline + ports: + - "${MYSQL_EXPOSE_PORT:-3307}:3306" + environment: + MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root123456} + MYSQL_DATABASE: ${NACOS_DB_NAME:-nacos_config} + MYSQL_USER: ${MYSQL_USER:-nacos} + MYSQL_PASSWORD: ${MYSQL_PASSWORD:-nacos123456} + TZ: Asia/Shanghai + volumes: + - ${DATA_ROOT:-../volumes}/nacos/mysql:/var/lib/mysql + - ./init.sql:/docker-entrypoint-initdb.d/init.sql:ro + command: + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_unicode_ci + - --default-authentication-plugin=mysql_native_password + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD:-root123456}"] + interval: 10s + timeout: 5s + retries: 10 + start_period: 30s + +# ====================== Nacos 注册中心 ====================== + nacos: + image: nacos/nacos-server:${NACOS_VERSION:-v3.1.0} + container_name: urban-lifeline-nacos + restart: unless-stopped + env_file: + - .env + networks: + - urban-lifeline + ports: + - "${NACOS_CONSOLE_PORT:-8081}:8081" + - "${NACOS_PORT:-8848}:8848" + - "${NACOS_GRPC_PORT:-9848}:9848" + - "${NACOS_RAFT_PORT:-9849}:9849" + environment: + MODE: ${NACOS_MODE:-standalone} + SPRING_DATASOURCE_PLATFORM: mysql + MYSQL_SERVICE_HOST: mysql + MYSQL_SERVICE_PORT: 3306 + MYSQL_SERVICE_DB_NAME: ${NACOS_DB_NAME:-nacos_config} + MYSQL_SERVICE_USER: ${MYSQL_USER:-nacos} + MYSQL_SERVICE_PASSWORD: ${MYSQL_PASSWORD:-nacos123456} + MYSQL_SERVICE_DB_PARAM: characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true + JVM_XMS: ${NACOS_JVM_XMS:-512m} + JVM_XMX: ${NACOS_JVM_XMX:-512m} + JVM_XMN: ${NACOS_JVM_XMN:-256m} + NACOS_AUTH_ENABLE: ${NACOS_AUTH_ENABLE:-false} + NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==} + NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_IDENTITY_KEY:-serverIdentity} + NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_IDENTITY_VALUE:-security} + volumes: + - ${DATA_ROOT:-../volumes}/nacos/data:/home/nacos/data + - ${DATA_ROOT:-../volumes}/nacos/logs:/home/nacos/logs + depends_on: + mysql: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 60s + +networks: + urban-lifeline: + name: urban-lifeline diff --git a/docker/nacos/init.sql b/docker/nacos/init.sql new file mode 100644 index 00000000..36098b16 --- /dev/null +++ b/docker/nacos/init.sql @@ -0,0 +1,182 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +DROP DATABASE IF EXISTS `nacos_config`; +CREATE DATABASE IF NOT EXISTS `nacos_config` CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; +USE `nacos_config`; + +/******************************************/ +/* 表名称 = config_info */ +/******************************************/ +CREATE TABLE `config_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` VARCHAR(255) NOT NULL COMMENT 'data_id', + `group_id` VARCHAR(128) DEFAULT NULL COMMENT 'group_id', + `content` longtext NOT NULL COMMENT 'content', + `md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + `src_user` text COMMENT 'source user', + `src_ip` VARCHAR(50) DEFAULT NULL COMMENT 'source ip', + `app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name', + `tenant_id` VARCHAR(128) DEFAULT '' COMMENT '租户字段', + `c_desc` VARCHAR(256) DEFAULT NULL COMMENT 'configuration description', + `c_use` VARCHAR(64) DEFAULT NULL COMMENT 'configuration usage', + `effect` VARCHAR(64) DEFAULT NULL COMMENT '配置生效的描述', + `type` VARCHAR(64) DEFAULT NULL COMMENT '配置的类型', + `c_schema` text COMMENT '配置的模式', + `encrypted_data_key` VARCHAR(1024) NOT NULL DEFAULT '' COMMENT '密钥', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfo_datagrouptenant` (`data_id`,`group_id`,`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info'; + +/******************************************/ +/* 表名称 = config_info since 2.5.0 */ +/******************************************/ +CREATE TABLE `config_info_gray` ( + `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` VARCHAR(255) NOT NULL COMMENT 'data_id', + `group_id` VARCHAR(128) NOT NULL COMMENT 'group_id', + `content` longtext NOT NULL COMMENT 'content', + `md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5', + `src_user` text COMMENT 'src_user', + `src_ip` VARCHAR(100) DEFAULT NULL COMMENT 'src_ip', + `gmt_create` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) COMMENT 'gmt_create', + `gmt_modified` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) COMMENT 'gmt_modified', + `app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name', + `tenant_id` VARCHAR(128) DEFAULT '' COMMENT 'tenant_id', + `gray_name` VARCHAR(128) NOT NULL COMMENT 'gray_name', + `gray_rule` text NOT NULL COMMENT 'gray_rule', + `encrypted_data_key` VARCHAR(256) NOT NULL DEFAULT '' COMMENT 'encrypted_data_key', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfogray_datagrouptenantgray` (`data_id`,`group_id`,`tenant_id`,`gray_name`), + KEY `idx_dataid_gmt_modified` (`data_id`,`gmt_modified`), + KEY `idx_gmt_modified` (`gmt_modified`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='config_info_gray'; + +/******************************************/ +/* 表名称 = config_tags_relation */ +/******************************************/ +CREATE TABLE `config_tags_relation` ( + `id` bigint(20) NOT NULL COMMENT 'id', + `tag_name` VARCHAR(128) NOT NULL COMMENT 'tag_name', + `tag_type` VARCHAR(64) DEFAULT NULL COMMENT 'tag_type', + `data_id` VARCHAR(255) NOT NULL COMMENT 'data_id', + `group_id` VARCHAR(128) NOT NULL COMMENT 'group_id', + `tenant_id` VARCHAR(128) DEFAULT '' COMMENT 'tenant_id', + `nid` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增长标识', + PRIMARY KEY (`nid`), + UNIQUE KEY `uk_configtagrelation_configidtag` (`id`,`tag_name`,`tag_type`), + KEY `idx_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_tag_relation'; + +/******************************************/ +/* 表名称 = group_capacity */ +/******************************************/ +CREATE TABLE `group_capacity` ( + `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID', + `group_id` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Group ID,空字符表示整个集群', + `quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额,0表示使用默认值', + `usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量', + `max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限,单位为字节,0表示使用默认值', + `max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数,,0表示使用默认值', + `max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限,单位为字节,0表示使用默认值', + `max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_group_id` (`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='集群、各Group容量信息表'; + +/******************************************/ +/* 表名称 = his_config_info */ +/******************************************/ +CREATE TABLE `his_config_info` ( + `id` bigint(20) unsigned NOT NULL COMMENT 'id', + `nid` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增标识', + `data_id` VARCHAR(255) NOT NULL COMMENT 'data_id', + `group_id` VARCHAR(128) NOT NULL COMMENT 'group_id', + `app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name', + `content` longtext NOT NULL COMMENT 'content', + `md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + `src_user` text COMMENT 'source user', + `src_ip` VARCHAR(50) DEFAULT NULL COMMENT 'source ip', + `op_type` char(10) DEFAULT NULL COMMENT 'operation type', + `tenant_id` VARCHAR(128) DEFAULT '' COMMENT '租户字段', + `encrypted_data_key` VARCHAR(1024) NOT NULL DEFAULT '' COMMENT '密钥', + `publish_type` VARCHAR(50) DEFAULT 'formal' COMMENT 'publish type gray or formal', + `gray_name` VARCHAR(50) DEFAULT NULL COMMENT 'gray name', + `ext_info` longtext DEFAULT NULL COMMENT 'ext info', + PRIMARY KEY (`nid`), + KEY `idx_gmt_create` (`gmt_create`), + KEY `idx_gmt_modified` (`gmt_modified`), + KEY `idx_did` (`data_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='多租户改造'; + + +/******************************************/ +/* 表名称 = tenant_capacity */ +/******************************************/ +CREATE TABLE `tenant_capacity` ( + `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID', + `tenant_id` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Tenant ID', + `quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额,0表示使用默认值', + `usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量', + `max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限,单位为字节,0表示使用默认值', + `max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数', + `max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限,单位为字节,0表示使用默认值', + `max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='租户容量信息表'; + + +CREATE TABLE `tenant_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `kp` VARCHAR(128) NOT NULL COMMENT 'kp', + `tenant_id` VARCHAR(128) default '' COMMENT 'tenant_id', + `tenant_name` VARCHAR(128) default '' COMMENT 'tenant_name', + `tenant_desc` VARCHAR(256) DEFAULT NULL COMMENT 'tenant_desc', + `create_source` VARCHAR(32) DEFAULT NULL COMMENT 'create_source', + `gmt_create` bigint(20) NOT NULL COMMENT '创建时间', + `gmt_modified` bigint(20) NOT NULL COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`), + KEY `idx_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info'; + +CREATE TABLE `users` ( + `username` VARCHAR(50) NOT NULL PRIMARY KEY COMMENT 'username', + `password` VARCHAR(500) NOT NULL COMMENT 'password', + `enabled` BOOLEAN NOT NULL COMMENT 'enabled' +); + +CREATE TABLE `roles` ( + `username` VARCHAR(50) NOT NULL COMMENT 'username', + `role` VARCHAR(50) NOT NULL COMMENT 'role', + UNIQUE INDEX `idx_user_role` (`username` ASC, `role` ASC) USING BTREE +); + +CREATE TABLE `permissions` ( + `role` VARCHAR(50) NOT NULL COMMENT 'role', + `resource` VARCHAR(128) NOT NULL COMMENT 'resource', + `action` VARCHAR(8) NOT NULL COMMENT 'action', + UNIQUE INDEX `uk_role_permission` (`role`,`resource`,`action`) USING BTREE +); +