wangys/urbanLifeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

服务配置修改

Browse Source
This commit is contained in:
wangys
2026-01-02 14:55:57 +08:00
parent e15305df85
commit 19026c1b30
14 changed files with 639 additions and 842 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
docker/example/Dockerfile.base-serv
View File

@@ -1,118 +0,0 @@
# ====================================
# 后端基础镜像 - Base Serv
# 包含JRE + Python + 系统工具 + 爬虫依赖
# 用途:作为后端服务镜像的基础,避免每次都安装依赖
# ====================================
FROM eclipse-temurin:21-jre
# 设置环境变量
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
TZ=Asia/Shanghai \
PYTHONUNBUFFERED=1 \
PYTHONIOENCODING=UTF-8 \
PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple \
PIP_TRUSTED_HOST=pypi.tuna.tsinghua.edu.cn
# 安装系统依赖和工具
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
# Python环境
python3 \
python3-pip \
python3-venv \
python3-dev \
# 编译工具
build-essential \
# 网络和诊断工具
netcat-traditional \
curl \
wget \
dnsutils \
iputils-ping \
# 系统工具
procps \
htop \
vim \
less \
# 数据库客户端
default-mysql-client \
# 字体和图形库
fonts-liberation \
fonts-noto-color-emoji \
fonts-noto-cjk \
# Chrome依赖
libxss1 \
libx11-xcb1 \
libxcb1 \
libxcomposite1 \
libxcursor1 \
libxdamage1 \
libxi6 \
libxtst6 \
libnss3 \
libcups2 \
libxrandr2 \
libasound2t64 \
libatk1.0-0 \
libatk-bridge2.0-0 \
libpangocairo-1.0-0 \
libgtk-3-0 \
# 图片处理
libjpeg-dev \
zlib1g-dev \
libpng-dev \
# 其他依赖
libffi-dev \
libssl-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone
# 设置Python3为默认Python
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
&& update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
WORKDIR /app
# 配置pip使用清华源
RUN mkdir -p /etc/pip && \
echo "[global]" > /etc/pip/pip.conf && \
echo "index-url = https://pypi.tuna.tsinghua.edu.cn/simple" >> /etc/pip/pip.conf && \
echo "trusted-host = pypi.tuna.tsinghua.edu.cn" >> /etc/pip/pip.conf
# 安装常用Python工具和爬虫依赖
COPY schoolNewsCrawler/requirements.txt /tmp/requirements.txt
RUN echo "========================================" && \
echo "安装Python爬虫依赖到基础镜像" && \
echo "========================================" && \
# 直接安装依赖使用系统pip不升级以避免破坏系统
python3 -m pip install --no-cache-dir --break-system-packages -r /tmp/requirements.txt && \
# 清理缓存
python3 -m pip cache purge && \
# 验证安装
echo "" && \
echo "✅ 爬虫依赖安装完成" && \
python3 -m pip list | grep -E "(beautifulsoup4|crawl4ai|selenium|pydantic|requests|loguru)" && \
# 清理临时文件
rm -f /tmp/requirements.txt
# 创建应用目录结构
RUN mkdir -p /app/config /app/logs /app/uploads /app/crawler
# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8080/actuator/health || exit 1
# 镜像元数据
LABEL maintainer="School News Team" \
description="Base image for school-news backend service with Python dependencies" \
version="1.0"
# 暴露端口(文档用途)
EXPOSE 8081
# 默认命令(会被子镜像覆盖)
CMD ["echo", "This is base image, please use school-news-serv image"]

112
docker/example/Dockerfile.mysql
View File

@@ -1,112 +0,0 @@
# 校园新闻管理系统 - MySQL数据库镜像
# 基于reInit.sh的数据库初始化方案
FROM mysql:8.0
# 设置环境变量
ENV LANG=C.UTF-8 \
TZ=Asia/Shanghai
# 注意MySQL配置有两种方式
# 1. 通过docker-compose.yml的command参数基础配置
# 2. 通过挂载my.cnf文件高级配置可选
# docker-compose.yml中可以取消注释: ./mysql/my.cnf:/etc/mysql/conf.d/my.cnf
# 创建SQL目录
RUN mkdir -p /docker-entrypoint-initdb.d /opt/sql
# 复制所有SQL文件保持目录结构
COPY schoolNewsServ/.bin/mysql/sql/ /opt/sql/
# 复制并调整reInit.sh为Docker环境设置执行权限
COPY schoolNewsServ/.bin/mysql/sql/reInit.sh /opt/sql/
RUN sed -i 's/DB_HOST="localhost"/DB_HOST="localhost"/' /opt/sql/reInit.sh && \
sed -i 's/DB_PORT="3306"/DB_PORT="3306"/' /opt/sql/reInit.sh && \
sed -i 's/DB_USER="root"/DB_USER="root"/' /opt/sql/reInit.sh && \
sed -i 's/DB_PASSWORD="123456"/DB_PASSWORD="${MYSQL_ROOT_PASSWORD}"/' /opt/sql/reInit.sh && \
sed -i 's/DB_NAME="school_news"/DB_NAME="${MYSQL_DATABASE}"/' /opt/sql/reInit.sh && \
sed -i 's|LOG_FILE="$SCRIPT_DIR/reInit.log"|LOG_FILE="/tmp/reInit.log"|' /opt/sql/reInit.sh && \
chmod +x /opt/sql/reInit.sh && \
chmod +x /opt/sql/sensitiveData/importSensitiveWords.sh
# 创建Docker初始化适配脚本
RUN cat > /docker-entrypoint-initdb.d/01-init-database.sh <<'EOF'
#!/bin/bash
set -e
echo "=========================================="
echo "校园新闻管理系统 - 数据库初始化"
echo "使用 reInit.sh + Docker配置更新"
echo "=========================================="
# 等待MySQL完全启动
echo "等待MySQL启动..."
until mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1" >/dev/null 2>&1; do
sleep 1
done
echo "MySQL已就绪"
# 切换到SQL目录
cd /opt/sql
# 设置环境变量供reInit.sh使用
export DB_HOST="localhost"
export DB_PORT="3306"
export DB_USER="root"
export DB_PASSWORD="${MYSQL_ROOT_PASSWORD}"
export DB_NAME="${MYSQL_DATABASE}"
export MYSQL_PWD="${MYSQL_ROOT_PASSWORD}"
# Source reInit.sh并调用其初始化函数
echo "执行数据库初始化使用reInit.sh..."
source reInit.sh
# 调用reInit.sh的核心函数跳过备份和删除
execute_init_script # 执行initAll.sql
import_sensitive_words # 导入敏感词
# Docker环境特定配置更新爬虫路径并标记初始化状态
echo "更新Docker环境配置..."
mysql -uroot "${MYSQL_DATABASE}" <<EOSQL
-- 确保初始化标记表存在
CREATE TABLE IF NOT EXISTS _db_init_status (
id INT PRIMARY KEY AUTO_INCREMENT,
script_name VARCHAR(255) NOT NULL UNIQUE,
executed_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
status VARCHAR(50) DEFAULT 'init'
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- 确保有一条当前脚本的记录
INSERT IGNORE INTO _db_init_status (script_name) VALUES ('01-init-database.sql');
-- 更新爬虫配置为Docker容器内路径
UPDATE tb_sys_config
SET config_value = '/usr/bin/python3'
WHERE config_key = 'crawler.pythonPath';
UPDATE tb_sys_config
SET config_value = '/app/crawler'
WHERE config_key = 'crawler.basePath';
-- 将初始化状态标记为 success供 healthcheck 使用
UPDATE _db_init_status
SET status = 'success'
WHERE script_name = '01-init-database.sql';
SELECT '✅ 数据库初始化完成!' AS message;
SELECT '默认用户: admin, 密码: 123456' AS tip;
SELECT '爬虫配置已更新为Docker容器路径' AS docker_config;
EOSQL
echo "=========================================="
echo "✅ 初始化完成!"
echo "=========================================="
EOF
# 设置执行权限
RUN chmod +x /docker-entrypoint-initdb.d/01-init-database.sh
# 暴露端口
EXPOSE 3306
# 健康检查
HEALTHCHECK --interval=10s --timeout=5s --retries=5 --start-period=30s \
CMD mysqladmin ping -h localhost -p${MYSQL_ROOT_PASSWORD} || exit 1

36
docker/example/Dockerfile.serv
View File

@@ -1,36 +0,0 @@
# ====================================
# 后端服务镜像 - School News Serv
# 直接从主机复制构建好的JAR包
# 注意使用前需要先执行build.sh构建JAR包
# ====================================
FROM school-news-base-serv:latest
# 设置工作目录
WORKDIR /app
# 1. 复制不经常变化的文件
# 复制启动脚本
COPY schoolNewsServ/docker/start.sh /app/start.sh
# 复制爬虫脚本(基础镜像已安装依赖)
COPY schoolNewsCrawler/ /app/crawler/
# 复制默认配置文件
COPY schoolNewsServ/admin/src/main/resources/application.yml /app/config/application.yml.template
COPY schoolNewsServ/admin/src/main/resources/log4j2-spring.xml /app/config/log4j2-spring.xml.template
# 2. 设置脚本权限和创建目录
RUN chmod +x /app/start.sh && \
mkdir -p /app/logs
# 3. 最后复制JAR包这行变化最频繁放在最后
# 注意这里假设JAR包已经通过build.sh构建在target目录下
COPY schoolNewsServ/admin/target/admin-*.jar /app/app.jar
# 暴露端口
EXPOSE 8081
# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8081/schoolNewsServ/actuator/health || exit 1
# 启动应用
ENTRYPOINT ["/app/start.sh"]

52
docker/example/Dockerfile.web
View File

@@ -1,52 +0,0 @@
# ====================================
# 前端服务镜像 - School News Web
# 使用Node运行Vite预览服务器
# 注意dist目录需要在主机中先构建好
# ====================================
FROM node:20-alpine
# 设置环境变量
ENV TZ=Asia/Shanghai \
NODE_ENV=production \
NPM_CONFIG_REGISTRY=https://registry.npmmirror.com
# 1. 基础系统配置(这层很少变化)
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && \
apk update && \
apk add --no-cache tzdata bash curl && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo "Asia/Shanghai" > /etc/timezone && \
# 创建必要目录
mkdir -p /app/dist /app/config /app/logs
# 设置工作目录
WORKDIR /app
# 2. 安装依赖这层在package*.json不变时会使用缓存
COPY schoolNewsWeb/package*.json ./
RUN npm ci --only=production && \
npm install -g vite
# 3. 复制静态配置和启动脚本(这些文件不常变化)
COPY schoolNewsWeb/public/app-config.js /app/config/app-config.js.template
COPY schoolNewsWeb/docker/start.sh /app/start.sh
RUN chmod +x /app/start.sh
# 4. 复制构建产物(这行变化最频繁,放在最后)
# 注意确保在主机上已经执行过构建npm run build
COPY schoolNewsWeb/dist/ /app/dist/
# 5. 确保dist中有默认配置文件
RUN if [ ! -f /app/dist/app-config.js ]; then \
cp /app/config/app-config.js.template /app/dist/app-config.js; \
fi
# 暴露端口Vite preview默认4173
EXPOSE 4173
# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \
CMD curl -f http://localhost:4173/ || exit 1
# 启动应用
CMD ["/app/start.sh"]

346
docker/infra/docker-compose.yml
View File

@@ -1,346 +0,0 @@
# ================================================
# Level 1: 基础设施服务
# Nacos, MinIO, Nginx, Jitsi Meet
# ================================================
services:
# ====================== Nginx 反向代理 ======================
nginx:
image: nginx:alpine
container_name: urban-lifeline-nginx
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "80:80"
- "443:443"
environment:
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/nginx/logs:/var/log/nginx
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d:ro
# SSL 证书(可选)
# - ./nginx/ssl:/etc/nginx/ssl:ro
depends_on:
- urban-lifeline-serv
- urban-lifeline-web
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# ====================== 后端服务 All-in-One ======================
urban-lifeline-serv:
image: urban-lifeline-serv:${IMAGE_VERSION:-latest}
container_name: urban-lifeline-serv
restart: unless-stopped
profiles: ["infra", "serv", "all"]
networks:
- urban-lifeline
expose:
- "8080"
- "8081"
- "8082"
- "8083"
- "8084"
- "8085"
- "8086"
- "8087"
- "8088"
- "8089"
- "8090"
environment:
TZ: Asia/Shanghai
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod}
NACOS_SERVER_ADDR: nacos:8848
NACOS_NAMESPACE: ${NACOS_NAMESPACE:-}
volumes:
- ${DATA_ROOT:-../volumes}/logs/serv:/app/logs
depends_on:
nacos:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/actuator/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 180s
# ====================== 前端服务 All-in-One ======================
urban-lifeline-web:
image: urban-lifeline-web:${IMAGE_VERSION:-latest}
container_name: urban-lifeline-web
restart: unless-stopped
profiles: ["infra", "web", "all"]
networks:
- urban-lifeline
expose:
- "8000"
- "8001"
- "8002"
- "8003"
- "8004"
environment:
TZ: Asia/Shanghai
SHARED_PORT: 8000
PLATFORM_PORT: 8001
WORKCASE_PORT: 8002
BIDDING_PORT: 8003
WORKCASE_WECHAT_PORT: 8004
volumes:
- ${DATA_ROOT:-../volumes}/logs/web:/app/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
# ====================== Nacos 注册中心 ======================
nacos:
image: nacos/nacos-server:v3.1.0
container_name: urban-lifeline-nacos
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "8081:8080"
- "8848:8848"
- "9848:9848"
- "9849:9849"
environment:
MODE: standalone
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: ${MYSQL_HOST:-host.docker.internal}
MYSQL_SERVICE_PORT: ${MYSQL_PORT:-3306}
MYSQL_SERVICE_DB_NAME: nacos_config
MYSQL_SERVICE_USER: ${MYSQL_USER:-root}
MYSQL_SERVICE_PASSWORD: ${MYSQL_PASSWORD:-123456}
MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false
JVM_XMS: 512m
JVM_XMX: 512m
JVM_XMN: 256m
NACOS_AUTH_ENABLE: "false"
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
volumes:
- ${DATA_ROOT:-../volumes}/nacos/data:/home/nacos/data
- ${DATA_ROOT:-../volumes}/nacos/logs:/home/nacos/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
extra_hosts:
- "host.docker.internal:host-gateway"
# ====================== MinIO 对象存储 ======================
minio:
image: minio/minio:latest
container_name: urban-lifeline-minio
restart: unless-stopped
profiles: ["infra", "all"]
networks:
- urban-lifeline
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123}
MINIO_CONSOLE_ADDRESS: ":9001"
MINIO_ADDRESS: ":9000"
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/minio/data:/data
- ${DATA_ROOT:-../volumes}/minio/config:/root/.minio
command: server /data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
start_period: 30s
# ====================== Jitsi Meet 视频会议 ======================
jitsi-web:
image: jitsi/web:stable-9584
container_name: urban-lifeline-jitsi-web
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
ports:
- "8280:80"
- "8443:443"
environment:
TZ: Asia/Shanghai
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi}
ENABLE_HTTPS: 0
ENABLE_HTTP_REDIRECT: 0
DISABLE_HTTPS: 1
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
ENABLE_AUTH: 1
ENABLE_GUESTS: 0
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
ENABLE_RECORDING: 0
ENABLE_TRANSCRIPTIONS: 0
ENABLE_SUBDOMAINS: 0
ENABLE_XMPP_WEBSOCKET: 1
ENABLE_SCTP: 1
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/web:/config
- ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
jitsi-prosody:
image: jitsi/prosody:stable-9584
container_name: urban-lifeline-jitsi-prosody
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
expose:
- "5222"
- "5347"
- "5280"
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
ENABLE_AUTH: 1
ENABLE_GUESTS: 0
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-urbanLifeline-jitsi-secret-key-2025-production-safe-hs256}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
LOG_LEVEL: info
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://org.xyzh.yslg.jitsi}
JWT_DISABLE_AUTO_MODERATOR: true
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config
- ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
healthcheck:
test: ["CMD", "prosodyctl", "status"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
jitsi-jicofo:
image: jitsi/jicofo:stable-9584
container_name: urban-lifeline-jitsi-jicofo
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password
AUTH_TYPE: jwt
JVB_BREWERY_MUC: jvbbrewery
JICOFO_ENABLE_HEALTH_CHECKS: true
JICOFO_ENABLE_AUTO_OWNER: false
JICOFO_ENABLE_AUTO_LOGIN: false
JICOFO_CONFERENCE_INITIAL_OWNER: ""
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
jitsi-jvb:
image: jitsi/jvb:stable-9584
container_name: urban-lifeline-jitsi-jvb
restart: unless-stopped
profiles: ["infra", "jitsi", "all"]
networks:
- urban-lifeline
ports:
- "10000:10000/udp"
- "4443:4443/tcp"
environment:
TZ: Asia/Shanghai
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password
JVB_BREWERY_MUC: jvbbrewery
JVB_PORT: 10000
JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302
DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS:-192.168.0.253}
JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS:-192.168.0.253}
JVB_ENABLE_APIS: rest,colibri
JVB_TCP_HARVESTER_DISABLED: "false"
JVB_TCP_PORT: 4443
JVB_TCP_MAPPED_PORT: 4443
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jvb:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
networks:
urban-lifeline:
external: true

131
docker/infra/nginx/conf.d/default.conf
View File

@@ -1,131 +0,0 @@
# ================================================
# Urban Lifeline - 站点配置 (All-in-One 模式)
# ================================================
# 上游服务定义 - 后端 All-in-One 容器
upstream gateway {
server urban-lifeline-serv:8080;
keepalive 32;
}
# 上游服务定义 - 前端 All-in-One 容器
upstream shared {
server urban-lifeline-web:8000;
}
upstream platform {
server urban-lifeline-web:8001;
}
upstream workcase-web {
server urban-lifeline-web:8002;
}
upstream bidding-web {
server urban-lifeline-web:8003;
}
upstream workcase-wechat {
server urban-lifeline-web:8004;
}
server {
listen 80;
server_name localhost;
# 健康检查端点
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# ====================== 前端应用代理 ======================
# Shared 公共模块 (Module Federation 远程模块)
location /shared/ {
proxy_pass http://shared/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 允许跨域 (Module Federation 需要)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Origin, Content-Type, Accept";
}
# Platform 管理平台
location /platform/ {
proxy_pass http://platform/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Workcase 工单系统 PC端
location /workcase/ {
proxy_pass http://workcase-web/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Bidding 招标系统
location /bidding/ {
proxy_pass http://bidding-web/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Workcase 工单系统微信端
location /workcase-wechat/ {
proxy_pass http://workcase-wechat/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 默认首页(重定向到 platform
location = / {
return 302 /platform/;
}
# ====================== API 代理 ======================
# 后端 API 代理
location /urban-lifeline/ {
proxy_pass http://gateway/urban-lifeline/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# ====================== 错误页面 ======================
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

47
docker/infra/nginx/nginx.conf
View File

@@ -1,47 +0,0 @@
# ================================================
# Urban Lifeline - Nginx 主配置
# ================================================
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 性能优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript
application/xml application/xml+rss text/javascript application/x-javascript;
# 上传文件大小限制
client_max_body_size 100M;
# 引入站点配置
include /etc/nginx/conf.d/*.conf;
}

62
docker/jitsi/.env.example Normal file
View File

@@ -0,0 +1,62 @@
# ================================================
# Jitsi Meet - 环境变量配置
# 复制此文件为 .env 并修改配置
# ================================================
# 时区
TZ=Asia/Shanghai
# 数据目录
DATA_ROOT=../volumes
# ==================== 镜像版本 ====================
JITSI_IMAGE_TAG=stable-9584
# ==================== 公网访问 ====================
# Jitsi 公网访问地址 (必须配置)
JITSI_PUBLIC_URL=https://meet.example.com
# JVB 公网 IP (必须配置,用于 WebRTC 媒体流)
JVB_HOST_ADDRESS=192.168.0.253
# ==================== 端口配置 ====================
# Web 端口
JITSI_WEB_HTTP_PORT=8280
JITSI_WEB_HTTPS_PORT=8443
# JVB 端口 (UDP 用于媒体流TCP 用于备用)
JVB_PORT=10000
JVB_TCP_PORT=4443
# ==================== JWT 认证 ====================
# JWT App ID (与后端服务保持一致)
JWT_APP_ID=urbanLifeline
# JWT 密钥 (生产环境必须修改!)
JWT_APP_SECRET=your-jwt-secret-key-change-in-production
# ==================== 功能开关 ====================
# 是否启用认证 (1=启用, 0=禁用)
JITSI_ENABLE_AUTH=1
# 是否允许访客 (1=允许, 0=禁止)
JITSI_ENABLE_GUESTS=0
# 是否启用 HTTPS (容器内)
JITSI_ENABLE_HTTPS=0
JITSI_DISABLE_HTTPS=1
# 是否启用录制
JITSI_ENABLE_RECORDING=0
# 日志级别
JITSI_LOG_LEVEL=info
# ==================== 组件密码 ====================
# 内部组件认证密码 (生产环境建议修改)
JICOFO_COMPONENT_SECRET=jicofo-secret
JICOFO_AUTH_PASSWORD=focus-password
JVB_AUTH_PASSWORD=jvb-password
# ==================== STUN 服务器 ====================
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302

198
docker/jitsi/docker-compose.yml Normal file
View File

@@ -0,0 +1,198 @@
# ================================================
# Jitsi Meet 视频会议服务
#
# 使用方式:
# docker compose up -d
#
# 环境变量配置:
# 复制 .env.example 为 .env 并修改
# ================================================
services:
# ====================== Jitsi Web ======================
jitsi-web:
image: jitsi/web:${JITSI_IMAGE_TAG:-stable-9584}
container_name: urban-lifeline-jitsi-web
restart: unless-stopped
networks:
- urban-lifeline
ports:
- "${JITSI_WEB_HTTP_PORT:-8280}:80"
- "${JITSI_WEB_HTTPS_PORT:-8443}:443"
environment:
TZ: ${TZ:-Asia/Shanghai}
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com}
ENABLE_HTTPS: ${JITSI_ENABLE_HTTPS:-0}
ENABLE_HTTP_REDIRECT: 0
DISABLE_HTTPS: ${JITSI_DISABLE_HTTPS:-1}
# XMPP 配置
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
# 组件认证
JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
JICOFO_AUTH_USER: focus
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
# JWT 认证
ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1}
ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0}
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
# 功能开关
ENABLE_RECORDING: ${JITSI_ENABLE_RECORDING:-0}
ENABLE_TRANSCRIPTIONS: 0
ENABLE_SUBDOMAINS: 0
ENABLE_XMPP_WEBSOCKET: 1
ENABLE_SCTP: 1
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/web:/config
- ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
# ====================== Jitsi Prosody (XMPP) ======================
jitsi-prosody:
image: jitsi/prosody:${JITSI_IMAGE_TAG:-stable-9584}
container_name: urban-lifeline-jitsi-prosody
restart: unless-stopped
networks:
- urban-lifeline
expose:
- "5222"
- "5347"
- "5280"
environment:
TZ: ${TZ:-Asia/Shanghai}
PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com}
# XMPP 配置
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi
# 组件认证
JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password}
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
# JWT 认证
ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1}
ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0}
AUTH_TYPE: jwt
JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production}
JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
JWT_ACCEPTED_AUDIENCES: jitsi
JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification
JWT_DISABLE_AUTO_MODERATOR: true
LOG_LEVEL: ${JITSI_LOG_LEVEL:-info}
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config
- ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
healthcheck:
test: ["CMD", "prosodyctl", "status"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
# ====================== Jitsi Jicofo (会议焦点) ======================
jitsi-jicofo:
image: jitsi/jicofo:${JITSI_IMAGE_TAG:-stable-9584}
container_name: urban-lifeline-jitsi-jicofo
restart: unless-stopped
networks:
- urban-lifeline
environment:
TZ: ${TZ:-Asia/Shanghai}
# XMPP 配置
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
# 组件认证
JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password}
AUTH_TYPE: jwt
JVB_BREWERY_MUC: jvbbrewery
# 功能配置
JICOFO_ENABLE_HEALTH_CHECKS: true
JICOFO_ENABLE_AUTO_OWNER: false
JICOFO_ENABLE_AUTO_LOGIN: false
JICOFO_CONFERENCE_INITIAL_OWNER: ""
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
# ====================== Jitsi JVB (视频桥接) ======================
jitsi-jvb:
image: jitsi/jvb:${JITSI_IMAGE_TAG:-stable-9584}
container_name: urban-lifeline-jitsi-jvb
restart: unless-stopped
networks:
- urban-lifeline
ports:
- "${JVB_PORT:-10000}:10000/udp"
- "${JVB_TCP_PORT:-4443}:4443/tcp"
environment:
TZ: ${TZ:-Asia/Shanghai}
# XMPP 配置
XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody
# 组件认证
JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
JVB_BREWERY_MUC: jvbbrewery
# 网络配置
JVB_PORT: ${JVB_PORT:-10000}
JVB_STUN_SERVERS: ${JVB_STUN_SERVERS:-stun.l.google.com:19302,stun1.l.google.com:19302}
DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS}
JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS}
JVB_ENABLE_APIS: rest,colibri
JVB_TCP_HARVESTER_DISABLED: "false"
JVB_TCP_PORT: ${JVB_TCP_PORT:-4443}
JVB_TCP_MAPPED_PORT: ${JVB_TCP_PORT:-4443}
volumes:
- ${DATA_ROOT:-../volumes}/jitsi/jvb:/config
depends_on:
- jitsi-prosody
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
networks:
urban-lifeline:
name: urban-lifeline

36
docker/minio/.env.example Normal file
View File

@@ -0,0 +1,36 @@
# ================================================
# MinIO 配置
# 复制此文件为 .env 并修改配置
# ================================================
# ------------------------------
# MinIO 版本
# ------------------------------
MINIO_VERSION=latest
# ------------------------------
# 端口配置
# ------------------------------
# API 端口
MINIO_API_PORT=9000
# 控制台端口
MINIO_CONSOLE_PORT=9001
# ------------------------------
# 认证配置
# ------------------------------
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin123
# ------------------------------
# 域名配置(可选,用于反向代理)
# ------------------------------
# 控制台重定向 URL通过反向代理访问时设置
# MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com
# API 服务 URL通过反向代理访问时设置
# MINIO_SERVER_URL=https://minio.example.com
# ------------------------------
# 数据目录
# ------------------------------
DATA_ROOT=../volumes

35
docker/minio/docker-compose.yml Normal file
View File

@@ -0,0 +1,35 @@
services:
# ====================== MinIO 对象存储 ======================
minio:
image: minio/minio:${MINIO_VERSION:-latest}
container_name: urban-lifeline-minio
restart: unless-stopped
env_file:
- .env
networks:
- urban-lifeline
ports:
- "${MINIO_API_PORT:-9000}:9000"
- "${MINIO_CONSOLE_PORT:-9001}:9001"
environment:
MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin123}
MINIO_CONSOLE_ADDRESS: ":9001"
MINIO_ADDRESS: ":9000"
MINIO_BROWSER_REDIRECT_URL: ${MINIO_BROWSER_REDIRECT_URL:-}
MINIO_SERVER_URL: ${MINIO_SERVER_URL:-}
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/minio/data:/data
- ${DATA_ROOT:-../volumes}/minio/config:/root/.minio
command: server /data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
start_period: 30s
networks:
urban-lifeline:
name: urban-lifeline

50
docker/nacos/.env.example Normal file
View File

@@ -0,0 +1,50 @@
# ================================================
# Nacos 配置
# 复制此文件为 .env 并修改配置
# ================================================
# ------------------------------
# MySQL 配置
# ------------------------------
MYSQL_VERSION=8.0
MYSQL_ROOT_PASSWORD=root123456
MYSQL_USER=nacos
MYSQL_PASSWORD=nacos123456
# 暴露到主机的端口(避免与主机 MySQL 冲突)
MYSQL_EXPOSE_PORT=3307
# ------------------------------
# Nacos 版本和模式
# ------------------------------
NACOS_VERSION=v3.1.0
NACOS_MODE=standalone
NACOS_DB_NAME=nacos_config
# ------------------------------
# Nacos 端口配置
# ------------------------------
NACOS_CONSOLE_PORT=8081
NACOS_PORT=8848
NACOS_GRPC_PORT=9848
NACOS_RAFT_PORT=9849
# ------------------------------
# JVM 配置
# ------------------------------
NACOS_JVM_XMS=512m
NACOS_JVM_XMX=512m
NACOS_JVM_XMN=256m
# ------------------------------
# 认证配置
# ------------------------------
NACOS_AUTH_ENABLE=false
# 生产环境请修改以下密钥
NACOS_AUTH_TOKEN=ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
NACOS_AUTH_IDENTITY_KEY=serverIdentity
NACOS_AUTH_IDENTITY_VALUE=security
# ------------------------------
# 数据目录
# ------------------------------
DATA_ROOT=../volumes

76
docker/nacos/docker-compose.yml Normal file
View File

@@ -0,0 +1,76 @@
services:
# ====================== MySQL 数据库 ======================
mysql:
image: mysql:${MYSQL_VERSION:-8.0}
container_name: urban-lifeline-nacos-mysql
restart: unless-stopped
networks:
- urban-lifeline
ports:
- "${MYSQL_EXPOSE_PORT:-3307}:3306"
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root123456}
MYSQL_DATABASE: ${NACOS_DB_NAME:-nacos_config}
MYSQL_USER: ${MYSQL_USER:-nacos}
MYSQL_PASSWORD: ${MYSQL_PASSWORD:-nacos123456}
TZ: Asia/Shanghai
volumes:
- ${DATA_ROOT:-../volumes}/nacos/mysql:/var/lib/mysql
- ./init.sql:/docker-entrypoint-initdb.d/init.sql:ro
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
- --default-authentication-plugin=mysql_native_password
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD:-root123456}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
# ====================== Nacos 注册中心 ======================
nacos:
image: nacos/nacos-server:${NACOS_VERSION:-v3.1.0}
container_name: urban-lifeline-nacos
restart: unless-stopped
env_file:
- .env
networks:
- urban-lifeline
ports:
- "${NACOS_CONSOLE_PORT:-8081}:8081"
- "${NACOS_PORT:-8848}:8848"
- "${NACOS_GRPC_PORT:-9848}:9848"
- "${NACOS_RAFT_PORT:-9849}:9849"
environment:
MODE: ${NACOS_MODE:-standalone}
SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: mysql
MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_DB_NAME: ${NACOS_DB_NAME:-nacos_config}
MYSQL_SERVICE_USER: ${MYSQL_USER:-nacos}
MYSQL_SERVICE_PASSWORD: ${MYSQL_PASSWORD:-nacos123456}
MYSQL_SERVICE_DB_PARAM: characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true
JVM_XMS: ${NACOS_JVM_XMS:-512m}
JVM_XMX: ${NACOS_JVM_XMX:-512m}
JVM_XMN: ${NACOS_JVM_XMN:-256m}
NACOS_AUTH_ENABLE: ${NACOS_AUTH_ENABLE:-false}
NACOS_AUTH_TOKEN: ${NACOS_AUTH_TOKEN:-ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==}
NACOS_AUTH_IDENTITY_KEY: ${NACOS_AUTH_IDENTITY_KEY:-serverIdentity}
NACOS_AUTH_IDENTITY_VALUE: ${NACOS_AUTH_IDENTITY_VALUE:-security}
volumes:
- ${DATA_ROOT:-../volumes}/nacos/data:/home/nacos/data
- ${DATA_ROOT:-../volumes}/nacos/logs:/home/nacos/logs
depends_on:
mysql:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
networks:
urban-lifeline:
name: urban-lifeline

182
docker/nacos/init.sql Normal file
View File

@@ -0,0 +1,182 @@
/*
* Copyright 1999-2018 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
DROP DATABASE IF EXISTS `nacos_config`;
CREATE DATABASE IF NOT EXISTS `nacos_config` CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
USE `nacos_config`;
/******************************************/
/* 表名称 = config_info */
/******************************************/
CREATE TABLE `config_info` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` VARCHAR(255) NOT NULL COMMENT 'data_id',
`group_id` VARCHAR(128) DEFAULT NULL COMMENT 'group_id',
`content` longtext NOT NULL COMMENT 'content',
`md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` VARCHAR(50) DEFAULT NULL COMMENT 'source ip',
`app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name',
`tenant_id` VARCHAR(128) DEFAULT '' COMMENT '租户字段',
`c_desc` VARCHAR(256) DEFAULT NULL COMMENT 'configuration description',
`c_use` VARCHAR(64) DEFAULT NULL COMMENT 'configuration usage',
`effect` VARCHAR(64) DEFAULT NULL COMMENT '配置生效的描述',
`type` VARCHAR(64) DEFAULT NULL COMMENT '配置的类型',
`c_schema` text COMMENT '配置的模式',
`encrypted_data_key` VARCHAR(1024) NOT NULL DEFAULT '' COMMENT '密钥',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfo_datagrouptenant` (`data_id`,`group_id`,`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info';
/******************************************/
/* 表名称 = config_info since 2.5.0 */
/******************************************/
CREATE TABLE `config_info_gray` (
`id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
`data_id` VARCHAR(255) NOT NULL COMMENT 'data_id',
`group_id` VARCHAR(128) NOT NULL COMMENT 'group_id',
`content` longtext NOT NULL COMMENT 'content',
`md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5',
`src_user` text COMMENT 'src_user',
`src_ip` VARCHAR(100) DEFAULT NULL COMMENT 'src_ip',
`gmt_create` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) COMMENT 'gmt_create',
`gmt_modified` datetime(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) COMMENT 'gmt_modified',
`app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name',
`tenant_id` VARCHAR(128) DEFAULT '' COMMENT 'tenant_id',
`gray_name` VARCHAR(128) NOT NULL COMMENT 'gray_name',
`gray_rule` text NOT NULL COMMENT 'gray_rule',
`encrypted_data_key` VARCHAR(256) NOT NULL DEFAULT '' COMMENT 'encrypted_data_key',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_configinfogray_datagrouptenantgray` (`data_id`,`group_id`,`tenant_id`,`gray_name`),
KEY `idx_dataid_gmt_modified` (`data_id`,`gmt_modified`),
KEY `idx_gmt_modified` (`gmt_modified`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='config_info_gray';
/******************************************/
/* 表名称 = config_tags_relation */
/******************************************/
CREATE TABLE `config_tags_relation` (
`id` bigint(20) NOT NULL COMMENT 'id',
`tag_name` VARCHAR(128) NOT NULL COMMENT 'tag_name',
`tag_type` VARCHAR(64) DEFAULT NULL COMMENT 'tag_type',
`data_id` VARCHAR(255) NOT NULL COMMENT 'data_id',
`group_id` VARCHAR(128) NOT NULL COMMENT 'group_id',
`tenant_id` VARCHAR(128) DEFAULT '' COMMENT 'tenant_id',
`nid` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增长标识',
PRIMARY KEY (`nid`),
UNIQUE KEY `uk_configtagrelation_configidtag` (`id`,`tag_name`,`tag_type`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_tag_relation';
/******************************************/
/* 表名称 = group_capacity */
/******************************************/
CREATE TABLE `group_capacity` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`group_id` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Group ID空字符表示整个集群',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数0表示使用默认值',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_group_id` (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='集群、各Group容量信息表';
/******************************************/
/* 表名称 = his_config_info */
/******************************************/
CREATE TABLE `his_config_info` (
`id` bigint(20) unsigned NOT NULL COMMENT 'id',
`nid` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'nid, 自增标识',
`data_id` VARCHAR(255) NOT NULL COMMENT 'data_id',
`group_id` VARCHAR(128) NOT NULL COMMENT 'group_id',
`app_name` VARCHAR(128) DEFAULT NULL COMMENT 'app_name',
`content` longtext NOT NULL COMMENT 'content',
`md5` VARCHAR(32) DEFAULT NULL COMMENT 'md5',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
`src_user` text COMMENT 'source user',
`src_ip` VARCHAR(50) DEFAULT NULL COMMENT 'source ip',
`op_type` char(10) DEFAULT NULL COMMENT 'operation type',
`tenant_id` VARCHAR(128) DEFAULT '' COMMENT '租户字段',
`encrypted_data_key` VARCHAR(1024) NOT NULL DEFAULT '' COMMENT '密钥',
`publish_type` VARCHAR(50) DEFAULT 'formal' COMMENT 'publish type gray or formal',
`gray_name` VARCHAR(50) DEFAULT NULL COMMENT 'gray name',
`ext_info` longtext DEFAULT NULL COMMENT 'ext info',
PRIMARY KEY (`nid`),
KEY `idx_gmt_create` (`gmt_create`),
KEY `idx_gmt_modified` (`gmt_modified`),
KEY `idx_did` (`data_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='多租户改造';
/******************************************/
/* 表名称 = tenant_capacity */
/******************************************/
CREATE TABLE `tenant_capacity` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID',
`tenant_id` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Tenant ID',
`quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额0表示使用默认值',
`usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量',
`max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限单位为字节0表示使用默认值',
`max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数',
`max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限单位为字节0表示使用默认值',
`max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量',
`gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='租户容量信息表';
CREATE TABLE `tenant_info` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',
`kp` VARCHAR(128) NOT NULL COMMENT 'kp',
`tenant_id` VARCHAR(128) default '' COMMENT 'tenant_id',
`tenant_name` VARCHAR(128) default '' COMMENT 'tenant_name',
`tenant_desc` VARCHAR(256) DEFAULT NULL COMMENT 'tenant_desc',
`create_source` VARCHAR(32) DEFAULT NULL COMMENT 'create_source',
`gmt_create` bigint(20) NOT NULL COMMENT '创建时间',
`gmt_modified` bigint(20) NOT NULL COMMENT '修改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`),
KEY `idx_tenant_id` (`tenant_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info';
CREATE TABLE `users` (
`username` VARCHAR(50) NOT NULL PRIMARY KEY COMMENT 'username',
`password` VARCHAR(500) NOT NULL COMMENT 'password',
`enabled` BOOLEAN NOT NULL COMMENT 'enabled'
);
CREATE TABLE `roles` (
`username` VARCHAR(50) NOT NULL COMMENT 'username',
`role` VARCHAR(50) NOT NULL COMMENT 'role',
UNIQUE INDEX `idx_user_role` (`username` ASC, `role` ASC) USING BTREE
);
CREATE TABLE `permissions` (
`role` VARCHAR(50) NOT NULL COMMENT 'role',
`resource` VARCHAR(128) NOT NULL COMMENT 'resource',
`action` VARCHAR(8) NOT NULL COMMENT 'action',
UNIQUE INDEX `uk_role_permission` (`role`,`resource`,`action`) USING BTREE
);