|
|
@@ -1,6 +1,25 @@
|
|
|
version: '3.7'
|
|
|
|
|
|
services:
|
|
|
+ # ==========================================
|
|
|
+ # Frontend (Vite Dev Server)
|
|
|
+ # ==========================================
|
|
|
+ frontend:
|
|
|
+ build:
|
|
|
+ context: ./frontend
|
|
|
+ ports:
|
|
|
+ - "5173:5173" # Vite default port
|
|
|
+ depends_on:
|
|
|
+ - backend
|
|
|
+ # Hot Reload requires binding volume locally
|
|
|
+ volumes:
|
|
|
+ - ./frontend:/app
|
|
|
+ - /app/node_modules # Avoid overwriting node_modules
|
|
|
+ environment:
|
|
|
+ # Browser needs to access backend directly for CORS requests in Dev mode
|
|
|
+ - VITE_API_BASE_URL=http://localhost:8000/api/v1
|
|
|
+ restart: always
|
|
|
+
|
|
|
# ==========================================
|
|
|
# Nginx (Frontend Production)
|
|
|
# ==========================================
|
|
|
@@ -8,12 +27,8 @@ services:
|
|
|
build:
|
|
|
context: ./frontend
|
|
|
target: production-stage
|
|
|
- args:
|
|
|
- # Defaults to /api/v1 which works with the proxy config in nginx.conf
|
|
|
- - VITE_API_BASE_URL=/api/v1
|
|
|
ports:
|
|
|
- "80:80"
|
|
|
- # - "443:443" # Uncomment if you configure SSL in nginx.conf
|
|
|
depends_on:
|
|
|
- backend
|
|
|
restart: always
|
|
|
@@ -24,6 +39,8 @@ services:
|
|
|
backend:
|
|
|
build:
|
|
|
context: ./backend
|
|
|
+ ports:
|
|
|
+ - "8000:8000"
|
|
|
environment:
|
|
|
- TZ=Asia/Shanghai
|
|
|
- MYSQL_SERVER=db
|
|
|
@@ -34,8 +51,9 @@ services:
|
|
|
- REDIS_HOST=redis
|
|
|
- REDIS_PORT=6379
|
|
|
- HYDRA_ADMIN_URL=http://hydra:4445
|
|
|
- # CORS: Add your production domain here
|
|
|
- - BACKEND_CORS_ORIGINS=["http://localhost", "http://127.0.0.1", "http://YOUR_DOMAIN_OR_IP"]
|
|
|
+ # CORS: Add * to allow debugging from any origin if localhost fails
|
|
|
+ # Also explictly allow 127.0.0.1 and localhost with port 5173
|
|
|
+ - BACKEND_CORS_ORIGINS=["http://localhost:5173", "http://127.0.0.1:5173", "http://frontend:5173"]
|
|
|
depends_on:
|
|
|
db:
|
|
|
condition: service_healthy
|
|
|
@@ -44,8 +62,7 @@ services:
|
|
|
hydra:
|
|
|
condition: service_started
|
|
|
volumes:
|
|
|
- - ./backend/logs:/app/logs # Persist logs
|
|
|
- # - ./backend:/app # Remove hot reload in production for stability
|
|
|
+ - ./backend:/app # Hot Reload for Backend too
|
|
|
restart: always
|
|
|
|
|
|
# ==========================================
|
|
|
@@ -57,10 +74,12 @@ services:
|
|
|
restart: always
|
|
|
environment:
|
|
|
TZ: Asia/Shanghai
|
|
|
- MYSQL_ROOT_PASSWORD: root_password # CHANGE THIS IN PRODUCTION
|
|
|
+ MYSQL_ROOT_PASSWORD: root_password
|
|
|
MYSQL_DATABASE: uap_db
|
|
|
MYSQL_USER: uap_user
|
|
|
- MYSQL_PASSWORD: uap_pass # CHANGE THIS IN PRODUCTION
|
|
|
+ MYSQL_PASSWORD: uap_pass
|
|
|
+ ports:
|
|
|
+ - "3308:3306"
|
|
|
volumes:
|
|
|
- db_data:/var/lib/mysql
|
|
|
healthcheck:
|
|
|
@@ -75,9 +94,9 @@ services:
|
|
|
# ==========================================
|
|
|
redis:
|
|
|
image: redis:alpine
|
|
|
+ ports:
|
|
|
+ - "6379:6379"
|
|
|
restart: always
|
|
|
- volumes:
|
|
|
- - redis_data:/data
|
|
|
healthcheck:
|
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
|
interval: 10s
|
|
|
@@ -104,29 +123,22 @@ services:
|
|
|
hydra-migrate:
|
|
|
condition: service_completed_successfully
|
|
|
ports:
|
|
|
- - "4444:4444" # Public port
|
|
|
- - "4445:4445" # Admin port
|
|
|
- - "5555:5555" # Token port? (Usually not needed if 4444 is used)
|
|
|
- # Production command: Remove --dev, remove -c if config file missing
|
|
|
- # Using --dangerous-force-http because we assume SSL is terminated by an external Nginx/LoadBalancer
|
|
|
- # If exposing directly without SSL, this is INSECURE but necessary to start.
|
|
|
- command: serve all --dangerous-force-http
|
|
|
+ - "4444:4444"
|
|
|
+ - "4445:4445"
|
|
|
+ - "5555:5555"
|
|
|
+ command: serve -c /etc/config/hydra/hydra.yml all --dev
|
|
|
environment:
|
|
|
- TZ=Asia/Shanghai
|
|
|
- DSN=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
|
|
|
-
|
|
|
- # IMPORTANT: Change URLs to your production domain
|
|
|
- - URLS_SELF_ISSUER=http://192.168.254.105:4444
|
|
|
- - URLS_CONSENT=http://192.168.254.105/consent
|
|
|
- - URLS_LOGIN=http://192.168.254.105/login
|
|
|
- - URLS_LOGOUT=http://192.168.254.105/login
|
|
|
-
|
|
|
- # IMPORTANT: Change these secrets!
|
|
|
+ - URLS_SELF_ISSUER=http://127.0.0.1:4444
|
|
|
+ - URLS_CONSENT=http://localhost:5173/consent
|
|
|
+ - URLS_LOGIN=http://localhost:5173/login
|
|
|
+ - URLS_LOGOUT=http://localhost:5173/login
|
|
|
- SECRETS_SYSTEM=youReallyNeedToChangeThis
|
|
|
- OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public,pairwise
|
|
|
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=youReallyNeedToChangeThis
|
|
|
-
|
|
|
- # CORS
|
|
|
+ - SERVE_COOKIES_SAME_SITE_MODE=Lax
|
|
|
+ - SERVE_COOKIES_SAME_SITE_LEGACY_WORKAROUND=true
|
|
|
- SERVE_PUBLIC_CORS_ENABLED=true
|
|
|
- SERVE_PUBLIC_CORS_ALLOWED_ORIGINS=*
|
|
|
- SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE,PATCH,OPTIONS
|
|
|
@@ -139,7 +151,7 @@ services:
|
|
|
environment:
|
|
|
- TZ=Asia/Shanghai
|
|
|
- POSTGRES_USER=hydra
|
|
|
- - POSTGRES_PASSWORD=secret # CHANGE THIS
|
|
|
+ - POSTGRES_PASSWORD=secret
|
|
|
- POSTGRES_DB=hydra
|
|
|
volumes:
|
|
|
- postgres_data:/var/lib/postgresql/data
|
|
|
@@ -153,5 +165,3 @@ services:
|
|
|
volumes:
|
|
|
db_data:
|
|
|
postgres_data:
|
|
|
- redis_data:
|
|
|
-
|
liuq