Inicio Explorar Ayuda
Iniciar sesión
liuq
/
Unified_Authentication_Platform
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: e5fc530073
Ramas Etiquetas
Unified_Auth...
/
docker-compose.yml

docker-compose.yml 4.7 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. version: '3.7'
    2. 

  2. 

  3. services:
    4. 

  4.   # ==========================================
    5. 

  5.   # Nginx (Frontend Production)
    6. 

  6.   # ==========================================
    7. 

  7.   nginx:
    8. 

  8.     build:
    9. 

  9.       context: ./frontend
    10. 

  10.       target: production-stage
    11. 

  11.       args:
    12. 

  12.         # Defaults to /api/v1 which works with the proxy config in nginx.conf
    13. 

  13.         - VITE_API_BASE_URL=/api/v1
    14. 

  14.     ports:
    15. 

  15.       - "80:80"
    16. 

  16.       # - "443:443" # Uncomment if you configure SSL in nginx.conf
    17. 

  17.     depends_on:
    18. 

  18.       - backend
    19. 

  19.     restart: always
    20. 

  20. 

  21.   # ==========================================
    22. 

  22.   # Backend (FastAPI)
    23. 

  23.   # ==========================================
    24. 

  24.   backend:
    25. 

  25.     build:
    26. 

  26.       context: ./backend
    27. 

  27.     environment:
    28. 

  28.       - TZ=Asia/Shanghai
    29. 

  29.       - MYSQL_SERVER=db
    30. 

  30.       - MYSQL_PORT=3306
    31. 

  31.       - MYSQL_USER=uap_user
    32. 

  32.       - MYSQL_PASSWORD=uap_pass
    33. 

  33.       - MYSQL_DB=uap_db
    34. 

  34.       - REDIS_HOST=redis
    35. 

  35.       - REDIS_PORT=6379
    36. 

  36.       - HYDRA_ADMIN_URL=http://hydra:4445
    37. 

  37.       # CORS: Add your production domain here
    38. 

  38.       - BACKEND_CORS_ORIGINS=["http://localhost", "http://127.0.0.1", "http://YOUR_DOMAIN_OR_IP"]
    39. 

  39.     depends_on:
    40. 

  40.       db:
    41. 

  41.         condition: service_healthy
    42. 

  42.       redis:
    43. 

  43.         condition: service_healthy
    44. 

  44.       hydra:
    45. 

  45.         condition: service_started
    46. 

  46.     volumes:
    47. 

  47.       - ./backend/logs:/app/logs # Persist logs
    48. 

  48.       # - ./backend:/app # Remove hot reload in production for stability
    49. 

  49.     restart: always
    50. 

  50. 

  51.   # ==========================================
    52. 

  52.   # Database (MySQL)
    53. 

  53.   # ==========================================
    54. 

  54.   db:
    55. 

  55.     image: mysql:8.0
    56. 

  56.     command: --default-authentication-plugin=mysql_native_password
    57. 

  57.     restart: always
    58. 

  58.     environment:
    59. 

  59.       TZ: Asia/Shanghai
    60. 

  60.       MYSQL_ROOT_PASSWORD: root_password # CHANGE THIS IN PRODUCTION
    61. 

  61.       MYSQL_DATABASE: uap_db
    62. 

  62.       MYSQL_USER: uap_user
    63. 

  63.       MYSQL_PASSWORD: uap_pass # CHANGE THIS IN PRODUCTION
    64. 

  64.     volumes:
    65. 

  65.       - db_data:/var/lib/mysql
    66. 

  66.     healthcheck:
    67. 

  67.       test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost", "-u", "uap_user", "-p$$MYSQL_PASSWORD"]
    68. 

  68.       interval: 10s
    69. 

  69.       timeout: 5s
    70. 

  70.       retries: 10
    71. 

  71.       start_period: 10s
    72. 

  72. 

  73.   # ==========================================
    74. 

  74.   # Redis
    75. 

  75.   # ==========================================
    76. 

  76.   redis:
    77. 

  77.     image: redis:alpine
    78. 

  78.     restart: always
    79. 

  79.     volumes:
    80. 

  80.       - redis_data:/data
    81. 

  81.     healthcheck:
    82. 

  82.       test: ["CMD", "redis-cli", "ping"]
    83. 

  83.       interval: 10s
    84. 

  84.       timeout: 5s
    85. 

  85.       retries: 5
    86. 

  86. 

  87.   # ==========================================
    88. 

  88.   # Ory Hydra Services
    89. 

  89.   # ==========================================
    90. 

  90.   hydra-migrate:
    91. 

  91.     image: oryd/hydra:v2.2.0
    92. 

  92.     environment:
    93. 

  93.       - TZ=Asia/Shanghai
    94. 

  94.       - DSN=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
    95. 

  95.     command: migrate sql -e --yes
    96. 

  96.     depends_on:
    97. 

  97.       postgresd:
    98. 

  98.         condition: service_healthy
    99. 

  99.     restart: on-failure
    100. 

  100. 

  101.   hydra:
    102. 

  102.     image: oryd/hydra:v2.2.0
    103. 

  103.     depends_on:
    104. 

  104.       hydra-migrate:
    105. 

  105.         condition: service_completed_successfully
    106. 

  106.     ports:
    107. 

  107.       - "4444:4444" # Public port
    108. 

  108.       - "4445:4445" # Admin port
    109. 

  109.       - "5555:5555" # Token port? (Usually not needed if 4444 is used)
    110. 

  110.     # Production command: Remove --dev, remove -c if config file missing
    111. 

  111.     # Using --dangerous-force-http because we assume SSL is terminated by an external Nginx/LoadBalancer
    112. 

  112.     # If exposing directly without SSL, this is INSECURE but necessary to start.
    113. 

  113.     command: serve all --dangerous-force-http
    114. 

  114.     environment:
    115. 

  115.       - TZ=Asia/Shanghai
    116. 

  116.       - DSN=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
    117. 

  117.       
    118. 

  118.       # IMPORTANT: Change URLs to your production domain
    119. 

  119.       - URLS_SELF_ISSUER=http://192.168.254.105:4444
    120. 

  120.       - URLS_CONSENT=http://192.168.254.105/consent
    121. 

  121.       - URLS_LOGIN=http://192.168.254.105/login
    122. 

  122.       - URLS_LOGOUT=http://192.168.254.105/login
    123. 

  123.       
    124. 

  124.       # IMPORTANT: Change these secrets!
    125. 

  125.       - SECRETS_SYSTEM=youReallyNeedToChangeThis
    126. 

  126.       - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public,pairwise
    127. 

  127.       - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=youReallyNeedToChangeThis
    128. 

  128.       
    129. 

  129.       # CORS
    130. 

  130.       - SERVE_PUBLIC_CORS_ENABLED=true
    131. 

  131.       - SERVE_PUBLIC_CORS_ALLOWED_ORIGINS=*
    132. 

  132.       - SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE,PATCH,OPTIONS
    133. 

  133.       - SERVE_PUBLIC_CORS_ALLOWED_HEADERS=Authorization,Content-Type
    134. 

  134.       - SERVE_ADMIN_CORS_ENABLED=true
    135. 

  135.       - SERVE_ADMIN_CORS_ALLOWED_ORIGINS=*
    136. 

  136. 

  137.   postgresd:
    138. 

  138.     image: postgres:15
    139. 

  139.     environment:
    140. 

  140.       - TZ=Asia/Shanghai
    141. 

  141.       - POSTGRES_USER=hydra
    142. 

  142.       - POSTGRES_PASSWORD=secret # CHANGE THIS
    143. 

  143.       - POSTGRES_DB=hydra
    144. 

  144.     volumes:
    145. 

  145.       - postgres_data:/var/lib/postgresql/data
    146. 

  146.     healthcheck:
    147. 

  147.       test: ["CMD-SHELL", "pg_isready -U hydra"]
    148. 

  148.       interval: 10s
    149. 

  149.       timeout: 5s
    150. 

  150.       retries: 5
    151. 

  151.       start_period: 10s
    152. 

  152. 

  153. volumes:
    154. 

  154.   db_data:
    155. 

  155.   postgres_data:
    156. 

  156.   redis_data:
    157. 

  157.