-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
132 lines (128 loc) · 4.06 KB
/
docker-compose.yml
File metadata and controls
132 lines (128 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
version: "3.8"
services:
# Traefik 反向代理服务:统一入口,负责路由与负载均衡
traefik:
image: traefik:v2.9
command:
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
# 若需要 HTTPS,可添加 HTTPS 入口配置,例如:
# - "--entrypoints.websecure.address=:443"
# 启用详细日志配置
- "--log.level=DEBUG"
- "--accesslog=true"
- "--accesslog.format=json"
- "--log.format=json"
- "--api.dashboard=true"
ports:
- "20000:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
deploy:
placement:
constraints:
- node.role == manager
networks:
- fastapi-network
# db-migration 服务:执行数据库迁移(alembic upgrade head)
db-migration:
image: harbor.exploit-db.xyz/detvron-img/fastapi-blog:latest
command: ["alembic", "upgrade", "head"]
environment:
- DB_USERNAME=${DB_USERNAME}
- DB_PASSWORD=${DB_PASSWORD}
- DB_HOSTNAME=${DB_HOSTNAME}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
networks:
- fastapi-network
deploy:
restart_policy:
condition: none
resources:
limits:
cpus: "0.5"
memory: 512M
# fastapi 服务:业务服务,由 Traefik 根据标签进行路由
fastapi:
image: harbor.exploit-db.xyz/detvron-img/fastapi-blog:latest
# 不直接发布端口,由 Traefik 做入口负载均衡
environment:
- ADMIN_RECAPTCHA_SECRET_KEY=${ADMIN_RECAPTCHA_SECRET_KEY}
- GENERAL_USER_RECAPTCHA_SECRET_KEY=${GENERAL_USER_RECAPTCHA_SECRET_KEY}
- DB_USERNAME=${DB_USERNAME}
- DB_PASSWORD=${DB_PASSWORD}
- DB_HOSTNAME=${DB_HOSTNAME}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- REDIS_DB_PASSWORD=${REDIS_DB_PASSWORD}
- REDIS_DB_HOSTNAME=${REDIS_DB_HOSTNAME}
- REDIS_DB_PORT=${REDIS_DB_PORT}
- REDIS_DB_NAME=${REDIS_DB_NAME}
- REDIS_USER_NAME=${REDIS_USER_NAME}
- ACCESS_KEY_ID=${ACCESS_KEY_ID}
- ACCESS_KEY_SECRET=${ACCESS_KEY_SECRET}
- SECRET_KEY=${SECRET_KEY}
- USER_SECRET_KEY=${USER_SECRET_KEY}
- SMTPSERVER=${SMTPSERVER}
- SMTPUSER=${SMTPUSER}
- SMTPPASSWORD=${SMTPPASSWORD}
- MQ_HOSTNAME=${MQ_HOSTNAME}
- MQ_USERNAME=${MQ_USERNAME}
- MQ_USERPASSWORD=${MQ_USERPASSWORD}
- MQ_DBNAME=${MQ_DBNAME}
- MQ_DBPORT=${MQ_DBPORT}
- LogStathIP=${LogStathIP}
- REFSECRET_KEY=${REFSECRET_KEY}
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS}
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
- REDIRECT_URI=${REDIRECT_URI}
- URLKEY=${URLKEY}
- LOGSTASH_NGINX_HOST=${LOGSTASH_NGINX_HOST}
- LOGSTASH_USER=${LOGSTASH_USER}
- LOGSTASH_PASS=${LOGSTASH_PASS}
deploy:
replicas: 3
placement:
constraints:
- node.role == worker
update_config:
parallelism: 1
delay: 10s
order: start-first
failure_action: rollback
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
resources:
limits:
cpus: "1"
memory: 1G
reservations:
cpus: "0.5"
memory: 512M
labels:
- "traefik.enable=true"
# 这里设置路由规则:当访问blogapi-traefik.exploit-db.xyz 时,将流量路由到该服务
- "traefik.http.routers.fastapi.rule=Host(`blogapi-traefik.exploit-db.xyz`)"
# 指定入口,为 web 入口(即 80 端口)
- "traefik.http.routers.fastapi.entrypoints=web"
# 指定 fastapi 服务内监听的端口(80 端口)
- "traefik.http.services.fastapi.loadbalancer.server.port=80"
networks:
- fastapi-network
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
depends_on:
- db-migration
networks:
fastapi-network:
driver: overlay
attachable: true