270 lines
9.0 KiB
YAML
270 lines
9.0 KiB
YAML
# Copyright (c) 2024-2025 Тарабанов Александр Викторович
|
|
# All rights reserved.
|
|
# This software is proprietary and confidential.
|
|
# For licensing inquiries: info@hb3-accelerator.com
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16
|
|
container_name: dapp-postgres
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
- ./backend/db/data:/mnt/isic_csv_data
|
|
environment:
|
|
- POSTGRES_DB=${DB_NAME:-dapp_db}
|
|
- POSTGRES_USER=${DB_USER:-dapp_user}
|
|
- POSTGRES_PASSWORD=${DB_PASSWORD:-dapp_password}
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- pg_isready -U ${DB_USER:-dapp_user} -d ${DB_NAME:-dapp_db}
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
ollama:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.ollama
|
|
container_name: dapp-ollama
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "20m"
|
|
max-file: "3"
|
|
volumes:
|
|
- ollama_data:/root/.ollama
|
|
# ports:
|
|
# - '11434:11434' # ЗАКРЫТЬ! Доступ только через backend
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '2.0'
|
|
memory: 6G
|
|
reservations:
|
|
cpus: '1.0'
|
|
memory: 4G
|
|
environment:
|
|
- OLLAMA_HOST=0.0.0.0
|
|
- OLLAMA_ORIGINS=*
|
|
- OLLAMA_NUM_PARALLEL=2
|
|
- OLLAMA_NUM_GPU=0
|
|
- OLLAMA_KEEP_ALIVE=86400
|
|
- OLLAMA_MODEL_TIMEOUT=0
|
|
- OLLAMA_MAX_LOADED_MODELS=2
|
|
- OLLAMA_FLASH_ATTENTION=0
|
|
- OLLAMA_LLM_LIBRARY=auto
|
|
healthcheck:
|
|
test: ["CMD", "ollama", "list"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 120s
|
|
vector-search:
|
|
build:
|
|
context: ./vector-search
|
|
dockerfile: Dockerfile
|
|
container_name: dapp-vector-search
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
depends_on:
|
|
ollama:
|
|
condition: service_healthy
|
|
volumes:
|
|
- ./vector-search:/app
|
|
- vector_search_data:/app/data
|
|
environment:
|
|
- OLLAMA_BASE_URL=http://ollama:11434
|
|
- OLLAMA_EMBED_MODEL=${OLLAMA_EMBEDDINGS_MODEL:-mxbai-embed-large:latest}
|
|
# ports:
|
|
# - '8001:8001' # Закрываем - используется только backend'ом
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8001/health')"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 60s
|
|
backend:
|
|
build:
|
|
context: ./backend
|
|
dockerfile: Dockerfile
|
|
container_name: dapp-backend
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "5m"
|
|
max-file: "2"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
ollama:
|
|
condition: service_healthy
|
|
vector-search:
|
|
condition: service_healthy
|
|
volumes:
|
|
- ./backend:/app
|
|
- ./backend/uploads:/app/uploads
|
|
- backend_node_modules:/app/node_modules
|
|
- ./frontend/dist:/app/frontend_dist:ro
|
|
- ./ssl:/app/ssl
|
|
- ./shared:/app/shared:ro
|
|
environment:
|
|
- NODE_ENV=${NODE_ENV:-production}
|
|
- PORT=${PORT:-8000}
|
|
- DB_HOST=postgres
|
|
- DB_PORT=5432
|
|
- DB_NAME=${DB_NAME:-dapp_db}
|
|
- DB_USER=${DB_USER:-dapp_user}
|
|
- DB_PASSWORD=${DB_PASSWORD:-dapp_password}
|
|
- >-
|
|
DATABASE_URL=postgresql://${DB_USER:-dapp_user}:${DB_PASSWORD:-dapp_password}@postgres:5432/${DB_NAME:-dapp_db}
|
|
- OLLAMA_BASE_URL=http://ollama:11434
|
|
- OLLAMA_MODEL=${OLLAMA_MODEL:-qwen2.5:7b}
|
|
- OLLAMA_EMBEDDINGS_MODEL=${OLLAMA_EMBEDDINGS_MODEL:-qwen2.5:7b}
|
|
# FRONTEND_URL настраивается в коде, не через env
|
|
- VECTOR_SEARCH_URL=http://vector-search:8001
|
|
# Factory адреса теперь хранятся в базе данных
|
|
# Убираем порты для продакшна - доступ только через nginx
|
|
# ports:
|
|
# - '8000:8000'
|
|
extra_hosts:
|
|
- host.docker.internal:host-gateway
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "require('http').get('http://localhost:8000/api/health', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) })"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 60s
|
|
frontend:
|
|
profiles: ["dev"] # Только для разработки
|
|
build:
|
|
context: ./frontend
|
|
dockerfile: Dockerfile
|
|
container_name: dapp-frontend
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
depends_on:
|
|
backend:
|
|
condition: service_healthy
|
|
volumes:
|
|
- ./frontend:/app
|
|
- frontend_node_modules:/app/node_modules
|
|
- ./shared:/app/shared:ro
|
|
ports:
|
|
- '5173:5173' # Vite dev server для локальной разработки
|
|
command: yarn run dev -- --host 0.0.0.0
|
|
|
|
frontend-nginx:
|
|
profiles: ["production"] # Запускается только в production режиме
|
|
build:
|
|
context: ./frontend
|
|
dockerfile: nginx.Dockerfile
|
|
container_name: dapp-frontend-nginx
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
ports:
|
|
- "9000:80" # Frontend nginx (для production на VDS)
|
|
- "9443:443" # HTTPS порт для production на VDS
|
|
environment:
|
|
- DOMAIN=${DOMAIN:-production.local}
|
|
- BACKEND_CONTAINER=dapp-backend
|
|
depends_on:
|
|
- backend
|
|
|
|
|
|
|
|
# SSH Key Server отключен по безопасности (оставлен пример профиля dev при необходимости)
|
|
# ssh-key-server:
|
|
# profiles: ["dev"]
|
|
# image: node:20-slim
|
|
# container_name: dapp-ssh-key-server
|
|
# restart: unless-stopped
|
|
# dns:
|
|
# - 1.1.1.1
|
|
# - 9.9.9.9
|
|
# - 8.8.8.8
|
|
# volumes:
|
|
# - ./scripts/ssh-key-server.js:/app/ssh-key-server.js:ro
|
|
# - ./ssl:/app/ssl:ro
|
|
# - ~/.ssh:/root/.ssh:ro
|
|
# command: node /app/ssh-key-server.js
|
|
# # Порт намеренно не публикуется, без healthcheck
|
|
|
|
# WebSSH Agent для настройки VDS
|
|
webssh-agent:
|
|
profiles: ["dev"] # Только для разработки
|
|
build:
|
|
context: ./webssh-agent
|
|
dockerfile: Dockerfile
|
|
container_name: dapp-webssh-agent
|
|
restart: unless-stopped
|
|
dns:
|
|
- 1.1.1.1 # Cloudflare (приватность)
|
|
- 9.9.9.9 # Quad9 (безопасность + блокировка вредоносных доменов)
|
|
- 8.8.8.8 # Google (надежность, fallback)
|
|
volumes:
|
|
- ~/.ssh:/root/.ssh:rw
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro # Только чтение для безопасности
|
|
- /tmp:/tmp # для временных файлов
|
|
- ./ssl:/app/ssl # для доступа к ключу шифрования
|
|
security_opt:
|
|
- no-new-privileges:true # Запрет повышения привилегий
|
|
ports:
|
|
- '3000:3000' # Локальный доступ
|
|
environment:
|
|
- NODE_ENV=${NODE_ENV:-development}
|
|
depends_on:
|
|
- backend
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3000/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
postgres_data:
|
|
ollama_data:
|
|
vector_search_data:
|
|
frontend_node_modules:
|
|
backend_node_modules: |