cool/termi-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
checkpoint/2026-03-28-admin-redesign-foundation
termi-blog/deploy/docker/compose.package.yml

81 lines
3.6 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
backend:
image: ${BACKEND_IMAGE:-git.init.cool/cool/termi-astro-backend:latest}
pull_policy: always
restart: unless-stopped
environment:
PORT: 5150
APP_BASE_URL: ${APP_BASE_URL:-http://localhost:5150}
DATABASE_URL: ${DATABASE_URL:?DATABASE_URL is required}
REDIS_URL: ${REDIS_URL:?REDIS_URL is required}
JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required}
# 当前推荐把 admin 放在受保护的后台域名下(同域转发 /api 到 backend
# 然后让 backend 信任 TinyAuth / Pocket ID 通过 Caddy 注入的认证头。
# 如启用代理 SSO建议同时配置 TERMI_ADMIN_PROXY_SHARED_SECRET
# 并让 Caddy 在转发 /api 到 backend 时附带 X-Termi-Proxy-Secret。
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
RUST_LOG: ${RUST_LOG:-info}
ports:
# 这是“直连端口”示例;如果前面接 tohka 宿主机 Caddy
# 推荐叠加 compose.tohka.override.yml把 backend 只绑定到 127.0.0.1。
- '${BACKEND_PORT:-5150}:5150'
backend-worker:
image: ${BACKEND_IMAGE:-git.init.cool/cool/termi-astro-backend:latest}
pull_policy: always
restart: unless-stopped
depends_on:
backend:
condition: service_healthy
command: ['termi_api-cli', '-e', 'production', 'start', '--worker']
environment:
PORT: 5150
APP_BASE_URL: ${APP_BASE_URL:-http://localhost:5150}
DATABASE_URL: ${DATABASE_URL:?DATABASE_URL is required}
REDIS_URL: ${REDIS_URL:?REDIS_URL is required}
JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required}
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
RUST_LOG: ${RUST_LOG:-info}
TERMI_SKIP_MIGRATIONS: 'true'
frontend:
image: ${FRONTEND_IMAGE:-git.init.cool/cool/termi-astro-frontend:latest}
pull_policy: always
restart: unless-stopped
depends_on:
backend:
condition: service_healthy
environment:
# frontend 是 Astro SSR(Node)
# - INTERNAL_API_BASE_URL 给服务端渲染访问 backend 用
# - PUBLIC_API_BASE_URL 给浏览器里的评论 / AI 问答等请求用
# - PUBLIC_IMAGE_ALLOWED_HOSTS 给前台图片优化端点 /_img 放行额外图片域名
INTERNAL_API_BASE_URL: ${INTERNAL_API_BASE_URL:-http://backend:5150/api}
PUBLIC_API_BASE_URL: ${PUBLIC_API_BASE_URL:-}
PUBLIC_IMAGE_ALLOWED_HOSTS: ${PUBLIC_IMAGE_ALLOWED_HOSTS:-}
# frontend 是 Astro SSR(Node) 服务,容器内部监听 4321
# 生产建议由网关统一反代,仅对外开放 80/443
ports:
- '${FRONTEND_PORT:-4321}:4321'
admin:
image: ${ADMIN_IMAGE:-git.init.cool/cool/termi-astro-admin:latest}
pull_policy: always
restart: unless-stopped
depends_on:
backend:
condition: service_healthy
environment:
ADMIN_API_BASE_URL: ${ADMIN_API_BASE_URL:-}
ADMIN_FRONTEND_BASE_URL: ${ADMIN_FRONTEND_BASE_URL:-}
# admin 是静态 SPA由 Nginx 在容器内监听 80
# API 与“打开前台 / AI 问答 / 文章预览”这类地址都优先读取运行时环境变量
# ADMIN_API_BASE_URL / ADMIN_FRONTEND_BASE_URL未设置时再回退到构建期值 / 同主机默认端口
ports:
# 如果 admin 域名由宿主机 Caddy 统一反代,推荐改成 127.0.0.1 绑定。
- '${ADMIN_PORT:-4322}:80'
Reference in New Issue View Git Blame Copy Permalink