cool/termi-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf00dc5e8e9e1f75c52fc595b267a2f79e14e1f8
termi-blog/deploy/docker/compose.package.yml
limitcool cf00dc5e8e
Some checks failed
docker-images / resolve-build-targets (push) Successful in 6s
Details
ui-regression / playwright-regression (push) Successful in 4m43s
Details
docker-images / build-and-push (admin) (push) Successful in 42s
Details
docker-images / submit-indexnow (push) Has been cancelled
Details
docker-images / build-and-push (frontend) (push) Has been cancelled
Details
docker-images / build-and-push (backend) (push) Has started running
Details
feat: 添加 AI 索引重建功能,优化相关 API 和工作流,增强内存管理配置
2026-04-03 15:48:33 +08:00

112 lines
5.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
backend:
image: ${BACKEND_IMAGE:-git.init.cool/cool/termi-astro-backend:latest}
pull_policy: always
restart: unless-stopped
# 对 tohka 这类小内存主机,建议给服务设置明确上限,
# 避免 AI 重建索引时把整机拖进 swap 抖动 / OOM。
mem_limit: ${BACKEND_MEMORY_LIMIT:-768m}
memswap_limit: ${BACKEND_MEMORY_SWAP_LIMIT:-768m}
environment:
PORT: 5150
APP_BASE_URL: ${APP_BASE_URL:-http://localhost:5150}
DATABASE_URL: ${DATABASE_URL:?DATABASE_URL is required}
REDIS_URL: ${REDIS_URL:?REDIS_URL is required}
JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required}
# 当前推荐把 admin 放在受保护的后台域名下(同域转发 /api 到 backend
# 然后让 backend 信任 TinyAuth / Pocket ID 通过 Caddy 注入的认证头。
# 如启用代理 SSO建议同时配置 TERMI_ADMIN_PROXY_SHARED_SECRET
# 并让 Caddy 在转发 /api 到 backend 时附带 X-Termi-Proxy-Secret。
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
TERMI_TURNSTILE_SECRET_KEY: ${TERMI_TURNSTILE_SECRET_KEY:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: ${TERMI_WEB_PUSH_VAPID_PRIVATE_KEY:-}
TERMI_WEB_PUSH_VAPID_SUBJECT: ${TERMI_WEB_PUSH_VAPID_SUBJECT:-}
RUST_LOG: ${RUST_LOG:-info}
ports:
# 这是“直连端口”示例;如果前面接 tohka 宿主机 Caddy
# 推荐叠加 compose.tohka.override.yml把 backend 只绑定到 127.0.0.1。
- '${BACKEND_PORT:-5150}:5150'
backend-worker:
image: ${BACKEND_IMAGE:-git.init.cool/cool/termi-astro-backend:latest}
pull_policy: always
restart: unless-stopped
mem_limit: ${BACKEND_WORKER_MEMORY_LIMIT:-512m}
memswap_limit: ${BACKEND_WORKER_MEMORY_SWAP_LIMIT:-512m}
depends_on:
backend:
condition: service_healthy
command: ['termi_api-cli', '-e', 'production', 'start', '--worker']
environment:
PORT: 5150
APP_BASE_URL: ${APP_BASE_URL:-http://localhost:5150}
DATABASE_URL: ${DATABASE_URL:?DATABASE_URL is required}
REDIS_URL: ${REDIS_URL:?REDIS_URL is required}
JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required}
TERMI_ADMIN_TRUST_PROXY_AUTH: ${TERMI_ADMIN_TRUST_PROXY_AUTH:-false}
TERMI_ADMIN_LOCAL_LOGIN_ENABLED: ${TERMI_ADMIN_LOCAL_LOGIN_ENABLED:-true}
TERMI_ADMIN_PROXY_SHARED_SECRET: ${TERMI_ADMIN_PROXY_SHARED_SECRET:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
TERMI_WEB_PUSH_VAPID_PRIVATE_KEY: ${TERMI_WEB_PUSH_VAPID_PRIVATE_KEY:-}
TERMI_WEB_PUSH_VAPID_SUBJECT: ${TERMI_WEB_PUSH_VAPID_SUBJECT:-}
RUST_LOG: ${RUST_LOG:-info}
TERMI_SKIP_MIGRATIONS: 'true'
# backend 镜像默认 healthcheck 会探测 HTTP /healthz
# 但 worker 模式不监听 5150所以这里改成“主进程仍然是 --worker”检查。
healthcheck:
test:
['CMD-SHELL', "test -r /proc/1/cmdline && tr '\\000' ' ' </proc/1/cmdline | grep -q -- '--worker'"]
interval: 30s
timeout: 3s
start_period: 15s
retries: 5
frontend:
image: ${FRONTEND_IMAGE:-git.init.cool/cool/termi-astro-frontend:latest}
pull_policy: always
restart: unless-stopped
mem_limit: ${FRONTEND_MEMORY_LIMIT:-256m}
memswap_limit: ${FRONTEND_MEMORY_SWAP_LIMIT:-256m}
depends_on:
backend:
condition: service_healthy
environment:
# frontend 是 Astro SSR(Node)
# - INTERNAL_API_BASE_URL 给服务端渲染访问 backend 用
# - PUBLIC_API_BASE_URL 给浏览器里的评论 / AI 问答等请求用
# - PUBLIC_COMMENT_TURNSTILE_SITE_KEY 给评论 / 订阅表单的人机验证组件用
# - PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY 给浏览器推送订阅用
# - PUBLIC_IMAGE_ALLOWED_HOSTS 给前台图片优化端点 /_img 放行额外图片域名
INTERNAL_API_BASE_URL: ${INTERNAL_API_BASE_URL:-http://backend:5150/api}
PUBLIC_API_BASE_URL: ${PUBLIC_API_BASE_URL:-}
PUBLIC_COMMENT_TURNSTILE_SITE_KEY: ${PUBLIC_COMMENT_TURNSTILE_SITE_KEY:-}
PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY: ${PUBLIC_WEB_PUSH_VAPID_PUBLIC_KEY:-}
PUBLIC_IMAGE_ALLOWED_HOSTS: ${PUBLIC_IMAGE_ALLOWED_HOSTS:-}
INDEXNOW_KEY: ${INDEXNOW_KEY:-}
# frontend 是 Astro SSR(Node) 服务,容器内部监听 4321
# 生产建议由网关统一反代,仅对外开放 80/443
ports:
- '${FRONTEND_PORT:-4321}:4321'
admin:
image: ${ADMIN_IMAGE:-git.init.cool/cool/termi-astro-admin:latest}
pull_policy: always
restart: unless-stopped
mem_limit: ${ADMIN_MEMORY_LIMIT:-128m}
memswap_limit: ${ADMIN_MEMORY_SWAP_LIMIT:-128m}
depends_on:
backend:
condition: service_healthy
environment:
ADMIN_API_BASE_URL: ${ADMIN_API_BASE_URL:-}
ADMIN_FRONTEND_BASE_URL: ${ADMIN_FRONTEND_BASE_URL:-}
# admin 是静态 SPA由 Nginx 在容器内监听 80
# API 与“打开前台 / AI 问答 / 文章预览”这类地址都优先读取运行时环境变量
# ADMIN_API_BASE_URL / ADMIN_FRONTEND_BASE_URL未设置时再回退到构建期值 / 同主机默认端口
ports:
# 如果 admin 域名由宿主机 Caddy 统一反代,推荐改成 127.0.0.1 绑定。
- '${ADMIN_PORT:-4322}:80'
Reference in New Issue View Git Blame Copy Permalink