iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/media-library-banner
hms/docker/.env.production.example
iven bc571c7749 feat(docker): 生产环境 DevOps 基础设施 — TLS + 备份加密 + Prometheus + Redis 持久化 
新增:
- nginx/nginx.conf: TLS 1.2/1.3 终端 + HSTS/CSP 安全头 + SSE 长连接 + 50M 上传限制
- prometheus/prometheus.yml: HMS/PostgreSQL/Redis/Nginx 四指标源
- prometheus/alerts.yml: 4 组告警规则(系统/应用/数据库/Redis),含 5xx 错误率 + 内存 + 连接数
- restore.sh: 备份恢复脚本(支持加密备份解密恢复)

改进:
- backup.sh: 新增 BACKUP_PASSPHRASE 加密(AES-256-CBC)+ 完整性校验 + 恢复指引
- docker-compose.production.yml: 添加 Nginx/Prometheus/Grafana/uploads-backup 容器
- docker-compose.yml: Redis 添加 --appendonly yes 持久化
- .env.production.example: 添加 DevOps 相关环境变量模板
2026-05-21 18:21:51 +08:00

71 lines
1.9 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# HMS 云端部署环境变量
# 复制此文件为 .env.production 并填写实际值
# cp .env.production.example .env.production
# ===== 必填 =====
# PostgreSQL 连接host 网络模式,直连宿主机)
ERP__DATABASE__URL=postgres://erp:YOUR_PG_PASSWORD@localhost:5432/erp
# Redis 连接
ERP__REDIS__URL=redis://:YOUR_REDIS_PASSWORD@localhost:6379
# JWT 密钥(至少 32 字符随机字符串)
ERP__JWT__SECRET=CHANGE_ME_TO_A_RANDOM_STRING_AT_LEAST_32_CHARS
# 超级管理员初始密码(首次启动时创建 admin 用户)
ERP__AUTH__SUPER_ADMIN_PASSWORD=CHANGE_ME_ADMIN_PASSWORD
# PII 加密密钥AES-256 KEK64 位十六进制)
ERP__CRYPTO__KEK=CHANGE_ME_64_HEX_CHARS_FOR_AES256_KEY
# 健康数据加密密钥
ERP__HEALTH__AES_KEY=CHANGE_ME_64_HEX_CHARS
ERP__HEALTH__HMAC_KEY=CHANGE_ME_64_HEX_CHARS
# ===== 可选 =====
# 服务端口(默认 3000
ERP__SERVER__PORT=3000
# Prometheus 指标端口(默认 9090
ERP__SERVER__METRICS_PORT=9090
# CORS 允许的来源(逗号分隔)
ERP__CORS__ALLOWED_ORIGINS=https://your-domain.com,https://www.your-domain.com
# 上传目录
ERP__STORAGE__UPLOAD_DIR=/app/uploads
# 日志级别
ERP__LOG__LEVEL=info
# 微信小程序配置(不需要小程序功能可留空)
ERP__WECHAT__APPID=
ERP__WECHAT__SECRET=
ERP__WECHAT__DEV_MODE=false
# AI 模块配置(不需要 AI 功能可留空)
ERP__AI__DEFAULT_PROVIDER=ollama
ERP__AI__API_KEY=
ERP__AI__BASE_URL=http://localhost:11434
ERP__AI__MODEL=qwen2.5:7b
# ===== DevOps =====
# 备份加密密码openssl AES-256-CBC必填用于生产
BACKUP_PASSPHRASE=CHANGE_ME_BACKUP_ENCRYPTION_PASSWORD
# 备份保留天数
BACKUP_KEEP_DAYS=7
# 备份执行时间cron 格式)
BACKUP_CRON=0 2 * * *
# uploads 备份时间
UPLOADS_BACKUP_CRON=0 3 * * *
# Grafana 管理员密码
GRAFANA_ADMIN_PASSWORD=CHANGE_ME_GRAFANA_ADMIN
GRAFANA_ROOT_URL=http://localhost:3001
Reference in New Issue View Git Blame Copy Permalink