bc571c7749
新增: - nginx/nginx.conf: TLS 1.2/1.3 终端 + HSTS/CSP 安全头 + SSE 长连接 + 50M 上传限制 - prometheus/prometheus.yml: HMS/PostgreSQL/Redis/Nginx 四指标源 - prometheus/alerts.yml: 4 组告警规则(系统/应用/数据库/Redis),含 5xx 错误率 + 内存 + 连接数 - restore.sh: 备份恢复脚本(支持加密备份解密恢复) 改进: - backup.sh: 新增 BACKUP_PASSPHRASE 加密(AES-256-CBC)+ 完整性校验 + 恢复指引 - docker-compose.production.yml: 添加 Nginx/Prometheus/Grafana/uploads-backup 容器 - docker-compose.yml: Redis 添加 --appendonly yes 持久化 - .env.production.example: 添加 DevOps 相关环境变量模板
51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
version: "3.8"
|
|
|
|
# WARNING: 生产环境必须通过 .env 文件或环境变量覆盖默认密码
|
|
# 不要在生产环境使用默认密码
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: erp-postgres
|
|
environment:
|
|
POSTGRES_USER: ${POSTGRES_USER:-erp}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-erp_dev_2024}
|
|
POSTGRES_DB: ${POSTGRES_DB:-erp}
|
|
expose:
|
|
- "5432"
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-erp}"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "1.0"
|
|
memory: 512M
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: erp-redis
|
|
command: redis-server --requirepass ${REDIS_PASSWORD:-erp_redis_dev} --appendonly yes
|
|
expose:
|
|
- "6379"
|
|
volumes:
|
|
- redis_data:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-erp_redis_dev}", "ping"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "1.0"
|
|
memory: 512M
|
|
|
|
volumes:
|
|
postgres_data:
|
|
redis_data:
|