simon/wecom_it_smart_desk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
wecom_it_smart_desk/docker-compose.nas.yml
T

203 lines
7.3 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# =============================================================================
# 企微IT智能服务台 — 群晖 NAS Docker Compose(含 Cloudflare Tunnel
# =============================================================================
# 适用场景:群晖 NAS + Cloudflare Tunnel + 未认证企微
# 域名:itdesk.amanzac.com(通过 Cloudflare Tunnel 暴露到公网)
#
# 用法:
# 1. 先完成 Cloudflare Tunnel 创建,获取 token(见部署指南 §2)
# 2. 复制 .env.nas 为 .env 并填入 token 和企微配置
# 3. 在 NAS SSH 或 Container Manager 中启动:
# docker compose -f docker-compose.nas.yml up -d
#
# 架构:
# 互联网 → Cloudflare Edge → Cloudflare Tunnel → nginx:80 → { /itdesk/, /itagent/, /api/, /ws/ }
# =============================================================================
services:
# --------------------------------------------------------------------------
# Cloudflare Tunnel — 内网穿透,替代公网 IP + HTTPS
# --------------------------------------------------------------------------
# 原理:cloudflared 容器主动连接 Cloudflare Edge,建立反向隧道
# 无需开放任何端口,无需公网 IP,无需 SSL 证书
# 配置:在 Cloudflare Dashboard > Zero Trust > Networks > Tunnels 创建
# 获得 tunnel token 后填入 .env 的 CF_TUNNEL_TOKEN
# --------------------------------------------------------------------------
cloudflared:
image: cloudflare/cloudflared:latest
container_name: wecom_it_cloudflared
restart: unless-stopped
# --no-autoupdate 防止容器内自动更新导致重启
# token 从 Cloudflare Dashboard 获取
command: tunnel --no-autoupdate run
environment:
- TUNNEL_TOKEN=${CF_TUNNEL_TOKEN}
networks:
- it-desk-internal
depends_on:
- nginx
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# --------------------------------------------------------------------------
# PostgreSQL 16 — 持久化数据库
# --------------------------------------------------------------------------
postgres:
image: postgres:16-alpine
container_name: wecom_it_postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-wecom}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-wecom_secret}
POSTGRES_DB: ${POSTGRES_DB:-wecom_it_desk}
volumes:
# 群晖建议使用共享文件夹存储,便于备份
# 格式:/volume1/docker/wecom-it-desk/postgres:/var/lib/postgresql/data
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-wecom}"]
interval: 5s
timeout: 5s
retries: 5
networks:
- it-desk-internal
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# --------------------------------------------------------------------------
# Redis 7 — 缓存服务(token、会话、员工信息)
# --------------------------------------------------------------------------
redis:
image: redis:7-alpine
container_name: wecom_it_redis
restart: unless-stopped
command: redis-server --appendonly yes --save 900 1 --save 300 10
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 5s
retries: 5
networks:
- it-desk-internal
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# --------------------------------------------------------------------------
# FastAPI 后端 — 核心业务服务
# --------------------------------------------------------------------------
backend:
build:
context: ./backend
dockerfile: Dockerfile
image: wecom-it-desk-backend:latest
container_name: wecom_it_backend
restart: unless-stopped
environment:
# 企微凭证(从 .env 文件读取)
- WECOM_CORP_ID=${WECOM_CORP_ID}
- WECOM_AGENT_ID=${WECOM_AGENT_ID}
- WECOM_SECRET=${WECOM_SECRET}
- WECOM_TOKEN=${WECOM_TOKEN}
- WECOM_ENCODING_AES_KEY=${WECOM_ENCODING_AES_KEY}
# 数据库(Docker 内部网络)
- DATABASE_URL=postgresql://${POSTGRES_USER:-wecom}:${POSTGRES_PASSWORD:-wecom_secret}@postgres:5432/${POSTGRES_DB:-wecom_it_desk}
# RedisDocker 内部网络)
- REDIS_URL=redis://redis:6379/0
# CORSNAS 部署用 Cloudflare Tunnel 域名)
- CORS_ORIGINS=${CORS_ORIGINS:-https://itdesk.amanzac.com}
# AI 服务(Dify)— NAS 部署可能无法直连内网 Dify,留空则禁用 AI 功能
- DIFY_API_URL=${DIFY_API_URL:-}
- DIFY_API_KEY=${DIFY_API_KEY:-}
- DIFY_TIMEOUT=${DIFY_TIMEOUT:-30}
# AI Wingman(留空禁用)
- DIFY_WINGMAN_API_URL=${DIFY_WINGMAN_API_URL:-}
- DIFY_WINGMAN_API_KEY=${DIFY_WINGMAN_API_KEY:-}
- DIFY_WINGMAN_TIMEOUT=${DIFY_WINGMAN_TIMEOUT:-30}
# Mock 登录(测试阶段跳过 OAuth2)
- MOCK_LOGIN_ENABLED=${MOCK_LOGIN_ENABLED:-false}
# 服务配置
- BACKEND_HOST=0.0.0.0
- BACKEND_PORT=8000
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
command: >
/bin/sh -c "
echo '>>> 执行数据库迁移...' &&
cd /app && PYTHONPATH=/app alembic upgrade head &&
echo '>>> 启动 API 服务...' &&
uvicorn app.main:app --host 0.0.0.0 --port 8000 --workers 2
"
networks:
- it-desk-internal
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:8000/health || exit 1"]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
logging:
driver: "json-file"
options:
max-size: "20m"
max-file: "5"
# --------------------------------------------------------------------------
# Nginx — 反向代理 + 静态文件服务
# --------------------------------------------------------------------------
nginx:
image: nginx:1.27-alpine
container_name: wecom_it_nginx
restart: unless-stopped
# NAS 部署不需要映射端口到宿主机(Cloudflare Tunnel 直接连接容器网络)
# 但保留映射方便内网调试
ports:
- "18080:80"
volumes:
- ./nginx/nginx-nas.conf:/etc/nginx/nginx.conf:ro
- ./frontend-h5/dist:/usr/share/nginx/html/itdesk:ro
- ./frontend-agent/dist:/usr/share/nginx/html/itagent:ro
depends_on:
- backend
networks:
- it-desk-internal
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:80/itdesk/health || exit 1"]
interval: 15s
timeout: 5s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# =============================================================================
# 网络
# =============================================================================
networks:
it-desk-internal:
driver: bridge
# =============================================================================
# 数据卷 — 持久化存储
# =============================================================================
volumes:
postgres_data:
name: wecom_it_postgres_data
redis_data:
name: wecom_it_redis_data
Reference in New Issue View Git Blame Copy Permalink