From 2acc8e99f7a7405adba1137d8c9112c0a17f81d5 Mon Sep 17 00:00:00 2001
From: 537yaha <2930134478@qq.com>
Date: Sun, 1 Feb 2026 20:18:20 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=20frontend=20?=
 =?UTF-8?q?=E5=AE=B9=E5=99=A8=E5=AE=89=E5=85=A8=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose.prod.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 8c4f7f9..0b4a9ec 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -1,5 +1,3 @@
-
-
 services:
   # MySQL 数据库
   mysql:
@@ -65,6 +63,24 @@ services:
     networks:
       - ai-cs-network
     restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_BIND_SERVICE
+    read_only: true  # 只读文件系统（防止写入恶意文件）
+    tmpfs:
+      - /tmp
+      - /var/tmp
+      - /app/.next/cache  # Next.js 需要缓存目录
+    resources:
+      limits:
+        cpus: '2.0'
+        memory: 2G
+      reservations:
+        cpus: '0.5'
+        memory: 512M
 
 volumes:
   mysql_data: