AI-CS/docker-compose.prod.yml

services:
  # ========== Milvus 向量库及其依赖（与 MySQL 一样在 Docker 中运行） ==========
  etcd:
    image: quay.io/coreos/etcd:v3.5.5
    container_name: milvus-etcd
    environment:
      - ETCD_AUTO_COMPACTION_MODE=revision
      - ETCD_AUTO_COMPACTION_RETENTION=1000
      - ETCD_QUOTA_BACKEND_BYTES=4294967296
      - ETCD_SNAPSHOT_COUNT=50000
    volumes:
      - etcd_data:/etcd
    command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd
    healthcheck:
      test: ["CMD", "etcdctl", "endpoint", "health"]
      interval: 30s
      timeout: 20s
      retries: 3
    networks:
      - ai-cs-network
    restart: unless-stopped

  minio:
    image: minio/minio:RELEASE.2023-03-20T20-16-18Z
    container_name: milvus-minio
    environment:
      MINIO_ACCESS_KEY: minioadmin
      MINIO_SECRET_KEY: minioadmin
    volumes:
      - minio_data:/minio_data
    command: minio server /minio_data --console-address ":9001"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    networks:
      - ai-cs-network
    restart: unless-stopped

  milvus-standalone:
    image: milvusdb/milvus:v2.3.3
    container_name: milvus-standalone
    command: ["milvus", "run", "standalone"]
    environment:
      ETCD_ENDPOINTS: etcd:2379
      MINIO_ADDRESS: minio:9000
    volumes:
      - milvus_data:/var/lib/milvus
    ports:
      - "${MILVUS_PORT}:19530"
    depends_on:
      etcd:
        condition: service_healthy
      minio:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9091/healthz"]
      interval: 30s
      start_period: 90s
      timeout: 20s
      retries: 5
    networks:
      - ai-cs-network
    restart: unless-stopped

  # MySQL 数据库
  mysql:
    image: mysql:8.0
    container_name: ai-cs-mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${DB_NAME}
      MYSQL_USER: ${DB_USER}
      MYSQL_PASSWORD: ${DB_PASSWORD}
    ports:
      - "${MYSQL_PORT}:3306"
    volumes:
      - mysql_data:/var/lib/mysql
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    networks:
      - ai-cs-network
    restart: unless-stopped

  # 后端服务（使用预构建镜像）
  backend:
    image: ${BACKEND_IMAGE}
    env_file:
      - ./.env
    container_name: ai-cs-backend
    environment:
      DB_HOST: ${DB_HOST}
      DB_PORT: ${DB_PORT}
      DB_USER: ${DB_USER}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_NAME: ${DB_NAME}
      ADMIN_USERNAME: ${ADMIN_USERNAME}
      ADMIN_PASSWORD: ${ADMIN_PASSWORD}
      SERVER_HOST: ${SERVER_HOST}
      SERVER_PORT: ${SERVER_PORT}
      GIN_MODE: ${GIN_MODE}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
      SERPER_MCP_URL: ${SERPER_MCP_URL}
      SERPER_API_KEY: ${SERPER_API_KEY}
      MILVUS_HOST: ${MILVUS_HOST}
      MILVUS_PORT: ${MILVUS_PORT}
      MILVUS_USERNAME: ${MILVUS_USERNAME}
      MILVUS_PASSWORD: ${MILVUS_PASSWORD}
      MILVUS_DISABLED: ${MILVUS_DISABLED}
      VECTOR_STORE_DISABLED: ${VECTOR_STORE_DISABLED}
      MILVUS_REQUIRED: ${MILVUS_REQUIRED}
    ports:
      - "${BACKEND_PORT}:${SERVER_PORT}"
    volumes:
      - ./backend/uploads:/app/uploads
      - ./.env:/app/.env:ro
    depends_on:
      mysql:
        condition: service_healthy
      milvus-standalone:
        condition: service_healthy
    networks:
      - ai-cs-network
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    read_only: true
    tmpfs:
      - /tmp
      - /var/tmp

  # 前端服务（使用预构建镜像）
  frontend:
    image: ${FRONTEND_IMAGE}
    container_name: ai-cs-frontend
    environment:
      NEXT_PUBLIC_API_BASE_URL: ${NEXT_PUBLIC_API_BASE_URL}
      NEXT_PUBLIC_BACKEND_HOST: ${NEXT_PUBLIC_BACKEND_HOST}
      NEXT_PUBLIC_BACKEND_PORT: ${NEXT_PUBLIC_BACKEND_PORT}
      NEXT_PUBLIC_MATOMO_CONTAINER_URL: ${NEXT_PUBLIC_MATOMO_CONTAINER_URL}
    ports:
      - "${FRONTEND_PORT}:3000"
    depends_on:
      - backend
    networks:
      - ai-cs-network
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    read_only: true  # 只读文件系统（防止写入恶意文件）
    tmpfs:
      - /tmp
      - /var/tmp
      - /app/.next/cache  # Next.js 需要缓存目录

volumes:
  mysql_data:
    driver: local
  etcd_data:
    driver: local
  minio_data:
    driver: local
  milvus_data:
    driver: local

networks:
  ai-cs-network:
    driver: bridge