mirror of
https://github.com/fawney19/Aether.git
synced 2026-01-09 03:02:26 +08:00
68ff828505
- 添加 entrypoint.sh 在容器启动前执行 alembic upgrade head - 更新 Dockerfile.app 和 Dockerfile.app.local 使用新入口脚本 - 移除手动迁移脚本 migrate.sh - 简化 README 部署说明
170 lines
5.4 KiB
Erlang
170 lines
5.4 KiB
Erlang
# 运行镜像:从 base 提取产物到精简运行时
|
||
# 构建命令: docker build -f Dockerfile.app -t aether-app:latest .
|
||
# 用于 GitHub Actions CI(官方源)
|
||
FROM aether-base:latest AS builder
|
||
|
||
WORKDIR /app
|
||
|
||
# 复制前端源码并构建
|
||
COPY frontend/ ./frontend/
|
||
RUN cd frontend && npm run build
|
||
|
||
# ==================== 运行时镜像 ====================
|
||
FROM python:3.12-slim
|
||
|
||
WORKDIR /app
|
||
|
||
# 运行时依赖(无 gcc/nodejs/npm)
|
||
RUN apt-get update && apt-get install -y \
|
||
nginx \
|
||
supervisor \
|
||
libpq5 \
|
||
curl \
|
||
&& rm -rf /var/lib/apt/lists/*
|
||
|
||
# 从 base 镜像复制 Python 包
|
||
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
|
||
|
||
# 只复制需要的 Python 可执行文件
|
||
COPY --from=builder /usr/local/bin/gunicorn /usr/local/bin/
|
||
COPY --from=builder /usr/local/bin/uvicorn /usr/local/bin/
|
||
COPY --from=builder /usr/local/bin/alembic /usr/local/bin/
|
||
|
||
# 从 builder 阶段复制前端构建产物
|
||
COPY --from=builder /app/frontend/dist /usr/share/nginx/html
|
||
|
||
# 复制后端代码
|
||
COPY src/ ./src/
|
||
COPY alembic.ini ./
|
||
COPY alembic/ ./alembic/
|
||
|
||
# Nginx 配置模板
|
||
# 智能处理 IP:有外层代理头就透传,没有就用直连 IP
|
||
RUN printf '%s\n' \
|
||
'map $http_x_real_ip $real_ip {' \
|
||
' default $http_x_real_ip;' \
|
||
' "" $remote_addr;' \
|
||
'}' \
|
||
'' \
|
||
'map $http_x_forwarded_for $forwarded_for {' \
|
||
' default $http_x_forwarded_for;' \
|
||
' "" $remote_addr;' \
|
||
'}' \
|
||
'' \
|
||
'server {' \
|
||
' listen 80;' \
|
||
' server_name _;' \
|
||
' root /usr/share/nginx/html;' \
|
||
' index index.html;' \
|
||
' client_max_body_size 100M;' \
|
||
'' \
|
||
' # gzip 压缩配置(对 base64 图片等非流式响应有效)' \
|
||
' gzip on;' \
|
||
' gzip_min_length 256;' \
|
||
' gzip_comp_level 5;' \
|
||
' gzip_vary on;' \
|
||
' gzip_proxied any;' \
|
||
' gzip_types application/json text/plain text/css text/javascript application/javascript application/octet-stream;' \
|
||
' gzip_disable "msie6";' \
|
||
'' \
|
||
' location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {' \
|
||
' expires 1y;' \
|
||
' add_header Cache-Control "public, no-transform";' \
|
||
' try_files $uri =404;' \
|
||
' }' \
|
||
'' \
|
||
' location ~ ^/(src|node_modules)/ {' \
|
||
' deny all;' \
|
||
' return 404;' \
|
||
' }' \
|
||
'' \
|
||
' location ~ ^/(dashboard|admin|login)(/|$) {' \
|
||
' try_files $uri $uri/ /index.html;' \
|
||
' }' \
|
||
'' \
|
||
' location ~ ^/(docs|redoc|openapi\\.json)$ {' \
|
||
' proxy_pass http://127.0.0.1:PORT_PLACEHOLDER;' \
|
||
' proxy_http_version 1.1;' \
|
||
' proxy_set_header Host $host;' \
|
||
' proxy_set_header X-Real-IP $real_ip;' \
|
||
' proxy_set_header X-Forwarded-For $forwarded_for;' \
|
||
' proxy_set_header X-Forwarded-Proto $scheme;' \
|
||
' }' \
|
||
'' \
|
||
' location / {' \
|
||
' try_files $uri $uri/ @backend;' \
|
||
' }' \
|
||
'' \
|
||
' location @backend {' \
|
||
' proxy_pass http://127.0.0.1:PORT_PLACEHOLDER;' \
|
||
' proxy_http_version 1.1;' \
|
||
' proxy_set_header Host $host;' \
|
||
' proxy_set_header X-Real-IP $real_ip;' \
|
||
' proxy_set_header X-Forwarded-For $forwarded_for;' \
|
||
' proxy_set_header X-Forwarded-Proto $scheme;' \
|
||
' proxy_set_header Connection "";' \
|
||
' proxy_set_header Accept $http_accept;' \
|
||
' proxy_set_header Content-Type $content_type;' \
|
||
' proxy_set_header Authorization $http_authorization;' \
|
||
' proxy_set_header X-Api-Key $http_x_api_key;' \
|
||
' proxy_buffering off;' \
|
||
' proxy_cache off;' \
|
||
' proxy_request_buffering off;' \
|
||
' chunked_transfer_encoding on;' \
|
||
' gzip off;' \
|
||
' add_header X-Accel-Buffering no;' \
|
||
' proxy_connect_timeout 600s;' \
|
||
' proxy_send_timeout 600s;' \
|
||
' proxy_read_timeout 600s;' \
|
||
' }' \
|
||
'}' > /etc/nginx/sites-available/default.template
|
||
|
||
# Supervisor 配置
|
||
RUN printf '%s\n' \
|
||
'[supervisord]' \
|
||
'nodaemon=true' \
|
||
'logfile=/var/log/supervisor/supervisord.log' \
|
||
'pidfile=/var/run/supervisord.pid' \
|
||
'' \
|
||
'[program:nginx]' \
|
||
'command=/bin/bash -c "sed \"s/PORT_PLACEHOLDER/8084/g\" /etc/nginx/sites-available/default.template > /etc/nginx/sites-available/default && /usr/sbin/nginx -g \"daemon off;\""' \
|
||
'autostart=true' \
|
||
'autorestart=true' \
|
||
'stdout_logfile=/var/log/nginx/access.log' \
|
||
'stderr_logfile=/var/log/nginx/error.log' \
|
||
'' \
|
||
'[program:app]' \
|
||
'command=gunicorn src.main:app --preload -w %(ENV_GUNICORN_WORKERS)s -k uvicorn.workers.UvicornWorker --bind 127.0.0.1:8084 --timeout 120 --access-logfile - --error-logfile - --log-level info' \
|
||
'directory=/app' \
|
||
'autostart=true' \
|
||
'autorestart=true' \
|
||
'stdout_logfile=/dev/stdout' \
|
||
'stdout_logfile_maxbytes=0' \
|
||
'stderr_logfile=/dev/stderr' \
|
||
'stderr_logfile_maxbytes=0' \
|
||
'environment=PYTHONUNBUFFERED=1,PYTHONIOENCODING=utf-8,LANG=C.UTF-8,LC_ALL=C.UTF-8,DOCKER_CONTAINER=true' > /etc/supervisor/conf.d/supervisord.conf
|
||
|
||
# 创建目录
|
||
RUN mkdir -p /var/log/supervisor /app/logs /app/data
|
||
|
||
# 入口脚本(启动前执行迁移)
|
||
COPY entrypoint.sh /entrypoint.sh
|
||
RUN chmod +x /entrypoint.sh
|
||
|
||
# 环境变量
|
||
ENV PYTHONUNBUFFERED=1 \
|
||
PYTHONDONTWRITEBYTECODE=1 \
|
||
PYTHONIOENCODING=utf-8 \
|
||
LANG=C.UTF-8 \
|
||
LC_ALL=C.UTF-8 \
|
||
PORT=8084 \
|
||
GUNICORN_WORKERS=4
|
||
|
||
EXPOSE 80
|
||
|
||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||
CMD curl -f http://localhost/health || exit 1
|
||
|
||
ENTRYPOINT ["/entrypoint.sh"]
|
||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|