XuqmGroup-PrivateDeploy/docker-compose.yml

# =============================================================================
# XuqmGroup 私有化部署 — 业务服务编排
#
# 说明：
#   - 基础设施（MySQL / Redis）在 docker-compose.infra.yml 中定义
#   - 使用 --profile 控制启动哪些服务（配合 .env 中的 COMPOSE_PROFILES）
#   - 所有服务密码通过 config/secrets.env 注入，不写在本文件
#   - Spring Boot 数据库 URL 通过 environment: 覆盖，优先级高于 application.yml
# =============================================================================

services:

  # ---------------------------------------------------------------------------
  # 核心 API 服务（必须）
  # 端口：9001（内部），nginx 代理 /api/* 和 /actuator/*
  # ---------------------------------------------------------------------------
  tenant-service:
    image: ${REGISTRY}/tenant-service:${IMAGE_TAG}
    profiles: ["base"]
    ports:
      - "127.0.0.1:10223:9001"
    env_file:
      - ./config/xuqm.env          # 业务配置：运行模式、域名、功能开关
      - ./config/secrets.env        # 敏感配置：密码、Token
      - ./config/tenant/bootstrap.env  # 初始租户配置
    environment:
      # 覆盖 application.yml 中硬编码的生产地址，私有化部署必须保留此块
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
      SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
      SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
      SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
      SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # 文件服务（必须）
  # 端口：8086（内部），nginx 代理 /file/*
  # 文件数据持久化到 ./data/uploads
  # ---------------------------------------------------------------------------
  file-service:
    image: ${REGISTRY}/file-service:${IMAGE_TAG}
    profiles: ["base"]
    ports:
      - "127.0.0.1:10224:8086"
    env_file:
      - ./config/xuqm.env
      - ./config/secrets.env
    environment:
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
      SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
      SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
      SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
      SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
    volumes:
      - ./data/uploads:/data/uploads   # 上传文件持久化目录
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # 控制台前端（必须）
  # 租户登录、App 管理、功能配置界面
  # nginx 代理 / 根路径
  # ---------------------------------------------------------------------------
  tenant-web:
    image: ${REGISTRY}/tenant-web:${IMAGE_TAG}
    profiles: ["base"]
    ports:
      - "127.0.0.1:10225:80"
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # 运营后台前端（必须）
  # 管理员登录界面，nginx 代理 /ops
  # ---------------------------------------------------------------------------
  ops-web:
    image: ${REGISTRY}/ops-web:${IMAGE_TAG}
    profiles: ["base"]
    ports:
      - "127.0.0.1:10226:80"
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # Nginx 反向代理（可选，profile: nginx-bundled）
  # 默认不启动 — 用户通常用宿主机自己的 nginx 代理到各服务端口。
  # 需要内置 nginx 时：COMPOSE_PROFILES=...,nginx-bundled
  # ---------------------------------------------------------------------------
  nginx:
    image: nginx:1.27-alpine
    profiles: ["nginx-bundled"]
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./config/nginx/conf.d:/etc/nginx/conf.d:ro
    depends_on:
      tenant-service:
        condition: service_started
      tenant-web:
        condition: service_started
      ops-web:
        condition: service_started
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # IM 服务（可选，profile: im）
  # 端口：8082（内部）
  # 提供：IM HTTP API（/api/im/）和 WebSocket（/ws/im/）
  # ---------------------------------------------------------------------------
  im-service:
    image: ${REGISTRY}/im-service:${IMAGE_TAG}
    profiles: ["im"]
    ports:
      - "127.0.0.1:10227:8082"
    env_file:
      - ./config/xuqm.env
      - ./config/secrets.env
    environment:
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
      SPRING_DATA_REDIS_HOST: "${REDIS_HOST}"
      SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}"
      SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}"
      SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}"
      TENANT_SERVICE_URL: "http://tenant-service:9001"
      PUSH_SERVICE_URL: "http://push-service:8083"
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # 推送服务（可选，profile: push）
  # 端口：8083（内部）
  # 负责通过华为/小米/OPPO/vivo/荣耀/APNs/FCM 下发推送通知
  # ---------------------------------------------------------------------------
  push-service:
    image: ${REGISTRY}/push-service:${IMAGE_TAG}
    profiles: ["push"]
    ports:
      - "127.0.0.1:10228:8083"
    env_file:
      - ./config/xuqm.env
      - ./config/secrets.env
      - ./config/vendors/push.env   # 各厂商推送凭据
    environment:
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # 版本管理服务（可选，profile: update）
  # 端口：8084（内部）
  # 负责：APP 版本发布、RN 热更新包、应用市场自动提交
  # ---------------------------------------------------------------------------
  update-service:
    image: ${REGISTRY}/update-service:${IMAGE_TAG}
    profiles: ["update"]
    ports:
      - "127.0.0.1:10229:8084"
    env_file:
      - ./config/xuqm.env
      - ./config/secrets.env
      - ./config/vendors/store-submit.env   # 各应用市场发布凭据
    environment:
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
      SDK_TENANT_SERVICE_URL: "http://tenant-service:9001"
    volumes:
      - ./data/update:/data/update   # 版本包存储目录
    restart: unless-stopped

  # ---------------------------------------------------------------------------
  # License 服务（可选，profile: license）
  # 端口：8085（内部）
  # 负责设备激活数量校验和 License 有效期管理
  # ---------------------------------------------------------------------------
  license-service:
    image: ${REGISTRY}/license-service:${IMAGE_TAG}
    profiles: ["license"]
    ports:
      - "127.0.0.1:10230:8085"
    env_file:
      - ./config/xuqm.env
      - ./config/secrets.env
    environment:
      SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true"
      SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}"
      SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}"
    restart: unless-stopped