# ============================================================================= # XuqmGroup 私有化部署 — 业务服务编排 # # 说明: # - 基础设施(MySQL / Redis)在 docker-compose.infra.yml 中定义 # - 使用 --profile 控制启动哪些服务(配合 .env 中的 COMPOSE_PROFILES) # - 所有服务密码通过 config/secrets.env 注入,不写在本文件 # - Spring Boot 数据库 URL 通过 environment: 覆盖,优先级高于 application.yml # ============================================================================= services: # --------------------------------------------------------------------------- # 核心 API 服务(必须) # 端口:9001(内部),nginx 代理 /api/* 和 /actuator/* # --------------------------------------------------------------------------- tenant-service: image: ${REGISTRY}/tenant-service:${IMAGE_TAG} profiles: ["base"] env_file: - ./config/xuqm.env # 业务配置:运行模式、域名、功能开关 - ./config/secrets.env # 敏感配置:密码、Token - ./config/tenant/bootstrap.env # 初始租户配置 environment: # 覆盖 application.yml 中硬编码的生产地址,私有化部署必须保留此块 SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true" SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}" SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}" SPRING_DATA_REDIS_HOST: "${REDIS_HOST}" SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}" SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}" SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}" restart: unless-stopped # --------------------------------------------------------------------------- # 文件服务(必须) # 端口:8086(内部),nginx 代理 /file/* # 文件数据持久化到 ./data/uploads # --------------------------------------------------------------------------- file-service: image: ${REGISTRY}/file-service:${IMAGE_TAG} profiles: ["base"] env_file: - ./config/xuqm.env - ./config/secrets.env environment: SPRING_DATASOURCE_URL: "jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT:-3306}/${MYSQL_DATABASE:-xuqm_private}?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true" SPRING_DATASOURCE_USERNAME: "${MYSQL_USERNAME:-xuqm}" SPRING_DATASOURCE_PASSWORD: "${MYSQL_PASSWORD}" SPRING_DATA_REDIS_HOST: "${REDIS_HOST}" SPRING_DATA_REDIS_PORT: "${REDIS_PORT:-6379}" SPRING_DATA_REDIS_PASSWORD: "${REDIS_PASSWORD}" SPRING_DATA_REDIS_DATABASE: "${REDIS_DATABASE:-0}" volumes: - ./data/uploads:/data/uploads # 上传文件持久化目录 restart: unless-stopped # --------------------------------------------------------------------------- # 控制台前端(必须) # 租户登录、App 管理、功能配置界面 # nginx 代理 / 根路径 # --------------------------------------------------------------------------- tenant-web: image: ${REGISTRY}/tenant-web:${IMAGE_TAG} profiles: ["base"] restart: unless-stopped # --------------------------------------------------------------------------- # 运营后台前端(必须) # 管理员登录界面,nginx 代理 /ops # --------------------------------------------------------------------------- ops-web: image: ${REGISTRY}/ops-web:${IMAGE_TAG} profiles: ["base"] restart: unless-stopped # --------------------------------------------------------------------------- # Nginx 反向代理(必须) # 统一入口:端口 80(HTTP)和 443(HTTPS) # 路由所有请求到各后端容器 # --------------------------------------------------------------------------- nginx: image: nginx:1.27-alpine profiles: ["base"] ports: - "80:80" # HTTP - "443:443" # HTTPS(需要配置证书,见 docs/runbook.md) volumes: - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./config/nginx/conf.d:/etc/nginx/conf.d:ro depends_on: tenant-service: condition: service_started tenant-web: condition: service_started ops-web: condition: service_started restart: unless-stopped # --------------------------------------------------------------------------- # IM 服务(可选,profile: im) # 端口:8082(内部) # 提供:IM HTTP API(/api/im/)和 WebSocket(/ws/im/) # --------------------------------------------------------------------------- im-service: image: ${REGISTRY}/im-service:${IMAGE_TAG} profiles: ["im"] env_file: - ./config/xuqm.env - ./config/secrets.env environment: # im-service 默认调用 127.0.0.1:9001,必须覆盖为 Docker 服务名 TENANT_SERVICE_URL: "http://tenant-service:9001" PUSH_SERVICE_URL: "http://push-service:8083" restart: unless-stopped # --------------------------------------------------------------------------- # 推送服务(可选,profile: push) # 端口:8083(内部) # 负责通过华为/小米/OPPO/vivo/荣耀/APNs/FCM 下发推送通知 # --------------------------------------------------------------------------- push-service: image: ${REGISTRY}/push-service:${IMAGE_TAG} profiles: ["push"] env_file: - ./config/xuqm.env - ./config/secrets.env - ./config/vendors/push.env # 各厂商推送凭据 restart: unless-stopped # --------------------------------------------------------------------------- # 版本管理服务(可选,profile: update) # 端口:8084(内部) # 负责:APP 版本发布、RN 热更新包、应用市场自动提交 # --------------------------------------------------------------------------- update-service: image: ${REGISTRY}/update-service:${IMAGE_TAG} profiles: ["update"] env_file: - ./config/xuqm.env - ./config/secrets.env - ./config/vendors/store-submit.env # 各应用市场发布凭据 environment: # update-service 默认调用 xuqm-tenant-service:9001(不可解析),需覆盖 SDK_TENANT_SERVICE_URL: "http://tenant-service:9001" volumes: - ./data/update:/data/update # 版本包存储目录 restart: unless-stopped # --------------------------------------------------------------------------- # License 服务(可选,profile: license) # 端口:8085(内部) # 负责设备激活数量校验和 License 有效期管理 # --------------------------------------------------------------------------- license-service: image: ${REGISTRY}/license-service:${IMAGE_TAG} profiles: ["license"] env_file: - ./config/xuqm.env - ./config/secrets.env restart: unless-stopped