admin/Mdeical_Sur_Report
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
Files
1faaa050323504a3276ee89b9fe2bcd264e690c1
Mdeical_Sur_Report/docker-compose-Nas.yaml
admin 1faaa05032 Refine reusable compose deployment template 
- Make the default Docker Compose CORS_ORIGIN configurable so public and NAS deployments can override allowed origins without editing the compose file.

- Update the default frpc profile command to call frpc explicitly, matching the snowdreamtech/frpc entrypoint behavior observed in the deployed copy.

- Apply the same explicit frpc command to the NAS compose template.

- Keep real frpc server address and token from the deployed copy out of the reusable template.
2026-05-08 17:13:18 +08:00

116 lines
4.6 KiB
YAML
Raw Blame History

# XXX QNAP/NAS deployment compose. Designed for Container Station or docker compose on a NAS.
# XXX Edit /share paths, proxy variables, SESSION_SECRET, and frpc/frpc.toml before public deployment.
services:
tuwen_db:
image: postgres:16-alpine
container_name: tuwen_db
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB:-surclaw}
POSTGRES_USER: ${POSTGRES_USER:-surclaw}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-surclaw_dev_password}
volumes:
# XXX NAS persistent database directory. Change this path if your QNAP share is different.
- ${NAS_DATA_ROOT:-/share/Container/tuwen_system_v2/data}/postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER:-surclaw} -d $${POSTGRES_DB:-surclaw}"]
interval: 10s
timeout: 5s
retries: 10
tuwen_api:
build:
# XXX Keep relative context for QNAP, otherwise Container Station may fail to resolve absolute paths.
context: .
dockerfile: Dockerfile.server
args:
HTTP_PROXY: ${HTTP_PROXY:-}
HTTPS_PROXY: ${HTTPS_PROXY:-}
NO_PROXY: ${NO_PROXY:-localhost,127.0.0.1,192.168.31.0/24,tuwen_db,tuwen_api,tuwen_web,api,db,web}
container_name: tuwen_api
restart: unless-stopped
networks:
default:
aliases:
# XXX nginx.conf proxies /api to http://api:3100, so NAS service keeps this alias.
- api
depends_on:
tuwen_db:
condition: service_healthy
ports:
# XXX Optional host API port for NAS diagnostics; public users should enter through web:4002/NPM.
- "${NAS_API_PORT:-4102}:3100"
volumes:
# XXX NAS persistent upload directory for signatures, videos, keyframes, and template images.
- ${NAS_DATA_ROOT:-/share/Container/tuwen_system_v2/data}/uploads:/app/uploads
environment:
NODE_ENV: production
API_PORT: 3100
API_BODY_LIMIT: ${API_BODY_LIMIT:-100mb}
DATABASE_URL: postgresql://${POSTGRES_USER:-surclaw}:${POSTGRES_PASSWORD:-surclaw_dev_password}@tuwen_db:5432/${POSTGRES_DB:-surclaw}?schema=public
CORS_ORIGIN: ${CORS_ORIGIN:-http://192.168.31.5:4002,https://sstwbg.example.com}
# XXX Replace in NAS .env or Container Station variables before real deployment.
SESSION_SECRET: ${SESSION_SECRET:-change-me-in-production}
# XXX For public HTTPS through Nginx Proxy Manager, set SESSION_COOKIE_SECURE=true and TRUST_PROXY=true.
SESSION_COOKIE_SECURE: ${SESSION_COOKIE_SECURE:-false}
TRUST_PROXY: ${TRUST_PROXY:-false}
FILE_STORAGE_DIR: /app/uploads
RUN_DB_MIGRATIONS: ${RUN_DB_MIGRATIONS:-true}
RUN_DB_SEED: ${RUN_DB_SEED:-true}
DOCKER_STARTUP_RETRIES: ${DOCKER_STARTUP_RETRIES:-30}
DOCKER_STARTUP_RETRY_DELAY: ${DOCKER_STARTUP_RETRY_DELAY:-2}
HTTP_PROXY: ${HTTP_PROXY:-}
HTTPS_PROXY: ${HTTPS_PROXY:-}
http_proxy: ${HTTP_PROXY:-}
https_proxy: ${HTTPS_PROXY:-}
NO_PROXY: ${NO_PROXY:-localhost,127.0.0.1,192.168.31.0/24,tuwen_db,tuwen_api,tuwen_web,api,db,web}
healthcheck:
# XXX Use 127.0.0.1 instead of localhost to avoid IPv6 resolution issues on some NAS firmware.
test: ["CMD-SHELL", "node -e \"fetch('http://127.0.0.1:3100/api/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))\""]
interval: 10s
timeout: 5s
retries: 12
start_period: 20s
tuwen_web:
build:
# XXX Keep relative context for QNAP.
context: .
dockerfile: Dockerfile
args:
HTTP_PROXY: ${HTTP_PROXY:-}
HTTPS_PROXY: ${HTTPS_PROXY:-}
NO_PROXY: ${NO_PROXY:-localhost,127.0.0.1,192.168.31.0/24,tuwen_db,tuwen_api,tuwen_web,api,db,web}
container_name: tuwen_web
restart: unless-stopped
depends_on:
tuwen_api:
condition: service_healthy
ports:
- "${NAS_WEB_PORT:-4002}:80"
# XXX Local self-signed HTTPS demo only. Public HTTPS should be handled by Nginx Proxy Manager.
- "${NAS_HTTPS_DEMO_PORT:-4443}:443"
environment:
APP_URL: ${APP_URL:-http://192.168.31.5:4002}
healthcheck:
test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1/ || exit 1"]
interval: 10s
timeout: 5s
retries: 6
frpc:
# XXX Optional public tunnel client. Edit frpc/frpc.toml before enabling this profile.
image: snowdreamtech/frpc:latest
container_name: tuwen_frpc
restart: unless-stopped
network_mode: host
command: ["frpc", "-c", "/etc/frp/frpc.toml"]
volumes:
- ./frpc/frpc.toml:/etc/frp/frpc.toml:ro
depends_on:
tuwen_web:
condition: service_healthy
profiles:
- frpc
Reference in New Issue View Git Blame Copy Permalink