配置公网 docker 部署

2026-05-08 00:32:02 +08:00
parent 8b4aa609c8
commit 12c263f0f6
7 changed files with 27 additions and 22 deletions
--- a/.env
+++ b/.env
@@ -1,15 +1,15 @@
 # Copy this file to .env before running docker compose.
 # XXXX LAN access: set PUBLIC_HOST to the machine IP, for example 192.168.3.11.
 # XXXX Public-domain access through frpc/frps + NPM: set PUBLIC_HOST to the external frontend host, for example seg.example.com.
-PUBLIC_HOST=192.168.3.11
+PUBLIC_HOST=seg.huijutec.cn

 # XXXX Frontend build-time API/WebSocket endpoints.
 # LAN default can stay empty because the frontend infers http://<browser-host>:8000.
 # Public-domain example:
 # VITE_API_BASE_URL=https://seg-api.example.com
 # VITE_WS_PROGRESS_URL=wss://seg-api.example.com/ws/progress
-VITE_API_BASE_URL=
-VITE_WS_PROGRESS_URL=
+VITE_API_BASE_URL=https://seg-api.huijutec.cn
+VITE_WS_PROGRESS_URL=wss://seg-api.huijutec.cn/ws/progress

 FRONTEND_PORT=3000
 BACKEND_PORT=8000
@@ -24,10 +24,11 @@ MINIO_ACCESS_KEY=minioadmin
 MINIO_SECRET_KEY=minioadmin

 # XXXX Browser-facing MinIO endpoint used to generate image/frame presigned URLs.
-# LAN example: 192.168.3.11:9000 and MINIO_SECURE=false
-# Public-domain example: seg-minio.example.com and MINIO_SECURE=true
-MINIO_PUBLIC_ENDPOINT=192.168.3.11:9000
+# LAN example: 192.168.3.11:9000 with MINIO_SECURE=false
+# Public-domain example: seg-minio.example.com with MINIO_PUBLIC_SECURE=true
+MINIO_PUBLIC_ENDPOINT=seg-minio.huijutec.cn
 MINIO_SECURE=false
+MINIO_PUBLIC_SECURE=true

 # Local directory containing SAM 2.1 checkpoints.
 # Keep this relative path so the whole Seg_Server_Docker folder can be moved.
@@ -36,7 +37,7 @@ SAM_MODELS_DIR=./models
 # XXXX Must include every browser origin that will open the frontend.
 # LAN example: ["http://192.168.3.11:3000","http://localhost:3000","http://127.0.0.1:3000"]
 # Public-domain example: ["https://seg.example.com"]
-CORS_ORIGINS=["http://192.168.3.11:3000","http://localhost:3000","http://127.0.0.1:3000"]
+CORS_ORIGINS=["https://seg.huijutec.cn","http://seg.huijutec.cn","http://localhost:3000","http://127.0.0.1:3000"]

 JWT_SECRET_KEY=change-this-to-a-long-random-production-secret
 ACCESS_TOKEN_EXPIRE_MINUTES=1440
--- a/.env.example
+++ b/.env.example
@@ -24,10 +24,11 @@ MINIO_ACCESS_KEY=minioadmin
 MINIO_SECRET_KEY=minioadmin

 # XXXX Browser-facing MinIO endpoint used to generate image/frame presigned URLs.
-# LAN example: localhost:9000 and MINIO_SECURE=false
-# Public-domain example: seg-minio.example.com and MINIO_SECURE=true
+# LAN example: localhost:9000 with MINIO_SECURE=false
+# Public-domain example: seg-minio.example.com with MINIO_PUBLIC_SECURE=true
 MINIO_PUBLIC_ENDPOINT=localhost:9000
 MINIO_SECURE=false
+# MINIO_PUBLIC_SECURE=true

 # Local directory containing SAM 2.1 checkpoints.
 # Keep ./models for a self-contained deploy, or point to another path only when deliberately sharing a model cache.
--- a/README.md
+++ b/README.md
@@ -103,6 +103,7 @@ MINIO_ACCESS_KEY=minioadmin
 MINIO_SECRET_KEY=minioadmin
 MINIO_PUBLIC_ENDPOINT=localhost:9000
 MINIO_SECURE=false
+# MINIO_PUBLIC_SECURE=true

 SAM_MODELS_DIR=./models

@@ -344,7 +345,8 @@ VITE_WS_PROGRESS_URL=wss://seg-api.example.com/ws/progress

 # XXXX Browser-facing MinIO endpoint
 MINIO_PUBLIC_ENDPOINT=seg-minio.example.com
-MINIO_SECURE=true
+MINIO_SECURE=false
+MINIO_PUBLIC_SECURE=true

 # XXXX Browser origins
 CORS_ORIGINS=["https://seg.example.com"]
--- a/backend/config.py
+++ b/backend/config.py
@@ -18,6 +18,7 @@ class Settings(BaseSettings):
    minio_access_key: str = "minioadmin"
    minio_secret_key: str = "minioadmin"
    minio_secure: bool = False
+    minio_public_secure: bool | None = None

    # SAM
    sam_default_model: str = "sam2.1_hiera_tiny"
--- a/backend/minio_client.py
+++ b/backend/minio_client.py
@@ -35,11 +35,14 @@ def get_minio_public_client() -> Minio:
    global _minio_public_client
    if _minio_public_client is None:
        endpoint = settings.minio_public_endpoint or settings.minio_endpoint
+        secure = settings.minio_public_secure
+        if secure is None:
+            secure = settings.minio_secure
        _minio_public_client = Minio(
            endpoint,
            access_key=settings.minio_access_key,
            secret_key=settings.minio_secret_key,
-            secure=settings.minio_secure,
+            secure=secure,
        )
    return _minio_public_client

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -132,7 +132,6 @@ services:
    restart: unless-stopped
    profiles:
      - frpc
-    command: ["-c", "/etc/frp/frpc.toml"]
    volumes:
      - ./docker/frpc/frpc.toml:/etc/frp/frpc.toml:ro
    depends_on:
--- a/docker/frpc/frpc.toml
+++ b/docker/frpc/frpc.toml
@@ -3,43 +3,41 @@
 # after replacing every "# XXXX" placeholder below.

 # 基础连接配置
-# XXXX 公网 frps 服务器地址，例如 "1.2.3.4" 或 "frps.example.com"
-serverAddr = "XX.XX.XX.XX"
+serverAddr = "82.157.255.195"
 # XXXX 公网 frps 服务端口，必须与 frps 的 bindPort 一致
 serverPort = 7000

 # 权限验证 - 必须与服务端一致
 auth.method = "token"
-# XXXX 必须替换为 frps 服务端配置中的 token
-auth.token = "XXXXX"
+auth.token = "en.xjtu.edu.cn"

 # 传输配置优化
 transport.poolCount = 5
 transport.heartbeatTimeout = -1

 # --- 映射前端访问端口 ---
-# XXXX NPM 可反代公网服务器本机 remotePort 13000 到 seg.example.com
+# NPM 可反代公网服务器本机 remotePort 10000 到 seg.huijutec.cn
 [[proxies]]
 name = "seg-frontend"
 type = "tcp"
 localIP = "frontend"
 localPort = 80
-remotePort = 13000
+remotePort = 10000

 # --- 映射后端 API + WebSocket 端口 ---
-# XXXX NPM 可反代公网服务器本机 remotePort 18000 到 seg-api.example.com，并开启 WebSocket Support
+# NPM 可反代公网服务器本机 remotePort 10001 到 seg-api.huijutec.cn，并开启 WebSocket Support
 [[proxies]]
 name = "seg-backend"
 type = "tcp"
 localIP = "backend"
 localPort = 8000
-remotePort = 18000
+remotePort = 10001

 # --- 映射 MinIO 图片/帧图/缩略图端口 ---
-# XXXX NPM 可反代公网服务器本机 remotePort 19000 到 seg-minio.example.com
+# NPM 可反代公网服务器本机 remotePort 10002 到 seg-minio.huijutec.cn
 [[proxies]]
 name = "seg-minio"
 type = "tcp"
 localIP = "minio"
 localPort = 9000
-remotePort = 19000
+remotePort = 10002