diff --git a/compose-Nas.yml b/compose-Nas.yml new file mode 100644 index 0000000..c288cf7 --- /dev/null +++ b/compose-Nas.yml @@ -0,0 +1,126 @@ +# Reactive Resume huijutec.cn / QNAP QTS 直接部署版。 +# 本文件已按 /share/Container/Reactive_Resume、https://me.huijutec.cn、 +# 192.168.31.5:3003 本地访问和 frpc 公网映射 82.157.255.195:10003 预置, +# 复制到 QTS Container Station 后可直接运行。 + +name: reactive-resume-nas + +services: + reactive_resume_permissions: + # Reactive Resume 官方镜像默认以 node 用户运行;QNAP 绑定目录常由 root 创建。 + # 该一次性服务用于修正 /app/data 权限,避免健康检查报 EACCES。 + image: alpine:3.20 + restart: "no" + command: ["sh", "-c", "mkdir -p /app/data && chown -R 1000:1000 /app/data"] + volumes: + - /share/Container/Reactive_Resume/data/uploads:/app/data + + reactive_resume_db: + image: postgres:16-alpine + restart: unless-stopped + environment: + POSTGRES_DB: reactive_resume + POSTGRES_USER: reactive_resume + POSTGRES_PASSWORD: S47LNqOvKzDTgGPo9C26LWf5 + volumes: + - /share/Container/Reactive_Resume/data/postgres:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U reactive_resume -d reactive_resume"] + interval: 10s + timeout: 5s + retries: 10 + + reactive_resume_app: + image: amruthpillai/reactive-resume:latest + restart: unless-stopped + depends_on: + reactive_resume_permissions: + condition: service_completed_successfully + reactive_resume_db: + condition: service_healthy + ports: + - "3003:3000" + volumes: + - /share/Container/Reactive_Resume/data/uploads:/app/data + environment: + TZ: Asia/Shanghai + APP_URL: https://me.huijutec.cn + DATABASE_URL: postgresql://reactive_resume:S47LNqOvKzDTgGPo9C26LWf5@reactive_resume_db:5432/reactive_resume + AUTH_SECRET: 9f27ca158d1c97d58bed21c8c8d8819e3c81111418682972e5f16281ea4ff0c8 + + # 可选功能:未配置时 Reactive Resume 会使用本地存储,并把邮件写入服务日志。 + BETTER_AUTH_API_KEY: "" + GOOGLE_CLIENT_ID: "" + GOOGLE_CLIENT_SECRET: "" + GITHUB_CLIENT_ID: "" + GITHUB_CLIENT_SECRET: "" + LINKEDIN_CLIENT_ID: "" + LINKEDIN_CLIENT_SECRET: "" + OAUTH_PROVIDER_NAME: "" + OAUTH_CLIENT_ID: "" + OAUTH_CLIENT_SECRET: "" + OAUTH_DISCOVERY_URL: "" + OAUTH_AUTHORIZATION_URL: "" + OAUTH_TOKEN_URL: "" + OAUTH_USER_INFO_URL: "" + OAUTH_DYNAMIC_CLIENT_REDIRECT_HOSTS: "" + OAUTH_SCOPES: "" + SMTP_HOST: "" + SMTP_PORT: "587" + SMTP_USER: "" + SMTP_PASS: "" + SMTP_FROM: "Reactive Resume " + SMTP_SECURE: "false" + S3_ACCESS_KEY_ID: "" + S3_SECRET_ACCESS_KEY: "" + S3_REGION: us-east-1 + S3_ENDPOINT: "" + S3_BUCKET: "" + S3_FORCE_PATH_STYLE: "false" + REDIS_URL: "" + ENCRYPTION_SECRET: "" + CLOUDFLARE_ACCOUNT_ID: "" + CLOUDFLARE_API_TOKEN: "" + FLAG_DISABLE_SIGNUPS: "false" + FLAG_DISABLE_EMAIL_AUTH: "false" + FLAG_DISABLE_IMAGE_PROCESSING: "false" + FLAG_ALLOW_UNSAFE_AI_BASE_URL: "false" + healthcheck: + # 使用 127.0.0.1,规避部分 NAS 固件中 localhost 优先解析 IPv6 的问题。 + test: ["CMD-SHELL", "node -e \"fetch('http://127.0.0.1:3000/api/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))\""] + interval: 30s + timeout: 10s + retries: 8 + start_period: 30s + + reactive_resume_frpc: + # QTS/Container Station 版默认启动 frpc。 + # 为避免 QTS 把 frpc 配置文件挂载路径改到应用临时目录,这里不挂载 frpc.yaml, + # 而是在容器启动时自动写入 /tmp/frpc.toml。 + image: snowdreamtech/frpc:latest + restart: unless-stopped + entrypoint: ["/bin/sh"] + command: + - -c + - | + cat > /tmp/frpc.toml <<'EOF' + serverAddr = "82.157.255.195" + serverPort = 7000 + + auth.method = "token" + auth.token = "en.xjtu.edu.cn" + + transport.poolCount = 5 + transport.heartbeatTimeout = -1 + + [[proxies]] + name = "Reactive_Resume" + type = "tcp" + localIP = "reactive_resume_app" + localPort = 3000 + remotePort = 10003 + EOF + exec frpc -c /tmp/frpc.toml + depends_on: + reactive_resume_app: + condition: service_healthy