From dc42bf585be770cb9432fae0dada8e66cf58004b Mon Sep 17 00:00:00 2001 From: huangzhenpc Date: Mon, 26 Jan 2026 10:32:46 +0800 Subject: [PATCH] chore: use 1panel docker-compose config as default - Replace docker-compose.yml with docker-compose.1panel.yml content - Better compatibility with 1Panel environment - Simplify future updates and maintenance Co-Authored-By: Claude Sonnet 4.5 --- deploy/docker-compose.yml | 135 ++++++++------------------------------ 1 file changed, 27 insertions(+), 108 deletions(-) diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 484df3a8..5d3efe8c 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -1,22 +1,24 @@ # ============================================================================= -# Sub2API Docker Compose Configuration +# TianShuAPI Docker Compose - 1Panel 环境配置 # ============================================================================= -# Quick Start: -# 1. Copy .env.example to .env and configure -# 2. docker-compose up -d -# 3. Check logs: docker-compose logs -f sub2api -# 4. Access: http://localhost:8080 -# -# All configuration is done via environment variables. -# No Setup Wizard needed - the system auto-initializes on first run. +# 此配置文件适用于已有 1Panel 环境,复用现有 Redis # ============================================================================= services: # =========================================================================== - # Sub2API Application + # TianShuAPI Application # =========================================================================== sub2api: - image: weishaw/sub2api:latest + # 方式1:使用官方镜像(快速部署) + # image: weishaw/sub2api:latest + + # 方式2:从本地代码构建(二次开发) + build: + context: ../ + dockerfile: Dockerfile + args: + - BUILD_TAGS=embed + image: sub2api:local container_name: sub2api restart: unless-stopped ulimits: @@ -26,28 +28,18 @@ services: ports: - "${BIND_HOST:-0.0.0.0}:${SERVER_PORT:-8080}:8080" volumes: - # Data persistence (config.yaml will be auto-generated here) - sub2api_data:/app/data - # Optional: Mount custom config.yaml (uncomment and create the file first) - # Copy config.example.yaml to config.yaml, modify it, then uncomment: - # - ./config.yaml:/app/data/config.yaml:ro environment: - # ======================================================================= - # Auto Setup (REQUIRED for Docker deployment) - # ======================================================================= + # Auto Setup - AUTO_SETUP=true - # ======================================================================= # Server Configuration - # ======================================================================= - SERVER_HOST=0.0.0.0 - SERVER_PORT=8080 - SERVER_MODE=${SERVER_MODE:-release} - RUN_MODE=${RUN_MODE:-standard} - # ======================================================================= - # Database Configuration (PostgreSQL) - # ======================================================================= + # Database Configuration - DATABASE_HOST=postgres - DATABASE_PORT=5432 - DATABASE_USER=${POSTGRES_USER:-sub2api} @@ -55,74 +47,36 @@ services: - DATABASE_DBNAME=${POSTGRES_DB:-sub2api} - DATABASE_SSLMODE=disable - # ======================================================================= - # Redis Configuration - # ======================================================================= - - REDIS_HOST=redis - - REDIS_PORT=6379 - - REDIS_PASSWORD=${REDIS_PASSWORD:-} + # Redis Configuration - 使用外部 Redis + - REDIS_HOST=${REDIS_HOST} + - REDIS_PORT=${REDIS_PORT:-6379} + - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_DB=${REDIS_DB:-0} - # ======================================================================= - # Admin Account (auto-created on first run) - # ======================================================================= + # Admin Account - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@sub2api.local} - ADMIN_PASSWORD=${ADMIN_PASSWORD:-} - # ======================================================================= # JWT Configuration - # ======================================================================= - # IMPORTANT: Set a fixed JWT_SECRET to prevent login sessions from being - # invalidated after container restarts. If left empty, a random secret - # will be generated on each startup. - # Generate a secure secret: openssl rand -hex 32 - JWT_SECRET=${JWT_SECRET:-} - JWT_EXPIRE_HOUR=${JWT_EXPIRE_HOUR:-24} - # ======================================================================= - # Timezone Configuration - # This affects ALL time operations in the application: - # - Database timestamps - # - Usage statistics "today" boundary - # - Subscription expiry times - # - Log timestamps - # Common values: Asia/Shanghai, America/New_York, Europe/London, UTC - # ======================================================================= + # Timezone - TZ=${TZ:-Asia/Shanghai} - # ======================================================================= - # Gemini OAuth Configuration (for Gemini accounts) - # ======================================================================= + # Gemini OAuth (可选) - GEMINI_OAUTH_CLIENT_ID=${GEMINI_OAUTH_CLIENT_ID:-} - GEMINI_OAUTH_CLIENT_SECRET=${GEMINI_OAUTH_CLIENT_SECRET:-} - GEMINI_OAUTH_SCOPES=${GEMINI_OAUTH_SCOPES:-} - GEMINI_QUOTA_POLICY=${GEMINI_QUOTA_POLICY:-} - - # ======================================================================= - # Security Configuration (URL Allowlist) - # ======================================================================= - # Enable URL allowlist validation (false to skip allowlist checks) - - SECURITY_URL_ALLOWLIST_ENABLED=${SECURITY_URL_ALLOWLIST_ENABLED:-false} - # Allow insecure HTTP URLs when allowlist is disabled (default: false, requires https) - - SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=${SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP:-false} - # Allow private IP addresses for upstream/pricing/CRS (for internal deployments) - - SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=${SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS:-false} - # Upstream hosts whitelist (comma-separated, only used when enabled=true) - - SECURITY_URL_ALLOWLIST_UPSTREAM_HOSTS=${SECURITY_URL_ALLOWLIST_UPSTREAM_HOSTS:-} - - # ======================================================================= - # Update Configuration (在线更新配置) - # ======================================================================= - # Proxy for accessing GitHub (online updates + pricing data) - # Examples: http://host:port, socks5://host:port - - UPDATE_PROXY_URL=${UPDATE_PROXY_URL:-} depends_on: postgres: condition: service_healthy - redis: - condition: service_healthy + extra_hosts: + - "host.docker.internal:host-gateway" networks: - sub2api-network + - 1panel-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 30s @@ -156,41 +110,6 @@ services: timeout: 5s retries: 5 start_period: 10s - # 注意:不暴露端口到宿主机,应用通过内部网络连接 - # 如需调试,可临时添加:ports: ["127.0.0.1:5433:5432"] - - # =========================================================================== - # Redis Cache - # =========================================================================== - redis: - image: redis:8-alpine - container_name: sub2api-redis - restart: unless-stopped - ulimits: - nofile: - soft: 100000 - hard: 100000 - volumes: - - redis_data:/data - command: > - sh -c ' - redis-server - --save 60 1 - --appendonly yes - --appendfsync everysec - ${REDIS_PASSWORD:+--requirepass "$REDIS_PASSWORD"}' - environment: - - TZ=${TZ:-Asia/Shanghai} - # REDISCLI_AUTH is used by redis-cli for authentication (safer than -a flag) - - REDISCLI_AUTH=${REDIS_PASSWORD:-} - networks: - - sub2api-network - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 5s # ============================================================================= # Volumes @@ -200,8 +119,6 @@ volumes: driver: local postgres_data: driver: local - redis_data: - driver: local # ============================================================================= # Networks @@ -209,3 +126,5 @@ volumes: networks: sub2api-network: driver: bridge + 1panel-network: + external: true