# 用于部署的 docker-compose 文件: # - FastGPT 端口映射为 3000:3000 # - FastGPT-mcp-server 端口映射 3005:3000 # - 建议修改账密后再运行 # root 默认密码(重启后会强制重置该密码成环境变量值) x-default-root-psw: &x-default-root-psw '1234' # 系统最高密钥凭证 x-system-key: &x-system-key 'fastgpt-xxx' # plugin auth token x-plugin-auth-token: &x-plugin-auth-token 'token' # code sandbox token x-code-sandbox-token: &x-code-sandbox-token 'codesandbox' # volume manager auth token x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken' # aiproxy token x-aiproxy-token: &x-aiproxy-token 'token' # 数据库连接相关配置 x-share-db-config: &x-share-db-config MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin DB_MAX_LINK: 100 REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 # @see https://doc.fastgpt.cn/docs/self-host/config/object-storage STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss STORAGE_REGION: us-east-1 STORAGE_ACCESS_KEY_ID: minioadmin STORAGE_SECRET_ACCESS_KEY: minioadmin STORAGE_PUBLIC_BUCKET: fastgpt-public STORAGE_PRIVATE_BUCKET: fastgpt-private STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 STORAGE_S3_FORCE_PATH_STYLE: true STORAGE_S3_MAX_RETRIES: 3 # Log 配置 x-log-config: &x-log-config LOG_ENABLE_CONSOLE: true LOG_CONSOLE_LEVEL: debug LOG_ENABLE_OTEL: false LOG_OTEL_LEVEL: info LOG_OTEL_URL: http://localhost:4318/v1/logs # 向量库相关配置 x-vec-config: &x-vec-config PG_URL: postgresql://username:password@fastgpt-pg:5432/postgres services: # Vector DB fastgpt-pg: image: pgvector/pgvector:0.8.0-pg15 container_name: fastgpt-pg restart: always networks: - fastgpt environment: # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 - POSTGRES_USER=username - POSTGRES_PASSWORD=password - POSTGRES_DB=postgres volumes: - fastgpt-pg:/var/lib/postgresql/data healthcheck: test: ['CMD', 'pg_isready', '-U', 'username', '-d', 'postgres'] interval: 5s timeout: 5s retries: 10 fastgpt-mongo: image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo restart: always networks: - fastgpt command: mongod --keyFile /data/mongodb.key --replSet rs0 environment: - MONGO_INITDB_ROOT_USERNAME=myusername - MONGO_INITDB_ROOT_PASSWORD=mypassword volumes: - fastgpt-mongo:/data/db healthcheck: test: ['CMD', 'mongo', '-u', 'myusername', '-p', 'mypassword', '--authenticationDatabase', 'admin', '--eval', "db.adminCommand('ping')"] interval: 10s timeout: 5s retries: 5 start_period: 30s entrypoint: - bash - -c - | openssl rand -base64 128 > /data/mongodb.key chmod 400 /data/mongodb.key chown 999:999 /data/mongodb.key echo 'const isInited = rs.status().ok === 1 if(!isInited){ rs.initiate({ _id: "rs0", members: [ { _id: 0, host: "fastgpt-mongo:27017" } ] }) }' > /data/initReplicaSet.js # 启动MongoDB服务 exec docker-entrypoint.sh "$$@" & # 等待MongoDB服务启动 until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do echo "Waiting for MongoDB to start..." sleep 2 done # 执行初始化副本集的脚本 mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 wait $$! fastgpt-redis: image: redis:7.2-alpine container_name: fastgpt-redis networks: - fastgpt restart: always command: | redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction healthcheck: test: ['CMD', 'redis-cli', '-a', 'mypassword', 'ping'] interval: 10s timeout: 3s retries: 3 start_period: 30s volumes: - fastgpt-redis:/data fastgpt-minio: image: minio/minio:RELEASE.2025-09-07T16-13-09Z container_name: fastgpt-minio restart: always ports: - 9000:9000 - 9001:9001 networks: - fastgpt environment: - MINIO_ROOT_USER=minioadmin - MINIO_ROOT_PASSWORD=minioadmin volumes: - fastgpt-minio:/data command: server /data --console-address ":9001" healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live'] interval: 30s timeout: 20s retries: 3 fastgpt-app: container_name: fastgpt-app image: ghcr.io/labring/fastgpt:v4.14.10.2 ports: - 3000:3000 networks: - fastgpt depends_on: - fastgpt-mongo - fastgpt-code-sandbox - fastgpt-pg restart: always environment: <<: [*x-share-db-config, *x-vec-config, *x-log-config] # ==================== 基础配置 ==================== # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 FE_DOMAIN: http://localhost:3000 # root key(最高权限) ROOT_KEY: *x-system-key # root 密码,用户名为: root。如果需要修改 root 密码,直接修改这个环境变量,并重启即可。 DEFAULT_ROOT_PSW: *x-default-root-psw # 数据库最大连接数 DB_MAX_LINK: 5 # 自动同步索引(0 表示不同步) SYNC_INDEX: 1 TOKEN_KEY: fastgpt # 文件阅读时的密钥 FILE_TOKEN_KEY: filetokenkey # 密钥加密 key AES256_SECRET_KEY: fastgptsecret # 强制将图片转成 base64 传递给模型 MULTIPLE_DATA_TO_BASE64: true # ==================== 服务地址与集成 ==================== # plugin 地址 PLUGIN_BASE_URL: http://fastgpt-plugin:3000 PLUGIN_TOKEN: *x-plugin-auth-token # code-sandbox 地址 CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 CODE_SANDBOX_TOKEN: *x-code-sandbox-token # AI Proxy 的地址,如果配了该地址,优先使用 AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 # AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY AIPROXY_API_TOKEN: *x-aiproxy-token # ==================== Agent sandbox 配置 ==================== AGENT_SANDBOX_PROVIDER: opensandbox # OpenSandbox 配置(PROVIDER: opensandbox 时生效) AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 AGENT_SANDBOX_OPENSANDBOX_API_KEY: AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.1 # Volume 持久化配置(opensandbox provider 下可选) AGENT_SANDBOX_ENABLE_VOLUME: true AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token # ==================== 日志与监控 ==================== # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-client # ==================== 安全与运行限制 ==================== # 启动 IP 限流(true);部分接口启用 IP 限流策略以防止异常请求 USE_IP_LIMIT: false # 工作流最大运行次数,避免极端死循环 WORKFLOW_MAX_RUN_TIMES: 1000 # 循环最大运行次数,避免极端死循环 WORKFLOW_MAX_LOOP_TIMES: 100 # 服务器接收请求的最大大小(MB) SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 # 启用内网 IP 检查 CHECK_INTERNAL_IP: false # ==================== 上传与账号策略 ==================== # 最大上传文件大小(MB) UPLOAD_FILE_MAX_SIZE: 1000 # 最大上传文件数量 UPLOAD_FILE_MAX_AMOUNT: 1000 # LLM 请求追踪保留时长(小时) LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 # ==================== 功能开关与特殊配置 ==================== # 自定义跨域;不配置时默认允许所有跨域(逗号分割) ALLOWED_ORIGINS: # HTML 转 Markdown 最大字符数(超过后不执行转换) MAX_HTML_TRANSFORM_CHARS: 1000000 volumes: - ./config.json:/app/data/config.json fastgpt-code-sandbox: container_name: fastgpt-code-sandbox image: ghcr.io/labring/fastgpt-code-sandbox:v4.14.10 networks: - fastgpt restart: always environment: <<: [*x-log-config] LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox SANDBOX_TOKEN: *x-code-sandbox-token # ===== Resource Limits ===== # Execution timeout per request (ms) SANDBOX_MAX_TIMEOUT: 60000 # Maximum allowed memory per user code execution (MB) # Note: System automatically adds 50MB for runtime overhead # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB SANDBOX_MAX_MEMORY_MB: 256 # ===== Process Pool ===== # Number of pre-warmed worker processes (JS + Python) SANDBOX_POOL_SIZE: 20 # ===== Network Request Limits ===== # Whether to check if the request is to a private network CHECK_INTERNAL_IP: false # Maximum number of HTTP requests per execution SANDBOX_REQUEST_MAX_COUNT: 30 # Timeout for each outbound HTTP request (ms) SANDBOX_REQUEST_TIMEOUT: 60000 # Maximum response body size for outbound requests SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 # Maximum request body size for outbound requests (MB) SANDBOX_REQUEST_MAX_BODY_MB: 5 # ===== Module Control ===== # JS allowed modules whitelist (comma-separated) SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring # Python allowed modules whitelist (comma-separated) SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] interval: 30s timeout: 20s retries: 3 fastgpt-mcp-server: container_name: fastgpt-mcp-server image: ghcr.io/labring/fastgpt-mcp_server:v4.14.10 networks: - fastgpt ports: - 3003:3000 restart: always environment: <<: [*x-log-config] FASTGPT_ENDPOINT: http://fastgpt-app:3000 fastgpt-plugin: image: ghcr.io/labring/fastgpt-plugin:v0.5.6 container_name: fastgpt-plugin restart: always networks: - fastgpt environment: <<: [*x-share-db-config, *x-log-config] AUTH_TOKEN: *x-plugin-auth-token # 工具网络请求,最大请求和响应体 SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 # 最大 API 请求体大小 MAX_API_SIZE: 10 # 传递给 OTLP 收集器的服务名称 LOG_OTEL_SERVICE_NAME: fastgpt-plugin depends_on: fastgpt-minio: condition: service_healthy healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] interval: 30s timeout: 20s retries: 3 # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 # runtime=docker 模式需要挂载 Docker socket # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) opensandbox-server: image: opensandbox/server:v0.1.9 container_name: fastgpt-opensandbox-server restart: always networks: - fastgpt volumes: - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载 configs: - source: opensandbox-config target: /etc/opensandbox/config.toml environment: SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:8090/health'] interval: 10s timeout: 5s retries: 5 # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). opensandbox-agent-sandbox-image: image: ghcr.io/labring/fastgpt-agent-sandbox:v0.1 profiles: - prepull opensandbox-execd-image: image: opensandbox/execd:v1.0.7 profiles: - prepull opensandbox-egress-image: image: opensandbox/egress:v1.0.3 profiles: - prepull # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC fastgpt-volume-manager: image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.1 container_name: fastgpt-volume-manager restart: always networks: - fastgpt volumes: - /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可) environment: PORT: 3000 VM_RUNTIME: docker VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 VM_LOG_LEVEL: info VM_DOCKER_API_VERSION: v1.44 healthcheck: test: [ 'CMD', 'bun', '-e', "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })" ] interval: 10s timeout: 5s retries: 5 # AI Proxy fastgpt-aiproxy: image: ghcr.io/labring/aiproxy:v0.3.5 container_name: fastgpt-aiproxy restart: unless-stopped depends_on: fastgpt-aiproxy-pg: condition: service_healthy networks: - fastgpt - aiproxy environment: # 对应 fastgpt 里的AIPROXY_API_TOKEN ADMIN_KEY: *x-aiproxy-token # 错误日志详情保存时间(小时) LOG_DETAIL_STORAGE_HOURS: 1 # 数据库连接地址 SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy # 最大重试次数 RETRY_TIMES: 3 # 不需要计费 BILLING_ENABLED: false # 不需要严格检测模型 DISABLE_MODEL_CONFIG: true healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status'] interval: 5s timeout: 5s retries: 10 fastgpt-aiproxy-pg: image: pgvector/pgvector:0.8.0-pg15 # docker hub restart: unless-stopped container_name: fastgpt-aiproxy-pg volumes: - fastgpt-aiproxy_pg:/var/lib/postgresql/data networks: - aiproxy environment: TZ: Asia/Shanghai POSTGRES_USER: postgres POSTGRES_DB: aiproxy POSTGRES_PASSWORD: aiproxy healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres', '-d', 'aiproxy'] interval: 5s timeout: 5s retries: 10 networks: fastgpt: aiproxy: vector: volumes: fastgpt-pg: fastgpt-mongo: fastgpt-redis: fastgpt-minio: fastgpt-milvus-minio: fastgpt-milvus-etcd: fastgpt-milvus-data: fastgpt-ob-data: fastgpt-ob-config: fastgpt-seekdb-data: fastgpt-seekdb-config: fastgpt-aiproxy_pg: configs: opensandbox-config: content: | [server] host = "0.0.0.0" port = 8090 log_level = "INFO" [runtime] type = "docker" execd_image = "opensandbox/execd:v1.0.7" [egress] image = "opensandbox/egress:v1.0.3" [docker] network_mode = "bridge" # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). # It's required when server deployed with docker container under host. host_ip = "host.docker.internal" drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] no_new_privileges = true pids_limit = 512 [ingress] mode = "direct"