ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2026-05-09 01:02:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dcb754f4739551f9ad8dac19cd00a8f7722624b
FastGPT/deploy/templates/docker-compose.prod.yml
T
Archer 89b80f75a4 Perf worker and env load (#6861) 
* perf: read file worker

* perf: worker pool

* fix: test

* fix: review

* fix: test

* fix: add helm aes secret env

* fix: align required env configuration

* docs: align env default values

* test: make AES tamper case deterministic

* sandbox default env

* chore: centralize environment configuration

* fix: tighten env ownership and validation

* fix: harden env compatibility

* perf: env

* fix: resolve env ci failures

* perf: env

* perf: env

* remove invalid code

* doc

* doc

* doc

* doc

* perf: axios header get

* fix: test

* fix: i18n
2026-05-06 18:25:24 +08:00

469 lines
16 KiB
YAML
Raw Blame History

# 用于部署的 docker-compose 文件:
# - FastGPT 端口映射为 3000:3000
# - FastGPT-mcp-server 端口映射 3005:3000
# - 建议修改账密后再运行
# root 默认密码(重启后会强制重置该密码成环境变量值)
x-default-root-psw: &x-default-root-psw '1234'
# 系统最高密钥凭证
x-system-key: &x-system-key 'fastgpt-xxx'
# plugin auth token
x-plugin-auth-token: &x-plugin-auth-token 'token'
# code sandbox token
x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
# volume manager auth token
x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken'
# aiproxy token
x-aiproxy-token: &x-aiproxy-token 'token'
# 数据库连接相关配置
x-share-db-config: &x-share-db-config
MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin
DB_MAX_LINK: 100
REDIS_URL: redis://default:mypassword@fastgpt-redis:6379
# @see https://doc.fastgpt.cn/self-host/config/object-storage
STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss
STORAGE_REGION: us-east-1
STORAGE_ACCESS_KEY_ID: minioadmin
STORAGE_SECRET_ACCESS_KEY: minioadmin
STORAGE_PUBLIC_BUCKET: fastgpt-public
STORAGE_PRIVATE_BUCKET: fastgpt-private
STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用)
STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口
STORAGE_S3_FORCE_PATH_STYLE: true
STORAGE_S3_MAX_RETRIES: 3
# Log 配置
x-log-config: &x-log-config
LOG_ENABLE_CONSOLE: true
LOG_CONSOLE_LEVEL: debug
LOG_ENABLE_OTEL: false
LOG_OTEL_LEVEL: info
LOG_OTEL_URL: http://localhost:4318/v1/logs
# 向量库相关配置
x-vec-config: &x-vec-config
${{vec.config}}
services:
# Vector DB
${{vec.db}}
fastgpt-mongo:
image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29
container_name: fastgpt-mongo
restart: always
networks:
- data
command: mongod --keyFile /data/mongodb.key --replSet rs0
environment:
- MONGO_INITDB_ROOT_USERNAME=myusername
- MONGO_INITDB_ROOT_PASSWORD=mypassword
volumes:
- fastgpt-mongo:/data/db
healthcheck:
test: ['CMD', 'mongo', '-u', 'myusername', '-p', 'mypassword', '--authenticationDatabase', 'admin', '--eval', "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
entrypoint:
- bash
- -c
- |
openssl rand -base64 128 > /data/mongodb.key
chmod 400 /data/mongodb.key
chown 999:999 /data/mongodb.key
echo 'const isInited = rs.status().ok === 1
if(!isInited){
rs.initiate({
_id: "rs0",
members: [
{ _id: 0, host: "fastgpt-mongo:27017" }
]
})
}' > /data/initReplicaSet.js
# 启动MongoDB服务
exec docker-entrypoint.sh "$$@" &
# 等待MongoDB服务启动
until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do
echo "Waiting for MongoDB to start..."
sleep 2
done
# 执行初始化副本集的脚本
mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js
# 等待docker-entrypoint.sh脚本执行的MongoDB服务进程
wait $$!
fastgpt-redis:
image: ${{redis.image}}:${{redis.tag}}
container_name: fastgpt-redis
networks:
- data
restart: always
command: |
redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction
healthcheck:
test: ['CMD', 'redis-cli', '-a', 'mypassword', 'ping']
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
volumes:
- fastgpt-redis:/data
fastgpt-minio:
image: ${{minio.image}}:${{minio.tag}}
container_name: fastgpt-minio
restart: always
ports:
- 9000:9000
- 9001:9001
networks:
- data
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
volumes:
- fastgpt-minio:/data
command: server /data --console-address ":9001"
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live']
interval: 30s
timeout: 20s
retries: 3
fastgpt-app:
container_name: fastgpt-app
image: ${{fastgpt.image}}:${{fastgpt.tag}}
ports:
- 3000:3000
networks:
- data
- app
- codesandbox
- opensandbox
- aiproxy
depends_on:
fastgpt-mongo:
condition: service_healthy
fastgpt-vector:
condition: service_healthy
fastgpt-redis:
condition: service_healthy
fastgpt-minio:
condition: service_healthy
fastgpt-code-sandbox:
condition: service_healthy
fastgpt-plugin:
condition: service_healthy
restart: always
environment:
# 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template
<<: [*x-share-db-config, *x-vec-config, *x-log-config]
HOSTNAME: 0.0.0.0
# ==================== 基础配置 ====================
# 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。
FE_DOMAIN:
# root key(最高权限)
ROOT_KEY: *x-system-key
# root 密码,用户名为: root。如果需要修改 root 密码,直接修改这个环境变量,并重启即可。
DEFAULT_ROOT_PSW: *x-default-root-psw
# 数据库最大连接数
DB_MAX_LINK: 5
# 自动同步索引
SYNC_INDEX: true
TOKEN_KEY: fastgpt
# 文件阅读时的密钥
FILE_TOKEN_KEY: filetokenkey
# 密钥加密 key
AES256_SECRET_KEY: fastgptsecret
# 强制将图片转成 base64 传递给模型
MULTIPLE_DATA_TO_BASE64: true
# ==================== 服务地址与集成 ====================
# plugin 地址
PLUGIN_BASE_URL: http://fastgpt-plugin:3000
PLUGIN_TOKEN: *x-plugin-auth-token
# code-sandbox 地址
CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000
CODE_SANDBOX_TOKEN: *x-code-sandbox-token
# AI Proxy 的地址,如果配了该地址,优先使用
AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000
# AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY
AIPROXY_API_TOKEN: *x-aiproxy-token
# ==================== Agent sandbox 配置 ====================
AGENT_SANDBOX_PROVIDER: opensandbox
# OpenSandbox 配置(PROVIDER: opensandbox 时生效)
AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090
AGENT_SANDBOX_OPENSANDBOX_API_KEY:
AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker
AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ${{agent-sandbox-image.image}}
AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: ${{agent-sandbox-image.tag}}
AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true
# Volume 持久化配置(opensandbox provider 下可选)
AGENT_SANDBOX_ENABLE_VOLUME: true
AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000
AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token
# ==================== 日志与监控 ====================
# 传递给 OTLP 收集器的服务名称
LOG_OTEL_SERVICE_NAME: fastgpt-client
volumes:
- ./config.json:/app/data/config.json
fastgpt-code-sandbox:
container_name: fastgpt-code-sandbox
image: ${{fastgpt-code-sandbox.image}}:${{fastgpt-code-sandbox.tag}}
networks:
- codesandbox
restart: always
environment:
<<: [*x-log-config]
LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
SANDBOX_TOKEN: *x-code-sandbox-token
# ===== Resource Limits =====
# Execution timeout per request (ms)
SANDBOX_MAX_TIMEOUT: 60000
# Maximum allowed memory per user code execution (MB)
# Note: System automatically adds 50MB for runtime overhead
# Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
SANDBOX_MAX_MEMORY_MB: 256
# ===== Process Pool =====
# Number of pre-warmed worker processes (JS + Python)
SANDBOX_POOL_SIZE: 20
# ===== Network Request Limits =====
# Whether to check if the request is to a private network
CHECK_INTERNAL_IP: false
# Maximum number of HTTP requests per execution
SANDBOX_REQUEST_MAX_COUNT: 30
# Timeout for each outbound HTTP request (ms)
SANDBOX_REQUEST_TIMEOUT: 60000
# Maximum response body size for outbound requests
SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
# Maximum request body size for outbound requests (MB)
SANDBOX_REQUEST_MAX_BODY_MB: 5
# ===== Module Control =====
# JS allowed modules whitelist (comma-separated)
SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
# Python allowed modules whitelist (comma-separated)
SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
healthcheck:
test: [
'CMD',
'bun',
'-e',
"fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })"
]
interval: 30s
timeout: 20s
retries: 3
fastgpt-mcp-server:
container_name: fastgpt-mcp-server
image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}}
networks:
- app
ports:
- 3003:3000
restart: always
environment:
<<: [*x-log-config]
FASTGPT_ENDPOINT: http://fastgpt-app:3000
fastgpt-plugin:
image: ${{fastgpt-plugin.image}}:${{fastgpt-plugin.tag}}
container_name: fastgpt-plugin
restart: always
networks:
- data
- app
environment:
<<: [*x-share-db-config, *x-log-config]
AUTH_TOKEN: *x-plugin-auth-token
# 工具网络请求,最大请求和响应体
SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
# 最大 API 请求体大小
MAX_API_SIZE: 10
# 传递给 OTLP 收集器的服务名称
LOG_OTEL_SERVICE_NAME: fastgpt-plugin
depends_on:
fastgpt-mongo:
condition: service_healthy
fastgpt-minio:
condition: service_healthy
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
interval: 30s
timeout: 20s
retries: 3
# 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除
# runtime=docker 模式需要挂载 Docker socket
# 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用)
opensandbox-server:
image: ${{opensandbox-server.image}}:${{opensandbox-server.tag}}
container_name: fastgpt-opensandbox-server
restart: always
networks:
- opensandbox
extra_hosts:
- 'host.docker.internal:host-gateway'
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致
configs:
- source: opensandbox-config
target: /etc/opensandbox/config.toml
environment:
SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml
healthcheck:
test:
[
'CMD',
'python',
'-c',
'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)'
]
interval: 10s
timeout: 5s
retries: 5
# Pre-pull only: not started by `docker compose up` (uses profile `prepull`).
opensandbox-agent-sandbox-image:
image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}}
profiles:
- prepull
opensandbox-execd-image:
image: ${{opensandbox-execd.image}}:${{opensandbox-execd.tag}}
profiles:
- prepull
opensandbox-egress-image:
image: ${{opensandbox-egress.image}}:${{opensandbox-egress.tag}}
profiles:
- prepull
# 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC
fastgpt-volume-manager:
image: ${{volume-manager.image}}:${{volume-manager.tag}}
container_name: fastgpt-volume-manager
restart: always
networks:
- opensandbox
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致
environment:
PORT: 3000
VM_RUNTIME: docker
VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN
VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀
VM_LOG_LEVEL: info
VM_DOCKER_API_VERSION: v1.44
healthcheck:
test:
[
'CMD',
'bun',
'-e',
"fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })"
]
interval: 10s
timeout: 5s
retries: 5
# AI Proxy
fastgpt-aiproxy:
image: ${{aiproxy.image}}:${{aiproxy.tag}}
container_name: fastgpt-aiproxy
restart: unless-stopped
depends_on:
fastgpt-aiproxy-pg:
condition: service_healthy
networks:
- aiproxy
environment:
# 对应 fastgpt 里的AIPROXY_API_TOKEN
ADMIN_KEY: *x-aiproxy-token
# 错误日志详情保存时间(小时)
LOG_DETAIL_STORAGE_HOURS: 1
# 数据库连接地址
SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy
# 最大重试次数
RETRY_TIMES: 3
# 不需要计费
BILLING_ENABLED: false
# 不需要严格检测模型
DISABLE_MODEL_CONFIG: true
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status']
interval: 5s
timeout: 5s
retries: 10
fastgpt-aiproxy-pg:
image: ${{aiproxy-pg.image}}:${{aiproxy-pg.tag}} # docker hub
restart: unless-stopped
container_name: fastgpt-aiproxy-pg
volumes:
- fastgpt-aiproxy_pg:/var/lib/postgresql/data
networks:
- aiproxy
environment:
TZ: Asia/Shanghai
POSTGRES_USER: postgres
POSTGRES_DB: aiproxy
POSTGRES_PASSWORD: aiproxy
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres', '-d', 'aiproxy']
interval: 5s
timeout: 5s
retries: 10
networks:
data:
name: fastgpt_data
app:
name: fastgpt_app
codesandbox:
name: fastgpt_codesandbox
opensandbox:
name: fastgpt_opensandbox
aiproxy:
name: fastgpt_aiproxy
volumes:
fastgpt-pg:
fastgpt-mongo:
fastgpt-redis:
fastgpt-minio:
fastgpt-milvus-minio:
fastgpt-milvus-etcd:
fastgpt-milvus-data:
fastgpt-ob-data:
fastgpt-ob-config:
fastgpt-seekdb-data:
fastgpt-seekdb-config:
fastgpt-aiproxy_pg:
configs:
opensandbox-config:
content: |
[server]
host = "0.0.0.0"
port = 8090
log_level = "INFO"
[runtime]
type = "docker"
execd_image = "${{opensandbox-execd.image}}:${{opensandbox-execd.tag}}"
[egress]
image = "${{opensandbox-egress.image}}:${{opensandbox-egress.tag}}"
[docker]
network_mode = "fastgpt_opensandbox"
# When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP).
# It's required when server deployed with docker container under host.
host_ip = "host.docker.internal"
drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"]
no_new_privileges = true
pids_limit = 512
[ingress]
mode = "direct"
${{vec.extra}}
Reference in New Issue View Git Blame Copy Permalink