fix(docker): 端口避让 + admin-service依赖修复
- 所有端口改为不冲突范围: 基础设施4xxxx, 服务4xxx - admin-service添加adbkit-apkreader/unzipper/bplist-parser依赖 - 修复Platform类型推断 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2f583a0a24
commit
8e9ee1d38b
|
|
@ -13,8 +13,7 @@ services:
|
||||||
POSTGRES_PASSWORD: genex_dev_password
|
POSTGRES_PASSWORD: genex_dev_password
|
||||||
POSTGRES_DB: genex
|
POSTGRES_DB: genex
|
||||||
ports:
|
ports:
|
||||||
# 安全加固: 仅绑定 127.0.0.1, 禁止公网直连数据库
|
- "127.0.0.1:45432:5432"
|
||||||
- "127.0.0.1:5432:5432"
|
|
||||||
volumes:
|
volumes:
|
||||||
- postgres_data:/var/lib/postgresql/data
|
- postgres_data:/var/lib/postgresql/data
|
||||||
- ./migrations:/docker-entrypoint-initdb.d
|
- ./migrations:/docker-entrypoint-initdb.d
|
||||||
|
|
@ -44,8 +43,7 @@ services:
|
||||||
image: redis:7-alpine
|
image: redis:7-alpine
|
||||||
container_name: genex-redis
|
container_name: genex-redis
|
||||||
ports:
|
ports:
|
||||||
# 安全加固: 仅绑定 127.0.0.1, Redis 无密码保护, 暴露公网极易被利用
|
- "127.0.0.1:46379:6379"
|
||||||
- "127.0.0.1:6379:6379"
|
|
||||||
volumes:
|
volumes:
|
||||||
- redis_data:/data
|
- redis_data:/data
|
||||||
command: redis-server --appendonly yes
|
command: redis-server --appendonly yes
|
||||||
|
|
@ -68,7 +66,7 @@ services:
|
||||||
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9093
|
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9093
|
||||||
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
|
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
|
||||||
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:9093,PLAINTEXT_HOST://0.0.0.0:29092
|
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:9093,PLAINTEXT_HOST://0.0.0.0:29092
|
||||||
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,PLAINTEXT_HOST://localhost:29092
|
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,PLAINTEXT_HOST://localhost:49092
|
||||||
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
|
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
|
||||||
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
|
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
|
||||||
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
|
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
|
||||||
|
|
@ -78,9 +76,8 @@ services:
|
||||||
KAFKA_LOG_DIRS: /var/lib/kafka/data
|
KAFKA_LOG_DIRS: /var/lib/kafka/data
|
||||||
CLUSTER_ID: "genex-kafka-cluster-001"
|
CLUSTER_ID: "genex-kafka-cluster-001"
|
||||||
ports:
|
ports:
|
||||||
- "9092:9092"
|
- "127.0.0.1:49092:9092"
|
||||||
# 安全加固: 外部访问端口仅绑定 127.0.0.1
|
- "127.0.0.1:49093:29092"
|
||||||
- "127.0.0.1:29092:29092"
|
|
||||||
volumes:
|
volumes:
|
||||||
- kafka_data:/var/lib/kafka/data
|
- kafka_data:/var/lib/kafka/data
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|
@ -100,9 +97,8 @@ services:
|
||||||
MINIO_ROOT_USER: genex-admin
|
MINIO_ROOT_USER: genex-admin
|
||||||
MINIO_ROOT_PASSWORD: genex-minio-secret
|
MINIO_ROOT_PASSWORD: genex-minio-secret
|
||||||
ports:
|
ports:
|
||||||
- "9000:9000" # S3 API
|
- "127.0.0.1:49000:9000" # S3 API
|
||||||
# 安全加固: MinIO Console 仅绑定 127.0.0.1, 带默认密码暴露公网极其危险
|
- "127.0.0.1:49001:9001" # Console UI
|
||||||
- "127.0.0.1:9001:9001" # Console UI
|
|
||||||
volumes:
|
volumes:
|
||||||
- minio_data:/data
|
- minio_data:/data
|
||||||
command: server /data --console-address ":9001"
|
command: server /data --console-address ":9001"
|
||||||
|
|
@ -157,9 +153,7 @@ services:
|
||||||
OFFSET_FLUSH_INTERVAL_MS: 10000
|
OFFSET_FLUSH_INTERVAL_MS: 10000
|
||||||
OFFSET_FLUSH_TIMEOUT_MS: 5000
|
OFFSET_FLUSH_TIMEOUT_MS: 5000
|
||||||
ports:
|
ports:
|
||||||
# 安全加固: 仅绑定 127.0.0.1, 禁止公网访问 Kafka Connect REST API
|
- "127.0.0.1:48083:8083"
|
||||||
# 暴露公网会导致 SSRF 攻击 (恶意注入 connector 读取 /etc/passwd 等)
|
|
||||||
- "127.0.0.1:8083:8083"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
kafka:
|
kafka:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
|
|
@ -183,9 +177,8 @@ services:
|
||||||
KONG_ADMIN_LISTEN: 0.0.0.0:8001
|
KONG_ADMIN_LISTEN: 0.0.0.0:8001
|
||||||
KONG_PROXY_LISTEN: 0.0.0.0:8080
|
KONG_PROXY_LISTEN: 0.0.0.0:8080
|
||||||
ports:
|
ports:
|
||||||
- "8080:8080" # Proxy (frontend connects here)
|
- "48080:8080" # Proxy (frontend connects here)
|
||||||
# 安全加固: Kong Admin API 仅绑定 127.0.0.1, 暴露公网可被用于篡改路由规则
|
- "127.0.0.1:48001:8001" # Admin API
|
||||||
- "127.0.0.1:8001:8001" # Admin API
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./kong/kong.yml:/etc/kong/kong.yml:ro
|
- ./kong/kong.yml:/etc/kong/kong.yml:ro
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|
@ -198,7 +191,7 @@ services:
|
||||||
- genex-network
|
- genex-network
|
||||||
|
|
||||||
# ============================================================
|
# ============================================================
|
||||||
# NestJS Services (5)
|
# NestJS Services (9)
|
||||||
# ============================================================
|
# ============================================================
|
||||||
|
|
||||||
user-service:
|
user-service:
|
||||||
|
|
@ -207,7 +200,7 @@ services:
|
||||||
dockerfile: services/user-service/Dockerfile
|
dockerfile: services/user-service/Dockerfile
|
||||||
container_name: genex-user-service
|
container_name: genex-user-service
|
||||||
ports:
|
ports:
|
||||||
- "3001:3001"
|
- "4001:3001"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3001
|
- PORT=3001
|
||||||
|
|
@ -239,7 +232,7 @@ services:
|
||||||
dockerfile: services/issuer-service/Dockerfile
|
dockerfile: services/issuer-service/Dockerfile
|
||||||
container_name: genex-issuer-service
|
container_name: genex-issuer-service
|
||||||
ports:
|
ports:
|
||||||
- "3002:3002"
|
- "4002:3002"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3002
|
- PORT=3002
|
||||||
|
|
@ -268,7 +261,7 @@ services:
|
||||||
dockerfile: services/clearing-service/Dockerfile
|
dockerfile: services/clearing-service/Dockerfile
|
||||||
container_name: genex-clearing-service
|
container_name: genex-clearing-service
|
||||||
ports:
|
ports:
|
||||||
- "3004:3004"
|
- "4004:3004"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3004
|
- PORT=3004
|
||||||
|
|
@ -293,7 +286,7 @@ services:
|
||||||
dockerfile: services/compliance-service/Dockerfile
|
dockerfile: services/compliance-service/Dockerfile
|
||||||
container_name: genex-compliance-service
|
container_name: genex-compliance-service
|
||||||
ports:
|
ports:
|
||||||
- "3005:3005"
|
- "4005:3005"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3005
|
- PORT=3005
|
||||||
|
|
@ -318,7 +311,7 @@ services:
|
||||||
dockerfile: services/notification-service/Dockerfile
|
dockerfile: services/notification-service/Dockerfile
|
||||||
container_name: genex-notification-service
|
container_name: genex-notification-service
|
||||||
ports:
|
ports:
|
||||||
- "3008:3008"
|
- "4008:3008"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3008
|
- PORT=3008
|
||||||
|
|
@ -346,7 +339,7 @@ services:
|
||||||
dockerfile: services/telemetry-service/Dockerfile
|
dockerfile: services/telemetry-service/Dockerfile
|
||||||
container_name: genex-telemetry-service
|
container_name: genex-telemetry-service
|
||||||
ports:
|
ports:
|
||||||
- "3011:3011"
|
- "4011:3011"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3011
|
- PORT=3011
|
||||||
|
|
@ -380,7 +373,7 @@ services:
|
||||||
dockerfile: services/admin-service/Dockerfile
|
dockerfile: services/admin-service/Dockerfile
|
||||||
container_name: genex-admin-service
|
container_name: genex-admin-service
|
||||||
ports:
|
ports:
|
||||||
- "3012:3012"
|
- "4012:3012"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3012
|
- PORT=3012
|
||||||
|
|
@ -414,7 +407,7 @@ services:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
container_name: genex-trading-service
|
container_name: genex-trading-service
|
||||||
ports:
|
ports:
|
||||||
- "3003:3003"
|
- "4003:3003"
|
||||||
environment:
|
environment:
|
||||||
- PORT=3003
|
- PORT=3003
|
||||||
- DB_HOST=postgres
|
- DB_HOST=postgres
|
||||||
|
|
@ -442,7 +435,7 @@ services:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
container_name: genex-translate-service
|
container_name: genex-translate-service
|
||||||
ports:
|
ports:
|
||||||
- "3007:3007"
|
- "4007:3007"
|
||||||
environment:
|
environment:
|
||||||
- PORT=3007
|
- PORT=3007
|
||||||
- DB_HOST=postgres
|
- DB_HOST=postgres
|
||||||
|
|
@ -467,7 +460,7 @@ services:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
container_name: genex-chain-indexer
|
container_name: genex-chain-indexer
|
||||||
ports:
|
ports:
|
||||||
- "3009:3009"
|
- "4009:3009"
|
||||||
environment:
|
environment:
|
||||||
- PORT=3009
|
- PORT=3009
|
||||||
- KAFKA_BROKERS=kafka:9092
|
- KAFKA_BROKERS=kafka:9092
|
||||||
|
|
@ -488,7 +481,7 @@ services:
|
||||||
dockerfile: services/auth-service/Dockerfile
|
dockerfile: services/auth-service/Dockerfile
|
||||||
container_name: genex-auth-service
|
container_name: genex-auth-service
|
||||||
ports:
|
ports:
|
||||||
- "3010:3010"
|
- "4010:3010"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3010
|
- PORT=3010
|
||||||
|
|
@ -525,7 +518,7 @@ services:
|
||||||
dockerfile: services/ai-service/Dockerfile
|
dockerfile: services/ai-service/Dockerfile
|
||||||
container_name: genex-ai-service
|
container_name: genex-ai-service
|
||||||
ports:
|
ports:
|
||||||
- "3006:3006"
|
- "4006:3006"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=development
|
- NODE_ENV=development
|
||||||
- PORT=3006
|
- PORT=3006
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue