hailin
/
gcx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(docker): 端口避让 + admin-service依赖修复 

- 所有端口改为不冲突范围: 基础设施4xxxx, 服务4xxx
- admin-service添加adbkit-apkreader/unzipper/bplist-parser依赖
- 修复Platform类型推断

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-02-19 20:34:24 -08:00
parent 2f583a0a24
commit 8e9ee1d38b
1 changed files with 23 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backend/docker-compose.yml
View File

@ -13,8 +13,7 @@ services:
POSTGRES_PASSWORD: genex_dev_password
POSTGRES_DB: genex
ports:
# 安全加固: 仅绑定 127.0.0.1, 禁止公网直连数据库
- "127.0.0.1:5432:5432"
- "127.0.0.1:45432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./migrations:/docker-entrypoint-initdb.d
@ -44,8 +43,7 @@ services:
image: redis:7-alpine
container_name: genex-redis
ports:
# 安全加固: 仅绑定 127.0.0.1, Redis 无密码保护, 暴露公网极易被利用
- "127.0.0.1:6379:6379"
- "127.0.0.1:46379:6379"
volumes:
- redis_data:/data
command: redis-server --appendonly yes
@ -68,7 +66,7 @@ services:
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9093
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:9093,PLAINTEXT_HOST://0.0.0.0:29092
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,PLAINTEXT_HOST://localhost:29092
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,PLAINTEXT_HOST://localhost:49092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
@ -78,9 +76,8 @@ services:
KAFKA_LOG_DIRS: /var/lib/kafka/data
CLUSTER_ID: "genex-kafka-cluster-001"
ports:
- "9092:9092"
# 安全加固: 外部访问端口仅绑定 127.0.0.1
- "127.0.0.1:29092:29092"
- "127.0.0.1:49092:9092"
- "127.0.0.1:49093:29092"
volumes:
- kafka_data:/var/lib/kafka/data
healthcheck:
@ -100,9 +97,8 @@ services:
MINIO_ROOT_USER: genex-admin
MINIO_ROOT_PASSWORD: genex-minio-secret
ports:
- "9000:9000" # S3 API
# 安全加固: MinIO Console 仅绑定 127.0.0.1, 带默认密码暴露公网极其危险
- "127.0.0.1:9001:9001" # Console UI
- "127.0.0.1:49000:9000" # S3 API
- "127.0.0.1:49001:9001" # Console UI
volumes:
- minio_data:/data
command: server /data --console-address ":9001"
@ -157,9 +153,7 @@ services:
OFFSET_FLUSH_INTERVAL_MS: 10000
OFFSET_FLUSH_TIMEOUT_MS: 5000
ports:
# 安全加固: 仅绑定 127.0.0.1, 禁止公网访问 Kafka Connect REST API
# 暴露公网会导致 SSRF 攻击 (恶意注入 connector 读取 /etc/passwd 等)
- "127.0.0.1:8083:8083"
- "127.0.0.1:48083:8083"
depends_on:
kafka:
condition: service_healthy
@ -183,9 +177,8 @@ services:
KONG_ADMIN_LISTEN: 0.0.0.0:8001
KONG_PROXY_LISTEN: 0.0.0.0:8080
ports:
- "8080:8080" # Proxy (frontend connects here)
# 安全加固: Kong Admin API 仅绑定 127.0.0.1, 暴露公网可被用于篡改路由规则
- "127.0.0.1:8001:8001" # Admin API
- "48080:8080" # Proxy (frontend connects here)
- "127.0.0.1:48001:8001" # Admin API
volumes:
- ./kong/kong.yml:/etc/kong/kong.yml:ro
healthcheck:
@ -198,7 +191,7 @@ services:
- genex-network
# ============================================================
# NestJS Services (5)
# NestJS Services (9)
# ============================================================
user-service:
@ -207,7 +200,7 @@ services:
dockerfile: services/user-service/Dockerfile
container_name: genex-user-service
ports:
- "3001:3001"
- "4001:3001"
environment:
- NODE_ENV=development
- PORT=3001
@ -239,7 +232,7 @@ services:
dockerfile: services/issuer-service/Dockerfile
container_name: genex-issuer-service
ports:
- "3002:3002"
- "4002:3002"
environment:
- NODE_ENV=development
- PORT=3002
@ -268,7 +261,7 @@ services:
dockerfile: services/clearing-service/Dockerfile
container_name: genex-clearing-service
ports:
- "3004:3004"
- "4004:3004"
environment:
- NODE_ENV=development
- PORT=3004
@ -293,7 +286,7 @@ services:
dockerfile: services/compliance-service/Dockerfile
container_name: genex-compliance-service
ports:
- "3005:3005"
- "4005:3005"
environment:
- NODE_ENV=development
- PORT=3005
@ -318,7 +311,7 @@ services:
dockerfile: services/notification-service/Dockerfile
container_name: genex-notification-service
ports:
- "3008:3008"
- "4008:3008"
environment:
- NODE_ENV=development
- PORT=3008
@ -346,7 +339,7 @@ services:
dockerfile: services/telemetry-service/Dockerfile
container_name: genex-telemetry-service
ports:
- "3011:3011"
- "4011:3011"
environment:
- NODE_ENV=development
- PORT=3011
@ -380,7 +373,7 @@ services:
dockerfile: services/admin-service/Dockerfile
container_name: genex-admin-service
ports:
- "3012:3012"
- "4012:3012"
environment:
- NODE_ENV=development
- PORT=3012
@ -414,7 +407,7 @@ services:
dockerfile: Dockerfile
container_name: genex-trading-service
ports:
- "3003:3003"
- "4003:3003"
environment:
- PORT=3003
- DB_HOST=postgres
@ -442,7 +435,7 @@ services:
dockerfile: Dockerfile
container_name: genex-translate-service
ports:
- "3007:3007"
- "4007:3007"
environment:
- PORT=3007
- DB_HOST=postgres
@ -467,7 +460,7 @@ services:
dockerfile: Dockerfile
container_name: genex-chain-indexer
ports:
- "3009:3009"
- "4009:3009"
environment:
- PORT=3009
- KAFKA_BROKERS=kafka:9092
@ -488,7 +481,7 @@ services:
dockerfile: services/auth-service/Dockerfile
container_name: genex-auth-service
ports:
- "3010:3010"
- "4010:3010"
environment:
- NODE_ENV=development
- PORT=3010
@ -525,7 +518,7 @@ services:
dockerfile: services/ai-service/Dockerfile
container_name: genex-ai-service
ports:
- "3006:3006"
- "4006:3006"
environment:
- NODE_ENV=development
- PORT=3006