# MPC-System Docker Compose Configuration # 部署位置: 192.168.1.100 (Nginx + MPC 服务器) # 用途: TSS 密钥生成、签名服务 # # 启动命令: # 生产环境: docker compose --env-file .env.production up -d # 开发环境: docker compose up -d # # 对外端口: 4000 (Account Service HTTP) - 供 mpc-service (192.168.1.111:3001) 调用 services: # ============================================ # Infrastructure Services # ============================================ # PostgreSQL Database postgres: image: postgres:15-alpine container_name: mpc-postgres environment: POSTGRES_DB: mpc_system POSTGRES_USER: ${POSTGRES_USER:-mpc_user} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} volumes: - postgres-data:/var/lib/postgresql/data - ./migrations:/docker-entrypoint-initdb.d:ro healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-mpc_user} -d mpc_system"] interval: 10s timeout: 5s retries: 5 start_period: 30s networks: - mpc-network restart: unless-stopped # 生产环境不暴露端口到主机,仅内部网络可访问 # ports: # - "5432:5432" # Redis Cache redis: image: redis:7-alpine container_name: mpc-redis command: redis-server --appendonly yes --maxmemory 512mb --maxmemory-policy allkeys-lru ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD} volumes: - redis-data:/data healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 networks: - mpc-network restart: unless-stopped # RabbitMQ Message Broker rabbitmq: image: rabbitmq:3-management-alpine container_name: mpc-rabbitmq environment: RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-mpc_user} RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-mpc_rabbit_password} RABBITMQ_DEFAULT_VHOST: / volumes: - rabbitmq-data:/var/lib/rabbitmq healthcheck: test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"] interval: 30s timeout: 10s retries: 5 start_period: 30s networks: - mpc-network restart: unless-stopped # 生产环境管理界面仅开发时使用 # ports: # - "15672:15672" # ============================================ # MPC Core Services # ============================================ # Session Coordinator Service - 会话协调器 session-coordinator: build: context: . dockerfile: services/session-coordinator/Dockerfile container_name: mpc-session-coordinator environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable MPC_REDIS_HOST: redis MPC_REDIS_PORT: 6379 MPC_REDIS_PASSWORD: ${REDIS_PASSWORD:-} MPC_RABBITMQ_HOST: rabbitmq MPC_RABBITMQ_PORT: 5672 MPC_RABBITMQ_USER: ${RABBITMQ_USER:-mpc_user} MPC_RABBITMQ_PASSWORD: ${RABBITMQ_PASSWORD:-mpc_rabbit_password} MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY} MPC_JWT_ISSUER: mpc-system depends_on: postgres: condition: service_healthy redis: condition: service_healthy rabbitmq: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # Message Router Service - 消息路由 message-router: build: context: . dockerfile: services/message-router/Dockerfile container_name: mpc-message-router environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable MPC_RABBITMQ_HOST: rabbitmq MPC_RABBITMQ_PORT: 5672 MPC_RABBITMQ_USER: ${RABBITMQ_USER:-mpc_user} MPC_RABBITMQ_PASSWORD: ${RABBITMQ_PASSWORD:-mpc_rabbit_password} depends_on: postgres: condition: service_healthy rabbitmq: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # ============================================ # Server Party Services - TSS 参与方 # 2-of-3 阈值签名: 至少 2 个 party 参与才能完成签名 # ============================================ # Server Party 1 server-party-1: build: context: . dockerfile: services/server-party/Dockerfile container_name: mpc-server-party-1 environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable SESSION_COORDINATOR_ADDR: session-coordinator:50051 MESSAGE_ROUTER_ADDR: message-router:50051 MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY} PARTY_ID: server-party-1 depends_on: postgres: condition: service_healthy session-coordinator: condition: service_healthy message-router: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # Server Party 2 server-party-2: build: context: . dockerfile: services/server-party/Dockerfile container_name: mpc-server-party-2 environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable SESSION_COORDINATOR_ADDR: session-coordinator:50051 MESSAGE_ROUTER_ADDR: message-router:50051 MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY} PARTY_ID: server-party-2 depends_on: postgres: condition: service_healthy session-coordinator: condition: service_healthy message-router: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # Server Party 3 server-party-3: build: context: . dockerfile: services/server-party/Dockerfile container_name: mpc-server-party-3 environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable SESSION_COORDINATOR_ADDR: session-coordinator:50051 MESSAGE_ROUTER_ADDR: message-router:50051 MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY} PARTY_ID: server-party-3 depends_on: postgres: condition: service_healthy session-coordinator: condition: service_healthy message-router: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # ============================================ # Account Service - 对外 API 入口 # 端口 4000: 供 mpc-service (192.168.1.111:3001) 调用 # ============================================ account-service: build: context: . dockerfile: services/account/Dockerfile container_name: mpc-account-service ports: # 对外暴露端口 4000,供后端服务器 (192.168.1.111) 的 mpc-service 调用 - "4000:8080" environment: MPC_SERVER_GRPC_PORT: 50051 MPC_SERVER_HTTP_PORT: 8080 MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production} MPC_DATABASE_HOST: postgres MPC_DATABASE_PORT: 5432 MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user} MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password} MPC_DATABASE_DBNAME: mpc_system MPC_DATABASE_SSLMODE: disable MPC_REDIS_HOST: redis MPC_REDIS_PORT: 6379 MPC_REDIS_PASSWORD: ${REDIS_PASSWORD:-} MPC_COORDINATOR_URL: session-coordinator:50051 MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY} # API 认证密钥 (与 mpc-service 配置的 MPC_API_KEY 一致) MPC_API_KEY: ${MPC_API_KEY} # 允许的来源 IP (后端服务器) ALLOWED_IPS: ${ALLOWED_IPS:-192.168.1.111} depends_on: postgres: condition: service_healthy redis: condition: service_healthy session-coordinator: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - mpc-network restart: unless-stopped # ============================================ # Networks # ============================================ networks: mpc-network: driver: bridge # ============================================ # Volumes - 持久化存储 # ============================================ volumes: postgres-data: driver: local redis-data: driver: local rabbitmq-data: driver: local