hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rwadurian/backend/mpc-system/docker-compose.yml

341 lines
10 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# MPC-System Docker Compose Configuration
# 部署位置: 192.168.1.100 (Nginx + MPC 服务器)
# 用途: TSS 密钥生成、签名服务
#
# 启动命令:
# 生产环境: docker compose --env-file .env.production up -d
# 开发环境: docker compose up -d
#
# 对外端口: 4000 (Account Service HTTP) - 供 mpc-service (192.168.1.111:3001) 调用
services:
# ============================================
# Infrastructure Services
# ============================================
# PostgreSQL Database
postgres:
image: postgres:15-alpine
container_name: mpc-postgres
environment:
POSTGRES_DB: mpc_system
POSTGRES_USER: ${POSTGRES_USER:-mpc_user}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
volumes:
- postgres-data:/var/lib/postgresql/data
- ./migrations:/docker-entrypoint-initdb.d:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-mpc_user} -d mpc_system"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# 生产环境不暴露端口到主机,仅内部网络可访问
# ports:
# - "5432:5432"
# Redis Cache
redis:
image: redis:7-alpine
container_name: mpc-redis
command: redis-server --appendonly yes --maxmemory 512mb --maxmemory-policy allkeys-lru ${REDIS_PASSWORD:+--requirepass $REDIS_PASSWORD}
volumes:
- redis-data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
- mpc-network
restart: unless-stopped
# RabbitMQ Message Broker
rabbitmq:
image: rabbitmq:3-management-alpine
container_name: mpc-rabbitmq
environment:
RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-mpc_user}
RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-mpc_rabbit_password}
RABBITMQ_DEFAULT_VHOST: /
volumes:
- rabbitmq-data:/var/lib/rabbitmq
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# 生产环境管理界面仅开发时使用
# ports:
# - "15672:15672"
# ============================================
# MPC Core Services
# ============================================
# Session Coordinator Service - 会话协调器
session-coordinator:
build:
context: .
dockerfile: services/session-coordinator/Dockerfile
container_name: mpc-session-coordinator
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
MPC_REDIS_HOST: redis
MPC_REDIS_PORT: 6379
MPC_REDIS_PASSWORD: ${REDIS_PASSWORD:-}
MPC_RABBITMQ_HOST: rabbitmq
MPC_RABBITMQ_PORT: 5672
MPC_RABBITMQ_USER: ${RABBITMQ_USER:-mpc_user}
MPC_RABBITMQ_PASSWORD: ${RABBITMQ_PASSWORD:-mpc_rabbit_password}
MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY}
MPC_JWT_ISSUER: mpc-system
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
rabbitmq:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# Message Router Service - 消息路由
message-router:
build:
context: .
dockerfile: services/message-router/Dockerfile
container_name: mpc-message-router
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
MPC_RABBITMQ_HOST: rabbitmq
MPC_RABBITMQ_PORT: 5672
MPC_RABBITMQ_USER: ${RABBITMQ_USER:-mpc_user}
MPC_RABBITMQ_PASSWORD: ${RABBITMQ_PASSWORD:-mpc_rabbit_password}
depends_on:
postgres:
condition: service_healthy
rabbitmq:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# ============================================
# Server Party Services - TSS 参与方
# 2-of-3 阈值签名: 至少 2 个 party 参与才能完成签名
# ============================================
# Server Party 1
server-party-1:
build:
context: .
dockerfile: services/server-party/Dockerfile
container_name: mpc-server-party-1
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
SESSION_COORDINATOR_ADDR: session-coordinator:50051
MESSAGE_ROUTER_ADDR: message-router:50051
MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY}
PARTY_ID: server-party-1
depends_on:
postgres:
condition: service_healthy
session-coordinator:
condition: service_healthy
message-router:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# Server Party 2
server-party-2:
build:
context: .
dockerfile: services/server-party/Dockerfile
container_name: mpc-server-party-2
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
SESSION_COORDINATOR_ADDR: session-coordinator:50051
MESSAGE_ROUTER_ADDR: message-router:50051
MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY}
PARTY_ID: server-party-2
depends_on:
postgres:
condition: service_healthy
session-coordinator:
condition: service_healthy
message-router:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# Server Party 3
server-party-3:
build:
context: .
dockerfile: services/server-party/Dockerfile
container_name: mpc-server-party-3
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
SESSION_COORDINATOR_ADDR: session-coordinator:50051
MESSAGE_ROUTER_ADDR: message-router:50051
MPC_CRYPTO_MASTER_KEY: ${CRYPTO_MASTER_KEY}
PARTY_ID: server-party-3
depends_on:
postgres:
condition: service_healthy
session-coordinator:
condition: service_healthy
message-router:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# ============================================
# Account Service - 对外 API 入口
# 端口 4000: 供 mpc-service (192.168.1.111:3001) 调用
# ============================================
account-service:
build:
context: .
dockerfile: services/account/Dockerfile
container_name: mpc-account-service
ports:
# 对外暴露端口 4000供后端服务器 (192.168.1.111) 的 mpc-service 调用
- "4000:8080"
environment:
MPC_SERVER_GRPC_PORT: 50051
MPC_SERVER_HTTP_PORT: 8080
MPC_SERVER_ENVIRONMENT: ${ENVIRONMENT:-production}
MPC_DATABASE_HOST: postgres
MPC_DATABASE_PORT: 5432
MPC_DATABASE_USER: ${POSTGRES_USER:-mpc_user}
MPC_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:-mpc_secret_password}
MPC_DATABASE_DBNAME: mpc_system
MPC_DATABASE_SSLMODE: disable
MPC_REDIS_HOST: redis
MPC_REDIS_PORT: 6379
MPC_REDIS_PASSWORD: ${REDIS_PASSWORD:-}
MPC_COORDINATOR_URL: session-coordinator:50051
MPC_JWT_SECRET_KEY: ${JWT_SECRET_KEY}
# API 认证密钥 (与 mpc-service 配置的 MPC_API_KEY 一致)
MPC_API_KEY: ${MPC_API_KEY}
# 允许的来源 IP (后端服务器)
ALLOWED_IPS: ${ALLOWED_IPS:-192.168.1.111}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
session-coordinator:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
networks:
- mpc-network
restart: unless-stopped
# ============================================
# Networks
# ============================================
networks:
mpc-network:
driver: bridge
# ============================================
# Volumes - 持久化存储
# ============================================
volumes:
postgres-data:
driver: local
redis-data:
driver: local
rabbitmq-data:
driver: local
Reference in New Issue View Git Blame Copy Permalink