version: "3.8" services: # PostgreSQL 数据库 (生产环境) postgres: image: postgres:16.9 container_name: tyapi-postgres-prod environment: TZ: Asia/Shanghai PGTZ: Asia/Shanghai POSTGRES_DB: ${DB_NAME:-tyapi_prod} POSTGRES_USER: ${DB_USER:-tyapi_user} POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C" # 性能优化配置 POSTGRES_SHARED_PRELOAD_LIBRARIES: pg_stat_statements volumes: - postgres_data:/var/lib/postgresql/data - ./scripts/init.sql:/docker-entrypoint-initdb.d/init.sql networks: - tyapi-network healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-tyapi_user}"] interval: 30s timeout: 10s retries: 5 start_period: 60s restart: unless-stopped deploy: resources: limits: memory: 2G cpus: "1.0" reservations: memory: 512M cpus: "0.5" # 生产环境暴露数据库端口到主机 ports: - "${DB_PORT:-25010}:5432" # Redis 缓存 (生产环境) redis: image: redis:8.0.2 container_name: tyapi-redis-prod environment: TZ: Asia/Shanghai REDIS_PASSWORD: ${REDIS_PASSWORD} volumes: - redis_data:/data - ./deployments/docker/redis.conf:/usr/local/etc/redis/redis.conf command: > sh -c " if [ ! -z '${REDIS_PASSWORD}' ]; then redis-server /usr/local/etc/redis/redis.conf --requirepass ${REDIS_PASSWORD} else redis-server /usr/local/etc/redis/redis.conf fi " networks: - tyapi-network healthcheck: test: > sh -c " if [ ! -z '${REDIS_PASSWORD}' ]; then redis-cli -a ${REDIS_PASSWORD} ping else redis-cli ping fi " interval: 30s timeout: 10s retries: 5 restart: unless-stopped deploy: resources: limits: memory: 1G cpus: "0.5" reservations: memory: 256M cpus: "0.2" # 生产环境不暴露端口到主机 # ports: # - "6379:6379" # TYAPI 应用程序 tyapi-app: build: context: . dockerfile: Dockerfile args: VERSION: ${APP_VERSION:-1.0.0} COMMIT: ${GIT_COMMIT:-dev} BUILD_TIME: ${BUILD_TIME} container_name: tyapi-app-prod environment: # 时区配置 TZ: Asia/Shanghai # 环境设置 ENV: production # 服务器配置 SERVER_PORT: ${SERVER_PORT:-8080} SERVER_MODE: release # 数据库配置 DB_HOST: postgres DB_PORT: 5432 DB_USER: ${DB_USER:-tyapi_user} DB_PASSWORD: ${DB_PASSWORD} DB_NAME: ${DB_NAME:-tyapi_prod} DB_SSLMODE: ${DB_SSLMODE:-require} # Redis配置 REDIS_HOST: redis REDIS_PORT: 6379 REDIS_PASSWORD: ${REDIS_PASSWORD} # JWT配置 JWT_SECRET: ${JWT_SECRET} # 监控配置 TRACING_ENABLED: false METRICS_ENABLED: false # 日志配置 LOG_LEVEL: ${LOG_LEVEL:-info} LOG_FORMAT: json # 短信配置 SMS_ACCESS_KEY_ID: ${SMS_ACCESS_KEY_ID} SMS_ACCESS_KEY_SECRET: ${SMS_ACCESS_KEY_SECRET} SMS_SIGN_NAME: ${SMS_SIGN_NAME} SMS_TEMPLATE_CODE: ${SMS_TEMPLATE_CODE} ports: - "${APP_PORT:-25000}:8080" volumes: - app_logs:/app/logs networks: - tyapi-network depends_on: postgres: condition: service_healthy redis: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 5 start_period: 60s restart: unless-stopped deploy: resources: limits: memory: 1G cpus: "1.0" reservations: memory: 256M cpus: "0.3" volumes: postgres_data: driver: local redis_data: driver: local app_logs: driver: local networks: tyapi-network: driver: bridge ipam: config: - subnet: 172.20.0.0/16