DeepAudit/docker-compose.yml at v3.0.0 · lintsinghua/DeepAudit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# =============================================
# DeepAudit v3.0.4 Docker Compose 配置
# =============================================
# 部署: docker compose up -d
# 查看日志: docker compose logs -f
# 注意: Agent 服务和沙箱环境是必须的核心组件

services:
  # =============================================
  # 核心基础服务
  # =============================================

  db:
    image: postgres:15-alpine
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_DB=deepaudit
    ports:
      - "5432:5432"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  backend:
    build:
      context: ./backend
      args:
        - http_proxy=
        - https_proxy=
        - HTTP_PROXY=
        - HTTPS_PROXY=
        - all_proxy=
        - ALL_PROXY=
    restart: unless-stopped
    volumes:
      # - ./backend/app:/app/app:ro  # 挂载代码目录，修改后自动生效
      - backend_uploads:/app/uploads
      - /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
    ports:
      - "8000:8000"
    env_file:
      - ./backend/.env
    environment:
      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
      - REDIS_URL=redis://redis:6379/0
      - AGENT_ENABLED=true
      - SANDBOX_ENABLED=true
      - SANDBOX_IMAGE=deepaudit/sandbox:latest  # 使用本地构建的沙箱镜像
      # 禁用代理设置，防止容器内无法连接外部 API
      - HTTP_PROXY=
      - HTTPS_PROXY=
      - http_proxy=
      - https_proxy=
      - NO_PROXY=*
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    # 开发模式：启用 --reload 热重载
    command: sh -c ".venv/bin/alembic upgrade head && .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload"
    networks:
      - deepaudit-network

  frontend:
    build:
      context: ./frontend
      args:
        - http_proxy=
        - https_proxy=
        - HTTP_PROXY=
        - HTTPS_PROXY=
        - all_proxy=
        - ALL_PROXY=
    restart: unless-stopped
    volumes:
      # - ./frontend/dist:/usr/share/nginx/html:ro  # 挂载构建产物，本地 pnpm build 后自动生效
      - ./frontend/nginx.conf:/etc/nginx/conf.d/default.conf:ro  # 挂载 nginx 配置
    ports:
      - "3000:80" # Nginx 监听 80 端口
    environment:
      # 禁用代理 - nginx 需要直连后端
      - HTTP_PROXY=
      - HTTPS_PROXY=
      - http_proxy=
      - https_proxy=
      - NO_PROXY=*
      - VITE_API_BASE_URL=/api/v1
    depends_on:
      - backend
    networks:
      - deepaudit-network

  # =============================================
  # Agent 服务必须组件
  # =============================================

  # Redis (Agent 任务队列 - 必须)
  redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  # 沙箱镜像构建服务 (漏洞验证必须)
  # 注意: 此服务仅用于构建镜像，构建完成后自动退出
  sandbox:
    build:
      context: ./docker/sandbox
      dockerfile: Dockerfile
    image: deepaudit/sandbox:latest
    restart: "no"
    command: echo "Sandbox image built successfully"

networks:
  deepaudit-network:
    driver: bridge

volumes:
  postgres_data:
  backend_uploads:
  redis_data: