feat: optimize docker-compose, add observability stack (Grafana/Loki/Prometheus), and host nginx config

2026-01-13 18:17:12 -08:00 · 2026-01-13 18:17:12 -08:00 · 01ccd44e84
commit 01ccd44e84
parent e5e60f73c2
10 changed files with 529 additions and 0 deletions
--- a/apis/admin/user.api
+++ b/apis/admin/user.api
@ -46,6 +46,8 @@ type (
 		RefererId          int64  `json:"referer_id"`
 		Enable             bool   `json:"enable"`
 		IsAdmin            bool   `json:"is_admin"`
 		MemberStatus       string `json:"member_status"`
 		Remark             string `json:"remark"`
 	}
 	UpdateUserNotifySettingRequest {
 		UserId                int64 `json:"user_id" validate:"required"`
--- a/configs/ppanel.yaml
+++ b/configs/ppanel.yaml
@ -0,0 +1,91 @@
 # PPanel Server Configuration
 # 完整配置示例
 # 运行模式: debug, release, test
 Model: release
 # 监听地址
 Host: 0.0.0.0
 # 监听端口
 Port: 8080
 # 是否开启调试模式
 Debug: false
 # JWT 认证配置
 JwtAuth:
  AccessSecret: "ppanel-secret-key-change-me" # 请务必修改此密钥
  AccessExpire: 604800 # Token 过期时间 (秒), 默认 7 天
  MaxSessionsPerUser: 3 # 每个用户最大并发登录数
 # 日志配置
 Logger:
  ServiceName: "PPanel"
  Mode: "file" # console, file, volume
  Encoding: "json" # json, plain
  Path: "logs" # 日志文件路径
  Level: "info" # debug, info, warn, error
  Compress: true
  KeepDays: 7
  Rotation: "daily" # daily, size
 # MySQL 数据库配置
 MySQL:
  Addr: "mysql:3306" # Docker 服务名:端口
  Username: "root"
  Password: "ppanel_password" # 与 docker-compose 中的 MYSQL_ROOT_PASSWORD 保持一致
  Dbname: "ppanel_db"
  Config: "charset=utf8mb4&parseTime=true&loc=Asia%2FShanghai"
  MaxIdleConns: 10
  MaxOpenConns: 100
  SlowThreshold: 1000 # 慢查询阈值 (ms)
 # Redis 配置
 Redis:
  Host: "redis:6379" # Docker 服务名:端口
  Pass: ""
  DB: 0
 # 管理员初始化配置 (仅在首次初始化有效，后续请在数据库管理)
 Administrator:
  Email: "admin@ppanel.dev"
  Password: "password"
 # 站点配置
 Site:
  Title: "PPanel"
  Dec: "PPanel Panel"
  Url: "https://your-domain.com"
  SubUrl: "https://sub.your-domain.com"
 # 邮件服务配置
 Email:
  Enable: false
  # platform: "smtp"
  # platform_config: "..."
 # 验证配置
 Verify:
  TurnstileSiteKey: ""
  TurnstileSecret: ""
  LoginVerify: false
  RegisterVerify: false
  ResetPasswordVerify: false
 # 注册配置
 Register:
  StopRegister: false
  EnableTrial: false
  TrialSubscribe: 0
  TrialTime: 0
  TrialTimeUnit: "hour"
  EnableIpRegisterLimit: false
  IpRegisterLimit: 0
  IpRegisterLimitDuration: 0
 # 订阅配置
 Subscribe:
  SingleModel: false
  SubscribePath: "/v1/subscribe/config"
  SubscribeDomain: ""
  PanDomain: false
  UserAgentLimit: false
  UserAgentList: ""
--- a/docker-compose.cloud.yml
+++ b/docker-compose.cloud.yml
@ -0,0 +1,309 @@
 # PPanel 服务部署 (云端/无源码版)
 # 使用方法: 
 # 1. 确保已将 docker-compose.cloud.yml, configs/, loki/ 目录上传到服务器同一目录
 # 2. 确保 configs/ 目录下有 ppanel.yaml 配置文件
 # 3. 确保 logs/ 目录存在 (mkdir logs)
 # 4. 运行: docker-compose -f docker-compose.cloud.yml up -d
 services:
  # ----------------------------------------------------
  # 1. 业务后端 (PPanel Server)
  # ----------------------------------------------------
  ppanel-server:
    image: registry.kxsw.us/ario-server:latest
    container_name: ppanel-server
    restart: always
    ports:
      - "8080:8080" # 暴露端口供宿主机 Nginx 反代
    volumes:
      # 挂载配置文件和日志
      - ./configs:/app/etc
      - ./logs:/app/logs
    environment:
      - TZ=Asia/Shanghai
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    depends_on:
      - mysql
      - redis
  # ----------------------------------------------------
  # 2. MySQL Database
  # ----------------------------------------------------
  mysql:
    image: mysql:8.0
    container_name: ppanel-mysql
    restart: always
    ports:
      - "3306:3306" # 临时开放外部访问，用完记得关闭！
    environment:
      MYSQL_ROOT_PASSWORD: "ppanel_password" # 请修改为强密码
      MYSQL_DATABASE: "ppanel_db"
      TZ: Asia/Shanghai
    command: --default-authentication-plugin=mysql_native_password
    volumes:
      - mysql_data:/var/lib/mysql
      - ./mysql/init:/docker-entrypoint-initdb.d # 初始化脚本
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 3. Redis
  # ----------------------------------------------------
  redis:
    image: redis:7.0
    container_name: ppanel-redis
    restart: always
    volumes:
      - redis_data:/data
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 4. Loki (日志存储)
  # ----------------------------------------------------
  loki:
    image: grafana/loki:3.0.0
    container_name: ppanel-loki
    restart: always
    volumes:
      # 必须上传 loki 目录到服务器
      - ./loki/loki-config.yaml:/etc/loki/local-config.yaml
      - loki_data:/loki
    command: -config.file=/etc/loki/local-config.yaml
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 5. Promtail (日志采集)
  # ----------------------------------------------------
  promtail:
    image: grafana/promtail:3.0.0
    container_name: ppanel-promtail
    restart: always
    volumes:
      - ./loki/promtail-config.yaml:/etc/promtail/config.yaml
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /var/run/docker.sock:/var/run/docker.sock
      # 采集当前目录下的 logs 文件夹
      - ./logs:/var/log/ppanel-server:ro
    command: -config.file=/etc/promtail/config.yaml
    networks:
      - ppanel_net
    depends_on:
      - loki
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 6. Grafana (日志界面)
  # ----------------------------------------------------
  grafana:
    image: grafana/grafana:latest
    container_name: ppanel-grafana
    restart: always
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin
      - GF_USERS_ALLOW_SIGN_UP=false
    volumes:
      - grafana_data:/var/lib/grafana
      # 自动加载数据源和仪表盘配置
      - ./grafana/provisioning:/etc/grafana/provisioning
      # 挂载本地仪表盘 JSON 文件目录
      - ./grafana/dashboards:/var/lib/grafana/dashboards
    networks:
      - ppanel_net
    depends_on:
      - loki
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 7. Prometheus (指标采集)
  # ----------------------------------------------------
  prometheus:
    image: prom/prometheus:latest
    container_name: ppanel-prometheus
    restart: always
    ports:
      - "9090:9090" # 暴露端口便于调试
    volumes:
      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.enable-lifecycle'
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 8. Redis Exporter (Redis指标导出)
  # ----------------------------------------------------
  redis-exporter:
    image: oliver006/redis_exporter:latest
    container_name: ppanel-redis-exporter
    restart: always
    environment:
      - REDIS_ADDR=redis://redis:6379
    networks:
      - ppanel_net
    depends_on:
      - redis
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 9. Nginx Exporter (监控宿主机 Nginx)
  # ----------------------------------------------------
  nginx-exporter:
    image: nginx/nginx-prometheus-exporter:latest
    container_name: ppanel-nginx-exporter
    restart: always
    # 使用 host.docker.internal 访问宿主机
    command:
      - -nginx.scrape-uri=http://host.docker.internal:80/nginx_status
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 10. MySQL Exporter (MySQL指标导出)
  # ----------------------------------------------------
  mysql-exporter:
    image: prom/mysqld-exporter:latest
    container_name: ppanel-mysql-exporter
    restart: always
    command:
      - --config.my-cnf=/etc/.my.cnf
    volumes:
      - ./mysql/.my.cnf:/etc/.my.cnf:ro
    networks:
      - ppanel_net
    depends_on:
      - mysql
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 11. Jaeger (链路追踪)
  # ----------------------------------------------------
  jaeger:
    image: jaegertracing/all-in-one:latest
    container_name: ppanel-jaeger
    restart: always
    ports:
      - "16686:16686" # Jaeger UI
      - "4317:4317"   # OTLP gRPC
      - "4318:4318"   # OTLP HTTP
    environment:
      - LOG_LEVEL=debug
      - COLLECTOR_OTLP_ENABLED=true
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 12. Node Exporter (宿主机监控)
  # ----------------------------------------------------
  node-exporter:
    image: prom/node-exporter:latest
    container_name: ppanel-node-exporter
    restart: always
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
  # ----------------------------------------------------
  # 13. cAdvisor (容器监控)
  # ----------------------------------------------------
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: ppanel-cadvisor
    restart: always
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
 volumes:
  mysql_data:
  redis_data:
  loki_data:
  grafana_data:
  prometheus_data:
 networks:
  ppanel_net:
    name: ppanel_net
    driver: bridge
--- a/grafana/provisioning/dashboards/dashboard.yml
+++ b/grafana/provisioning/dashboards/dashboard.yml
@ -0,0 +1,11 @@
 apiVersion: 1
 providers:
  - name: 'Default'
    orgId: 1
    folder: ''
    type: file
    disableDeletion: false
    updateIntervalSeconds: 10
    options:
      path: /var/lib/grafana/dashboards
--- a/grafana/provisioning/datasources/datasource.yml
+++ b/grafana/provisioning/datasources/datasource.yml
@ -0,0 +1,27 @@
 apiVersion: 1
 datasources:
  - name: Prometheus
    type: prometheus
    access: proxy
    orgId: 1
    url: http://prometheus:9090
    isDefault: true
    version: 1
    editable: true
  - name: Loki
    type: loki
    access: proxy
    orgId: 1
    url: http://loki:3100
    version: 1
    editable: true
  - name: Jaeger
    type: jaeger
    access: proxy
    orgId: 1
    url: http://jaeger:16686
    version: 1
    editable: true
--- a/internal/logic/admin/user/updateUserBasicInfoLogic.go
+++ b/internal/logic/admin/user/updateUserBasicInfoLogic.go
@ -121,6 +121,8 @@ func (l *UpdateUserBasicInfoLogic) UpdateUserBasicInfo(req *types.UpdateUserBasi
 		userInfo.Commission = req.Commission
 	}
 	tool.DeepCopy(userInfo, req)
 	userInfo.Remark = req.Remark
 	userInfo.MemberStatus = req.MemberStatus
 	userInfo.OnlyFirstPurchase = &req.OnlyFirstPurchase
 	userInfo.ReferralPercentage = req.ReferralPercentage
--- a/internal/model/user/user.go
+++ b/internal/model/user/user.go
@ -24,6 +24,8 @@ type User struct {
 	EnableSubscribeNotify *bool         `gorm:"default:false;not null;comment:Enable Subscription Notifications"`
 	EnableTradeNotify     *bool         `gorm:"default:false;not null;comment:Enable Trade Notifications"`
 	LastLoginTime         *time.Time    `gorm:"comment:Last Login Time"`
 	MemberStatus          string        `gorm:"type:varchar(20);default:'';comment:Member Status"` // Member Status
 	Remark                string        `gorm:"type:varchar(255);default:'';comment:Remark"`       // Remark
 	AuthMethods           []AuthMethods `gorm:"foreignKey:UserId;references:Id"`
 	UserDevices           []Device      `gorm:"foreignKey:UserId;references:Id"`
 	CreatedAt             time.Time     `gorm:"<-:create;comment:Creation Time"`
--- a/internal/types/types.go
+++ b/internal/types/types.go
@ -2548,6 +2548,8 @@ type UpdateUserBasiceInfoRequest struct {
 	RefererId          int64  `json:"referer_id"`
 	Enable             bool   `json:"enable"`
 	IsAdmin            bool   `json:"is_admin"`
 	MemberStatus       string `json:"member_status"`
 	Remark             string `json:"remark"`
 }
 type UpdateUserNotifyRequest struct {
--- a/nginx_host_config.conf
+++ b/nginx_host_config.conf
@ -0,0 +1,37 @@
 server {
    listen 80;
    server_name localhost; # 请修改为您实际的域名，如 ppanel.example.com
    # ----------------------------------------------------
    # 1. Nginx Status (探针/监控端点)
    # ----------------------------------------------------
    # 用于 nginx-exporter 采集 Nginx 自身指标 (连接数、请求数等)
    location /nginx_status {
        stub_status on;
        access_log off;
        # 允许 Docker 容器和本地访问
        allow 127.0.0.1;
        allow 172.16.0.0/12;  # Docker bridge 默认网段
        allow 192.168.0.0/16; # Docker Desktop for Mac/Windows 网段
        allow 10.0.0.0/8;     # 其他常见私有网段
        deny all;
    }
    # ----------------------------------------------------
    # 2. PPanel Server (后端 API)
    # ----------------------------------------------------
    # 将请求转发到宿主机 8080 端口 (docker-compose 中暴露的端口)
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # WebSocket 支持 (如果需要)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
 }
--- a/prometheus/prometheus.yml
+++ b/prometheus/prometheus.yml
@ -0,0 +1,46 @@
 # Prometheus 配置文件
 global:
  scrape_interval: 15s # 默认抓取频率
  evaluation_interval: 15s
 scrape_configs:
  # ----------------------------------------
  # 1. Prometheus 自身监控
  # ----------------------------------------
  - job_name: "prometheus"
    static_configs:
      - targets: ["localhost:9090"]
  # ----------------------------------------
  # 2. 业务后端 (PPanel Server)
  # ----------------------------------------
  # 如果您的后端代码暴露了 /metrics 接口，可启用此项
  # - job_name: "ppanel-server"
  #   static_configs:
  #     - targets: ["ppanel-server:8080"]
  # ----------------------------------------
  # 3. 基础设施监控 (Redis, MySQL, Nginx)
  # ----------------------------------------
  - job_name: "redis"
    static_configs:
      - targets: ["redis-exporter:9121"]
  - job_name: "mysql"
    static_configs:
      - targets: ["mysql-exporter:9104"]
  - job_name: "nginx"
    static_configs:
      - targets: ["nginx-exporter:9113"]
  # ----------------------------------------
  # 4. 宿主机与容器资源监控
  # ----------------------------------------
  - job_name: "node-exporter" # 宿主机硬件资源
    static_configs:
      - targets: ["node-exporter:9100"]
  - job_name: "cadvisor" # 容器资源
    static_configs:
      - targets: ["cadvisor:8080"]