# PPanel 服务部署 (云端/无源码版) # 使用方法: # 1. 确保已将 docker-compose.cloud.yml, configs/, loki/, grafana/, prometheus/, tempo/ 目录上传到服务器同一目录 # 2. 确保 configs/ 目录下有 ppanel.yaml 配置文件(参考 etc/ppanel.yaml) # 3. 确保 logs/ cache/ tempo_data/ 目录存在 (mkdir -p logs cache tempo_data) # 4. 运行: docker-compose -f docker-compose.cloud.yml up -d # # 网络说明: # ppanel-server 使用 host 网络(可出外网,访问 MySQL/Redis/Tempo 用 127.0.0.1) # 监控服务(MySQL/Redis/Loki/Tempo/Grafana/Prometheus)在 ppanel_net bridge 网络中 # MySQL(3306)/Redis(6379)/Tempo(4317) 将端口映射到 127.0.0.1,ppanel-server 通过 host 网络访问 # 监控端口绑定 127.0.0.1,需通过 SSH 隧道或 Nginx 反代访问 # # 未来多开 ppanel-server 时: # 修复宿主机 iptables bridge 出网规则后,可将 ppanel-server 切回 bridge 网络 # 多实例用不同端口: ports: ["8081:8080"] + container_name: ppanel-server-2 services: # ---------------------------------------------------- # 1. 业务后端 (PPanel Server) # host 网络:可出外网,通过 127.0.0.1 访问 MySQL/Redis/Tempo # ---------------------------------------------------- ppanel-server: image: registry.kxsw.us/vpn-server:${PPANEL_SERVER_TAG:-latest} container_name: ppanel-server restart: always volumes: - ./configs:/app/etc - ./logs:/app/logs - ./cache:/app/cache # GeoLite2-City.mmdb IP 地理位置数据库 environment: - TZ=Asia/Shanghai network_mode: host ulimits: nproc: 65535 nofile: soft: 65535 hard: 65535 depends_on: mysql: condition: service_healthy redis: condition: service_healthy tempo: condition: service_started logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 2. MySQL Database # ---------------------------------------------------- mysql: image: mysql:8.0 container_name: ppanel-mysql restart: always ports: - "3306:3306" # 仅宿主机可访问,ppanel-server(host网络)通过127.0.0.1连接 environment: MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?请在 .env 文件中设置 MYSQL_ROOT_PASSWORD}" MYSQL_DATABASE: "ppanel" TZ: Asia/Shanghai command: - --default-authentication-plugin=mysql_native_password - --innodb_buffer_pool_size=16G - --innodb_buffer_pool_instances=16 - --innodb_log_file_size=2G - --innodb_flush_log_at_trx_commit=2 - --innodb_io_capacity=5000 - --max_connections=5000 volumes: - mysql_data:/var/lib/mysql ulimits: nproc: 65535 nofile: soft: 65535 hard: 65535 networks: - ppanel_net healthcheck: test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-p${MYSQL_ROOT_PASSWORD}"] interval: 10s timeout: 5s retries: 5 logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 3. Redis # ---------------------------------------------------- redis: image: redis:8.2.1 container_name: ppanel-redis restart: always ports: - "127.0.0.1:6379:6379" # 仅宿主机可访问,ppanel-server(host网络)通过127.0.0.1连接 command: - redis-server - --tcp-backlog 65535 - --maxmemory-policy allkeys-lru volumes: - redis_data:/data ulimits: nproc: 65535 nofile: soft: 65535 hard: 65535 networks: - ppanel_net healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 4. Tempo (链路追踪存储) # ---------------------------------------------------- tempo: image: grafana/tempo:2.4.1 container_name: ppanel-tempo user: root restart: always command: - "-config.file=/etc/tempo.yaml" - "-target=all" volumes: - ./tempo/tempo-config.yaml:/etc/tempo.yaml - ./tempo_data:/var/tempo ports: - "127.0.0.1:4317:4317" # OTLP gRPC,ppanel-server(host网络)通过127.0.0.1:4317发送trace networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 5. Loki (日志存储) # ---------------------------------------------------- loki: image: grafana/loki:3.0.0 container_name: ppanel-loki restart: always volumes: - ./loki/loki-config.yaml:/etc/loki/local-config.yaml - loki_data:/loki command: -config.file=/etc/loki/local-config.yaml # 不对外暴露端口,仅内网访问 networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 6. Promtail (日志采集) # ---------------------------------------------------- promtail: image: grafana/promtail:3.0.0 container_name: ppanel-promtail restart: always volumes: - ./loki/promtail-config.yaml:/etc/promtail/config.yaml - /var/lib/docker/containers:/var/lib/docker/containers:ro - /var/run/docker.sock:/var/run/docker.sock - ./logs:/var/log/ppanel-server:ro - /var/log/nginx:/var/log/nginx:ro command: -config.file=/etc/promtail/config.yaml networks: - ppanel_net depends_on: - loki logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 7. Grafana (可观测面板) # 访问: ssh -L 3333:localhost:3333 your-server 后浏览器打开 http://localhost:3333 # 或配置 Nginx 反代(建议加认证) # ---------------------------------------------------- grafana: image: grafana/grafana:latest container_name: ppanel-grafana restart: always ports: - "127.0.0.1:3333:3000" # 仅本机可访问,需 SSH 隧道或 Nginx 反代 environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?请在 .env 文件中设置 GRAFANA_PASSWORD} - GF_USERS_ALLOW_SIGN_UP=false - GF_FEATURE_TOGGLES_ENABLE=appObservability volumes: - grafana_data:/var/lib/grafana - ./grafana/provisioning:/etc/grafana/provisioning networks: - ppanel_net depends_on: - loki - tempo - prometheus logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 8. Prometheus (指标采集) # ---------------------------------------------------- prometheus: image: prom/prometheus:latest container_name: ppanel-prometheus restart: always ports: - "127.0.0.1:9090:9090" # 仅本机可访问 volumes: - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.enable-lifecycle' - '--web.enable-remote-write-receiver' networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 9. Redis Exporter # ---------------------------------------------------- redis-exporter: image: oliver006/redis_exporter:latest container_name: ppanel-redis-exporter restart: always environment: - REDIS_ADDR=redis://redis:6379 networks: - ppanel_net depends_on: - redis logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 10. Nginx Exporter (监控宿主机 Nginx) # ---------------------------------------------------- nginx-exporter: image: nginx/nginx-prometheus-exporter:latest container_name: ppanel-nginx-exporter restart: always command: - -nginx.scrape-uri=http://host.docker.internal:8090/nginx_status extra_hosts: - "host.docker.internal:host-gateway" networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 11. MySQL Exporter # ---------------------------------------------------- mysql-exporter: image: prom/mysqld-exporter:latest container_name: ppanel-mysql-exporter restart: always command: - --config.my-cnf=/etc/.my.cnf volumes: - ./mysql/.my.cnf:/etc/.my.cnf:ro networks: - ppanel_net depends_on: - mysql logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 12. Node Exporter (宿主机监控) # ---------------------------------------------------- node-exporter: image: prom/node-exporter:latest container_name: ppanel-node-exporter restart: always volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro command: - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # ---------------------------------------------------- # 13. cAdvisor (容器监控) # ---------------------------------------------------- cadvisor: image: gcr.io/cadvisor/cadvisor:latest container_name: ppanel-cadvisor restart: always volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro networks: - ppanel_net logging: driver: "json-file" options: max-size: "10m" max-file: "3" volumes: mysql_data: redis_data: loki_data: grafana_data: prometheus_data: tempo_data: networks: ppanel_net: name: ppanel_net driver: bridge