shanshanzhong
7914b2aa78
All checks were successful
Build docker and publish / build (20.15.1) (push) Successful in 7m51s
359 lines
9.9 KiB
YAML
359 lines
9.9 KiB
YAML
# PPanel 服务部署 (云端/无源码版)
|
||
# 使用方法:
|
||
# 1. 确保已将 docker-compose.cloud.yml, configs/, loki/, grafana/, prometheus/, tempo/ 目录上传到服务器同一目录
|
||
# 2. 确保 configs/ 目录下有 ppanel.yaml 配置文件(参考 etc/ppanel.yaml)
|
||
# 3. 确保 logs/ 目录存在 (mkdir -p logs tempo_data)
|
||
# 4. 运行: docker-compose -f docker-compose.cloud.yml up -d
|
||
#
|
||
# 网络说明:
|
||
# 所有服务均在 ppanel_net bridge 网络中,通过容器名互联
|
||
# MySQL / Redis / Tempo 不对外暴露端口(仅内网访问)
|
||
# 监控端口(Grafana/Prometheus/Loki/Tempo)绑定到 127.0.0.1,需通过 SSH 隧道或 Nginx 反代访问
|
||
# 对外只暴露 8080 (ppanel API)
|
||
|
||
services:
|
||
# ----------------------------------------------------
|
||
# 1. 业务后端 (PPanel Server)
|
||
# ----------------------------------------------------
|
||
ppanel-server:
|
||
image: registry.kxsw.us/vpn-server:${PPANEL_SERVER_TAG:-latest}
|
||
container_name: ppanel-server
|
||
restart: always
|
||
volumes:
|
||
- ./configs:/app/etc
|
||
- ./logs:/app/logs
|
||
environment:
|
||
- TZ=Asia/Shanghai
|
||
ports:
|
||
- "8080:8080"
|
||
networks:
|
||
- ppanel_net
|
||
ulimits:
|
||
nproc: 65535
|
||
nofile:
|
||
soft: 65535
|
||
hard: 65535
|
||
depends_on:
|
||
mysql:
|
||
condition: service_healthy
|
||
redis:
|
||
condition: service_healthy
|
||
tempo:
|
||
condition: service_started
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 2. MySQL Database
|
||
# ----------------------------------------------------
|
||
mysql:
|
||
image: mysql:8.0
|
||
container_name: ppanel-mysql
|
||
restart: always
|
||
# 不对外暴露端口,仅内网访问(容器名: mysql,端口: 3306)
|
||
environment:
|
||
MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?请在 .env 文件中设置 MYSQL_ROOT_PASSWORD}"
|
||
MYSQL_DATABASE: "ppanel"
|
||
TZ: Asia/Shanghai
|
||
command:
|
||
- --default-authentication-plugin=mysql_native_password
|
||
- --innodb_buffer_pool_size=16G
|
||
- --innodb_buffer_pool_instances=16
|
||
- --innodb_log_file_size=2G
|
||
- --innodb_flush_log_at_trx_commit=2
|
||
- --innodb_io_capacity=5000
|
||
- --max_connections=5000
|
||
volumes:
|
||
- mysql_data:/var/lib/mysql
|
||
ulimits:
|
||
nproc: 65535
|
||
nofile:
|
||
soft: 65535
|
||
hard: 65535
|
||
networks:
|
||
- ppanel_net
|
||
healthcheck:
|
||
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-p${MYSQL_ROOT_PASSWORD}"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 3. Redis
|
||
# ----------------------------------------------------
|
||
redis:
|
||
image: redis:8.2.1
|
||
container_name: ppanel-redis
|
||
restart: always
|
||
# 不对外暴露端口,仅内网访问(容器名: redis,端口: 6379)
|
||
command:
|
||
- redis-server
|
||
- --tcp-backlog 65535
|
||
- --maxmemory-policy allkeys-lru
|
||
volumes:
|
||
- redis_data:/data
|
||
ulimits:
|
||
nproc: 65535
|
||
nofile:
|
||
soft: 65535
|
||
hard: 65535
|
||
networks:
|
||
- ppanel_net
|
||
healthcheck:
|
||
test: ["CMD", "redis-cli", "ping"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 4. Tempo (链路追踪存储)
|
||
# ----------------------------------------------------
|
||
tempo:
|
||
image: grafana/tempo:2.4.1
|
||
container_name: ppanel-tempo
|
||
user: root
|
||
restart: always
|
||
command:
|
||
- "-config.file=/etc/tempo.yaml"
|
||
- "-target=all"
|
||
volumes:
|
||
- ./tempo/tempo-config.yaml:/etc/tempo.yaml
|
||
- ./tempo_data:/var/tempo
|
||
# 不对外暴露端口,仅内网访问(容器名: tempo)
|
||
# ppanel-server 通过容器名 tempo:4317 发送 trace
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 5. Loki (日志存储)
|
||
# ----------------------------------------------------
|
||
loki:
|
||
image: grafana/loki:3.0.0
|
||
container_name: ppanel-loki
|
||
restart: always
|
||
volumes:
|
||
- ./loki/loki-config.yaml:/etc/loki/local-config.yaml
|
||
- loki_data:/loki
|
||
command: -config.file=/etc/loki/local-config.yaml
|
||
# 不对外暴露端口,仅内网访问
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 6. Promtail (日志采集)
|
||
# ----------------------------------------------------
|
||
promtail:
|
||
image: grafana/promtail:3.0.0
|
||
container_name: ppanel-promtail
|
||
restart: always
|
||
volumes:
|
||
- ./loki/promtail-config.yaml:/etc/promtail/config.yaml
|
||
- /var/lib/docker/containers:/var/lib/docker/containers:ro
|
||
- /var/run/docker.sock:/var/run/docker.sock
|
||
- ./logs:/var/log/ppanel-server:ro
|
||
- /var/log/nginx:/var/log/nginx:ro
|
||
command: -config.file=/etc/promtail/config.yaml
|
||
networks:
|
||
- ppanel_net
|
||
depends_on:
|
||
- loki
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 7. Grafana (可观测面板)
|
||
# 访问: ssh -L 3333:localhost:3333 your-server 后浏览器打开 http://localhost:3333
|
||
# 或配置 Nginx 反代(建议加认证)
|
||
# ----------------------------------------------------
|
||
grafana:
|
||
image: grafana/grafana:latest
|
||
container_name: ppanel-grafana
|
||
restart: always
|
||
ports:
|
||
- "127.0.0.1:3333:3000" # 仅本机可访问,需 SSH 隧道或 Nginx 反代
|
||
environment:
|
||
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?请在 .env 文件中设置 GRAFANA_PASSWORD}
|
||
- GF_USERS_ALLOW_SIGN_UP=false
|
||
- GF_FEATURE_TOGGLES_ENABLE=appObservability
|
||
volumes:
|
||
- grafana_data:/var/lib/grafana
|
||
- ./grafana/provisioning:/etc/grafana/provisioning
|
||
networks:
|
||
- ppanel_net
|
||
depends_on:
|
||
- loki
|
||
- tempo
|
||
- prometheus
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 8. Prometheus (指标采集)
|
||
# ----------------------------------------------------
|
||
prometheus:
|
||
image: prom/prometheus:latest
|
||
container_name: ppanel-prometheus
|
||
restart: always
|
||
ports:
|
||
- "127.0.0.1:9090:9090" # 仅本机可访问
|
||
volumes:
|
||
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
|
||
- prometheus_data:/prometheus
|
||
command:
|
||
- '--config.file=/etc/prometheus/prometheus.yml'
|
||
- '--storage.tsdb.path=/prometheus'
|
||
- '--web.enable-lifecycle'
|
||
- '--web.enable-remote-write-receiver'
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 9. Redis Exporter
|
||
# ----------------------------------------------------
|
||
redis-exporter:
|
||
image: oliver006/redis_exporter:latest
|
||
container_name: ppanel-redis-exporter
|
||
restart: always
|
||
environment:
|
||
- REDIS_ADDR=redis://redis:6379
|
||
networks:
|
||
- ppanel_net
|
||
depends_on:
|
||
- redis
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 10. Nginx Exporter (监控宿主机 Nginx)
|
||
# ----------------------------------------------------
|
||
nginx-exporter:
|
||
image: nginx/nginx-prometheus-exporter:latest
|
||
container_name: ppanel-nginx-exporter
|
||
restart: always
|
||
command:
|
||
- -nginx.scrape-uri=http://host.docker.internal:8090/nginx_status
|
||
extra_hosts:
|
||
- "host.docker.internal:host-gateway"
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 11. MySQL Exporter
|
||
# ----------------------------------------------------
|
||
mysql-exporter:
|
||
image: prom/mysqld-exporter:latest
|
||
container_name: ppanel-mysql-exporter
|
||
restart: always
|
||
command:
|
||
- --config.my-cnf=/etc/.my.cnf
|
||
volumes:
|
||
- ./mysql/.my.cnf:/etc/.my.cnf:ro
|
||
networks:
|
||
- ppanel_net
|
||
depends_on:
|
||
- mysql
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 12. Node Exporter (宿主机监控)
|
||
# ----------------------------------------------------
|
||
node-exporter:
|
||
image: prom/node-exporter:latest
|
||
container_name: ppanel-node-exporter
|
||
restart: always
|
||
volumes:
|
||
- /proc:/host/proc:ro
|
||
- /sys:/host/sys:ro
|
||
- /:/rootfs:ro
|
||
command:
|
||
- '--path.procfs=/host/proc'
|
||
- '--path.sysfs=/host/sys'
|
||
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
# ----------------------------------------------------
|
||
# 13. cAdvisor (容器监控)
|
||
# ----------------------------------------------------
|
||
cadvisor:
|
||
image: gcr.io/cadvisor/cadvisor:latest
|
||
container_name: ppanel-cadvisor
|
||
restart: always
|
||
volumes:
|
||
- /:/rootfs:ro
|
||
- /var/run:/var/run:ro
|
||
- /sys:/sys:ro
|
||
- /var/lib/docker/:/var/lib/docker:ro
|
||
- /dev/disk/:/dev/disk:ro
|
||
networks:
|
||
- ppanel_net
|
||
logging:
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "10m"
|
||
max-file: "3"
|
||
|
||
volumes:
|
||
mysql_data:
|
||
redis_data:
|
||
loki_data:
|
||
grafana_data:
|
||
prometheus_data:
|
||
tempo_data:
|
||
|
||
networks:
|
||
ppanel_net:
|
||
name: ppanel_net
|
||
driver: bridge
|