diff --git a/.env b/.env index 3960bac..671c9eb 100644 --- a/.env +++ b/.env @@ -9,4 +9,9 @@ DB_NAME=zpic REDIS_HOST=127.0.0.1 REDIS_PORT=6379 REDIS_DB=0 -REDIS_PASSWORD=redis_RnBRn5 \ No newline at end of file +REDIS_PASSWORD=phLoaoPLWx9h + +NSFW_TOKEN=7l2OqQqvuMmG + +IMGPROXY_KEY=738407de5b7c42efddc6483dbec41d95 +IMGPROXY_SALT=f396da2b4802d257 \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 75df45d..2702e0f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,11 +1,27 @@ services: + zpic: + container_name: zpic + image: helloz/zpic + networks: + - mynet + ports: + - "2080:2080" + # 环境变量 + environment: + - WORKERS=2 + depends_on: + - postgres + - redis + restart: always + postgres: + container_name: postgres image: postgres:17-bookworm restart: unless-stopped environment: - POSTGRES_DB: ${DB_NAME} - POSTGRES_USER: ${DB_USER} - POSTGRES_PASSWORD: ${DB_PASSWORD} + - POSTGRES_DB=${DB_NAME} + - POSTGRES_USER=${DB_USER} + - POSTGRES_PASSWORD=${DB_PASSWORD} volumes: - ./pgsql/data:/var/lib/postgresql/data - ./pgsql/postgres.conf:/etc/postgresql/postgresql.conf:ro @@ -15,6 +31,48 @@ services: networks: - mynet + redis: + image: redis:8-alpine + container_name: redis + networks: + - mynet + ports: + - "127.0.0.1:6379:6379" + restart: always + volumes: + - ./redis/data:/data + - ./redis/redis.conf:/data/redis.conf + command: ["redis-server", "/data/redis.conf"] + + nsfw: + container_name: nsfw + image: helloz/nsfw + networks: + - mynet + ports: + - "6086:6086" + # 环境变量 + environment: + - TOKEN=${NSFW_TOKEN} + restart: always + + imgproxy: + image: hub.tcp.mk/imgproxy/imgproxy:latest + container_name: imgproxy + networks: + - mynet + ports: + - "8080:8080" + environment: + - IMGPROXY_KEY=${IMGPROXY_KEY} + - IMGPROXY_SALT=${IMGPROXY_SALT} + #- IMGPROXY_ALLOWED_SOURCES=https://your-bucket.s3.amazonaws.com,https://cdn.yoursite.com + - IMGPROXY_QUALITY=80 + - IMGPROXY_AUTO_ROTATE=true + - IMGPROXY_AUTO_WEBP=true + - IMGPROXY_MAX_SRC_FILE_SIZE=10485760 + restart: unless-stopped + networks: mynet: driver: bridge \ No newline at end of file diff --git a/redis/redis.conf b/redis/redis.conf new file mode 100644 index 0000000..fbdd4b9 --- /dev/null +++ b/redis/redis.conf @@ -0,0 +1,61 @@ +# --- 基础网络配置 --- +# 生产环境务必绑定内网 IP,不要仅监听 0.0.0.0 +bind 127.0.0.1 +port 6379 +tcp-backlog 511 +timeout 0 +tcp-keepalive 300 + +# --- 安全配置 --- +# 生产环境必须设置强密码 +requirepass "phLoaoPLWx9h" +# 禁用或重命名高危命令 +rename-command FLUSHALL "" +rename-command FLUSHDB "" +rename-command DEBUG "" + +# --- 运行模式 --- +daemonize no +pidfile /var/run/redis_6379.pid +loglevel notice +logfile /data/redis.log +databases 16 + +# --- RDB 持久化配置 --- +# 开启 RDB,设置合理的快照频率 +# 格式:save +save 900 1 # 15分钟内至少1个 key 变化 +save 300 10 # 5分钟内至少10个 key 变化 +save 60 10000 # 1分钟内至少10000个 key 变化 + +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +dir /data + +# --- AOF 持久化配置 (显式关闭) --- +appendonly no + +# --- 内存管理 --- +# 根据服务器实际可用内存设置,建议保留 20-30% 给系统和 BGSAVE 进程 +maxmemory 2gb +# 达到内存上限时的淘汰策略:使用最少使用的 key (LRU) +maxmemory-policy allkeys-lru +# Redis 8 优化了内存碎片处理 +activedefrag yes + +# --- 性能优化与限制 --- +maxclients 10000 +# 慢查询日志:执行时间超过 10 毫秒的记录 +slowlog-log-slower-than 10000 +slowlog-max-len 128 + +# --- 线程 IO (Redis 6.0+ 特性,Redis 8 依然适用) --- +# 根据 CPU 核心数调整,通常 8 核设为 3,16 核设为 6 +io-threads 4 +io-threads-do-reads yes + +# --- 保护机制 --- +# 避免因为 Swap 导致的性能抖动 +# 请在操作系统层面设置 vm.swappiness=0 \ No newline at end of file