Refactor Langfuse configuration and documentation

- Updated .env.example with new service versions and added detailed configuration options for PostgreSQL, ClickHouse, MinIO, and Redis. - Enhanced README.md and README.zh.md for clearer setup instructions and environment variable descriptions. - Modified docker-compose.yaml to improve service definitions, health checks, and resource limits for all components. - Changed MinIO image to Chainguard's production-ready version and updated default credentials. - Improved health check commands for Phoenix service in docker-compose.yaml.
2025-12-23 15:51:16 +08:00
parent 7ccfaff855
commit 1b34b74851
9 changed files with 653 additions and 173 deletions
--- a/src/langfuse/.env.example
+++ b/src/langfuse/.env.example
@@ -1,22 +1,133 @@
-# Langfuse version
+# Global Settings
-LANGFUSE_VERSION=3.115.0
+GLOBAL_REGISTRY=
 # Timezone
 TZ=UTC
-# Port
+# Service Versions
 LANGFUSE_VERSION=3
 POSTGRES_VERSION=17
 CLICKHOUSE_VERSION=latest
 MINIO_VERSION=latest
 REDIS_VERSION=7
 # Ports
 LANGFUSE_PORT=3000
-# Database configuration
+# PostgreSQL
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
-POSTGRES_DB=langfuse
+POSTGRES_DB=postgres
-# NextAuth configuration
+# Authentication & Security (CHANGEME: These are defaults, please update them)
 NEXTAUTH_URL=http://localhost:3000
-NEXTAUTH_SECRET=  # Generate with: openssl rand -base64 32
+NEXTAUTH_SECRET=mysecret
-SALT=  # Generate with: openssl rand -base64 32
+SALT=mysalt
 ENCRYPTION_KEY=0000000000000000000000000000000000000000000000000000000000000000
-# Feature flags
+# ClickHouse
 CLICKHOUSE_USER=clickhouse
 CLICKHOUSE_PASSWORD=clickhouse
 CLICKHOUSE_MIGRATION_URL=clickhouse://clickhouse:9000
 CLICKHOUSE_URL=http://clickhouse:8123
 CLICKHOUSE_CLUSTER_ENABLED=false
 # MinIO / S3
 MINIO_ROOT_USER=minio
 MINIO_ROOT_PASSWORD=miniosecret
 # S3 Event Upload
 LANGFUSE_S3_EVENT_UPLOAD_BUCKET=langfuse
 LANGFUSE_S3_EVENT_UPLOAD_REGION=auto
 LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID=minio
 LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY=miniosecret
 LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT=http://minio:9000
 LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE=true
 LANGFUSE_S3_EVENT_UPLOAD_PREFIX=events/
 # S3 Media Upload
 LANGFUSE_S3_MEDIA_UPLOAD_BUCKET=langfuse
 LANGFUSE_S3_MEDIA_UPLOAD_REGION=auto
 LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID=minio
 LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY=miniosecret
 LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT=http://localhost:9090
 LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE=true
 LANGFUSE_S3_MEDIA_UPLOAD_PREFIX=media/
 # S3 Batch Export
 LANGFUSE_S3_BATCH_EXPORT_ENABLED=false
 LANGFUSE_S3_BATCH_EXPORT_BUCKET=langfuse
 LANGFUSE_S3_BATCH_EXPORT_PREFIX=exports/
 LANGFUSE_S3_BATCH_EXPORT_REGION=auto
 LANGFUSE_S3_BATCH_EXPORT_ENDPOINT=http://minio:9000
 LANGFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT=http://localhost:9090
 LANGFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID=minio
 LANGFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY=miniosecret
 LANGFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE=true
 # Redis
 REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_AUTH=myredissecret
 REDIS_TLS_ENABLED=false
 REDIS_TLS_CA=/certs/ca.crt
 REDIS_TLS_CERT=/certs/redis.crt
 REDIS_TLS_KEY=/certs/redis.key
 # Features
 TELEMETRY_ENABLED=true
-LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=false
+LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=true
 LANGFUSE_USE_AZURE_BLOB=false
 # Ingestion Queue
 LANGFUSE_INGESTION_QUEUE_DELAY_MS=
 LANGFUSE_INGESTION_CLICKHOUSE_WRITE_INTERVAL_MS=
 # Email/SMTP (Optional)
 EMAIL_FROM_ADDRESS=
 SMTP_CONNECTION_URL=
 # Initialization (Optional - for setting up initial org/project/user)
 LANGFUSE_INIT_ORG_ID=
 LANGFUSE_INIT_ORG_NAME=
 LANGFUSE_INIT_PROJECT_ID=
 LANGFUSE_INIT_PROJECT_NAME=
 LANGFUSE_INIT_PROJECT_PUBLIC_KEY=
 LANGFUSE_INIT_PROJECT_SECRET_KEY=
 LANGFUSE_INIT_USER_EMAIL=
 LANGFUSE_INIT_USER_NAME=
 LANGFUSE_INIT_USER_PASSWORD=
 # Resource Limits - Langfuse Worker
 LANGFUSE_WORKER_CPU_LIMIT=2.0
 LANGFUSE_WORKER_MEMORY_LIMIT=2G
 LANGFUSE_WORKER_CPU_RESERVATION=0.5
 LANGFUSE_WORKER_MEMORY_RESERVATION=512M
 # Resource Limits - Langfuse Web
 LANGFUSE_WEB_CPU_LIMIT=2.0
 LANGFUSE_WEB_MEMORY_LIMIT=2G
 LANGFUSE_WEB_CPU_RESERVATION=0.5
 LANGFUSE_WEB_MEMORY_RESERVATION=512M
 # Resource Limits - ClickHouse
 CLICKHOUSE_CPU_LIMIT=2.0
 CLICKHOUSE_MEMORY_LIMIT=4G
 CLICKHOUSE_CPU_RESERVATION=0.5
 CLICKHOUSE_MEMORY_RESERVATION=1G
 # Resource Limits - MinIO
 MINIO_CPU_LIMIT=1.0
 MINIO_MEMORY_LIMIT=1G
 MINIO_CPU_RESERVATION=0.25
 MINIO_MEMORY_RESERVATION=256M
 # Resource Limits - Redis
 REDIS_CPU_LIMIT=1.0
 REDIS_MEMORY_LIMIT=512M
 REDIS_CPU_RESERVATION=0.25
 REDIS_MEMORY_RESERVATION=256M
 # Resource Limits - PostgreSQL
 POSTGRES_CPU_LIMIT=2.0
 POSTGRES_MEMORY_LIMIT=2G
 POSTGRES_CPU_RESERVATION=0.5
 POSTGRES_MEMORY_RESERVATION=512M
--- a/src/langfuse/README.md
+++ b/src/langfuse/README.md
@@ -6,68 +6,164 @@ This service deploys Langfuse, an open-source LLM engineering platform for obser
 ## Services
- `langfuse-server`: The main Langfuse application server.
+- **langfuse-worker**: Background worker service for processing LLM operations
- `langfuse-db`: PostgreSQL database for Langfuse.
+- **langfuse-web**: Main Langfuse web application server
 - **postgres**: PostgreSQL database
 - **clickhouse**: ClickHouse analytics database for event storage
 - **minio**: S3-compatible object storage for media and exports
 - **redis**: In-memory data store for caching and job queues
-## Environment Variables
+## Quick Start
-| Variable Name                         | Description                                     | Default Value           |
+1. Copy `.env.example` to `.env`:
 | ------------------------------------- | ----------------------------------------------- | ----------------------- |
 | LANGFUSE_VERSION                      | Langfuse image version                          | `3.115.0`               |
 | LANGFUSE_PORT                         | Host port mapping for Langfuse web interface    | `3000`                  |
 | POSTGRES_VERSION                      | PostgreSQL image version                        | `17.2-alpine3.21`       |
 | POSTGRES_USER                         | PostgreSQL username                             | `postgres`              |
 | POSTGRES_PASSWORD                     | PostgreSQL password                             | `postgres`              |
 | POSTGRES_DB                           | PostgreSQL database name                        | `langfuse`              |
 | NEXTAUTH_URL                          | Public URL of your Langfuse instance            | `http://localhost:3000` |
 | NEXTAUTH_SECRET                       | Secret for NextAuth.js (required, generate one) | `""`                    |
 | SALT                                  | Salt for encryption (required, generate one)    | `""`                    |
 | TELEMETRY_ENABLED                     | Enable telemetry                                | `true`                  |
 | LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES | Enable experimental features                    | `false`                 |
-**Important**: You must set `NEXTAUTH_SECRET` and `SALT` for production use. Generate them using:
+   ```bash
-
+   cp .env.example .env
 ```bash
 # For NEXTAUTH_SECRET
 openssl rand -base64 32
 # For SALT
 openssl rand -base64 32
 ```
 Please create a `.env` file and modify it as needed for your use case.
 ## Volumes
 - `langfuse_db_data`: A volume for storing PostgreSQL data.
 ## Getting Started
 1. Create a `.env` file with required secrets:
   ```env
   NEXTAUTH_SECRET=your-generated-secret-here
   SALT=your-generated-salt-here
   POSTGRES_PASSWORD=your-secure-password
   ```
-2. Start the services:
+2. Update critical secrets in `.env`:
   ```bash
   # Generate secure secrets
   NEXTAUTH_SECRET=$(openssl rand -base64 32)
   ENCRYPTION_KEY=$(openssl rand -hex 32)
   POSTGRES_PASSWORD=your-secure-password
   CLICKHOUSE_PASSWORD=your-secure-password
   MINIO_ROOT_PASSWORD=your-secure-password
   REDIS_AUTH=your-secure-redis-password
   ```
 3. Start the services:
   ```bash
   docker compose up -d
   ```
-3. Access Langfuse at `http://localhost:3000`
+4. Access Langfuse at `http://localhost:3000`
-4. Create your first account on the setup page
+## Core Environment Variables
 | Variable                                | Description                                     | Default                 |
 | --------------------------------------- | ----------------------------------------------- | ----------------------- |
 | `LANGFUSE_VERSION`                      | Langfuse container image version                | `3`                     |
 | `LANGFUSE_PORT`                         | Web interface port                              | `3000`                  |
 | `NEXTAUTH_URL`                          | Public URL of Langfuse instance                 | `http://localhost:3000` |
 | `NEXTAUTH_SECRET`                       | NextAuth.js secret (required for production)    | `mysecret`              |
 | `ENCRYPTION_KEY`                        | Encryption key for sensitive data (64-char hex) | `0...0`                 |
 | `SALT`                                  | Salt for password hashing                       | `mysalt`                |
 | `TELEMETRY_ENABLED`                     | Enable anonymous telemetry                      | `true`                  |
 | `LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES` | Enable beta features                            | `true`                  |
 ## Database Configuration
 | Variable              | Description         | Default      |
 | --------------------- | ------------------- | ------------ |
 | `POSTGRES_VERSION`    | PostgreSQL version  | `17`         |
 | `POSTGRES_USER`       | Database user       | `postgres`   |
 | `POSTGRES_PASSWORD`   | Database password   | `postgres`   |
 | `POSTGRES_DB`         | Database name       | `postgres`   |
 | `CLICKHOUSE_USER`     | ClickHouse user     | `clickhouse` |
 | `CLICKHOUSE_PASSWORD` | ClickHouse password | `clickhouse` |
 ## Storage & Cache Configuration
 | Variable              | Description          | Default         |
 | --------------------- | -------------------- | --------------- |
 | `MINIO_ROOT_USER`     | MinIO admin username | `minio`         |
 | `MINIO_ROOT_PASSWORD` | MinIO admin password | `miniosecret`   |
 | `REDIS_AUTH`          | Redis password       | `myredissecret` |
 ## S3/Media Configuration
 | Variable                            | Description               | Default                 |
 | ----------------------------------- | ------------------------- | ----------------------- |
 | `LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT` | Media upload S3 endpoint  | `http://localhost:9090` |
 | `LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT` | Event upload S3 endpoint  | `http://minio:9000`     |
 | `LANGFUSE_S3_BATCH_EXPORT_ENABLED`  | Enable batch export to S3 | `false`                 |
 ## Volumes
 - `langfuse_postgres_data`: PostgreSQL data persistence
 - `langfuse_clickhouse_data`: ClickHouse event data
 - `langfuse_clickhouse_logs`: ClickHouse logs
 - `langfuse_minio_data`: MinIO object storage data
 ## Resource Limits
 All services have configurable CPU and memory limits:
 - **langfuse-worker**: 2 CPU cores, 2GB RAM
 - **langfuse-web**: 2 CPU cores, 2GB RAM  
 - **clickhouse**: 2 CPU cores, 4GB RAM
 - **minio**: 1 CPU core, 1GB RAM
 - **redis**: 1 CPU core, 512MB RAM
 - **postgres**: 2 CPU cores, 2GB RAM
 Adjust limits in `.env` by modifying `*_CPU_LIMIT`, `*_MEMORY_LIMIT`, `*_CPU_RESERVATION`, and `*_MEMORY_RESERVATION` variables.
 ## Network Access
 - **langfuse-web** (port 3000): Open to all interfaces for external access
 - **minio** (port 9090): Open to all interfaces for media uploads
 - **All other services**: Bound to `127.0.0.1` (localhost only)
 In production, restrict external access using a firewall or reverse proxy.
 ## Production Setup
 For production deployments:
 1. **Security**:
   - Generate strong secrets with `openssl rand -base64 32` and `openssl rand -hex 32`
   - Use a reverse proxy (nginx, Caddy) with SSL/TLS
   - Change all default passwords
   - Enable HTTPS by setting `NEXTAUTH_URL` to your domain
 2. **Persistence**:
   - Use external volumes or cloud storage for data
   - Configure regular PostgreSQL backups
   - Monitor ClickHouse disk usage
 3. **Performance**:
   - Increase resource limits based on workload
   - Consider dedicated ClickHouse cluster for large deployments
   - Configure Redis persistence if needed
 ## Ports
 - **3000**: Langfuse web interface (external)
 - **3030**: Langfuse worker API (localhost only)
 - **5432**: PostgreSQL (localhost only)
 - **8123**: ClickHouse HTTP (localhost only)
 - **9000**: ClickHouse native (localhost only)
 - **9090**: MinIO S3 API (external)
 - **9091**: MinIO console (localhost only)
 - **6379**: Redis (localhost only)
 ## Health Checks
 All services include health checks with automatic restart on failure.
 ## Documentation
-For more information, visit the [official Langfuse documentation](https://langfuse.com/docs).
+- [Langfuse Documentation](https://langfuse.com/docs)
 - [Langfuse GitHub](https://github.com/langfuse/langfuse)
-## Security Notes
+## Troubleshooting
- Change default passwords in production
+### Services failing to start
- Use strong, randomly generated values for `NEXTAUTH_SECRET` and `SALT`
+
- Consider using a reverse proxy with SSL/TLS in production
+- Check logs: `docker compose logs <service-name>`
- Regularly backup the PostgreSQL database
+- Ensure all required environment variables are set
 - Verify sufficient disk space and system resources
 ### Database connection errors
 - Verify `POSTGRES_PASSWORD` matches between services
 - Check that PostgreSQL service is healthy: `docker compose ps`
 - Ensure ports are not already in use
 ### MinIO permission issues
 - Clear MinIO data and restart: `docker compose down -v`
 - Regenerate MinIO credentials in `.env`
--- a/src/langfuse/README.zh.md
+++ b/src/langfuse/README.zh.md
@@ -2,72 +2,168 @@
 [English](./README.md) | [中文](./README.zh.md)
-此服务部署 Langfuse,一个用于 LLM 应用可观测性、指标、评估和提示管理的开源平台。
+此服务部署 Langfuse，一个用于 LLM 应用可观测性、指标、评估和提示管理的开源平台。
 ## 服务
- `langfuse-server`: Langfuse 主应用服务器。
+- **langfuse-worker**：处理 LLM 操作的后台工作者服务
- `langfuse-db`: Langfuse 的 PostgreSQL 数据库。
+- **langfuse-web**：Langfuse 主 Web 应用服务器
-
+- **postgres**：PostgreSQL 数据库
-## 环境变量
+- **clickhouse**：用于事件存储的 ClickHouse 分析数据库
-
+- **minio**：兼容 S3 的对象存储，用于媒体和导出
-| 变量名                                | 描述                            | 默认值                  |
+- **redis**：用于缓存和作业队列的内存数据存储
 | ------------------------------------- | ------------------------------- | ----------------------- |
 | LANGFUSE_VERSION                      | Langfuse 镜像版本               | `3.115.0`               |
 | LANGFUSE_PORT                         | Langfuse Web 界面的主机端口映射 | `3000`                  |
 | POSTGRES_VERSION                      | PostgreSQL 镜像版本             | `17.2-alpine3.21`       |
 | POSTGRES_USER                         | PostgreSQL 用户名               | `postgres`              |
 | POSTGRES_PASSWORD                     | PostgreSQL 密码                 | `postgres`              |
 | POSTGRES_DB                           | PostgreSQL 数据库名             | `langfuse`              |
 | NEXTAUTH_URL                          | Langfuse 实例的公开 URL         | `http://localhost:3000` |
 | NEXTAUTH_SECRET                       | NextAuth.js 密钥(必需,需要生成) | `""`                    |
 | SALT                                  | 加密盐值(必需,需要生成)         | `""`                    |
 | TELEMETRY_ENABLED                     | 启用遥测                        | `true`                  |
 | LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES | 启用实验性功能                  | `false`                 |
 **重要提示**: 在生产环境中必须设置 `NEXTAUTH_SECRET` 和 `SALT`。使用以下命令生成:
 ```bash
 # 生成 NEXTAUTH_SECRET
 openssl rand -base64 32
 # 生成 SALT
 openssl rand -base64 32
 ```
 请创建 `.env` 文件并根据需要进行修改。
 ## 数据卷
 - `langfuse_db_data`: 用于存储 PostgreSQL 数据的卷。
 ## 快速开始
-1. 创建包含必需密钥的 `.env` 文件:
+1. 将 `.env.example` 复制为 `.env`：
-   ```env
+   ```bash
-   NEXTAUTH_SECRET=your-generated-secret-here
+   cp .env.example .env
   SALT=your-generated-salt-here
   POSTGRES_PASSWORD=your-secure-password
   ```
-2. 启动服务:
+2. 在 `.env` 中更新关键的密钥：
   ```bash
   # 生成安全的密钥
   NEXTAUTH_SECRET=$(openssl rand -base64 32)
   ENCRYPTION_KEY=$(openssl rand -hex 32)
   POSTGRES_PASSWORD=your-secure-password
   CLICKHOUSE_PASSWORD=your-secure-password
   MINIO_ROOT_PASSWORD=your-secure-password
   REDIS_AUTH=your-secure-redis-password
   ```
 3. 启动服务：
   ```bash
   docker compose up -d
   ```
-3. 访问 `http://localhost:3000`
+4. 访问 `http://localhost:3000` 打开 Langfuse
-4. 在设置页面创建您的第一个账户
+## 核心环境变量
 | 变量                                    | 描述                                  | 默认值                  |
 | --------------------------------------- | ------------------------------------- | ----------------------- |
 | `LANGFUSE_VERSION`                      | Langfuse 容器镜像版本                 | `3`                     |
 | `LANGFUSE_PORT`                         | Web 界面端口                          | `3000`                  |
 | `NEXTAUTH_URL`                          | Langfuse 实例的公开 URL               | `http://localhost:3000` |
 | `NEXTAUTH_SECRET`                       | NextAuth.js 密钥（生产环境必需）      | `mysecret`              |
 | `ENCRYPTION_KEY`                        | 敏感数据加密密钥（64 个十六进制字符） | `0...0`                 |
 | `SALT`                                  | 密码哈希盐值                          | `mysalt`                |
 | `TELEMETRY_ENABLED`                     | 启用匿名遥测                          | `true`                  |
 | `LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES` | 启用测试版功能                        | `true`                  |
 ## 数据库配置
 | 变量                  | 描述            | 默认值       |
 | --------------------- | --------------- | ------------ |
 | `POSTGRES_VERSION`    | PostgreSQL 版本 | `17`         |
 | `POSTGRES_USER`       | 数据库用户      | `postgres`   |
 | `POSTGRES_PASSWORD`   | 数据库密码      | `postgres`   |
 | `POSTGRES_DB`         | 数据库名称      | `postgres`   |
 | `CLICKHOUSE_USER`     | ClickHouse 用户 | `clickhouse` |
 | `CLICKHOUSE_PASSWORD` | ClickHouse 密码 | `clickhouse` |
 ## 存储和缓存配置
 | 变量                  | 描述               | 默认值          |
 | --------------------- | ------------------ | --------------- |
 | `MINIO_ROOT_USER`     | MinIO 管理员用户名 | `minio`         |
 | `MINIO_ROOT_PASSWORD` | MinIO 管理员密码   | `miniosecret`   |
 | `REDIS_AUTH`          | Redis 密码         | `myredissecret` |
 ## S3/媒体配置
 | 变量                                | 描述              | 默认值                  |
 | ----------------------------------- | ----------------- | ----------------------- |
 | `LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT` | 媒体上传 S3 端点  | `http://localhost:9090` |
 | `LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT` | 事件上传 S3 端点  | `http://minio:9000`     |
 | `LANGFUSE_S3_BATCH_EXPORT_ENABLED`  | 启用批量导出到 S3 | `false`                 |
 ## 数据卷
 - `langfuse_postgres_data`：PostgreSQL 数据持久化
 - `langfuse_clickhouse_data`：ClickHouse 事件数据
 - `langfuse_clickhouse_logs`：ClickHouse 日志
 - `langfuse_minio_data`：MinIO 对象存储数据
 ## 资源限制
 所有服务都有可配置的 CPU 和内存限制：
 - **langfuse-worker**：2 个 CPU 核心，2GB RAM
 - **langfuse-web**：2 个 CPU 核心，2GB RAM
 - **clickhouse**：2 个 CPU 核心，4GB RAM
 - **minio**：1 个 CPU 核心，1GB RAM
 - **redis**：1 个 CPU 核心，512MB RAM
 - **postgres**：2 个 CPU 核心，2GB RAM
 通过修改 `.env` 中的 `*_CPU_LIMIT`、`*_MEMORY_LIMIT`、`*_CPU_RESERVATION` 和 `*_MEMORY_RESERVATION` 变量来调整限制。
 ## 网络访问
 - **langfuse-web**（端口 3000）：对所有接口开放，用于外部访问
 - **minio**（端口 9090）：对所有接口开放，用于媒体上传
 - **所有其他服务**：绑定到 `127.0.0.1`（仅限本地）
 在生产环境中，使用防火墙或反向代理限制外部访问。
 ## 生产部署
 用于生产部署的建议：
 1. **安全性**：
   - 使用 `openssl rand -base64 32` 和 `openssl rand -hex 32` 生成强密钥
   - 使用具有 SSL/TLS 的反向代理（nginx、Caddy）
   - 更改所有默认密码
   - 通过将 `NEXTAUTH_URL` 设置为您的域来启用 HTTPS
 2. **数据持久化**：
   - 对数据使用外部卷或云存储
   - 配置定期 PostgreSQL 备份
   - 监控 ClickHouse 磁盘使用情况
 3. **性能**：
   - 根据工作负载增加资源限制
   - 大规模部署时考虑使用专用 ClickHouse 集群
   - 如需要，配置 Redis 持久化
 ## 端口
 - **3000**：Langfuse Web 界面（外部）
 - **3030**：Langfuse 工作者 API（仅限本地）
 - **5432**：PostgreSQL（仅限本地）
 - **8123**：ClickHouse HTTP（仅限本地）
 - **9000**：ClickHouse 原生协议（仅限本地）
 - **9090**：MinIO S3 API（外部）
 - **9091**：MinIO 控制台（仅限本地）
 - **6379**：Redis（仅限本地）
 ## 健康检查
 所有服务都包括健康检查，失败时会自动重新启动。
 ## 文档
-更多信息请访问 [Langfuse 官方文档](https://langfuse.com/docs)。
+- [Langfuse 文档](https://langfuse.com/docs)
 - [Langfuse GitHub](https://github.com/langfuse/langfuse)
-## 安全提示
+## 故障排除
- 在生产环境中更改默认密码
+### 服务无法启动
- 为 `NEXTAUTH_SECRET` 和 `SALT` 使用强随机生成的值
+
- 在生产环境中考虑使用带 SSL/TLS 的反向代理
+- 查看日志：`docker compose logs <service-name>`
- 定期备份 PostgreSQL 数据库
+- 确保设置了所有必需的环境变量
 - 验证磁盘空间和系统资源是否充足
 ### 数据库连接错误
 - 验证 `POSTGRES_PASSWORD` 在服务之间匹配
 - 检查 PostgreSQL 服务是否健康：`docker compose ps`
 - 确保端口未被占用
 ### MinIO 权限问题
 - 清除 MinIO 数据并重新启动：`docker compose down -v`
 - 在 `.env` 中重新生成 MinIO 凭证
--- a/src/langfuse/docker-compose.yaml
+++ b/src/langfuse/docker-compose.yaml
@@ -1,3 +1,12 @@
 # Make sure to update the credential placeholders with your own secrets.
 # We mark them with # CHANGEME in the file below.
 # In addition, we recommend to restrict inbound traffic on the host to
 # langfuse-web (port 3000) and minio (port 9090) only.
 # All other components are bound to localhost (127.0.0.1) to only accept
 # connections from the local machine.
 # External connections from other machines will not be able to reach these
 # services directly.
 x-defaults: &defaults
  restart: unless-stopped
  logging:
@@ -7,30 +16,103 @@ x-defaults: &defaults
      max-file: "3"
 services:
-  langfuse-server:
+  langfuse-worker:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}langfuse/langfuse:${LANGFUSE_VERSION:-3.115.0}
+    image: ${GLOBAL_REGISTRY:-}langfuse/langfuse-worker:${LANGFUSE_VERSION:-3}
-    ports:
+    depends_on: &langfuse-depends-on
-      - "${LANGFUSE_PORT:-3000}:3000"
+      postgres:
    environment:
      - TZ=${TZ:-UTC}
      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@langfuse-db:5432/${POSTGRES_DB:-langfuse}
      - NEXTAUTH_URL=${NEXTAUTH_URL:-http://localhost:3000}
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - SALT=${SALT}
      - TELEMETRY_ENABLED=${TELEMETRY_ENABLED:-true}
      - LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES=${LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES:-false}
    depends_on:
      langfuse-db:
        condition: service_healthy
      minio:
        condition: service_healthy
      redis:
        condition: service_healthy
      clickhouse:
        condition: service_healthy
    ports:
      - 127.0.0.1:3030:3030
    environment: &langfuse-worker-env
      TZ: ${TZ:-UTC}
      NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3000}
      DATABASE_URL: ${DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/postgres}
      SALT: ${SALT:-mysalt}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY:-0000000000000000000000000000000000000000000000000000000000000000}
      TELEMETRY_ENABLED: ${TELEMETRY_ENABLED:-true}
      LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES: ${LANGFUSE_ENABLE_EXPERIMENTAL_FEATURES:-true}
      CLICKHOUSE_MIGRATION_URL: ${CLICKHOUSE_MIGRATION_URL:-clickhouse://clickhouse:9000}
      CLICKHOUSE_URL: ${CLICKHOUSE_URL:-http://clickhouse:8123}
      CLICKHOUSE_USER: ${CLICKHOUSE_USER:-clickhouse}
      CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-clickhouse}
      CLICKHOUSE_CLUSTER_ENABLED: ${CLICKHOUSE_CLUSTER_ENABLED:-false}
      LANGFUSE_USE_AZURE_BLOB: ${LANGFUSE_USE_AZURE_BLOB:-false}
      LANGFUSE_S3_EVENT_UPLOAD_BUCKET: ${LANGFUSE_S3_EVENT_UPLOAD_BUCKET:-langfuse}
      LANGFUSE_S3_EVENT_UPLOAD_REGION: ${LANGFUSE_S3_EVENT_UPLOAD_REGION:-auto}
      LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID: ${LANGFUSE_S3_EVENT_UPLOAD_ACCESS_KEY_ID:-minio}
      LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY: ${LANGFUSE_S3_EVENT_UPLOAD_SECRET_ACCESS_KEY:-miniosecret}
      LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT: ${LANGFUSE_S3_EVENT_UPLOAD_ENDPOINT:-http://minio:9000}
      LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE: ${LANGFUSE_S3_EVENT_UPLOAD_FORCE_PATH_STYLE:-true}
      LANGFUSE_S3_EVENT_UPLOAD_PREFIX: ${LANGFUSE_S3_EVENT_UPLOAD_PREFIX:-events/}
      LANGFUSE_S3_MEDIA_UPLOAD_BUCKET: ${LANGFUSE_S3_MEDIA_UPLOAD_BUCKET:-langfuse}
      LANGFUSE_S3_MEDIA_UPLOAD_REGION: ${LANGFUSE_S3_MEDIA_UPLOAD_REGION:-auto}
      LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID: ${LANGFUSE_S3_MEDIA_UPLOAD_ACCESS_KEY_ID:-minio}
      LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY: ${LANGFUSE_S3_MEDIA_UPLOAD_SECRET_ACCESS_KEY:-miniosecret}
      LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT: ${LANGFUSE_S3_MEDIA_UPLOAD_ENDPOINT:-http://localhost:9090}
      LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE: ${LANGFUSE_S3_MEDIA_UPLOAD_FORCE_PATH_STYLE:-true}
      LANGFUSE_S3_MEDIA_UPLOAD_PREFIX: ${LANGFUSE_S3_MEDIA_UPLOAD_PREFIX:-media/}
      LANGFUSE_S3_BATCH_EXPORT_ENABLED: ${LANGFUSE_S3_BATCH_EXPORT_ENABLED:-false}
      LANGFUSE_S3_BATCH_EXPORT_BUCKET: ${LANGFUSE_S3_BATCH_EXPORT_BUCKET:-langfuse}
      LANGFUSE_S3_BATCH_EXPORT_PREFIX: ${LANGFUSE_S3_BATCH_EXPORT_PREFIX:-exports/}
      LANGFUSE_S3_BATCH_EXPORT_REGION: ${LANGFUSE_S3_BATCH_EXPORT_REGION:-auto}
      LANGFUSE_S3_BATCH_EXPORT_ENDPOINT: ${LANGFUSE_S3_BATCH_EXPORT_ENDPOINT:-http://minio:9000}
      LANGFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT: ${LANGFUSE_S3_BATCH_EXPORT_EXTERNAL_ENDPOINT:-http://localhost:9090}
      LANGFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID: ${LANGFUSE_S3_BATCH_EXPORT_ACCESS_KEY_ID:-minio}
      LANGFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY: ${LANGFUSE_S3_BATCH_EXPORT_SECRET_ACCESS_KEY:-miniosecret}
      LANGFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE: ${LANGFUSE_S3_BATCH_EXPORT_FORCE_PATH_STYLE:-true}
      LANGFUSE_INGESTION_QUEUE_DELAY_MS: ${LANGFUSE_INGESTION_QUEUE_DELAY_MS:-}
      LANGFUSE_INGESTION_CLICKHOUSE_WRITE_INTERVAL_MS: ${LANGFUSE_INGESTION_CLICKHOUSE_WRITE_INTERVAL_MS:-}
      REDIS_HOST: ${REDIS_HOST:-redis}
      REDIS_PORT: ${REDIS_PORT:-6379}
      REDIS_AUTH: ${REDIS_AUTH:-myredissecret}
      REDIS_TLS_ENABLED: ${REDIS_TLS_ENABLED:-false}
      REDIS_TLS_CA: ${REDIS_TLS_CA:-/certs/ca.crt}
      REDIS_TLS_CERT: ${REDIS_TLS_CERT:-/certs/redis.crt}
      REDIS_TLS_KEY: ${REDIS_TLS_KEY:-/certs/redis.key}
      EMAIL_FROM_ADDRESS: ${EMAIL_FROM_ADDRESS:-}
      SMTP_CONNECTION_URL: ${SMTP_CONNECTION_URL:-}
    deploy:
      resources:
        limits:
-          cpus: ${LANGFUSE_CPU_LIMIT:-2.0}
+          cpus: ${LANGFUSE_WORKER_CPU_LIMIT:-2.0}
-          memory: ${LANGFUSE_MEMORY_LIMIT:-2G}
+          memory: ${LANGFUSE_WORKER_MEMORY_LIMIT:-2G}
        reservations:
-          cpus: ${LANGFUSE_CPU_RESERVATION:-0.5}
+          cpus: ${LANGFUSE_WORKER_CPU_RESERVATION:-0.5}
-          memory: ${LANGFUSE_MEMORY_RESERVATION:-512M}
+          memory: ${LANGFUSE_WORKER_MEMORY_RESERVATION:-512M}
  langfuse-web:
    <<: *defaults
    image: ${GLOBAL_REGISTRY:-}langfuse/langfuse:${LANGFUSE_VERSION:-3}
    depends_on: *langfuse-depends-on
    ports:
      - "${LANGFUSE_PORT:-3000}:3000"
    environment:
      <<: *langfuse-worker-env
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:-mysecret}
      LANGFUSE_INIT_ORG_ID: ${LANGFUSE_INIT_ORG_ID:-}
      LANGFUSE_INIT_ORG_NAME: ${LANGFUSE_INIT_ORG_NAME:-}
      LANGFUSE_INIT_PROJECT_ID: ${LANGFUSE_INIT_PROJECT_ID:-}
      LANGFUSE_INIT_PROJECT_NAME: ${LANGFUSE_INIT_PROJECT_NAME:-}
      LANGFUSE_INIT_PROJECT_PUBLIC_KEY: ${LANGFUSE_INIT_PROJECT_PUBLIC_KEY:-}
      LANGFUSE_INIT_PROJECT_SECRET_KEY: ${LANGFUSE_INIT_PROJECT_SECRET_KEY:-}
      LANGFUSE_INIT_USER_EMAIL: ${LANGFUSE_INIT_USER_EMAIL:-}
      LANGFUSE_INIT_USER_NAME: ${LANGFUSE_INIT_USER_NAME:-}
      LANGFUSE_INIT_USER_PASSWORD: ${LANGFUSE_INIT_USER_PASSWORD:-}
    deploy:
      resources:
        limits:
          cpus: ${LANGFUSE_WEB_CPU_LIMIT:-2.0}
          memory: ${LANGFUSE_WEB_MEMORY_LIMIT:-2G}
        reservations:
          cpus: ${LANGFUSE_WEB_CPU_RESERVATION:-0.5}
          memory: ${LANGFUSE_WEB_MEMORY_RESERVATION:-512M}
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/public/health"]
      interval: 30s
@@ -38,30 +120,121 @@ services:
      retries: 3
      start_period: 30s
-  langfuse-db:
+  clickhouse:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}postgres:${POSTGRES_VERSION:-17.2-alpine3.21}
+    image: ${GLOBAL_REGISTRY:-}clickhouse/clickhouse-server:${CLICKHOUSE_VERSION:-latest}
    user: "101:101"
    environment:
-      - TZ=${TZ:-UTC}
+      CLICKHOUSE_DB: default
-      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      CLICKHOUSE_USER: ${CLICKHOUSE_USER:-clickhouse}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
+      CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-clickhouse}
-      - POSTGRES_DB=${POSTGRES_DB:-langfuse}
+      TZ: ${TZ:-UTC}
    volumes:
-      - langfuse_db_data:/var/lib/postgresql/data
+      - langfuse_clickhouse_data:/var/lib/clickhouse
      - langfuse_clickhouse_logs:/var/log/clickhouse-server
    ports:
      - 127.0.0.1:8123:8123
      - 127.0.0.1:9000:9000
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
+      test: wget --no-verbose --tries=1 --spider http://localhost:8123/ping || exit 1
-      interval: 10s
+      interval: 5s
      timeout: 5s
-      retries: 5
+      retries: 10
-      start_period: 30s
+      start_period: 1s
    deploy:
      resources:
        limits:
-          cpus: ${LANGFUSE_DB_CPU_LIMIT:-1.0}
+          cpus: ${CLICKHOUSE_CPU_LIMIT:-2.0}
-          memory: ${LANGFUSE_DB_MEMORY_LIMIT:-1G}
+          memory: ${CLICKHOUSE_MEMORY_LIMIT:-4G}
        reservations:
-          cpus: ${LANGFUSE_DB_CPU_RESERVATION:-0.25}
+          cpus: ${CLICKHOUSE_CPU_RESERVATION:-0.5}
-          memory: ${LANGFUSE_DB_MEMORY_RESERVATION:-256M}
+          memory: ${CLICKHOUSE_MEMORY_RESERVATION:-1G}
  minio:
    <<: *defaults
    image: ${CGR_DEV_REGISTRY:-cgr.dev/}chainguard/minio:${MINIO_VERSION:-latest}
    entrypoint: sh
    # create the 'langfuse' bucket before starting the service
    command: -c 'mkdir -p /data/langfuse && minio server --address ":9000" --console-address ":9001" /data'
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minio}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-miniosecret}
      TZ: ${TZ:-UTC}
    ports:
      - "9090:9000"
      - 127.0.0.1:9091:9001
    volumes:
      - langfuse_minio_data:/data
    healthcheck:
      test: ["CMD", "mc", "ready", "local"]
      interval: 1s
      timeout: 5s
      retries: 5
      start_period: 1s
    deploy:
      resources:
        limits:
          cpus: ${MINIO_CPU_LIMIT:-1.0}
          memory: ${MINIO_MEMORY_LIMIT:-1G}
        reservations:
          cpus: ${MINIO_CPU_RESERVATION:-0.25}
          memory: ${MINIO_MEMORY_RESERVATION:-256M}
  redis:
    <<: *defaults
    image: ${GLOBAL_REGISTRY:-}redis:${REDIS_VERSION:-7}
    command: >
      --requirepass ${REDIS_AUTH:-myredissecret}
      --maxmemory-policy noeviction
    ports:
      - 127.0.0.1:6379:6379
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 3s
      timeout: 10s
      retries: 10
    deploy:
      resources:
        limits:
          cpus: ${REDIS_CPU_LIMIT:-1.0}
          memory: ${REDIS_MEMORY_LIMIT:-512M}
        reservations:
          cpus: ${REDIS_CPU_RESERVATION:-0.25}
          memory: ${REDIS_MEMORY_RESERVATION:-256M}
  postgres:
    <<: *defaults
    image: ${GLOBAL_REGISTRY:-}postgres:${POSTGRES_VERSION:-17}
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
      POSTGRES_DB: ${POSTGRES_DB:-postgres}
      TZ: UTC
      PGTZ: UTC
    ports:
      - 127.0.0.1:5432:5432
    volumes:
      - langfuse_postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 3s
      timeout: 3s
      retries: 10
    deploy:
      resources:
        limits:
          cpus: ${POSTGRES_CPU_LIMIT:-2.0}
          memory: ${POSTGRES_MEMORY_LIMIT:-2G}
        reservations:
          cpus: ${POSTGRES_CPU_RESERVATION:-0.5}
          memory: ${POSTGRES_MEMORY_RESERVATION:-512M}
 volumes:
-  langfuse_db_data:
+  langfuse_postgres_data:
    driver: local
  langfuse_clickhouse_data:
    driver: local
  langfuse_clickhouse_logs:
    driver: local
  langfuse_minio_data:
    driver: local
--- a/src/minio/.env.example
+++ b/src/minio/.env.example
@@ -1,14 +1,13 @@
-# MinIO Version
+# MinIO Version (Chainguard Image)
-MINIO_VERSION=RELEASE.2025-09-07T16-13-09Z
+MINIO_VERSION=0.20251015
-# MinIO credentials
+# MinIO Root User Credentials
-MINIO_ROOT_USER=root
+MINIO_ROOT_USER=minioadmin
-MINIO_ROOT_PASSWORD=password123
+MINIO_ROOT_PASSWORD=minioadmin
 # Optional: Legacy access key/secret (use root user/password instead)
 MINIO_ACCESS_KEY=
 MINIO_SECRET_KEY=
 # Ports
 MINIO_PORT_OVERRIDE_API=9000
 MINIO_PORT_OVERRIDE_WEBUI=9001
 # Timezone
 TZ=UTC
--- a/src/minio/README.md
+++ b/src/minio/README.md
@@ -2,25 +2,28 @@
 [English](./README.md) | [中文](./README.zh.md)
-MinIO is a high-performance, distributed object storage system that is compatible with the Amazon S3 API. It can be used to store and manage large amounts of unstructured data, such as photos, videos, log files, etc.
+MinIO is a high-performance, S3-compatible object storage system that can be used to store and manage large amounts of unstructured data, such as photos, videos, log files, and more. This deployment uses Chainguard's production-ready MinIO image, which is distroless, minimal, and continuously updated with security fixes.
 Open the Web UI: <http://localhost:9001>.
 ## Services
- `minio`: The MinIO service.
+- `minio`: The MinIO object storage service (Chainguard Image).
 ## Configuration
- `MINIO_VERSION`: The version of the MinIO image, default is `RELEASE.2025-09-07T16-13-09Z`.
+- `MINIO_VERSION`: The version of the MinIO image, default is `0.20251015`.
 - `MINIO_PORT_OVERRIDE_API`: The host port for the MinIO API, default is `9000`.
 - `MINIO_PORT_OVERRIDE_WEBUI`: The host port for the MinIO Web UI, default is `9001`.
- `MINIO_ROOT_USER`: The root username for MinIO, default is `root`.
+- `MINIO_ROOT_USER`: The root username for MinIO, default is `minioadmin`.
- `MINIO_ROOT_PASSWORD`: The root password for MinIO, default is `password`.
+- `MINIO_ROOT_PASSWORD`: The root password for MinIO, default is `minioadmin`.
- `MINIO_ACCESS_KEY`: The access key for MinIO.
+- `TZ`: Timezone setting, default is `UTC`.
 - `MINIO_SECRET_KEY`: The secret key for MinIO.
 ## Volumes
 - `minio_data`: A volume for storing MinIO data.
- `config`: A volume for storing MinIO configuration.
+
 ## Notes
 - This configuration uses Chainguard's MinIO image (`cgr.dev/chainguard/minio`), which provides enhanced security and is continuously maintained.
 - The default credentials are `minioadmin` / `minioadmin`. Change these in production.
--- a/src/minio/README.zh.md
+++ b/src/minio/README.zh.md
@@ -2,25 +2,28 @@
 [English](./README.md) | [中文](./README.zh.md)
-MinIO 是一个高性能的分布式对象存储系统，兼容 Amazon S3 API。它可以用于存储和管理大量非结构化数据，如照片、视频、日志文件等。
+MinIO 是一个高性能的 S3 兼容对象存储系统，可以用于存储和管理大量非结构化数据，如照片、视频、日志文件等。该部署使用 Chainguard 的生产级 MinIO 镜像，该镜像是无根的、最小化的，并持续更新安全修复。
 打开 Web UI 界面：<http://localhost:9001>。
 ## 服务
- `minio`: MinIO 服务。
+- `minio`: MinIO 对象存储服务（Chainguard 镜像）。
 ## 配置
- `MINIO_VERSION`: MinIO 镜像的版本，默认为 `RELEASE.2025-09-07T16-13-09Z`。
+- `MINIO_VERSION`: MinIO 镜像的版本，默认为 `0.20251015`。
 - `MINIO_PORT_OVERRIDE_API`: MinIO API 的主机端口，默认为 `9000`。
 - `MINIO_PORT_OVERRIDE_WEBUI`: MinIO Web UI 的主机端口，默认为 `9001`。
- `MINIO_ROOT_USER`: MinIO 的 root 用户名，默认为 `root`。
+- `MINIO_ROOT_USER`: MinIO 的根用户名，默认为 `minioadmin`。
- `MINIO_ROOT_PASSWORD`: MinIO 的 root 密码，默认为 `password`。
+- `MINIO_ROOT_PASSWORD`: MinIO 的根密码，默认为 `minioadmin`。
- `MINIO_ACCESS_KEY`: MinIO 的访问密钥。
+- `TZ`: 时区设置，默认为 `UTC`。
 - `MINIO_SECRET_KEY`: MinIO 的秘密密钥。
 ## 卷
 - `minio_data`: 用于存储 MinIO 数据的卷。
- `config`: 用于存储 MinIO 配置的卷。
+
 ## 注意事项
 - 该配置使用 Chainguard 的 MinIO 镜像（`cgr.dev/chainguard/minio`），提供增强的安全性，并持续维护。
 - 默认凭据为 `minioadmin` / `minioadmin`。在生产环境中请更改这些凭据。
--- a/src/minio/docker-compose.yaml
+++ b/src/minio/docker-compose.yaml
@@ -9,7 +9,7 @@ x-defaults: &defaults
 services:
  minio:
    <<: *defaults
-    image: ${GLOBAL_REGISTRY:-}minio/minio:${MINIO_VERSION:-RELEASE.2025-09-07T16-13-09Z}
+    image: cgr.dev/chainguard/minio:${MINIO_VERSION:-0.20251015}
    ports:
      - "${MINIO_PORT_OVERRIDE_API:-9000}:9000"
      - "${MINIO_PORT_OVERRIDE_WEBUI:-9001}:9001"
@@ -19,8 +19,7 @@ services:
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minioadmin}
    volumes:
      - minio_data:/data
-      - ./config:/root/.minio/
+    command: server /data --console-address ':9001'
    command: server --console-address ':9001' /data
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
--- a/src/phoenix/docker-compose.yaml
+++ b/src/phoenix/docker-compose.yaml
@@ -25,7 +25,7 @@ services:
      phoenix-db:
        condition: service_healthy
    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:6006/healthz"]
+      test: ["CMD", "python3", "-c", "import httpx;r=httpx.get('http://localhost:6006/healthz').raise_for_status()"]
      interval: 30s
      timeout: 10s
      retries: 3