From 453a3eab11198d211f022f7f78858247b605a9f3 Mon Sep 17 00:00:00 2001 From: Sun-ZhenXing <1006925066@qq.com> Date: Sun, 10 May 2026 15:18:24 +0800 Subject: [PATCH] feat: add sub2api --- README.md | 3 +- README.zh.md | 3 +- src/bifrost-gateway/docker-compose.yaml | 2 +- src/phoenix/.env.example | 4 +- src/phoenix/README.md | 28 +++-- src/phoenix/README.zh.md | 30 +++--- src/phoenix/docker-compose.yaml | 6 +- src/sub2api/.env.example | 75 +++++++++++++ src/sub2api/README.md | 55 ++++++++++ src/sub2api/README.zh.md | 55 ++++++++++ src/sub2api/docker-compose.yaml | 133 ++++++++++++++++++++++++ 11 files changed, 355 insertions(+), 39 deletions(-) create mode 100644 src/sub2api/.env.example create mode 100644 src/sub2api/README.md create mode 100644 src/sub2api/README.zh.md create mode 100644 src/sub2api/docker-compose.yaml diff --git a/README.md b/README.md index 017e0c4..a0cebca 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ These services require building custom Docker images from source. | [Odoo](./src/odoo) | 19.0 | | [Ollama](./src/ollama) | 0.14.3 | | [Open WebUI](./src/open-webui) | main | -| [Phoenix (Arize)](./src/phoenix) | 13.19.2 | +| [Phoenix (Arize)](./src/phoenix) | 15.5.0 | | [Pingap](./src/pingap) | 0.12.7-full | | [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | | [Open WebUI Rust](./src/open-webui-rust) | latest | @@ -185,6 +185,7 @@ These services require building custom Docker images from source. | [Skyvern](./apps/skyvern) | v1.0.31 | | [Stable Diffusion WebUI](./apps/stable-diffusion-webui-docker) | latest | | [Stirling-PDF](./apps/stirling-pdf) | latest | +| [Sub2API](./src/sub2api) | 0.1.124 | | [Temporal](./src/temporal) | 1.24.2 | | [TiDB](./src/tidb) | v8.5.0 | | [TiKV](./src/tikv) | v8.5.0 | diff --git a/README.zh.md b/README.zh.md index fbaeac8..58f33b1 100644 --- a/README.zh.md +++ b/README.zh.md @@ -143,7 +143,7 @@ docker compose exec redis redis-cli ping | [Odoo](./src/odoo) | 19.0 | | [Ollama](./src/ollama) | 0.14.3 | | [Open WebUI](./src/open-webui) | main | -| [Phoenix (Arize)](./src/phoenix) | 13.19.2 | +| [Phoenix (Arize)](./src/phoenix) | 15.5.0 | | [Pingap](./src/pingap) | 0.12.7-full | | [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | | [Open WebUI Rust](./src/open-webui-rust) | latest | @@ -185,6 +185,7 @@ docker compose exec redis redis-cli ping | [Skyvern](./apps/skyvern) | v1.0.31 | | [Stable Diffusion WebUI](./apps/stable-diffusion-webui-docker) | latest | | [Stirling-PDF](./apps/stirling-pdf) | latest | +| [Sub2API](./src/sub2api) | 0.1.124 | | [Temporal](./src/temporal) | 1.24.2 | | [TiDB](./src/tidb) | v8.5.0 | | [TiKV](./src/tikv) | v8.5.0 | diff --git a/src/bifrost-gateway/docker-compose.yaml b/src/bifrost-gateway/docker-compose.yaml index 432ad13..a1eee37 100644 --- a/src/bifrost-gateway/docker-compose.yaml +++ b/src/bifrost-gateway/docker-compose.yaml @@ -30,7 +30,7 @@ services: - wget - --no-verbose - --tries=1 - - --spider + - --output-document=/dev/null - 'http://localhost:8080/health' interval: 30s diff --git a/src/phoenix/.env.example b/src/phoenix/.env.example index 913d34e..2322cee 100644 --- a/src/phoenix/.env.example +++ b/src/phoenix/.env.example @@ -1,5 +1,5 @@ # Phoenix version -PHOENIX_VERSION=13.19.2 +PHOENIX_VERSION=15.5.0 # Timezone TZ=UTC @@ -11,7 +11,7 @@ PHOENIX_PROMETHEUS_PORT_OVERRIDE=9090 # Prometheus metrics (optional) # Phoenix configuration PHOENIX_ENABLE_PROMETHEUS=false -PHOENIX_SECRET= # Optional: Set for authentication, generate with: openssl rand -base64 32 +PHOENIX_SECRET=NOT_SECURE_0fdf298eefb2ceef8ab3d7bd5319060e # !Change me! Set for authentication, generate with: openssl rand -base64 32 # PostgreSQL configuration (only used when COMPOSE_PROFILES=postgres) POSTGRES_VERSION=17.2-alpine3.21 diff --git a/src/phoenix/README.md b/src/phoenix/README.md index 0ef0c41..a116b17 100644 --- a/src/phoenix/README.md +++ b/src/phoenix/README.md @@ -15,9 +15,7 @@ Arize Phoenix is an open-source AI observability platform for LLM applications. This project supports two modes of operation via Docker Compose profiles: 1. **sqlite** (Default): Uses SQLite for storage. Simple and good for local development. - Set `COMPOSE_PROFILES=sqlite` in `.env`. 2. **postgres**: Uses PostgreSQL for storage. Recommended for production. - Set `COMPOSE_PROFILES=postgres` in `.env`. ## Ports @@ -29,19 +27,19 @@ This project supports two modes of operation via Docker Compose profiles: ## Environment Variables -| Variable Name | Description | Default Value | -| -------------------------------- | ---------------------------------------- | ----------------- | -| COMPOSE_PROFILES | Active profiles (`sqlite` or `postgres`) | `sqlite` | -| PHOENIX_VERSION | Phoenix image version | `13.19.2` | -| PHOENIX_PORT_OVERRIDE | Host port for Phoenix UI and HTTP API | `6006` | -| PHOENIX_GRPC_PORT_OVERRIDE | Host port for OTLP gRPC collector | `4317` | -| PHOENIX_PROMETHEUS_PORT_OVERRIDE | Host port for Prometheus metrics | `9090` | -| PHOENIX_ENABLE_PROMETHEUS | Enable Prometheus metrics endpoint | `false` | -| PHOENIX_SECRET | Secret for authentication (optional) | `""` | -| POSTGRES_VERSION | PostgreSQL image version | `17.2-alpine3.21` | -| POSTGRES_USER | PostgreSQL username | `postgres` | -| POSTGRES_PASSWORD | PostgreSQL password | `postgres` | -| POSTGRES_DB | PostgreSQL database name | `phoenix` | +| Variable Name | Description | Default Value | +| -------------------------------- | ---------------------------------------- | ----------------------------------------------- | +| COMPOSE_PROFILES | Active profiles (`sqlite` or `postgres`) | `sqlite` | +| PHOENIX_VERSION | Phoenix image version | `15.5.0` | +| PHOENIX_PORT_OVERRIDE | Host port for Phoenix UI and HTTP API | `6006` | +| PHOENIX_GRPC_PORT_OVERRIDE | Host port for OTLP gRPC collector | `4317` | +| PHOENIX_PROMETHEUS_PORT_OVERRIDE | Host port for Prometheus metrics | `9090` | +| PHOENIX_ENABLE_PROMETHEUS | Enable Prometheus metrics endpoint | `false` | +| PHOENIX_SECRET | Secret for authentication (optional) | `"NOT_SECURE_0fdf298eefb2ceef8ab3d7bd5319060e"` | +| POSTGRES_VERSION | PostgreSQL image version | `17.2-alpine3.21` | +| POSTGRES_USER | PostgreSQL username | `postgres` | +| POSTGRES_PASSWORD | PostgreSQL password | `postgres` | +| POSTGRES_DB | PostgreSQL database name | `phoenix` | ## Volumes diff --git a/src/phoenix/README.zh.md b/src/phoenix/README.zh.md index 6d742a0..e61dade 100644 --- a/src/phoenix/README.zh.md +++ b/src/phoenix/README.zh.md @@ -15,9 +15,7 @@ Arize Phoenix 是一个开源的 AI 可观测性平台,专为 LLM 应用设计 本项目支持通过 Docker Compose 配置文件使用两种运行模式: 1. **sqlite**(默认):使用 SQLite 存储。简单易用,适合本地开发。 - 在 `.env` 中设置 `COMPOSE_PROFILES=sqlite`。 -2. **postgres**(或 **pg**):使用 PostgreSQL 存储。推荐用于生产环境。 - 在 `.env` 中设置 `COMPOSE_PROFILES=postgres`。 +2. **postgres**:使用 PostgreSQL 存储。推荐用于生产环境。 ## 端口 @@ -29,19 +27,19 @@ Arize Phoenix 是一个开源的 AI 可观测性平台,专为 LLM 应用设计 ## 环境变量 -| 变量名 | 描述 | 默认值 | -| -------------------------------- | ---------------------------------------- | ----------------- | -| COMPOSE_PROFILES | 激活的配置文件(`sqlite` 或 `postgres`) | `sqlite` | -| PHOENIX_VERSION | Phoenix 镜像版本 | `13.19.2` | -| PHOENIX_PORT_OVERRIDE | Phoenix UI 和 HTTP API 的主机端口 | `6006` | -| PHOENIX_GRPC_PORT_OVERRIDE | OTLP gRPC 采集器的主机端口 | `4317` | -| PHOENIX_PROMETHEUS_PORT_OVERRIDE | Prometheus 指标的主机端口 | `9090` | -| PHOENIX_ENABLE_PROMETHEUS | 启用 Prometheus 指标端点 | `false` | -| PHOENIX_SECRET | 认证密钥(可选) | `""` | -| POSTGRES_VERSION | PostgreSQL 镜像版本 | `17.2-alpine3.21` | -| POSTGRES_USER | PostgreSQL 用户名 | `postgres` | -| POSTGRES_PASSWORD | PostgreSQL 密码 | `postgres` | -| POSTGRES_DB | PostgreSQL 数据库名 | `phoenix` | +| 变量名 | 描述 | 默认值 | +| -------------------------------- | ---------------------------------------- | ----------------------------------------------- | +| COMPOSE_PROFILES | 激活的配置文件(`sqlite` 或 `postgres`) | `sqlite` | +| PHOENIX_VERSION | Phoenix 镜像版本 | `15.5.0` | +| PHOENIX_PORT_OVERRIDE | Phoenix UI 和 HTTP API 的主机端口 | `6006` | +| PHOENIX_GRPC_PORT_OVERRIDE | OTLP gRPC 采集器的主机端口 | `4317` | +| PHOENIX_PROMETHEUS_PORT_OVERRIDE | Prometheus 指标的主机端口 | `9090` | +| PHOENIX_ENABLE_PROMETHEUS | 启用 Prometheus 指标端点 | `false` | +| PHOENIX_SECRET | 认证密钥 | `"NOT_SECURE_0fdf298eefb2ceef8ab3d7bd5319060e"` | +| POSTGRES_VERSION | PostgreSQL 镜像版本 | `17.2-alpine3.21` | +| POSTGRES_USER | PostgreSQL 用户名 | `postgres` | +| POSTGRES_PASSWORD | PostgreSQL 密码 | `postgres` | +| POSTGRES_DB | PostgreSQL 数据库名 | `phoenix` | ## 数据卷 diff --git a/src/phoenix/docker-compose.yaml b/src/phoenix/docker-compose.yaml index 2704f9a..7e9dfcf 100644 --- a/src/phoenix/docker-compose.yaml +++ b/src/phoenix/docker-compose.yaml @@ -11,7 +11,7 @@ x-defaults: &defaults x-phoenix-common: &phoenix-common <<: *defaults - image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-13.19.2} + image: ${GLOBAL_REGISTRY:-}arizephoenix/phoenix:${PHOENIX_VERSION:-15.5.0} ports: - '${PHOENIX_PORT_OVERRIDE:-6006}:6006' # UI and OTLP HTTP collector - '${PHOENIX_GRPC_PORT_OVERRIDE:-4317}:4317' # OTLP gRPC collector @@ -50,7 +50,7 @@ services: environment: - TZ=${TZ:-UTC} - PHOENIX_ENABLE_PROMETHEUS=${PHOENIX_ENABLE_PROMETHEUS:-false} - - PHOENIX_SECRET=${PHOENIX_SECRET:-} + - PHOENIX_SECRET=${PHOENIX_SECRET:-NOT_SECURE_0fdf298eefb2ceef8ab3d7bd5319060e} # Default secret for SQLite, should be overridden in production - PHOENIX_WORKING_DIR=/data volumes: - phoenix_data:/data @@ -63,7 +63,7 @@ services: environment: - TZ=${TZ:-UTC} - PHOENIX_ENABLE_PROMETHEUS=${PHOENIX_ENABLE_PROMETHEUS:-false} - - PHOENIX_SECRET=${PHOENIX_SECRET:-} + - PHOENIX_SECRET=${PHOENIX_SECRET:-NOT_SECURE_0fdf298eefb2ceef8ab3d7bd5319060e} # Default secret for PostgreSQL, should be overridden in production - PHOENIX_SQL_DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@phoenix-db:5432/${POSTGRES_DB:-phoenix} depends_on: phoenix-db: diff --git a/src/sub2api/.env.example b/src/sub2api/.env.example new file mode 100644 index 0000000..8e5bafd --- /dev/null +++ b/src/sub2api/.env.example @@ -0,0 +1,75 @@ +# Global Registry Prefix (optional) +# GLOBAL_REGISTRY= + +# Sub2API image version +SUB2API_VERSION=0.1.124 + +# Dependency image versions +SUB2API_POSTGRES_VERSION=18-alpine +SUB2API_REDIS_VERSION=8-alpine + +# Timezone +TZ=UTC + +# Host port for the Sub2API web UI and API +SUB2API_PORT_OVERRIDE=8080 + +# Application modes +SUB2API_SERVER_MODE=release +SUB2API_RUN_MODE=standard + +# PostgreSQL settings +SUB2API_POSTGRES_USER=sub2api +SUB2API_POSTGRES_PASSWORD=sub2api +SUB2API_POSTGRES_DB=sub2api + +# Redis settings +SUB2API_REDIS_PASSWORD= +SUB2API_REDIS_DB=0 + +# Admin bootstrap account +SUB2API_ADMIN_EMAIL=admin@sub2api.local +# Leave empty to auto-generate the admin password on first startup +SUB2API_ADMIN_PASSWORD= + +# Session and 2FA secrets +# Set fixed values in production to keep logins and TOTP valid across restarts +SUB2API_JWT_SECRET= +SUB2API_TOTP_ENCRYPTION_KEY= +SUB2API_JWT_EXPIRE_HOUR=24 + +# Database pool tuning +SUB2API_DATABASE_MAX_OPEN_CONNS=50 +SUB2API_DATABASE_MAX_IDLE_CONNS=10 +SUB2API_DATABASE_CONN_MAX_LIFETIME_MINUTES=30 +SUB2API_DATABASE_CONN_MAX_IDLE_TIME_MINUTES=5 + +# Redis pool tuning +SUB2API_REDIS_POOL_SIZE=1024 +SUB2API_REDIS_MIN_IDLE_CONNS=10 + +# Optional security relaxations for trusted internal networks only +SUB2API_SECURITY_URL_ALLOWLIST_ENABLED=false +SUB2API_SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=false +SUB2API_SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=false + +# Optional proxy for online updates and pricing data +# SUB2API_UPDATE_PROXY_URL=socks5://127.0.0.1:1080 + +# Resource limits for the Sub2API application +SUB2API_CPU_LIMIT=1.0 +SUB2API_MEMORY_LIMIT=1024M +SUB2API_CPU_RESERVATION=0.25 +SUB2API_MEMORY_RESERVATION=256M + +# Resource limits for PostgreSQL +SUB2API_POSTGRES_CPU_LIMIT=1.0 +SUB2API_POSTGRES_MEMORY_LIMIT=1024M +SUB2API_POSTGRES_CPU_RESERVATION=0.25 +SUB2API_POSTGRES_MEMORY_RESERVATION=256M + +# Resource limits for Redis +SUB2API_REDIS_CPU_LIMIT=0.50 +SUB2API_REDIS_MEMORY_LIMIT=512M +SUB2API_REDIS_CPU_RESERVATION=0.10 +SUB2API_REDIS_MEMORY_RESERVATION=128M diff --git a/src/sub2api/README.md b/src/sub2api/README.md new file mode 100644 index 0000000..9378d67 --- /dev/null +++ b/src/sub2api/README.md @@ -0,0 +1,55 @@ +# Sub2API + +[English](./README.md) | [中文](./README.zh.md) + +Quick start: . + +This stack deploys Sub2API, an AI API gateway for managing subscription-backed model access, together with PostgreSQL and Redis. The Compose file enables `AUTO_SETUP=true`, so the application performs its first-run initialization automatically. + +## Services + +- `sub2api`: Web UI and API service. +- `postgres`: PostgreSQL database for application data. +- `redis`: Redis cache and queue backend. + +## Quick Start + +```bash +docker compose up -d +docker compose logs --tail=100 sub2api +``` + +Open `http://localhost:8080` after the containers become healthy. + +If `SUB2API_ADMIN_PASSWORD` is left empty, Sub2API generates an administrator password on first start. Check the `sub2api` logs and search for `admin password`. + +## Configuration + +| Variable | Description | Default | +| ----------------------------- | ------------------------------------------------------------------- | --------------------------- | +| `SUB2API_VERSION` | Sub2API image version | `0.1.124` | +| `SUB2API_PORT_OVERRIDE` | Host port for the web UI and API | `8080` | +| `SUB2API_POSTGRES_PASSWORD` | PostgreSQL password used by both the app and the database container | `sub2api` | +| `SUB2API_REDIS_PASSWORD` | Optional Redis password | *(empty)* | +| `SUB2API_ADMIN_EMAIL` | Bootstrap administrator email | `admin@sub2api.local` | +| `SUB2API_ADMIN_PASSWORD` | Bootstrap administrator password | *(auto-generated if empty)* | +| `SUB2API_JWT_SECRET` | Fixed JWT signing secret for persistent sessions | *(empty)* | +| `SUB2API_TOTP_ENCRYPTION_KEY` | Fixed secret for preserving TOTP data across restarts | *(empty)* | +| `SUB2API_RUN_MODE` | Application run mode (`standard` or `simple`) | `standard` | +| `TZ` | Container timezone | `UTC` | + +## Ports + +- `8080`: Sub2API web UI and API. + +## Storage + +- `sub2api_data`: Runtime data and generated configuration. +- `sub2api_postgres_data`: PostgreSQL data directory. +- `sub2api_redis_data`: Redis persistence data. + +## Security Notes + +- Change `SUB2API_POSTGRES_PASSWORD` before exposing the stack outside a trusted environment. +- Set fixed values for `SUB2API_JWT_SECRET` and `SUB2API_TOTP_ENCRYPTION_KEY` in production. Leaving them empty is convenient for evaluation, but it invalidates existing sessions or 2FA state after a restart. +- The stack keeps PostgreSQL and Redis on the internal Compose network only; only the Sub2API HTTP port is published to the host. diff --git a/src/sub2api/README.zh.md b/src/sub2api/README.zh.md new file mode 100644 index 0000000..dd24342 --- /dev/null +++ b/src/sub2api/README.zh.md @@ -0,0 +1,55 @@ +# Sub2API + +[English](./README.md) | [中文](./README.zh.md) + +快速开始:。 + +此服务用于部署 Sub2API。它是一个面向订阅额度管理场景的 AI API 网关,并同时包含 PostgreSQL 与 Redis 依赖。Compose 配置默认启用 `AUTO_SETUP=true`,因此首次启动时会自动完成初始化。 + +## 服务 + +- `sub2api`:Web UI 与 API 服务。 +- `postgres`:用于持久化业务数据的 PostgreSQL 数据库。 +- `redis`:用于缓存与队列的 Redis 服务。 + +## 快速开始 + +```bash +docker compose up -d +docker compose logs --tail=100 sub2api +``` + +当容器进入健康状态后,打开 `http://localhost:8080`。 + +如果 `SUB2API_ADMIN_PASSWORD` 留空,Sub2API 会在首次启动时自动生成管理员密码。查看 `sub2api` 日志,并搜索 `admin password` 即可获取。 + +## 配置 + +| 变量 | 说明 | 默认值 | +| ----------------------------- | -------------------------------------- | --------------------- | +| `SUB2API_VERSION` | Sub2API 镜像版本 | `0.1.124` | +| `SUB2API_PORT_OVERRIDE` | Web UI 与 API 的宿主机端口 | `8080` | +| `SUB2API_POSTGRES_PASSWORD` | 应用与 PostgreSQL 容器共用的数据库密码 | `sub2api` | +| `SUB2API_REDIS_PASSWORD` | 可选的 Redis 密码 | *(空)* | +| `SUB2API_ADMIN_EMAIL` | 初始管理员邮箱 | `admin@sub2api.local` | +| `SUB2API_ADMIN_PASSWORD` | 初始管理员密码 | *(留空时自动生成)* | +| `SUB2API_JWT_SECRET` | 用于保持会话稳定的固定 JWT 密钥 | *(空)* | +| `SUB2API_TOTP_ENCRYPTION_KEY` | 用于保持 2FA 数据稳定的固定密钥 | *(空)* | +| `SUB2API_RUN_MODE` | 应用运行模式(`standard` 或 `simple`) | `standard` | +| `TZ` | 容器时区 | `UTC` | + +## 端口 + +- `8080`:Sub2API 的 Web UI 与 API。 + +## 存储 + +- `sub2api_data`:运行时数据与自动生成的配置。 +- `sub2api_postgres_data`:PostgreSQL 数据目录。 +- `sub2api_redis_data`:Redis 持久化数据。 + +## 安全说明 + +- 如果需要在可信环境之外暴露服务,请先修改 `SUB2API_POSTGRES_PASSWORD`。 +- 生产环境中建议为 `SUB2API_JWT_SECRET` 与 `SUB2API_TOTP_ENCRYPTION_KEY` 设置固定值。留空虽然便于快速体验,但重启后会导致已有登录会话或 2FA 状态失效。 +- 此配置仅向宿主机暴露 Sub2API 的 HTTP 端口;PostgreSQL 与 Redis 仅在内部 Compose 网络中可见。 diff --git a/src/sub2api/docker-compose.yaml b/src/sub2api/docker-compose.yaml new file mode 100644 index 0000000..3069ea7 --- /dev/null +++ b/src/sub2api/docker-compose.yaml @@ -0,0 +1,133 @@ +x-defaults: &defaults + restart: unless-stopped + logging: + driver: json-file + options: + max-size: 100m + max-file: '3' + +services: + sub2api: + <<: *defaults + image: ${GLOBAL_REGISTRY:-}weishaw/sub2api:${SUB2API_VERSION:-0.1.124} + ports: + - '${SUB2API_PORT_OVERRIDE:-8080}:8080' + environment: + - AUTO_SETUP=true + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=8080 + - SERVER_MODE=${SUB2API_SERVER_MODE:-release} + - RUN_MODE=${SUB2API_RUN_MODE:-standard} + - TZ=${TZ:-UTC} + - DATABASE_HOST=postgres + - DATABASE_PORT=5432 + - DATABASE_USER=${SUB2API_POSTGRES_USER:-sub2api} + - DATABASE_PASSWORD=${SUB2API_POSTGRES_PASSWORD:-sub2api} + - DATABASE_DBNAME=${SUB2API_POSTGRES_DB:-sub2api} + - DATABASE_SSLMODE=disable + - DATABASE_MAX_OPEN_CONNS=${SUB2API_DATABASE_MAX_OPEN_CONNS:-50} + - DATABASE_MAX_IDLE_CONNS=${SUB2API_DATABASE_MAX_IDLE_CONNS:-10} + - DATABASE_CONN_MAX_LIFETIME_MINUTES=${SUB2API_DATABASE_CONN_MAX_LIFETIME_MINUTES:-30} + - DATABASE_CONN_MAX_IDLE_TIME_MINUTES=${SUB2API_DATABASE_CONN_MAX_IDLE_TIME_MINUTES:-5} + - REDIS_HOST=redis + - REDIS_PORT=6379 + - REDIS_PASSWORD=${SUB2API_REDIS_PASSWORD:-} + - REDIS_DB=${SUB2API_REDIS_DB:-0} + - REDIS_POOL_SIZE=${SUB2API_REDIS_POOL_SIZE:-1024} + - REDIS_MIN_IDLE_CONNS=${SUB2API_REDIS_MIN_IDLE_CONNS:-10} + - REDIS_ENABLE_TLS=false + - ADMIN_EMAIL=${SUB2API_ADMIN_EMAIL:-admin@sub2api.local} + - ADMIN_PASSWORD=${SUB2API_ADMIN_PASSWORD:-} + - JWT_SECRET=${SUB2API_JWT_SECRET:-} + - JWT_EXPIRE_HOUR=${SUB2API_JWT_EXPIRE_HOUR:-24} + - TOTP_ENCRYPTION_KEY=${SUB2API_TOTP_ENCRYPTION_KEY:-} + - SECURITY_URL_ALLOWLIST_ENABLED=${SUB2API_SECURITY_URL_ALLOWLIST_ENABLED:-false} + - SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=${SUB2API_SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP:-false} + - SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=${SUB2API_SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS:-false} + - UPDATE_PROXY_URL=${SUB2API_UPDATE_PROXY_URL:-} + volumes: + - sub2api_data:/app/data + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + healthcheck: + test: + - CMD + - wget + - -q + - -T + - '5' + - -O + - /dev/null + - http://localhost:8080/health + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s + deploy: + resources: + limits: + cpus: ${SUB2API_CPU_LIMIT:-1.0} + memory: ${SUB2API_MEMORY_LIMIT:-1024M} + reservations: + cpus: ${SUB2API_CPU_RESERVATION:-0.25} + memory: ${SUB2API_MEMORY_RESERVATION:-256M} + + postgres: + <<: *defaults + image: ${GLOBAL_REGISTRY:-}postgres:${SUB2API_POSTGRES_VERSION:-18-alpine} + environment: + - TZ=${TZ:-UTC} + - POSTGRES_USER=${SUB2API_POSTGRES_USER:-sub2api} + - POSTGRES_PASSWORD=${SUB2API_POSTGRES_PASSWORD:-sub2api} + - POSTGRES_DB=${SUB2API_POSTGRES_DB:-sub2api} + - PGDATA=/var/lib/postgresql/data/pgdata + volumes: + - sub2api_postgres_data:/var/lib/postgresql/data + healthcheck: + test: [CMD-SHELL, pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB] + interval: 10s + timeout: 5s + retries: 5 + start_period: 15s + deploy: + resources: + limits: + cpus: ${SUB2API_POSTGRES_CPU_LIMIT:-1.0} + memory: ${SUB2API_POSTGRES_MEMORY_LIMIT:-1024M} + reservations: + cpus: ${SUB2API_POSTGRES_CPU_RESERVATION:-0.25} + memory: ${SUB2API_POSTGRES_MEMORY_RESERVATION:-256M} + + redis: + <<: *defaults + image: ${GLOBAL_REGISTRY:-}redis:${SUB2API_REDIS_VERSION:-8-alpine} + command: >- + sh -c 'exec redis-server --save 60 1 --appendonly yes --appendfsync everysec + ${SUB2API_REDIS_PASSWORD:+--requirepass "$SUB2API_REDIS_PASSWORD"}' + environment: + - TZ=${TZ:-UTC} + - REDISCLI_AUTH=${SUB2API_REDIS_PASSWORD:-} + volumes: + - sub2api_redis_data:/data + healthcheck: + test: [CMD, redis-cli, ping] + interval: 10s + timeout: 5s + retries: 5 + start_period: 5s + deploy: + resources: + limits: + cpus: ${SUB2API_REDIS_CPU_LIMIT:-0.50} + memory: ${SUB2API_REDIS_MEMORY_LIMIT:-512M} + reservations: + cpus: ${SUB2API_REDIS_CPU_RESERVATION:-0.10} + memory: ${SUB2API_REDIS_MEMORY_RESERVATION:-128M} + +volumes: + sub2api_data: + sub2api_postgres_data: + sub2api_redis_data: