From 4c7b3afc10ddd31731053f7c682e20f97562c8c3 Mon Sep 17 00:00:00 2001 From: Sun-ZhenXing <1006925066@qq.com> Date: Mon, 29 Dec 2025 11:33:23 +0800 Subject: [PATCH] feat: add trailbase --- README.md | 407 +++++++++++++++--------------- README.zh.md | 407 +++++++++++++++--------------- src/trailbase/.env.example | 23 ++ src/trailbase/README.md | 110 ++++++++ src/trailbase/README.zh.md | 110 ++++++++ src/trailbase/docker-compose.yaml | 44 ++++ 6 files changed, 695 insertions(+), 406 deletions(-) create mode 100644 src/trailbase/.env.example create mode 100644 src/trailbase/README.md create mode 100644 src/trailbase/README.zh.md create mode 100644 src/trailbase/docker-compose.yaml diff --git a/README.md b/README.md index e47f8f9..0ea3edd 100644 --- a/README.md +++ b/README.md @@ -1,203 +1,204 @@ -# Compose Anything - -Compose Anything helps users quickly deploy various services by providing a set of high-quality Docker Compose configuration files. These configurations constrain resource usage, can be easily migrated to systems like K8S, and are easy to understand and modify. - -## Supported Services - -| Service | Version | -| ------------------------------------------------------------- | ---------------------------- | -| [Apache APISIX](./src/apisix) | 3.13.0 | -| [Apache Cassandra](./src/cassandra) | 5.0.2 | -| [Apache Flink](./src/flink) | 1.20.0 | -| [Apache HBase](./src/hbase) | 2.6 | -| [Apache HTTP Server](./src/apache) | 2.4.62 | -| [Apache Kafka](./src/kafka) | 7.8.0 | -| [Apache Pulsar](./src/pulsar) | 4.0.7 | -| [Apache RocketMQ](./src/rocketmq) | 5.3.1 | -| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 | -| [Bolt.diy](./src/bolt-diy) | latest | -| [Budibase](./src/budibase) | 3.23.0 | -| [Bytebot](./src/bytebot) | edge | -| [Clash](./src/clash) | 1.18.0 | -| [ClickHouse](./src/clickhouse) | 24.11.1 | -| [Conductor](./src/conductor) | latest | -| [Dify](./src/dify) | 0.18.2 | -| [DNSMasq](./src/dnsmasq) | 2.91 | -| [Dockge](./src/dockge) | 1 | -| [Docker Registry](./src/docker-registry) | 3.0.0 | -| [DuckDB](./src/duckdb) | v1.1.3 | -| [Easy Dataset](./src/easy-dataset) | 1.5.1 | -| [Elasticsearch](./src/elasticsearch) | 8.16.1 | -| [etcd](./src/etcd) | 3.6.0 | -| [Firecrawl](./src/firecrawl) | latest | -| [frpc](./src/frpc) | 0.64.0 | -| [frps](./src/frps) | 0.64.0 | -| [Gitea Runner](./src/gitea-runner) | 0.2.13 | -| [Gitea](./src/gitea) | 1.24.6 | -| [GitLab Runner](./src/gitlab-runner) | 17.10.1 | -| [GitLab](./src/gitlab) | 17.10.4-ce.0 | -| [GPUStack](./src/gpustack) | v0.5.3 | -| [Grafana](./src/grafana) | 12.1.1 | -| [Halo](./src/halo) | 2.21.9 | -| [Harbor](./src/harbor) | v2.12.0 | -| [HashiCorp Consul](./src/consul) | 1.20.3 | -| [IOPaint](./builds/io-paint) | latest | -| [Jenkins](./src/jenkins) | 2.486-lts | -| [JODConverter](./src/jodconverter) | latest | -| [Kestra](./src/kestra) | latest-full | -| [Kibana](./src/kibana) | 8.16.1 | -| [Kodbox](./src/kodbox) | 1.62 | -| [Kong](./src/kong) | 3.8.0 | -| [Langflow](./apps/langflow) | latest | -| [Langfuse](./apps/langfuse) | 3.115.0 | -| [LibreOffice](./src/libreoffice) | latest | -| [LiteLLM](./src/litellm) | main-stable | -| [Logstash](./src/logstash) | 8.16.1 | -| [MariaDB Galera Cluster](./src/mariadb-galera) | 11.7.2 | -| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | -| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | -| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | -| [MinerU SGLang](./src/mineru-sglang) | 2.2.2 | -| [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 | -| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | -| [MLflow](./src/mlflow) | v2.20.2 | -| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | -| [MongoDB ReplicaSet](./src/mongodb-replicaset) | 8.0.13 | -| [MongoDB Standalone](./src/mongodb-standalone) | 8.0.13 | -| [MySQL](./src/mysql) | 9.4.0 | -| [n8n](./src/n8n) | 1.114.0 | -| [Nacos](./src/nacos) | v3.1.0 | -| [NebulaGraph](./src/nebulagraph) | v3.8.0 | -| [NexaSDK](./src/nexa-sdk) | v0.2.62 | -| [Neo4j](./src/neo4j) | 5.27.4 | -| [Netdata](./src/netdata) | latest | -| [Nginx](./src/nginx) | 1.29.1 | -| [Node Exporter](./src/node-exporter) | v1.8.2 | -| [OceanBase](./src/oceanbase) | 4.3.3 | -| [Odoo](./src/odoo) | 19.0 | -| [Ollama](./src/ollama) | 0.12.0 | -| [Open WebUI](./src/open-webui) | main | -| [Phoenix (Arize)](./src/phoenix) | 12.19.0 | -| [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | -| [Open WebUI Rust](./src/open-webui-rust) | latest | -| [OpenCoze](./src/opencoze) | See Docs | -| [OpenCut](./src/opencut) | latest | -| [OpenList](./src/openlist) | latest | -| [OpenSearch](./src/opensearch) | 2.19.0 | -| [PocketBase](./src/pocketbase) | 0.30.0 | -| [Portainer](./src/portainer) | 2.27.3-alpine | -| [Portkey AI Gateway](./src/portkey-gateway) | latest | -| [PostgreSQL](./src/postgres) | 17.6 | -| [Prometheus](./src/prometheus) | 3.5.0 | -| [PyTorch](./src/pytorch) | 2.6.0 | -| [Qdrant](./src/qdrant) | 1.15.4 | -| [RabbitMQ](./src/rabbitmq) | 4.1.4 | -| [Ray](./src/ray) | 2.42.1 | -| [Redpanda](./src/redpanda) | v24.3.1 | -| [Redis Cluster](./src/redis-cluster) | 8.2.1 | -| [Redis](./src/redis) | 8.2.1 | -| [Renovate](./src/renovate) | 42.52.5-full | -| [Restate Cluster](./src/restate-cluster) | 1.5.3 | -| [Restate](./src/restate) | 1.5.3 | -| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 | -| [Sim](./apps/sim) | latest | -| [Stable Diffusion WebUI](./src/stable-diffusion-webui-docker) | latest | -| [Stirling-PDF](./src/stirling-pdf) | latest | -| [Temporal](./src/temporal) | 1.24.2 | -| [TiDB](./src/tidb) | v8.5.0 | -| [TiKV](./src/tikv) | v8.5.0 | -| [Trigger.dev](./src/trigger-dev) | v4.2.0 | -| [Valkey Cluster](./src/valkey-cluster) | 8.0 | -| [Valkey](./src/valkey) | 8.0 | -| [Verdaccio](./src/verdaccio) | 6.1.2 | -| [vLLM](./src/vllm) | v0.8.0 | -| [Windmill](./src/windmill) | main | -| [ZooKeeper](./src/zookeeper) | 3.9.3 | - -## MCP Servers - -| Server | Version | -| ------------------------------------------------------- | ------- | -| [API Gateway](./mcp-servers/api-gateway) | latest | -| [ArXiv MCP Server](./mcp-servers/arxiv-mcp-server) | latest | -| [Basic Memory](./mcp-servers/basic-memory) | latest | -| [ClickHouse](./mcp-servers/clickhouse) | latest | -| [Docker](./mcp-servers/docker) | latest | -| [Dockerhub](./mcp-servers/dockerhub) | latest | -| [E2B](./mcp-servers/e2b) | latest | -| [ElevenLabs](./mcp-servers/elevenlabs) | latest | -| [Fetch](./mcp-servers/fetch) | latest | -| [Firecrawl](./mcp-servers/firecrawl) | latest | -| [Filesystem](./mcp-servers/filesystem) | latest | -| [Grafana](./mcp-servers/grafana) | latest | -| [Markdownify](./mcp-servers/markdownify) | latest | -| [Markitdown](./mcp-servers/markitdown) | latest | -| [Memory](./mcp-servers/memory) | latest | -| [MongoDB](./mcp-servers/mongodb) | latest | -| [Neo4j Cypher](./mcp-servers/neo4j-cypher) | latest | -| [Neo4j Memory](./mcp-servers/neo4j-memory) | latest | -| [Notion](./mcp-servers/notion) | latest | -| [OpenAPI Schema](./mcp-servers/openapi-schema) | latest | -| [OpenAPI](./mcp-servers/openapi) | latest | -| [OpenWeather](./mcp-servers/openweather) | latest | -| [Paper Search](./mcp-servers/paper-search) | latest | -| [Playwright](./mcp-servers/playwright) | latest | -| [Redis MCP](./mcp-servers/redis-mcp) | latest | -| [Rust Filesystem](./mcp-servers/rust-mcp-filesystem) | latest | -| [Sequential Thinking](./mcp-servers/sequentialthinking) | latest | -| [SQLite](./mcp-servers/sqlite) | latest | -| [Tavily](./mcp-servers/tavily) | latest | -| [Text to GraphQL](./mcp-servers/text-to-graphql) | latest | -| [Time](./mcp-servers/time) | latest | -| [Wolfram Alpha](./mcp-servers/wolfram-alpha) | latest | -| [YouTube Transcript](./mcp-servers/youtube-transcript) | latest | - -## Guidelines - -1. Out-of-the-box - - Configurations should work out-of-the-box with no extra steps (at most, provide a `.env` file). -2. Simple commands - - Each project ships a single `docker-compose.yaml` file. - - Command complexity should not exceed `docker compose up -d`; if more is needed, provide a `Makefile`. - - For initialization, prefer `healthcheck` with `depends_on` using `condition: service_healthy` to orchestrate startup order. -3. Stable versions - - Pin to the latest stable version instead of `latest`. - - Expose image versions via environment variables (e.g., `FOO_VERSION`). -4. Configuration conventions - - Prefer environment variables over complex CLI flags; - - Pass secrets via env vars or mounted files, never hardcode; - - Provide sensible defaults to enable zero-config startup; - - A commented `.env.example` is required; - - Env var naming: UPPER_SNAKE_CASE with service prefix (e.g., `POSTGRES_*`); use `*_PORT_OVERRIDE` for host port overrides. -5. Profiles - - Use Profiles for optional components/dependencies; - - Recommended names: `gpu` (acceleration), `metrics` (observability/exporters), `dev` (dev-only features). -6. Cross-platform & architectures - - Where images support it, ensure Debian 12+/Ubuntu 22.04+, Windows 10+, macOS 12+ work; - - Support x86-64 and ARM64 as consistently as possible; - - Avoid Linux-only host paths like `/etc/localtime` and `/etc/timezone`; prefer `TZ` env var for time zone. -7. Volumes & mounts - - Prefer relative paths for configuration to improve portability; - - Prefer named volumes for data directories to avoid permission/compat issues of host paths; - - If host paths are necessary, provide a top-level directory variable (e.g., `DATA_DIR`). -8. Resources & logging - - Always limit CPU and memory to prevent resource exhaustion; - - For GPU services, enable a single GPU by default via `deploy.resources.reservations.devices` (maps to device requests) or `gpus` where applicable; - - Limit logs (`json-file` driver: `max-size`/`max-file`). -9. Healthchecks - - Every service should define a `healthcheck` with suitable `interval`, `timeout`, `retries`, and `start_period`; - - Use `depends_on.condition: service_healthy` for dependency chains. -10. Security baseline (apply when possible) - - Run as non-root (expose `PUID`/`PGID` or set `user: "1000:1000"`); - - Read-only root filesystem (`read_only: true`), use `tmpfs`/writable mounts for required paths; - - Least privilege: `cap_drop: ["ALL"]`, add back only what’s needed via `cap_add`; - - Avoid `container_name` (hurts scaling and reusable network aliases); - - If exposing Docker socket or other high-risk mounts, clearly document risks and alternatives. -11. Documentation & discoverability - - Provide clear docs and examples (include admin/initialization notes, and security/license notes when relevant); - - Keep docs LLM-friendly; - - List primary env vars and default ports in the README, and link to `README.md` / `README.zh.md`. - -## License - -[MIT License](./LICENSE). +# Compose Anything + +Compose Anything helps users quickly deploy various services by providing a set of high-quality Docker Compose configuration files. These configurations constrain resource usage, can be easily migrated to systems like K8S, and are easy to understand and modify. + +## Supported Services + +| Service | Version | +| ------------------------------------------------------------- | ---------------------------- | +| [Apache APISIX](./src/apisix) | 3.13.0 | +| [Apache Cassandra](./src/cassandra) | 5.0.2 | +| [Apache Flink](./src/flink) | 1.20.0 | +| [Apache HBase](./src/hbase) | 2.6 | +| [Apache HTTP Server](./src/apache) | 2.4.62 | +| [Apache Kafka](./src/kafka) | 7.8.0 | +| [Apache Pulsar](./src/pulsar) | 4.0.7 | +| [Apache RocketMQ](./src/rocketmq) | 5.3.1 | +| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 | +| [Bolt.diy](./src/bolt-diy) | latest | +| [Budibase](./src/budibase) | 3.23.0 | +| [Bytebot](./src/bytebot) | edge | +| [Clash](./src/clash) | 1.18.0 | +| [ClickHouse](./src/clickhouse) | 24.11.1 | +| [Conductor](./src/conductor) | latest | +| [Dify](./src/dify) | 0.18.2 | +| [DNSMasq](./src/dnsmasq) | 2.91 | +| [Dockge](./src/dockge) | 1 | +| [Docker Registry](./src/docker-registry) | 3.0.0 | +| [DuckDB](./src/duckdb) | v1.1.3 | +| [Easy Dataset](./src/easy-dataset) | 1.5.1 | +| [Elasticsearch](./src/elasticsearch) | 8.16.1 | +| [etcd](./src/etcd) | 3.6.0 | +| [Firecrawl](./src/firecrawl) | latest | +| [frpc](./src/frpc) | 0.64.0 | +| [frps](./src/frps) | 0.64.0 | +| [Gitea Runner](./src/gitea-runner) | 0.2.13 | +| [Gitea](./src/gitea) | 1.24.6 | +| [GitLab Runner](./src/gitlab-runner) | 17.10.1 | +| [GitLab](./src/gitlab) | 17.10.4-ce.0 | +| [GPUStack](./src/gpustack) | v0.5.3 | +| [Grafana](./src/grafana) | 12.1.1 | +| [Halo](./src/halo) | 2.21.9 | +| [Harbor](./src/harbor) | v2.12.0 | +| [HashiCorp Consul](./src/consul) | 1.20.3 | +| [IOPaint](./builds/io-paint) | latest | +| [Jenkins](./src/jenkins) | 2.486-lts | +| [JODConverter](./src/jodconverter) | latest | +| [Kestra](./src/kestra) | latest-full | +| [Kibana](./src/kibana) | 8.16.1 | +| [Kodbox](./src/kodbox) | 1.62 | +| [Kong](./src/kong) | 3.8.0 | +| [Langflow](./apps/langflow) | latest | +| [Langfuse](./apps/langfuse) | 3.115.0 | +| [LibreOffice](./src/libreoffice) | latest | +| [LiteLLM](./src/litellm) | main-stable | +| [Logstash](./src/logstash) | 8.16.1 | +| [MariaDB Galera Cluster](./src/mariadb-galera) | 11.7.2 | +| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | +| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | +| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | +| [MinerU SGLang](./src/mineru-sglang) | 2.2.2 | +| [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 | +| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | +| [MLflow](./src/mlflow) | v2.20.2 | +| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | +| [MongoDB ReplicaSet](./src/mongodb-replicaset) | 8.0.13 | +| [MongoDB Standalone](./src/mongodb-standalone) | 8.0.13 | +| [MySQL](./src/mysql) | 9.4.0 | +| [n8n](./src/n8n) | 1.114.0 | +| [Nacos](./src/nacos) | v3.1.0 | +| [NebulaGraph](./src/nebulagraph) | v3.8.0 | +| [NexaSDK](./src/nexa-sdk) | v0.2.62 | +| [Neo4j](./src/neo4j) | 5.27.4 | +| [Netdata](./src/netdata) | latest | +| [Nginx](./src/nginx) | 1.29.1 | +| [Node Exporter](./src/node-exporter) | v1.8.2 | +| [OceanBase](./src/oceanbase) | 4.3.3 | +| [Odoo](./src/odoo) | 19.0 | +| [Ollama](./src/ollama) | 0.12.0 | +| [Open WebUI](./src/open-webui) | main | +| [Phoenix (Arize)](./src/phoenix) | 12.19.0 | +| [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | +| [Open WebUI Rust](./src/open-webui-rust) | latest | +| [OpenCoze](./src/opencoze) | See Docs | +| [OpenCut](./src/opencut) | latest | +| [OpenList](./src/openlist) | latest | +| [OpenSearch](./src/opensearch) | 2.19.0 | +| [PocketBase](./src/pocketbase) | 0.30.0 | +| [Portainer](./src/portainer) | 2.27.3-alpine | +| [Portkey AI Gateway](./src/portkey-gateway) | latest | +| [PostgreSQL](./src/postgres) | 17.6 | +| [Prometheus](./src/prometheus) | 3.5.0 | +| [PyTorch](./src/pytorch) | 2.6.0 | +| [Qdrant](./src/qdrant) | 1.15.4 | +| [RabbitMQ](./src/rabbitmq) | 4.1.4 | +| [Ray](./src/ray) | 2.42.1 | +| [Redpanda](./src/redpanda) | v24.3.1 | +| [Redis Cluster](./src/redis-cluster) | 8.2.1 | +| [Redis](./src/redis) | 8.2.1 | +| [Renovate](./src/renovate) | 42.52.5-full | +| [Restate Cluster](./src/restate-cluster) | 1.5.3 | +| [Restate](./src/restate) | 1.5.3 | +| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 | +| [Sim](./apps/sim) | latest | +| [Stable Diffusion WebUI](./src/stable-diffusion-webui-docker) | latest | +| [Stirling-PDF](./src/stirling-pdf) | latest | +| [Temporal](./src/temporal) | 1.24.2 | +| [TiDB](./src/tidb) | v8.5.0 | +| [TiKV](./src/tikv) | v8.5.0 | +| [Trigger.dev](./src/trigger-dev) | v4.2.0 | +| [TrailBase](./src/trailbase) | 0.22.4 | +| [Valkey Cluster](./src/valkey-cluster) | 8.0 | +| [Valkey](./src/valkey) | 8.0 | +| [Verdaccio](./src/verdaccio) | 6.1.2 | +| [vLLM](./src/vllm) | v0.8.0 | +| [Windmill](./src/windmill) | main | +| [ZooKeeper](./src/zookeeper) | 3.9.3 | + +## MCP Servers + +| Server | Version | +| ------------------------------------------------------- | ------- | +| [API Gateway](./mcp-servers/api-gateway) | latest | +| [ArXiv MCP Server](./mcp-servers/arxiv-mcp-server) | latest | +| [Basic Memory](./mcp-servers/basic-memory) | latest | +| [ClickHouse](./mcp-servers/clickhouse) | latest | +| [Docker](./mcp-servers/docker) | latest | +| [Dockerhub](./mcp-servers/dockerhub) | latest | +| [E2B](./mcp-servers/e2b) | latest | +| [ElevenLabs](./mcp-servers/elevenlabs) | latest | +| [Fetch](./mcp-servers/fetch) | latest | +| [Firecrawl](./mcp-servers/firecrawl) | latest | +| [Filesystem](./mcp-servers/filesystem) | latest | +| [Grafana](./mcp-servers/grafana) | latest | +| [Markdownify](./mcp-servers/markdownify) | latest | +| [Markitdown](./mcp-servers/markitdown) | latest | +| [Memory](./mcp-servers/memory) | latest | +| [MongoDB](./mcp-servers/mongodb) | latest | +| [Neo4j Cypher](./mcp-servers/neo4j-cypher) | latest | +| [Neo4j Memory](./mcp-servers/neo4j-memory) | latest | +| [Notion](./mcp-servers/notion) | latest | +| [OpenAPI Schema](./mcp-servers/openapi-schema) | latest | +| [OpenAPI](./mcp-servers/openapi) | latest | +| [OpenWeather](./mcp-servers/openweather) | latest | +| [Paper Search](./mcp-servers/paper-search) | latest | +| [Playwright](./mcp-servers/playwright) | latest | +| [Redis MCP](./mcp-servers/redis-mcp) | latest | +| [Rust Filesystem](./mcp-servers/rust-mcp-filesystem) | latest | +| [Sequential Thinking](./mcp-servers/sequentialthinking) | latest | +| [SQLite](./mcp-servers/sqlite) | latest | +| [Tavily](./mcp-servers/tavily) | latest | +| [Text to GraphQL](./mcp-servers/text-to-graphql) | latest | +| [Time](./mcp-servers/time) | latest | +| [Wolfram Alpha](./mcp-servers/wolfram-alpha) | latest | +| [YouTube Transcript](./mcp-servers/youtube-transcript) | latest | + +## Guidelines + +1. Out-of-the-box + - Configurations should work out-of-the-box with no extra steps (at most, provide a `.env` file). +2. Simple commands + - Each project ships a single `docker-compose.yaml` file. + - Command complexity should not exceed `docker compose up -d`; if more is needed, provide a `Makefile`. + - For initialization, prefer `healthcheck` with `depends_on` using `condition: service_healthy` to orchestrate startup order. +3. Stable versions + - Pin to the latest stable version instead of `latest`. + - Expose image versions via environment variables (e.g., `FOO_VERSION`). +4. Configuration conventions + - Prefer environment variables over complex CLI flags; + - Pass secrets via env vars or mounted files, never hardcode; + - Provide sensible defaults to enable zero-config startup; + - A commented `.env.example` is required; + - Env var naming: UPPER_SNAKE_CASE with service prefix (e.g., `POSTGRES_*`); use `*_PORT_OVERRIDE` for host port overrides. +5. Profiles + - Use Profiles for optional components/dependencies; + - Recommended names: `gpu` (acceleration), `metrics` (observability/exporters), `dev` (dev-only features). +6. Cross-platform & architectures + - Where images support it, ensure Debian 12+/Ubuntu 22.04+, Windows 10+, macOS 12+ work; + - Support x86-64 and ARM64 as consistently as possible; + - Avoid Linux-only host paths like `/etc/localtime` and `/etc/timezone`; prefer `TZ` env var for time zone. +7. Volumes & mounts + - Prefer relative paths for configuration to improve portability; + - Prefer named volumes for data directories to avoid permission/compat issues of host paths; + - If host paths are necessary, provide a top-level directory variable (e.g., `DATA_DIR`). +8. Resources & logging + - Always limit CPU and memory to prevent resource exhaustion; + - For GPU services, enable a single GPU by default via `deploy.resources.reservations.devices` (maps to device requests) or `gpus` where applicable; + - Limit logs (`json-file` driver: `max-size`/`max-file`). +9. Healthchecks + - Every service should define a `healthcheck` with suitable `interval`, `timeout`, `retries`, and `start_period`; + - Use `depends_on.condition: service_healthy` for dependency chains. +10. Security baseline (apply when possible) + - Run as non-root (expose `PUID`/`PGID` or set `user: "1000:1000"`); + - Read-only root filesystem (`read_only: true`), use `tmpfs`/writable mounts for required paths; + - Least privilege: `cap_drop: ["ALL"]`, add back only what’s needed via `cap_add`; + - Avoid `container_name` (hurts scaling and reusable network aliases); + - If exposing Docker socket or other high-risk mounts, clearly document risks and alternatives. +11. Documentation & discoverability + - Provide clear docs and examples (include admin/initialization notes, and security/license notes when relevant); + - Keep docs LLM-friendly; + - List primary env vars and default ports in the README, and link to `README.md` / `README.zh.md`. + +## License + +[MIT License](./LICENSE). diff --git a/README.zh.md b/README.zh.md index 06d1c0b..4dccdcf 100644 --- a/README.zh.md +++ b/README.zh.md @@ -1,203 +1,204 @@ -# Compose Anything - -Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,帮助用户快速部署各种服务。这些配置约束了资源使用,可快速迁移到 K8S 等系统,并且易于理解和修改。 - -## 已经支持的服务 - -| 服务 | 版本 | -| ------------------------------------------------------------- | ---------------------------- | -| [Apache APISIX](./src/apisix) | 3.13.0 | -| [Apache Cassandra](./src/cassandra) | 5.0.2 | -| [Apache Flink](./src/flink) | 1.20.0 | -| [Apache HBase](./src/hbase) | 2.6 | -| [Apache HTTP Server](./src/apache) | 2.4.62 | -| [Apache Kafka](./src/kafka) | 7.8.0 | -| [Apache Pulsar](./src/pulsar) | 4.0.7 | -| [Apache RocketMQ](./src/rocketmq) | 5.3.1 | -| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 | -| [Bolt.diy](./src/bolt-diy) | latest | -| [Budibase](./src/budibase) | 3.23.0 | -| [Bytebot](./src/bytebot) | edge | -| [Clash](./src/clash) | 1.18.0 | -| [ClickHouse](./src/clickhouse) | 24.11.1 | -| [Conductor](./src/conductor) | latest | -| [Dify](./src/dify) | 0.18.2 | -| [DNSMasq](./src/dnsmasq) | 2.91 | -| [Dockge](./src/dockge) | 1 | -| [Docker Registry](./src/docker-registry) | 3.0.0 | -| [DuckDB](./src/duckdb) | v1.1.3 | -| [Easy Dataset](./src/easy-dataset) | 1.5.1 | -| [Elasticsearch](./src/elasticsearch) | 8.16.1 | -| [etcd](./src/etcd) | 3.6.0 | -| [Firecrawl](./src/firecrawl) | latest | -| [frpc](./src/frpc) | 0.64.0 | -| [frps](./src/frps) | 0.64.0 | -| [Gitea Runner](./src/gitea-runner) | 0.2.13 | -| [Gitea](./src/gitea) | 1.24.6 | -| [GitLab Runner](./src/gitlab-runner) | 17.10.1 | -| [GitLab](./src/gitlab) | 17.10.4-ce.0 | -| [GPUStack](./src/gpustack) | v0.5.3 | -| [Grafana](./src/grafana) | 12.1.1 | -| [Halo](./src/halo) | 2.21.9 | -| [Harbor](./src/harbor) | v2.12.0 | -| [HashiCorp Consul](./src/consul) | 1.20.3 | -| [IOPaint](./builds/io-paint) | latest | -| [Jenkins](./src/jenkins) | 2.486-lts | -| [JODConverter](./src/jodconverter) | latest | -| [Kestra](./src/kestra) | latest-full | -| [Kibana](./src/kibana) | 8.16.1 | -| [Kodbox](./src/kodbox) | 1.62 | -| [Kong](./src/kong) | 3.8.0 | -| [Langflow](./apps/langflow) | latest | -| [Langfuse](./apps/langfuse) | 3.115.0 | -| [LibreOffice](./src/libreoffice) | latest | -| [LiteLLM](./src/litellm) | main-stable | -| [Logstash](./src/logstash) | 8.16.1 | -| [MariaDB Galera 集群](./src/mariadb-galera) | 11.7.2 | -| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | -| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | -| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | -| [MinerU SGLang](./src/mineru-sglang) | 2.2.2 | -| [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 | -| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | -| [MLflow](./src/mlflow) | v2.20.2 | -| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | -| [MongoDB ReplicaSet](./src/mongodb-replicaset) | 8.0.13 | -| [MongoDB Standalone](./src/mongodb-standalone) | 8.0.13 | -| [MySQL](./src/mysql) | 9.4.0 | -| [n8n](./src/n8n) | 1.114.0 | -| [Nacos](./src/nacos) | v3.1.0 | -| [NebulaGraph](./src/nebulagraph) | v3.8.0 | -| [NexaSDK](./src/nexa-sdk) | v0.2.62 | -| [Neo4j](./src/neo4j) | 5.27.4 | -| [Netdata](./src/netdata) | latest | -| [Nginx](./src/nginx) | 1.29.1 | -| [Node Exporter](./src/node-exporter) | v1.8.2 | -| [OceanBase](./src/oceanbase) | 4.3.3 | -| [Odoo](./src/odoo) | 19.0 | -| [Ollama](./src/ollama) | 0.12.0 | -| [Open WebUI](./src/open-webui) | main | -| [Phoenix (Arize)](./src/phoenix) | 12.19.0 | -| [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | -| [Open WebUI Rust](./src/open-webui-rust) | latest | -| [OpenCoze](./src/opencoze) | See Docs | -| [OpenCut](./src/opencut) | latest | -| [OpenList](./src/openlist) | latest | -| [OpenSearch](./src/opensearch) | 2.19.0 | -| [PocketBase](./src/pocketbase) | 0.30.0 | -| [Portainer](./src/portainer) | 2.27.3-alpine | -| [Portkey AI Gateway](./src/portkey-gateway) | latest | -| [PostgreSQL](./src/postgres) | 17.6 | -| [Prometheus](./src/prometheus) | 3.5.0 | -| [PyTorch](./src/pytorch) | 2.6.0 | -| [Qdrant](./src/qdrant) | 1.15.4 | -| [RabbitMQ](./src/rabbitmq) | 4.1.4 | -| [Ray](./src/ray) | 2.42.1 | -| [Redpanda](./src/redpanda) | v24.3.1 | -| [Redis Cluster](./src/redis-cluster) | 8.2.1 | -| [Redis](./src/redis) | 8.2.1 | -| [Renovate](./src/renovate) | 42.52.5-full | -| [Restate Cluster](./src/restate-cluster) | 1.5.3 | -| [Restate](./src/restate) | 1.5.3 | -| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 | -| [Sim](./apps/sim) | latest | -| [Stable Diffusion WebUI](./src/stable-diffusion-webui-docker) | latest | -| [Stirling-PDF](./src/stirling-pdf) | latest | -| [Temporal](./src/temporal) | 1.24.2 | -| [TiDB](./src/tidb) | v8.5.0 | -| [TiKV](./src/tikv) | v8.5.0 | -| [Trigger.dev](./src/trigger-dev) | v4.2.0 | -| [Valkey Cluster](./src/valkey-cluster) | 8.0 | -| [Valkey](./src/valkey) | 8.0 | -| [Verdaccio](./src/verdaccio) | 6.1.2 | -| [vLLM](./src/vllm) | v0.8.0 | -| [Windmill](./src/windmill) | main | -| [ZooKeeper](./src/zookeeper) | 3.9.3 | - -## MCP 服务器 - -| 服务 | 版本 | -| ------------------------------------------------------- | ------ | -| [API Gateway](./mcp-servers/api-gateway) | latest | -| [ArXiv MCP Server](./mcp-servers/arxiv-mcp-server) | latest | -| [Basic Memory](./mcp-servers/basic-memory) | latest | -| [ClickHouse](./mcp-servers/clickhouse) | latest | -| [Docker](./mcp-servers/docker) | latest | -| [Dockerhub](./mcp-servers/dockerhub) | latest | -| [E2B](./mcp-servers/e2b) | latest | -| [ElevenLabs](./mcp-servers/elevenlabs) | latest | -| [Fetch](./mcp-servers/fetch) | latest | -| [Firecrawl](./mcp-servers/firecrawl) | latest | -| [Filesystem](./mcp-servers/filesystem) | latest | -| [Grafana](./mcp-servers/grafana) | latest | -| [Markdownify](./mcp-servers/markdownify) | latest | -| [Markitdown](./mcp-servers/markitdown) | latest | -| [Memory](./mcp-servers/memory) | latest | -| [MongoDB](./mcp-servers/mongodb) | latest | -| [Neo4j Cypher](./mcp-servers/neo4j-cypher) | latest | -| [Neo4j Memory](./mcp-servers/neo4j-memory) | latest | -| [Notion](./mcp-servers/notion) | latest | -| [OpenAPI Schema](./mcp-servers/openapi-schema) | latest | -| [OpenAPI](./mcp-servers/openapi) | latest | -| [OpenWeather](./mcp-servers/openweather) | latest | -| [Paper Search](./mcp-servers/paper-search) | latest | -| [Playwright](./mcp-servers/playwright) | latest | -| [Redis MCP](./mcp-servers/redis-mcp) | latest | -| [Rust Filesystem](./mcp-servers/rust-mcp-filesystem) | latest | -| [Sequential Thinking](./mcp-servers/sequentialthinking) | latest | -| [SQLite](./mcp-servers/sqlite) | latest | -| [Tavily](./mcp-servers/tavily) | latest | -| [Text to GraphQL](./mcp-servers/text-to-graphql) | latest | -| [Time](./mcp-servers/time) | latest | -| [Wolfram Alpha](./mcp-servers/wolfram-alpha) | latest | -| [YouTube Transcript](./mcp-servers/youtube-transcript) | latest | - -## 规范 - -1. 开箱即用 - - 配置应该是开箱即用的,无需额外步骤即可启动(最多提供 `.env` 文件)。 -2. 命令简单 - - 每个项目提供单一的 `docker-compose.yaml` 文件; - - 命令复杂度不应超过 `docker compose up -d`;若需要额外流程,请提供 `Makefile`; - - 若服务需要初始化,优先使用 `healthcheck` 与 `depends_on` 的 `condition: service_healthy` 组织启动顺序。 -3. 版本稳定 - - 固定到“最新稳定版”而非 `latest`; - - 通过环境变量暴露镜像版本(如 `FOO_VERSION`)。 -4. 配置约定 - - 尽量通过环境变量配置,而非复杂的命令行参数; - - 敏感信息通过环境变量或挂载文件传递,不要硬编码; - - 提供合理默认值,实现零配置可启动; - - 必须提供带注释的 `.env.example`; - - 环境变量命名建议:全大写、下划线分隔,按服务加前缀(如 `POSTGRES_*`),端口覆写统一用 `*_PORT_OVERRIDE`。 -5. Profiles 规范 - - 对“可选组件/依赖”使用 Profiles; - - 推荐命名:`gpu`(GPU 加速)、`metrics`(可观测性/导出器)、`dev`(开发特性)。 -6. 跨平台与架构 - - 在镜像支持前提下,确保 Debian 12+/Ubuntu 22.04+、Windows 10+、macOS 12+ 可用; - - 支持 x86-64 与 ARM64 架构尽可能一致; - - 避免依赖仅在 Linux 主机存在的主机路径(例如 `/etc/localtime`、`/etc/timezone`),统一使用 `TZ` 环境变量传递时区。 -7. 卷与挂载 - - 配置文件优先使用相对路径,增强跨平台兼容; - - 数据目录优先使用“命名卷”,避免主机路径权限/兼容性问题; - - 如需主机路径,建议提供顶层目录变量(如 `DATA_DIR`)。 -8. 资源与日志 - - 必须限制 CPU/内存,防止资源打爆; - - GPU 服务默认单卡:可使用 `deploy.resources.reservations.devices`(Compose 支持为 device_requests 映射)或 `gpus`; - - 限制日志大小(`json-file`:`max-size`/`max-file`)。 -9. 健康检查 - - 每个服务应提供 `healthcheck`,包括合适的 `interval`、`timeout`、`retries` 与 `start_period`; - - 依赖链通过 `depends_on.condition: service_healthy` 组织。 -10. 安全基线(能用则用) - - 以非 root 运行(提供 `PUID`/`PGID` 或直接 `user: "1000:1000"`); - - 只读根文件系统(`read_only: true`),必要目录使用 `tmpfs`/可写挂载; - - 最小权限:`cap_drop: ["ALL"]`,按需再 `cap_add`; - - 避免使用 `container_name`(影响可扩缩与复用网络别名); - - 如需暴露 Docker 套接字等高危挂载,必须在文档中明确“风险与替代方案”。 -11. 文档与可发现性 - - 提供清晰文档与示例(含初始化与管理员账号说明、必要的安全/许可说明); - - 提供对 LLM 友好的结构化文档; - - 在 README 中标注主要环境变量与默认端口,并链接到 `README.md` / `README.zh.md`。 - -## 开源协议 - -[MIT License](./LICENSE). +# Compose Anything + +Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,帮助用户快速部署各种服务。这些配置约束了资源使用,可快速迁移到 K8S 等系统,并且易于理解和修改。 + +## 已经支持的服务 + +| 服务 | 版本 | +| ------------------------------------------------------------- | ---------------------------- | +| [Apache APISIX](./src/apisix) | 3.13.0 | +| [Apache Cassandra](./src/cassandra) | 5.0.2 | +| [Apache Flink](./src/flink) | 1.20.0 | +| [Apache HBase](./src/hbase) | 2.6 | +| [Apache HTTP Server](./src/apache) | 2.4.62 | +| [Apache Kafka](./src/kafka) | 7.8.0 | +| [Apache Pulsar](./src/pulsar) | 4.0.7 | +| [Apache RocketMQ](./src/rocketmq) | 5.3.1 | +| [Bifrost Gateway](./src/bifrost-gateway) | 1.3.48 | +| [Bolt.diy](./src/bolt-diy) | latest | +| [Budibase](./src/budibase) | 3.23.0 | +| [Bytebot](./src/bytebot) | edge | +| [Clash](./src/clash) | 1.18.0 | +| [ClickHouse](./src/clickhouse) | 24.11.1 | +| [Conductor](./src/conductor) | latest | +| [Dify](./src/dify) | 0.18.2 | +| [DNSMasq](./src/dnsmasq) | 2.91 | +| [Dockge](./src/dockge) | 1 | +| [Docker Registry](./src/docker-registry) | 3.0.0 | +| [DuckDB](./src/duckdb) | v1.1.3 | +| [Easy Dataset](./src/easy-dataset) | 1.5.1 | +| [Elasticsearch](./src/elasticsearch) | 8.16.1 | +| [etcd](./src/etcd) | 3.6.0 | +| [Firecrawl](./src/firecrawl) | latest | +| [frpc](./src/frpc) | 0.64.0 | +| [frps](./src/frps) | 0.64.0 | +| [Gitea Runner](./src/gitea-runner) | 0.2.13 | +| [Gitea](./src/gitea) | 1.24.6 | +| [GitLab Runner](./src/gitlab-runner) | 17.10.1 | +| [GitLab](./src/gitlab) | 17.10.4-ce.0 | +| [GPUStack](./src/gpustack) | v0.5.3 | +| [Grafana](./src/grafana) | 12.1.1 | +| [Halo](./src/halo) | 2.21.9 | +| [Harbor](./src/harbor) | v2.12.0 | +| [HashiCorp Consul](./src/consul) | 1.20.3 | +| [IOPaint](./builds/io-paint) | latest | +| [Jenkins](./src/jenkins) | 2.486-lts | +| [JODConverter](./src/jodconverter) | latest | +| [Kestra](./src/kestra) | latest-full | +| [Kibana](./src/kibana) | 8.16.1 | +| [Kodbox](./src/kodbox) | 1.62 | +| [Kong](./src/kong) | 3.8.0 | +| [Langflow](./apps/langflow) | latest | +| [Langfuse](./apps/langfuse) | 3.115.0 | +| [LibreOffice](./src/libreoffice) | latest | +| [LiteLLM](./src/litellm) | main-stable | +| [Logstash](./src/logstash) | 8.16.1 | +| [MariaDB Galera 集群](./src/mariadb-galera) | 11.7.2 | +| [Milvus Standalone Embed](./src/milvus-standalone-embed) | 2.6.2 | +| [Milvus Standalone](./src/milvus-standalone) | 2.6.2 | +| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest | +| [MinerU SGLang](./src/mineru-sglang) | 2.2.2 | +| [MinerU vLLM](./builds/mineru-vllm) | 2.6.4 | +| [MinIO](./src/minio) | RELEASE.2025-09-07T16-13-09Z | +| [MLflow](./src/mlflow) | v2.20.2 | +| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.0.13 | +| [MongoDB ReplicaSet](./src/mongodb-replicaset) | 8.0.13 | +| [MongoDB Standalone](./src/mongodb-standalone) | 8.0.13 | +| [MySQL](./src/mysql) | 9.4.0 | +| [n8n](./src/n8n) | 1.114.0 | +| [Nacos](./src/nacos) | v3.1.0 | +| [NebulaGraph](./src/nebulagraph) | v3.8.0 | +| [NexaSDK](./src/nexa-sdk) | v0.2.62 | +| [Neo4j](./src/neo4j) | 5.27.4 | +| [Netdata](./src/netdata) | latest | +| [Nginx](./src/nginx) | 1.29.1 | +| [Node Exporter](./src/node-exporter) | v1.8.2 | +| [OceanBase](./src/oceanbase) | 4.3.3 | +| [Odoo](./src/odoo) | 19.0 | +| [Ollama](./src/ollama) | 0.12.0 | +| [Open WebUI](./src/open-webui) | main | +| [Phoenix (Arize)](./src/phoenix) | 12.19.0 | +| [Pingora Proxy Manager](./src/pingora-proxy-manager) | v1.0.3 | +| [Open WebUI Rust](./src/open-webui-rust) | latest | +| [OpenCoze](./src/opencoze) | See Docs | +| [OpenCut](./src/opencut) | latest | +| [OpenList](./src/openlist) | latest | +| [OpenSearch](./src/opensearch) | 2.19.0 | +| [PocketBase](./src/pocketbase) | 0.30.0 | +| [Portainer](./src/portainer) | 2.27.3-alpine | +| [Portkey AI Gateway](./src/portkey-gateway) | latest | +| [PostgreSQL](./src/postgres) | 17.6 | +| [Prometheus](./src/prometheus) | 3.5.0 | +| [PyTorch](./src/pytorch) | 2.6.0 | +| [Qdrant](./src/qdrant) | 1.15.4 | +| [RabbitMQ](./src/rabbitmq) | 4.1.4 | +| [Ray](./src/ray) | 2.42.1 | +| [Redpanda](./src/redpanda) | v24.3.1 | +| [Redis Cluster](./src/redis-cluster) | 8.2.1 | +| [Redis](./src/redis) | 8.2.1 | +| [Renovate](./src/renovate) | 42.52.5-full | +| [Restate Cluster](./src/restate-cluster) | 1.5.3 | +| [Restate](./src/restate) | 1.5.3 | +| [SearXNG](./src/searxng) | 2025.1.20-1ce14ef99 | +| [Sim](./apps/sim) | latest | +| [Stable Diffusion WebUI](./src/stable-diffusion-webui-docker) | latest | +| [Stirling-PDF](./src/stirling-pdf) | latest | +| [Temporal](./src/temporal) | 1.24.2 | +| [TiDB](./src/tidb) | v8.5.0 | +| [TiKV](./src/tikv) | v8.5.0 | +| [Trigger.dev](./src/trigger-dev) | v4.2.0 | +| [TrailBase](./src/trailbase) | 0.22.4 | +| [Valkey Cluster](./src/valkey-cluster) | 8.0 | +| [Valkey](./src/valkey) | 8.0 | +| [Verdaccio](./src/verdaccio) | 6.1.2 | +| [vLLM](./src/vllm) | v0.8.0 | +| [Windmill](./src/windmill) | main | +| [ZooKeeper](./src/zookeeper) | 3.9.3 | + +## MCP 服务器 + +| 服务 | 版本 | +| ------------------------------------------------------- | ------ | +| [API Gateway](./mcp-servers/api-gateway) | latest | +| [ArXiv MCP Server](./mcp-servers/arxiv-mcp-server) | latest | +| [Basic Memory](./mcp-servers/basic-memory) | latest | +| [ClickHouse](./mcp-servers/clickhouse) | latest | +| [Docker](./mcp-servers/docker) | latest | +| [Dockerhub](./mcp-servers/dockerhub) | latest | +| [E2B](./mcp-servers/e2b) | latest | +| [ElevenLabs](./mcp-servers/elevenlabs) | latest | +| [Fetch](./mcp-servers/fetch) | latest | +| [Firecrawl](./mcp-servers/firecrawl) | latest | +| [Filesystem](./mcp-servers/filesystem) | latest | +| [Grafana](./mcp-servers/grafana) | latest | +| [Markdownify](./mcp-servers/markdownify) | latest | +| [Markitdown](./mcp-servers/markitdown) | latest | +| [Memory](./mcp-servers/memory) | latest | +| [MongoDB](./mcp-servers/mongodb) | latest | +| [Neo4j Cypher](./mcp-servers/neo4j-cypher) | latest | +| [Neo4j Memory](./mcp-servers/neo4j-memory) | latest | +| [Notion](./mcp-servers/notion) | latest | +| [OpenAPI Schema](./mcp-servers/openapi-schema) | latest | +| [OpenAPI](./mcp-servers/openapi) | latest | +| [OpenWeather](./mcp-servers/openweather) | latest | +| [Paper Search](./mcp-servers/paper-search) | latest | +| [Playwright](./mcp-servers/playwright) | latest | +| [Redis MCP](./mcp-servers/redis-mcp) | latest | +| [Rust Filesystem](./mcp-servers/rust-mcp-filesystem) | latest | +| [Sequential Thinking](./mcp-servers/sequentialthinking) | latest | +| [SQLite](./mcp-servers/sqlite) | latest | +| [Tavily](./mcp-servers/tavily) | latest | +| [Text to GraphQL](./mcp-servers/text-to-graphql) | latest | +| [Time](./mcp-servers/time) | latest | +| [Wolfram Alpha](./mcp-servers/wolfram-alpha) | latest | +| [YouTube Transcript](./mcp-servers/youtube-transcript) | latest | + +## 规范 + +1. 开箱即用 + - 配置应该是开箱即用的,无需额外步骤即可启动(最多提供 `.env` 文件)。 +2. 命令简单 + - 每个项目提供单一的 `docker-compose.yaml` 文件; + - 命令复杂度不应超过 `docker compose up -d`;若需要额外流程,请提供 `Makefile`; + - 若服务需要初始化,优先使用 `healthcheck` 与 `depends_on` 的 `condition: service_healthy` 组织启动顺序。 +3. 版本稳定 + - 固定到“最新稳定版”而非 `latest`; + - 通过环境变量暴露镜像版本(如 `FOO_VERSION`)。 +4. 配置约定 + - 尽量通过环境变量配置,而非复杂的命令行参数; + - 敏感信息通过环境变量或挂载文件传递,不要硬编码; + - 提供合理默认值,实现零配置可启动; + - 必须提供带注释的 `.env.example`; + - 环境变量命名建议:全大写、下划线分隔,按服务加前缀(如 `POSTGRES_*`),端口覆写统一用 `*_PORT_OVERRIDE`。 +5. Profiles 规范 + - 对“可选组件/依赖”使用 Profiles; + - 推荐命名:`gpu`(GPU 加速)、`metrics`(可观测性/导出器)、`dev`(开发特性)。 +6. 跨平台与架构 + - 在镜像支持前提下,确保 Debian 12+/Ubuntu 22.04+、Windows 10+、macOS 12+ 可用; + - 支持 x86-64 与 ARM64 架构尽可能一致; + - 避免依赖仅在 Linux 主机存在的主机路径(例如 `/etc/localtime`、`/etc/timezone`),统一使用 `TZ` 环境变量传递时区。 +7. 卷与挂载 + - 配置文件优先使用相对路径,增强跨平台兼容; + - 数据目录优先使用“命名卷”,避免主机路径权限/兼容性问题; + - 如需主机路径,建议提供顶层目录变量(如 `DATA_DIR`)。 +8. 资源与日志 + - 必须限制 CPU/内存,防止资源打爆; + - GPU 服务默认单卡:可使用 `deploy.resources.reservations.devices`(Compose 支持为 device_requests 映射)或 `gpus`; + - 限制日志大小(`json-file`:`max-size`/`max-file`)。 +9. 健康检查 + - 每个服务应提供 `healthcheck`,包括合适的 `interval`、`timeout`、`retries` 与 `start_period`; + - 依赖链通过 `depends_on.condition: service_healthy` 组织。 +10. 安全基线(能用则用) + - 以非 root 运行(提供 `PUID`/`PGID` 或直接 `user: "1000:1000"`); + - 只读根文件系统(`read_only: true`),必要目录使用 `tmpfs`/可写挂载; + - 最小权限:`cap_drop: ["ALL"]`,按需再 `cap_add`; + - 避免使用 `container_name`(影响可扩缩与复用网络别名); + - 如需暴露 Docker 套接字等高危挂载,必须在文档中明确“风险与替代方案”。 +11. 文档与可发现性 + - 提供清晰文档与示例(含初始化与管理员账号说明、必要的安全/许可说明); + - 提供对 LLM 友好的结构化文档; + - 在 README 中标注主要环境变量与默认端口,并链接到 `README.md` / `README.zh.md`。 + +## 开源协议 + +[MIT License](./LICENSE). diff --git a/src/trailbase/.env.example b/src/trailbase/.env.example new file mode 100644 index 0000000..b09f635 --- /dev/null +++ b/src/trailbase/.env.example @@ -0,0 +1,23 @@ +# TrailBase configuration + +# Pin to the latest stable image tag +TRAILBASE_VERSION=0.22.4 + +# Host port mapping (maps to container port 4000) +TRAILBASE_PORT_OVERRIDE=4000 + +# Enable detailed stack traces for debugging (set to 0 in production) +TRAILBASE_RUST_BACKTRACE=1 + +# Logging configuration for the json-file driver +TRAILBASE_LOG_MAX_SIZE=100m +TRAILBASE_LOG_MAX_FILE=3 + +# Timezone +TZ=UTC + +# Resource limits +TRAILBASE_CPU_LIMIT=1.0 +TRAILBASE_MEMORY_LIMIT=1G +TRAILBASE_CPU_RESERVATION=0.25 +TRAILBASE_MEMORY_RESERVATION=256M diff --git a/src/trailbase/README.md b/src/trailbase/README.md new file mode 100644 index 0000000..62d4304 --- /dev/null +++ b/src/trailbase/README.md @@ -0,0 +1,110 @@ +# TrailBase + +[English](./README.md) | [中文](./README.zh.md) + +TrailBase is an open, single-binary Firebase alternative that ships type-safe REST & realtime APIs, a built-in admin UI, WebAssembly runtime, and authentication powered by Rust, SQLite, and Wasmtime. +This compose bundle runs the official Docker image with sensible defaults so you can immediately explore the admin console, build data models, and deploy edge components without extra dependencies. + +## Services + +- `trailbase`: TrailBase application server with the embedded admin UI, REST API, and realtime channels. + +## Quick Start + +1. Copy the sample environment file and adjust values as needed: + + ```bash + cp .env.example .env + ``` + +2. Launch the stack: + + ```bash + docker compose up -d + ``` + +3. Tail the logs to capture the auto-generated administrator credentials from the first boot: + + ```bash + docker compose logs -f trailbase + ``` + +4. Open `http://localhost:4000/_/admin` and sign in with the printed credentials (or create your own admin; see below). + +## Default Endpoints + +| Endpoint | Description | +| --------------------------------------- | --------------------------- | +| `http://localhost:4000/_/admin` | Admin UI | +| `http://localhost:4000/api/healthcheck` | Health probe used by Docker | +| `http://localhost:4000/_/auth/login` | Optional Auth UI component | + +## Environment Variables + +| Variable | Description | Default | +| ------------------------------ | --------------------------------------------------- | -------- | +| `TRAILBASE_VERSION` | Docker image tag pulled from Docker Hub | `0.22.4` | +| `TRAILBASE_PORT_OVERRIDE` | Host port that maps to container port `4000` | `4000` | +| `TRAILBASE_RUST_BACKTRACE` | Enables verbose Rust backtraces for troubleshooting | `1` | +| `TRAILBASE_LOG_MAX_SIZE` | Max log file size for the `json-file` driver | `100m` | +| `TRAILBASE_LOG_MAX_FILE` | Number of rotated log files to keep | `3` | +| `TRAILBASE_CPU_LIMIT` | CPU limit applied via `deploy.resources.limits` | `1.0` | +| `TRAILBASE_MEMORY_LIMIT` | Memory limit applied via `deploy.resources.limits` | `1G` | +| `TRAILBASE_CPU_RESERVATION` | CPU reservation to keep TrailBase responsive | `0.25` | +| `TRAILBASE_MEMORY_RESERVATION` | Memory reservation to protect against eviction | `256M` | +| `TZ` | Timezone passed to the container | `UTC` | + +See `.env.example` for the complete, commented list. + +## Volumes + +- `trailbase_data`: Stores the `traildepot` directory which contains the SQLite database, WASM components, authentication secrets, and uploaded assets. Back up this volume to preserve your project. + +## Bootstrap & Admin Accounts + +- On the first start TrailBase prints temporary administrator credentials to the logs. Capture them with `docker compose logs -f trailbase`. +- Create additional verified users (or rotate the admin) without restarting the service: + + ```bash + docker compose exec trailbase /app/trail user add admin@example.com "StrongPassw0rd!" + ``` + +- To inspect user records or rotate passwords later, you can use other `trail` CLI commands from the same container. + +## Optional Components + +- The container already ships the official Auth UI WASM component under `/app/traildepot/wasm`. If you need extra components, install them at runtime: + + ```bash + docker compose exec trailbase /app/trail components add trailbase/auth_ui + docker compose exec trailbase /app/trail components add your-org/your-component + ``` + +- Mount your own WASM components or configuration alongside the `trailbase_data` volume if you prefer to keep them under version control. + +## Health & Maintenance + +- The included healthcheck hits `http://localhost:4000/api/healthcheck`. You can perform manual probes with `curl http://localhost:4000/api/healthcheck`. +- Back up the data volume periodically: + + ```bash + docker compose stop trailbase + docker run --rm -v compose-anything_trailbase_data:/data -v $(pwd):/backup alpine tar czf /backup/trailbase-backup.tar.gz -C /data . + docker compose start trailbase + ``` + +- Restore by reversing the `tar` command into the named volume. + +## Security Notes + +- Rotate the default admin credentials immediately and restrict the exposed port with a firewall or reverse proxy. +- Set `TRAILBASE_RUST_BACKTRACE=0` in production to avoid verbose stack traces in logs. +- Terminate TLS with a reverse proxy such as Caddy, nginx, or Traefik and place TrailBase behind it for HTTPS. +- Back up the `trailbase_data` volume before upgrading to new releases. + +## References + +- Project website: [https://trailbase.io](https://trailbase.io) +- GitHub repository: [https://github.com/trailbaseio/trailbase](https://github.com/trailbaseio/trailbase) +- Documentation: [https://trailbase.io/reference](https://trailbase.io/reference) +- License: Open Software License 3.0 (OSL-3.0) diff --git a/src/trailbase/README.zh.md b/src/trailbase/README.zh.md new file mode 100644 index 0000000..6fa6060 --- /dev/null +++ b/src/trailbase/README.zh.md @@ -0,0 +1,110 @@ +# TrailBase + +[English](./README.md) | [中文](./README.zh.md) + +TrailBase 是一个开源的单可执行后端,提供 type-safe REST 与实时 API、内置管理界面、WebAssembly 运行时以及身份认证功能,底层由 Rust、SQLite 与 Wasmtime 驱动。 +本配置使用官方 Docker 镜像并提供合理的默认值,方便你立即访问管理后台、定义数据模型并在本地体验 TrailBase。 + +## 服务 + +- `trailbase`:包含管理后台、REST API 以及实时通道的核心服务。 + +## 快速开始 + +1. 复制示例环境文件并按需修改: + + ```bash + cp .env.example .env + ``` + +2. 启动服务: + + ```bash + docker compose up -d + ``` + +3. 首次启动会在日志中输出自动生成的管理员账号,使用以下命令查看: + + ```bash + docker compose logs -f trailbase + ``` + +4. 打开 `http://localhost:4000/_/admin`,使用日志中的凭据登录(或按照下文创建新的管理员)。 + +## 默认访问入口 + +| 入口 | 说明 | +| --------------------------------------- | ------------------- | +| `http://localhost:4000/_/admin` | 管理界面 | +| `http://localhost:4000/api/healthcheck` | 健康检查端点 | +| `http://localhost:4000/_/auth/login` | 可选的 Auth UI 入口 | + +## 环境变量 + +| 变量名 | 描述 | 默认值 | +| ------------------------------ | ----------------------------------- | -------- | +| `TRAILBASE_VERSION` | Docker 镜像标签 | `0.22.4` | +| `TRAILBASE_PORT_OVERRIDE` | 暴露到宿主机的端口(容器端口 4000) | `4000` | +| `TRAILBASE_RUST_BACKTRACE` | 是否输出 Rust 堆栈,便于排障 | `1` | +| `TRAILBASE_LOG_MAX_SIZE` | `json-file` 日志的最大文件大小 | `100m` | +| `TRAILBASE_LOG_MAX_FILE` | 日志轮转时保留的文件数量 | `3` | +| `TRAILBASE_CPU_LIMIT` | CPU 限制(`deploy.resources`) | `1.0` | +| `TRAILBASE_MEMORY_LIMIT` | 内存限制 | `1G` | +| `TRAILBASE_CPU_RESERVATION` | CPU 预留 | `0.25` | +| `TRAILBASE_MEMORY_RESERVATION` | 内存预留 | `256M` | +| `TZ` | 容器时区 | `UTC` | + +完整说明请参考 `.env.example`。 + +## 数据卷 + +- `trailbase_data`:对应容器内的 `traildepot`,保存 SQLite 数据库、WASM 组件、认证密钥及上传的静态资源。升级或迁移前务必备份该卷。 + +## 初始化与管理员账号 + +- 首次启动后,TrailBase 会在日志中打印一次性管理员账号与密码。请立即登录并修改。 +- 也可以直接在容器内创建新的已验证用户: + + ```bash + docker compose exec trailbase /app/trail user add admin@example.com "StrongPassw0rd!" + ``` + +- 使用同一个 `trail` CLI 可以重置密码、导入导出数据等,不需要重启服务。 + +## 可选组件 + +- 镜像已经预置官方 Auth UI WASM 组件,若需要其他组件,可在运行中安装: + + ```bash + docker compose exec trailbase /app/trail components add trailbase/auth_ui + docker compose exec trailbase /app/trail components add your-org/your-component + ``` + +- 如果希望通过 Git 管理组件或静态资源,可以将本地目录挂载到 `trailbase_data`。 + +## 健康检查与维护 + +- 默认健康检查请求 `http://localhost:4000/api/healthcheck`,也可以手动使用 `curl` 进行验证。 +- 备份流程示例: + + ```bash + docker compose stop trailbase + docker run --rm -v compose-anything_trailbase_data:/data -v $(pwd):/backup alpine tar czf /backup/trailbase-backup.tar.gz -C /data . + docker compose start trailbase + ``` + +- 恢复时将备份解压回同名数据卷即可。 + +## 安全提示 + +- 启动后立即更换默认管理员凭据,并在防火墙或反向代理层限制 4000 端口的访问。 +- 生产环境建议将 `TRAILBASE_RUST_BACKTRACE` 设置为 `0`,避免日志泄露系统细节。 +- 配合 Caddy、nginx 或 Traefik 等反向代理启用 TLS,必要时再开启 WAF、IP 白名单等防护。 +- 升级新版本前务必备份 `trailbase_data` 数据卷。 + +## 参考资料 + +- 官网: +- 仓库: +- 文档: +- 许可证:Open Software License 3.0(OSL-3.0) diff --git a/src/trailbase/docker-compose.yaml b/src/trailbase/docker-compose.yaml new file mode 100644 index 0000000..a1638ee --- /dev/null +++ b/src/trailbase/docker-compose.yaml @@ -0,0 +1,44 @@ +# TrailBase - Firebase alternative with type-safe REST & realtime APIs +# Project: https://github.com/trailbaseio/trailbase +# Default access: http://localhost:4000/_/admin +# Notes: +# - The container already ships the admin UI WASM component. +# - Initial admin credentials are printed to the logs on first boot. +# - Use `trail user add ` to create additional verified users. + +x-defaults: &defaults + restart: unless-stopped + logging: + driver: json-file + options: + max-size: ${TRAILBASE_LOG_MAX_SIZE:-100m} + max-file: "${TRAILBASE_LOG_MAX_FILE:-3}" + +services: + trailbase: + <<: *defaults + image: ${GLOBAL_REGISTRY:-}trailbase/trailbase:${TRAILBASE_VERSION:-0.22.4} + ports: + - "${TRAILBASE_PORT_OVERRIDE:-4000}:4000" + environment: + - TZ=${TZ:-UTC} + - RUST_BACKTRACE=${TRAILBASE_RUST_BACKTRACE:-1} + volumes: + - trailbase_data:/app/traildepot + healthcheck: + test: ["CMD", "curl", "--fail", "--silent", "--show-error", "http://localhost:4000/api/healthcheck"] + interval: 30s + timeout: 10s + retries: 5 + start_period: 60s + deploy: + resources: + limits: + cpus: ${TRAILBASE_CPU_LIMIT:-1.0} + memory: ${TRAILBASE_MEMORY_LIMIT:-1G} + reservations: + cpus: ${TRAILBASE_CPU_RESERVATION:-0.25} + memory: ${TRAILBASE_MEMORY_RESERVATION:-256M} + +volumes: + trailbase_data: