diff --git a/builds/mineru-vllm/docker-compose.yaml b/builds/mineru-vllm/docker-compose.yaml deleted file mode 100644 index 102649c..0000000 --- a/builds/mineru-vllm/docker-compose.yaml +++ /dev/null @@ -1,109 +0,0 @@ -x-defaults: &defaults - restart: unless-stopped - logging: - driver: json-file - options: - max-size: 100m - max-file: "3" - -x-mineru-vllm: &mineru-vllm - <<: *defaults - image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.4} - build: - context: . - dockerfile: Dockerfile - environment: - TZ: ${TZ:-UTC} - MINERU_MODEL_SOURCE: local - ulimits: - memlock: -1 - stack: 67108864 - ipc: host - deploy: - resources: - limits: - cpus: '16.0' - memory: 32G - reservations: - cpus: '8.0' - memory: 16G - devices: - - driver: nvidia - device_ids: [ '0' ] - capabilities: [ gpu ] - -services: - mineru-vllm-server: - <<: *mineru-vllm - profiles: ["vllm-server"] - ports: - - ${MINERU_PORT_OVERRIDE_VLLM:-30000}:30000 - entrypoint: mineru-vllm-server - command: - - --host 0.0.0.0 - - --port 30000 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:30000/health || exit 1"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - - - mineru-api: - <<: *mineru-vllm - profiles: ["api"] - ports: - - ${MINERU_PORT_OVERRIDE_API:-8000}:8000 - entrypoint: mineru-api - command: - - --host 0.0.0.0 - - --port 8000 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8000/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - - mineru-gradio: - <<: *mineru-vllm - profiles: ["gradio"] - ports: - - ${MINERU_PORT_OVERRIDE_GRADIO:-7860}:7860 - entrypoint: mineru-gradio - command: - - --server-name 0.0.0.0 - - --server-port 7860 - - # Enable the vllm engine for Gradio - - --enable-vllm-engine true - # If you want to disable the API, set this to false - # - --enable-api false - # If you want to limit the number of pages for conversion, set this to a specific number - # - --max-convert-pages 20 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7860/"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s diff --git a/builds/mineru-vllm/.env.example b/builds/mineru/.env.example similarity index 76% rename from builds/mineru-vllm/.env.example rename to builds/mineru/.env.example index 47e5cb8..b121341 100644 --- a/builds/mineru-vllm/.env.example +++ b/builds/mineru/.env.example @@ -1,5 +1,5 @@ # MinerU Docker image -MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.5.4 +MINERU_DOCKER_IMAGE=alexsuntop/mineru:2.6.5 # Port configurations MINERU_PORT_OVERRIDE_VLLM=30000 diff --git a/builds/mineru-vllm/Dockerfile b/builds/mineru/Dockerfile similarity index 100% rename from builds/mineru-vllm/Dockerfile rename to builds/mineru/Dockerfile diff --git a/builds/mineru-vllm/README.md b/builds/mineru/README.md similarity index 94% rename from builds/mineru-vllm/README.md rename to builds/mineru/README.md index 61ea106..df5193f 100644 --- a/builds/mineru-vllm/README.md +++ b/builds/mineru/README.md @@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000 ## Configuration -- `MINERU_VERSION`: The version for MinerU, default is `2.6.4`. +- `MINERU_VERSION`: The version for MinerU, default is `2.6.5`. - `MINERU_PORT_OVERRIDE_VLLM`: The host port for the VLLM server, default is `30000`. - `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`. - `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`. diff --git a/builds/mineru-vllm/README.zh.md b/builds/mineru/README.zh.md similarity index 99% rename from builds/mineru-vllm/README.zh.md rename to builds/mineru/README.zh.md index ea0c934..3b4ebb0 100644 --- a/builds/mineru-vllm/README.zh.md +++ b/builds/mineru/README.zh.md @@ -39,7 +39,7 @@ mineru -p demo.pdf -o ./output -b vlm-http-client -u http://localhost:30000 ## 配置 -- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.6.4`。 +- `MINERU_VERSION`: MinerU 的 Docker 镜像版本,默认为 `2.6.5`。 - `MINERU_PORT_OVERRIDE_VLLM`: VLLM 服务器的主机端口,默认为 `30000`。 - `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。 - `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。 diff --git a/builds/mineru/docker-compose.yaml b/builds/mineru/docker-compose.yaml new file mode 100644 index 0000000..63023fa --- /dev/null +++ b/builds/mineru/docker-compose.yaml @@ -0,0 +1,139 @@ +x-defaults: &defaults + restart: unless-stopped + logging: + driver: json-file + options: + max-size: 100m + max-file: "3" + +x-mineru-vllm: &mineru-vllm + <<: *defaults + image: ${GLOBAL_REGISTRY:-}alexsuntop/mineru:${MINERU_VERSION:-2.6.5} + build: + context: . + dockerfile: Dockerfile + environment: + TZ: ${TZ:-UTC} + MINERU_MODEL_SOURCE: local + ulimits: + memlock: -1 + stack: 67108864 + ipc: host + deploy: + resources: + limits: + cpus: '16.0' + memory: 32G + reservations: + cpus: '8.0' + memory: 16G + devices: + - driver: nvidia + device_ids: [ '0' ] + capabilities: [ gpu ] + +services: + mineru-openai-server: + <<: *mineru-vllm + profiles: ["openai-server"] + ports: + - ${MINERU_PORT_OVERRIDE_VLLM:-30000}:30000 + entrypoint: mineru-openai-server + command: + # ==================== Engine Selection ==================== + # WARNING: Only ONE engine can be enabled at a time! + # Choose 'vllm' OR 'lmdeploy' (uncomment one line below) + - --engine vllm + # --engine lmdeploy + + # ==================== vLLM Engine Parameters ==================== + # Uncomment if using --engine vllm + - --host 0.0.0.0 + - --port 30000 + # Multi-GPU configuration (increase throughput) + # --data-parallel-size 2 + # Single GPU memory optimization (reduce if VRAM insufficient) + # --gpu-memory-utilization 0.5 # Try 0.4 or lower if issues persist + + # ==================== LMDeploy Engine Parameters ==================== + # Uncomment if using --engine lmdeploy + # --server-name 0.0.0.0 + # --server-port 30000 + # Multi-GPU configuration (increase throughput) + # --dp 2 + # Single GPU memory optimization (reduce if VRAM insufficient) + # --cache-max-entry-count 0.5 # Try 0.4 or lower if issues persist + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:30000/health || exit 1"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + + + mineru-api: + <<: *mineru-vllm + profiles: ["api"] + ports: + - ${MINERU_PORT_OVERRIDE_API:-8000}:8000 + entrypoint: mineru-api + command: + # ==================== Server Configuration ==================== + - --host 0.0.0.0 + - --port 8000 + + # ==================== vLLM Engine Parameters ==================== + # Multi-GPU configuration + # --data-parallel-size 2 + # Single GPU memory optimization + # --gpu-memory-utilization 0.5 # Try 0.4 or lower if VRAM insufficient + + # ==================== LMDeploy Engine Parameters ==================== + # Multi-GPU configuration + # --dp 2 + # Single GPU memory optimization + # --cache-max-entry-count 0.5 # Try 0.4 or lower if VRAM insufficient + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8000/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + + mineru-gradio: + <<: *mineru-vllm + profiles: ["gradio"] + ports: + - ${MINERU_PORT_OVERRIDE_GRADIO:-7860}:7860 + entrypoint: mineru-gradio + command: + # ==================== Gradio Server Configuration ==================== + - --server-name 0.0.0.0 + - --server-port 7860 + + # ==================== Gradio Feature Settings ==================== + # --enable-api false # Disable API endpoint + # --max-convert-pages 20 # Limit conversion page count + + # ==================== Engine Selection ==================== + # WARNING: Only ONE engine can be enabled at a time! + + # Option 1: vLLM Engine (recommended for most users) + - --enable-vllm-engine true + # Multi-GPU configuration + # --data-parallel-size 2 + # Single GPU memory optimization + # --gpu-memory-utilization 0.5 # Try 0.4 or lower if VRAM insufficient + + # Option 2: LMDeploy Engine + # --enable-lmdeploy-engine true + # Multi-GPU configuration + # --dp 2 + # Single GPU memory optimization + # --cache-max-entry-count 0.5 # Try 0.4 or lower if VRAM insufficient + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7860/"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s diff --git a/src/mineru-sglang/.env.example b/src/mineru-sglang/.env.example deleted file mode 100644 index c8b3748..0000000 --- a/src/mineru-sglang/.env.example +++ /dev/null @@ -1,7 +0,0 @@ -# MinerU SGLang Docker image -MINERU_DOCKER_IMAGE=alexsuntop/mineru-sglang:2.2.2 - -# Port configurations -MINERU_PORT_OVERRIDE_SGLANG=30000 -MINERU_PORT_OVERRIDE_API=8000 -MINERU_PORT_OVERRIDE_GRADIO=7860 diff --git a/src/mineru-sglang/README.md b/src/mineru-sglang/README.md deleted file mode 100644 index 8695453..0000000 --- a/src/mineru-sglang/README.md +++ /dev/null @@ -1,45 +0,0 @@ -# MinerU SGLang - -[English](./README.md) | [中文](./README.zh.md) - -This service runs MinerU with the SGLang backend. - -## Start Services - -- **SGLang backend server**: - - ```bash - docker compose --profile sglang-server up -d - ``` - -- **Document parse API**: - - ```bash - docker compose --profile api up -d - ``` - -- **Gradio WebUI**: - - ```bash - docker compose --profile gradio up -d - ``` - -## Test SGLang backend - -```bash -pip install mineru -mineru -p demo.pdf -o ./output -b vlm-sglang-client -u http://localhost:30000 -``` - -## Services - -- `mineru-sglang-server`: The SGLang backend server. -- `mineru-api`: The document parsing API. -- `mineru-gradio`: The Gradio WebUI. - -## Configuration - -- `MINERU_DOCKER_IMAGE`: The Docker image for MinerU SGLang, default is `alexsuntop/mineru-sglang:2.2.2`. -- `MINERU_PORT_OVERRIDE_SGLANG`: The host port for the SGLang server, default is `30000`. -- `MINERU_PORT_OVERRIDE_API`: The host port for the API service, default is `8000`. -- `MINERU_PORT_OVERRIDE_GRADIO`: The host port for the Gradio WebUI, default is `7860`. diff --git a/src/mineru-sglang/README.zh.md b/src/mineru-sglang/README.zh.md deleted file mode 100644 index e7d3a97..0000000 --- a/src/mineru-sglang/README.zh.md +++ /dev/null @@ -1,45 +0,0 @@ -# MinerU SGLang - -[English](./README.md) | [中文](./README.zh.md) - -此服务使用 SGLang 后端运行 MinerU。 - -## 启动服务 - -- **SGLang 后端服务器**: - - ```bash - docker compose --profile sglang-server up -d - ``` - -- **文档解析 API**: - - ```bash - docker compose --profile api up -d - ``` - -- **Gradio WebUI**: - - ```bash - docker compose --profile gradio up -d - ``` - -## 测试 SGLang 后端 - -```bash -pip install mineru -mineru -p demo.pdf -o ./output -b vlm-sglang-client -u http://localhost:30000 -``` - -## 服务 - -- `mineru-sglang-server`: SGLang 后端服务器。 -- `mineru-api`: 文档解析 API。 -- `mineru-gradio`: Gradio WebUI。 - -## 配置 - -- `MINERU_DOCKER_IMAGE`: MinerU SGLang 的 Docker 镜像,默认为 `alexsuntop/mineru-sglang:2.2.2`。 -- `MINERU_PORT_OVERRIDE_SGLANG`: SGLang 服务器的主机端口,默认为 `30000`。 -- `MINERU_PORT_OVERRIDE_API`: API 服务的主机端口,默认为 `8000`。 -- `MINERU_PORT_OVERRIDE_GRADIO`: Gradio WebUI 的主机端口,默认为 `7860`。 diff --git a/src/mineru-sglang/docker-compose.yaml b/src/mineru-sglang/docker-compose.yaml deleted file mode 100644 index 74445ad..0000000 --- a/src/mineru-sglang/docker-compose.yaml +++ /dev/null @@ -1,105 +0,0 @@ -x-defaults: &defaults - restart: unless-stopped - logging: - driver: json-file - options: - max-size: 100m - max-file: "3" - -x-mineru-sglang: &mineru-sglang - <<: *defaults - image: ${MINERU_DOCKER_IMAGE:-alexsuntop/mineru-sglang:2.2.2} - environment: - TZ: ${TZ:-UTC} - MINERU_MODEL_SOURCE: local - ulimits: - memlock: -1 - stack: 67108864 - ipc: host - deploy: - resources: - limits: - cpus: ${MINERU_SGLANG_CPU_LIMIT:-8.0} - memory: ${MINERU_SGLANG_MEMORY_LIMIT:-4G} - reservations: - cpus: ${MINERU_SGLANG_CPU_RESERVATION:-1.0} - memory: ${MINERU_SGLANG_MEMORY_RESERVATION:-2G} - devices: - - driver: nvidia - device_ids: [ '0' ] - capabilities: [ gpu ] - -services: - mineru-sglang-server: - <<: *mineru-sglang - profiles: ["sglang-server"] - ports: - - ${MINERU_PORT_OVERRIDE_SGLANG:-30000}:30000 - entrypoint: mineru-sglang-server - command: - - --host 0.0.0.0 - - --port 30000 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:30000/health || exit 1"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - - mineru-api: - <<: *mineru-sglang - profiles: ["api"] - ports: - - ${MINERU_PORT_OVERRIDE_API:-8000}:8000 - entrypoint: mineru-api - command: - - --host 0.0.0.0 - - --port 8000 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8000/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - - mineru-gradio: - <<: *mineru-sglang - profiles: ["gradio"] - ports: - - ${MINERU_PORT_OVERRIDE_GRADIO:-7860}:7860 - entrypoint: mineru-gradio - command: - - --server-name 0.0.0.0 - - --server-port 7860 - - # Enable the vllm engine for Gradio - - --enable-vllm-engine true - # If you want to disable the API, set this to false - # - --enable-api false - # If you want to limit the number of pages for conversion, set this to a specific number - # - --max-convert-pages 20 - - # If using multiple GPUs, increase throughput using vllm's multi-GPU parallel mode. - # - --data-parallel-size 2 - # If running on a single GPU and encountering VRAM shortage, reduce the KV cache size by this parameter, - # if VRAM issues persist, try lowering it further to `0.4` or below. - # - --gpu-memory-utilization 0.5 - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:7860/"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s diff --git a/src/open-webui-rust/.env.example b/src/open-webui-rust/.env.example deleted file mode 100644 index e3e6e9c..0000000 --- a/src/open-webui-rust/.env.example +++ /dev/null @@ -1,133 +0,0 @@ -# Global Settings -GLOBAL_REGISTRY= -TZ=UTC - -# Version Tags -POSTGRES_VERSION=16-alpine -REDIS_VERSION=7-alpine -RUST_BACKEND_VERSION=latest -SANDBOX_RUNTIME_VERSION=latest -SANDBOX_EXECUTOR_VERSION=latest -FRONTEND_VERSION=latest - -# Port Overrides -POSTGRES_PORT_OVERRIDE=5432 -REDIS_PORT_OVERRIDE=6379 -RUST_BACKEND_PORT_OVERRIDE=8080 -SANDBOX_EXECUTOR_PORT_OVERRIDE=8090 -FRONTEND_PORT_OVERRIDE=3000 - -# PostgreSQL Configuration -POSTGRES_DB=open_webui -POSTGRES_USER=open_webui -POSTGRES_PASSWORD=open_webui_password - -# PostgreSQL Resource Limits -POSTGRES_CPU_LIMIT=1 -POSTGRES_MEMORY_LIMIT=1G -POSTGRES_CPU_RESERVATION=0.25 -POSTGRES_MEMORY_RESERVATION=256M - -# Redis Resource Limits -REDIS_CPU_LIMIT=0.5 -REDIS_MEMORY_LIMIT=512M -REDIS_CPU_RESERVATION=0.1 -REDIS_MEMORY_RESERVATION=128M - -# Rust Backend Configuration -ENV=prod -WEBUI_SECRET_KEY=your-secret-key-min-32-chars-generate-with-uuidgen - -# Database Connection Pool -DATABASE_POOL_SIZE=20 -DATABASE_POOL_MAX_OVERFLOW=10 -DATABASE_POOL_TIMEOUT=30 -DATABASE_POOL_RECYCLE=1800 - -# Redis -ENABLE_REDIS=true - -# Authentication -JWT_EXPIRES_IN=30d -ENABLE_SIGNUP=true -ENABLE_LOGIN_FORM=true -ENABLE_API_KEY=true -DEFAULT_USER_ROLE=user -SHOW_ADMIN_DETAILS=true -WEBUI_URL=http://localhost:3000 - -# CORS -CORS_ALLOW_ORIGIN=* - -# WebSocket/Socket.IO -ENABLE_SOCKETIO=true -ENABLE_WEBSOCKET_SUPPORT=true -WEBSOCKET_MANAGER=redis - -# Features -ENABLE_OPENAI_API=true -ENABLE_CHANNELS=true -ENABLE_IMAGE_GENERATION=false -ENABLE_CODE_EXECUTION=true -ENABLE_CODE_INTERPRETER=true -ENABLE_WEB_SEARCH=false -ENABLE_ADMIN_CHAT_ACCESS=true -ENABLE_ADMIN_EXPORT=true -ENABLE_NOTES=true -ENABLE_COMMUNITY_SHARING=true -ENABLE_MESSAGE_RATING=true - -# Logging -GLOBAL_LOG_LEVEL=info -RUST_LOG=info - -# OpenAI (Optional) -OPENAI_API_BASE_URL= -OPENAI_API_KEY= - -# Rust Backend Resource Limits -RUST_BACKEND_CPU_LIMIT=2 -RUST_BACKEND_MEMORY_LIMIT=2G -RUST_BACKEND_CPU_RESERVATION=0.5 -RUST_BACKEND_MEMORY_RESERVATION=512M - -# Sandbox Executor Configuration -SANDBOX_MAX_EXECUTION_TIME=60 -SANDBOX_MAX_MEMORY_MB=512 -SANDBOX_MAX_CPU_QUOTA=100000 -SANDBOX_MAX_DISK_MB=100 -SANDBOX_MAX_CONCURRENT_EXECUTIONS=10 -SANDBOX_RATE_LIMIT_PER_MINUTE=30 -SANDBOX_RATE_LIMIT_BURST=10 -SANDBOX_NETWORK_MODE=none -SANDBOX_READ_ONLY_ROOT=false -SANDBOX_DROP_ALL_CAPABILITIES=true -SANDBOX_ENABLE_STREAMING=true -SANDBOX_KEEP_CONTAINERS=false -SANDBOX_ENABLE_PYTHON=true -SANDBOX_ENABLE_JAVASCRIPT=true -SANDBOX_ENABLE_SHELL=true -SANDBOX_ENABLE_RUST=true -SANDBOX_ENABLE_AUDIT_LOG=true - -# Sandbox Executor Resource Limits -SANDBOX_EXECUTOR_CPU_LIMIT=2 -SANDBOX_EXECUTOR_MEMORY_LIMIT=2G -SANDBOX_EXECUTOR_CPU_RESERVATION=0.25 -SANDBOX_EXECUTOR_MEMORY_RESERVATION=256M - -# Frontend Configuration -RAG_EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2 -RAG_RERANKING_MODEL= -RAG_EMBEDDING_MODEL_AUTO_UPDATE=false -WHISPER_MODEL=base -ENABLE_RAG_WEB_SEARCH=false -ENABLE_RAG_HYBRID_SEARCH=false -SCARF_NO_ANALYTICS=true -DO_NOT_TRACK=true - -# Frontend Resource Limits -FRONTEND_CPU_LIMIT=1 -FRONTEND_MEMORY_LIMIT=1G -FRONTEND_CPU_RESERVATION=0.25 -FRONTEND_MEMORY_RESERVATION=256M diff --git a/src/open-webui-rust/README.md b/src/open-webui-rust/README.md deleted file mode 100644 index 938a6d9..0000000 --- a/src/open-webui-rust/README.md +++ /dev/null @@ -1,345 +0,0 @@ -# Open WebUI Rust - -High-performance Rust implementation of Open WebUI with native async runtime and improved resource efficiency. - -## Overview - -Open WebUI Rust is a complete rewrite of the Open WebUI backend in Rust, offering: - -- **10-50x faster response times** for API endpoints -- **70% lower memory usage** under load -- **Native concurrency** with Tokio's async runtime -- **Type safety** preventing entire classes of runtime errors -- **Zero-copy streaming** for chat completions -- **Production-ready** with comprehensive error handling - -This deployment includes: - -- **Rust Backend**: High-performance API server with WebSocket support -- **PostgreSQL**: Primary database for data persistence -- **Redis**: Caching and WebSocket session management -- **Sandbox Executor**: Secure code execution environment with Docker isolation -- **Frontend**: SvelteKit-based user interface with Nginx reverse proxy - -## Features - -- ✅ **Full API Compatibility** with Open WebUI Python backend -- ✅ **Native WebSocket/Socket.IO** implementation in Rust -- ✅ **Secure Code Execution** via isolated Docker containers -- ✅ **Multi-language Support** (Python, JavaScript, Shell, Rust) -- ✅ **RAG & Embeddings** with vector database integration -- ✅ **Authentication & Authorization** with JWT tokens -- ✅ **Rate Limiting & Security** built-in protection -- ✅ **Comprehensive Logging** for debugging and monitoring - -## Prerequisites - -- Docker 20.10+ -- Docker Compose 2.0+ -- 4GB+ available memory -- Access to Docker socket (for sandbox execution) - -## Quick Start - -### 1. Create `.env` file - -```bash -cp .env.example .env -``` - -Edit `.env` and set required variables: - -```bash -# IMPORTANT: Generate a secure secret key (min 32 characters) -WEBUI_SECRET_KEY=$(uuidgen | tr '[:upper:]' '[:lower:]' | tr -d '-') - -# Optional: Configure OpenAI API -OPENAI_API_KEY=sk-your-api-key -OPENAI_API_BASE_URL=https://api.openai.com/v1 -``` - -### 2. Start services - -```bash -docker compose up -d -``` - -### 3. Access the application - -- **Frontend UI**: -- **Rust Backend API**: -- **Sandbox Executor**: - -### 4. Initial setup - -1. Open -2. Create an admin account (first user becomes admin) -3. Configure your AI models in Settings - -## Architecture - -```text -┌─────────────┐ -│ Frontend │ :3000 -│ (SvelteKit) │ -└──────┬──────┘ - │ - ↓ -┌─────────────┐ ┌──────────────┐ -│Rust Backend │────→│ PostgreSQL │ :5432 -│ (API) │ │ (Database) │ -└──────┬──────┘ └──────────────┘ - │ - ├───────────→┌──────────────┐ - │ │ Redis │ :6379 - │ │ (Cache) │ - │ └──────────────┘ - │ - └───────────→┌──────────────┐ - │ Sandbox │ :8090 - │ Executor │ - └──────────────┘ -``` - -## Configuration - -### Core Environment Variables - -| Variable | Default | Description | -| ---------------------------- | --------------------- | ---------------------------------------- | -| `WEBUI_SECRET_KEY` | (required) | Secret key for JWT tokens (min 32 chars) | -| `POSTGRES_PASSWORD` | `open_webui_password` | PostgreSQL password | -| `FRONTEND_PORT_OVERRIDE` | `3000` | Frontend access port | -| `RUST_BACKEND_PORT_OVERRIDE` | `8080` | Backend API port | -| `TZ` | `UTC` | Timezone setting | - -### Feature Flags - -| Variable | Default | Description | -| ------------------------- | ------- | ---------------------------- | -| `ENABLE_CODE_EXECUTION` | `true` | Enable secure code execution | -| `ENABLE_CODE_INTERPRETER` | `true` | Enable code interpreter | -| `ENABLE_IMAGE_GENERATION` | `false` | Enable image generation | -| `ENABLE_WEB_SEARCH` | `false` | Enable web search | -| `ENABLE_SIGNUP` | `true` | Allow new user registration | - -### Resource Limits - -Each service has configurable CPU and memory limits: - -```bash -# Rust Backend -RUST_BACKEND_CPU_LIMIT=2 -RUST_BACKEND_MEMORY_LIMIT=2G - -# PostgreSQL -POSTGRES_CPU_LIMIT=1 -POSTGRES_MEMORY_LIMIT=1G - -# Sandbox Executor -SANDBOX_EXECUTOR_CPU_LIMIT=2 -SANDBOX_EXECUTOR_MEMORY_LIMIT=2G -``` - -### Sandbox Security - -Configure sandbox execution limits: - -```bash -SANDBOX_MAX_EXECUTION_TIME=60 # Max execution time in seconds -SANDBOX_MAX_MEMORY_MB=512 # Max memory per execution -SANDBOX_MAX_CONCURRENT_EXECUTIONS=10 # Max parallel executions -SANDBOX_NETWORK_MODE=none # Disable network access -``` - -## Usage Examples - -### Basic Chat - -```bash -curl -X POST http://localhost:8080/api/chat/completions \ - -H "Authorization: Bearer YOUR_API_KEY" \ - -H "Content-Type: application/json" \ - -d '{ - "model": "gpt-3.5-turbo", - "messages": [{"role": "user", "content": "Hello!"}] - }' -``` - -### Code Execution - -```bash -curl -X POST http://localhost:8090/api/v1/execute \ - -H "Content-Type: application/json" \ - -d '{ - "language": "python", - "code": "print(\"Hello from sandbox!\")" - }' -``` - -## Monitoring - -### View Logs - -```bash -# All services -docker compose logs -f - -# Specific service -docker compose logs -f rust-backend -docker compose logs -f sandbox-executor -``` - -### Check Service Health - -```bash -# Rust Backend -curl http://localhost:8080/health - -# Sandbox Executor -curl http://localhost:8090/api/v1/health - -# PostgreSQL -docker compose exec postgres pg_isready -``` - -### Resource Usage - -```bash -docker stats -``` - -## Maintenance - -### Backup Database - -```bash -docker compose exec postgres pg_dump -U open_webui open_webui > backup.sql -``` - -### Restore Database - -```bash -cat backup.sql | docker compose exec -T postgres psql -U open_webui open_webui -``` - -### Update Services - -```bash -docker compose pull -docker compose up -d -``` - -### Clean Reset - -```bash -# Stop and remove all data -docker compose down -v - -# Start fresh -docker compose up -d -``` - -## Troubleshooting - -### Cannot connect to services - -Check if all containers are healthy: - -```bash -docker compose ps -``` - -### JWT token errors - -Ensure `WEBUI_SECRET_KEY` is set and consistent across restarts. - -### Code execution fails - -1. Verify Docker socket is accessible -2. Check sandbox executor logs: `docker compose logs sandbox-executor` -3. Ensure runtime image is available: `docker images | grep sandbox-runtime` - -### High memory usage - -Adjust resource limits in `.env`: - -```bash -RUST_BACKEND_MEMORY_LIMIT=1G -SANDBOX_EXECUTOR_MEMORY_LIMIT=1G -``` - -## Security Considerations - -### Production Deployment - -1. **Change default passwords** - - ```bash - POSTGRES_PASSWORD=$(openssl rand -base64 32) - WEBUI_SECRET_KEY=$(openssl rand -base64 48) - ``` - -2. **Restrict network access** - - ```bash - CORS_ALLOW_ORIGIN=https://yourdomain.com - ``` - -3. **Disable signup after initial setup** - - ```bash - ENABLE_SIGNUP=false - ``` - -4. **Enable HTTPS** using a reverse proxy (nginx, Traefik, Caddy) - -5. **Limit sandbox resources** - - ```bash - SANDBOX_MAX_EXECUTION_TIME=30 - SANDBOX_MAX_MEMORY_MB=256 - SANDBOX_NETWORK_MODE=none - ``` - -### Docker Socket Access - -The sandbox executor requires access to the Docker socket (`/var/run/docker.sock`) for container isolation. This is a privileged operation and should be: - -- Used only in trusted environments -- Protected with proper network isolation -- Monitored for suspicious activity - -Consider using alternatives like: - -- Docker-in-Docker (DinD) for better isolation -- Kubernetes with pod security policies -- Dedicated sandbox service on separate nodes - -## Performance - -Typical resource usage: - -| Service | CPU (idle) | Memory (idle) | CPU (load) | Memory (load) | -| ---------------- | ---------- | ------------- | ---------- | ------------- | -| Rust Backend | ~1% | 50MB | 10-30% | 200MB | -| PostgreSQL | ~1% | 50MB | 5-15% | 300MB | -| Redis | <1% | 10MB | 2-5% | 50MB | -| Sandbox Executor | <1% | 30MB | varies | 512MB | -| Frontend | <1% | 50MB | 5-10% | 200MB | - -## License - -This project follows the original Open WebUI license. - -## Related Projects - -- [Open WebUI](https://github.com/open-webui/open-webui) - Original Python implementation -- [Open WebUI Rust](https://github.com/knoxchat/open-webui-rust) - Official Rust backend repository - -## Support - -For issues and questions: - -- [Open WebUI Rust Issues](https://github.com/knoxchat/open-webui-rust/issues) -- [Open WebUI Documentation](https://docs.openwebui.com/) diff --git a/src/open-webui-rust/README.zh.md b/src/open-webui-rust/README.zh.md deleted file mode 100644 index 2111bfe..0000000 --- a/src/open-webui-rust/README.zh.md +++ /dev/null @@ -1,345 +0,0 @@ -# Open WebUI Rust - -基于 Rust 的高性能 Open WebUI 实现,具有原生异步运行时和优化的资源效率。 - -## 概述 - -Open WebUI Rust 是 Open WebUI 后端的完整 Rust 重写版本,提供: - -- **10-50 倍更快的响应时间**:API 端点性能显著提升 -- **70% 更低的内存使用**:负载下内存占用大幅降低 -- **原生并发**:基于 Tokio 的异步运行时 -- **类型安全**:防止整类运行时错误 -- **零拷贝流式传输**:聊天补全高效传输 -- **生产就绪**:全面的错误处理机制 - -此部署包含: - -- **Rust 后端**:高性能 API 服务器,支持 WebSocket -- **PostgreSQL**:数据持久化的主数据库 -- **Redis**:缓存和 WebSocket 会话管理 -- **Sandbox Executor**:安全的代码执行环境,具有 Docker 隔离 -- **Frontend**:基于 SvelteKit 的用户界面,配备 Nginx 反向代理 - -## 特性 - -- ✅ **完全兼容** Open WebUI Python 后端的 API -- ✅ **原生 WebSocket/Socket.IO** 使用 Rust 实现 -- ✅ **安全的代码执行**:通过隔离的 Docker 容器 -- ✅ **多语言支持**:Python、JavaScript、Shell、Rust -- ✅ **RAG 和嵌入**:集成向量数据库 -- ✅ **身份验证和授权**:JWT 令牌 -- ✅ **速率限制和安全**:内置保护机制 -- ✅ **全面的日志记录**:用于调试和监控 - -## 前置要求 - -- Docker 20.10+ -- Docker Compose 2.0+ -- 4GB+ 可用内存 -- 访问 Docker 套接字(用于沙箱执行) - -## 快速开始 - -### 1. 创建 `.env` 文件 - -```bash -cp .env.example .env -``` - -编辑 `.env` 并设置必需的变量: - -```bash -# 重要:生成一个安全的密钥(至少 32 个字符) -WEBUI_SECRET_KEY=$(uuidgen | tr '[:upper:]' '[:lower:]' | tr -d '-') - -# 可选:配置 OpenAI API -OPENAI_API_KEY=sk-your-api-key -OPENAI_API_BASE_URL=https://api.openai.com/v1 -``` - -### 2. 启动服务 - -```bash -docker compose up -d -``` - -### 3. 访问应用程序 - -- **前端界面**: -- **Rust 后端 API**: -- **Sandbox Executor**: - -### 4. 初始设置 - -1. 打开 -2. 创建管理员账户(第一个用户成为管理员) -3. 在设置中配置您的 AI 模型 - -## 架构 - -```text -┌─────────────┐ -│ Frontend │ :3000 -│ (SvelteKit) │ -└──────┬──────┘ - │ - ↓ -┌─────────────┐ ┌──────────────┐ -│Rust Backend │────→│ PostgreSQL │ :5432 -│ (API) │ │ (Database) │ -└──────┬──────┘ └──────────────┘ - │ - ├───────────→┌──────────────┐ - │ │ Redis │ :6379 - │ │ (Cache) │ - │ └──────────────┘ - │ - └───────────→┌──────────────┐ - │ Sandbox │ :8090 - │ Executor │ - └──────────────┘ -``` - -## 配置 - -### 核心环境变量 - -| 变量 | 默认值 | 描述 | -| ---------------------------- | --------------------- | -------------------------------- | -| `WEBUI_SECRET_KEY` | (必需) | JWT 令牌的密钥(至少 32 个字符) | -| `POSTGRES_PASSWORD` | `open_webui_password` | PostgreSQL 密码 | -| `FRONTEND_PORT_OVERRIDE` | `3000` | 前端访问端口 | -| `RUST_BACKEND_PORT_OVERRIDE` | `8080` | 后端 API 端口 | -| `TZ` | `UTC` | 时区设置 | - -### 功能开关 - -| 变量 | 默认值 | 描述 | -| ------------------------- | ------- | ---------------- | -| `ENABLE_CODE_EXECUTION` | `true` | 启用安全代码执行 | -| `ENABLE_CODE_INTERPRETER` | `true` | 启用代码解释器 | -| `ENABLE_IMAGE_GENERATION` | `false` | 启用图像生成 | -| `ENABLE_WEB_SEARCH` | `false` | 启用网络搜索 | -| `ENABLE_SIGNUP` | `true` | 允许新用户注册 | - -### 资源限制 - -每个服务都有可配置的 CPU 和内存限制: - -```bash -# Rust 后端 -RUST_BACKEND_CPU_LIMIT=2 -RUST_BACKEND_MEMORY_LIMIT=2G - -# PostgreSQL -POSTGRES_CPU_LIMIT=1 -POSTGRES_MEMORY_LIMIT=1G - -# Sandbox Executor -SANDBOX_EXECUTOR_CPU_LIMIT=2 -SANDBOX_EXECUTOR_MEMORY_LIMIT=2G -``` - -### 沙箱安全 - -配置沙箱执行限制: - -```bash -SANDBOX_MAX_EXECUTION_TIME=60 # 最大执行时间(秒) -SANDBOX_MAX_MEMORY_MB=512 # 每次执行的最大内存 -SANDBOX_MAX_CONCURRENT_EXECUTIONS=10 # 最大并行执行数 -SANDBOX_NETWORK_MODE=none # 禁用网络访问 -``` - -## 使用示例 - -### 基础聊天 - -```bash -curl -X POST http://localhost:8080/api/chat/completions \ - -H "Authorization: Bearer YOUR_API_KEY" \ - -H "Content-Type: application/json" \ - -d '{ - "model": "gpt-3.5-turbo", - "messages": [{"role": "user", "content": "你好!"}] - }' -``` - -### 代码执行 - -```bash -curl -X POST http://localhost:8090/api/v1/execute \ - -H "Content-Type: application/json" \ - -d '{ - "language": "python", - "code": "print(\"Hello from sandbox!\")" - }' -``` - -## 监控 - -### 查看日志 - -```bash -# 所有服务 -docker compose logs -f - -# 特定服务 -docker compose logs -f rust-backend -docker compose logs -f sandbox-executor -``` - -### 检查服务健康状态 - -```bash -# Rust 后端 -curl http://localhost:8080/health - -# Sandbox Executor -curl http://localhost:8090/api/v1/health - -# PostgreSQL -docker compose exec postgres pg_isready -``` - -### 资源使用情况 - -```bash -docker stats -``` - -## 维护 - -### 备份数据库 - -```bash -docker compose exec postgres pg_dump -U open_webui open_webui > backup.sql -``` - -### 恢复数据库 - -```bash -cat backup.sql | docker compose exec -T postgres psql -U open_webui open_webui -``` - -### 更新服务 - -```bash -docker compose pull -docker compose up -d -``` - -### 清理重置 - -```bash -# 停止并删除所有数据 -docker compose down -v - -# 全新启动 -docker compose up -d -``` - -## 故障排除 - -### 无法连接到服务 - -检查所有容器是否健康: - -```bash -docker compose ps -``` - -### JWT 令牌错误 - -确保 `WEBUI_SECRET_KEY` 已设置并在重启后保持一致。 - -### 代码执行失败 - -1. 验证 Docker 套接字是否可访问 -2. 检查 sandbox executor 日志:`docker compose logs sandbox-executor` -3. 确保运行时镜像可用:`docker images | grep sandbox-runtime` - -### 内存使用过高 - -在 `.env` 中调整资源限制: - -```bash -RUST_BACKEND_MEMORY_LIMIT=1G -SANDBOX_EXECUTOR_MEMORY_LIMIT=1G -``` - -## 安全注意事项 - -### 生产部署 - -1. **更改默认密码** - - ```bash - POSTGRES_PASSWORD=$(openssl rand -base64 32) - WEBUI_SECRET_KEY=$(openssl rand -base64 48) - ``` - -2. **限制网络访问** - - ```bash - CORS_ALLOW_ORIGIN=https://yourdomain.com - ``` - -3. **初始设置后禁用注册** - - ```bash - ENABLE_SIGNUP=false - ``` - -4. **使用反向代理启用 HTTPS**(nginx、Traefik、Caddy) - -5. **限制沙箱资源** - - ```bash - SANDBOX_MAX_EXECUTION_TIME=30 - SANDBOX_MAX_MEMORY_MB=256 - SANDBOX_NETWORK_MODE=none - ``` - -### Docker 套接字访问 - -Sandbox Executor 需要访问 Docker 套接字(`/var/run/docker.sock`)以实现容器隔离。这是一个特权操作,应该: - -- 仅在受信任的环境中使用 -- 通过适当的网络隔离进行保护 -- 监控可疑活动 - -考虑使用以下替代方案: - -- Docker-in-Docker(DinD)以获得更好的隔离 -- 带有 Pod 安全策略的 Kubernetes -- 在单独节点上的专用沙箱服务 - -## 性能 - -典型资源使用情况: - -| 服务 | CPU(空闲) | 内存(空闲) | CPU(负载) | 内存(负载) | -| ---------------- | ----------- | ------------ | ----------- | ------------ | -| Rust Backend | ~1% | 50MB | 10-30% | 200MB | -| PostgreSQL | ~1% | 50MB | 5-15% | 300MB | -| Redis | <1% | 10MB | 2-5% | 50MB | -| Sandbox Executor | <1% | 30MB | 变化 | 512MB | -| Frontend | <1% | 50MB | 5-10% | 200MB | - -## 许可证 - -本项目遵循原 Open WebUI 的许可证。 - -## 相关项目 - -- [Open WebUI](https://github.com/open-webui/open-webui) - 原始 Python 实现 -- [Open WebUI Rust](https://github.com/knoxchat/open-webui-rust) - 官方 Rust 后端仓库 - -## 支持 - -问题和疑问: - -- [Open WebUI Rust Issues](https://github.com/knoxchat/open-webui-rust/issues) -- [Open WebUI 文档](https://docs.openwebui.com/) diff --git a/src/open-webui-rust/docker-compose.yaml b/src/open-webui-rust/docker-compose.yaml deleted file mode 100644 index 80d892a..0000000 --- a/src/open-webui-rust/docker-compose.yaml +++ /dev/null @@ -1,310 +0,0 @@ -x-defaults: &defaults - restart: unless-stopped - logging: - driver: json-file - options: - max-size: 100m - max-file: "3" - -services: - # PostgreSQL Database - postgres: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}postgres:${POSTGRES_VERSION:-16-alpine} - environment: - POSTGRES_DB: ${POSTGRES_DB:-open_webui} - POSTGRES_USER: ${POSTGRES_USER:-open_webui} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-open_webui_password} - POSTGRES_INITDB_ARGS: "-E UTF8" - TZ: ${TZ:-UTC} - volumes: - - postgres_data:/var/lib/postgresql/data - ports: - - "${POSTGRES_PORT_OVERRIDE:-5432}:5432" - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-open_webui}"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 10s - deploy: - resources: - limits: - cpus: ${POSTGRES_CPU_LIMIT:-1} - memory: ${POSTGRES_MEMORY_LIMIT:-1G} - reservations: - cpus: ${POSTGRES_CPU_RESERVATION:-0.25} - memory: ${POSTGRES_MEMORY_RESERVATION:-256M} - networks: - - open-webui-network - - # Redis for caching and WebSocket management - redis: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}redis:${REDIS_VERSION:-7-alpine} - command: redis-server --appendonly yes - environment: - TZ: ${TZ:-UTC} - volumes: - - redis_data:/data - ports: - - "${REDIS_PORT_OVERRIDE:-6379}:6379" - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 10s - timeout: 5s - retries: 5 - start_period: 10s - deploy: - resources: - limits: - cpus: ${REDIS_CPU_LIMIT:-0.5} - memory: ${REDIS_MEMORY_LIMIT:-512M} - reservations: - cpus: ${REDIS_CPU_RESERVATION:-0.1} - memory: ${REDIS_MEMORY_RESERVATION:-128M} - networks: - - open-webui-network - - # Rust Backend - rust-backend: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/open-webui-rust-backend:${RUST_BACKEND_VERSION:-latest} - environment: - # Server - HOST: 0.0.0.0 - PORT: 8080 - ENV: ${ENV:-prod} - WEBUI_SECRET_KEY: ${WEBUI_SECRET_KEY} - TZ: ${TZ:-UTC} - - # Database - DATABASE_URL: postgresql://${POSTGRES_USER:-open_webui}:${POSTGRES_PASSWORD:-open_webui_password}@postgres:5432/${POSTGRES_DB:-open_webui} - DATABASE_POOL_SIZE: ${DATABASE_POOL_SIZE:-20} - DATABASE_POOL_MAX_OVERFLOW: ${DATABASE_POOL_MAX_OVERFLOW:-10} - DATABASE_POOL_TIMEOUT: ${DATABASE_POOL_TIMEOUT:-30} - DATABASE_POOL_RECYCLE: ${DATABASE_POOL_RECYCLE:-1800} - - # Redis - ENABLE_REDIS: ${ENABLE_REDIS:-true} - REDIS_URL: redis://redis:6379 - - # Authentication - JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-30d} - ENABLE_SIGNUP: ${ENABLE_SIGNUP:-true} - ENABLE_LOGIN_FORM: ${ENABLE_LOGIN_FORM:-true} - ENABLE_API_KEY: ${ENABLE_API_KEY:-true} - DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-user} - SHOW_ADMIN_DETAILS: ${SHOW_ADMIN_DETAILS:-true} - WEBUI_URL: ${WEBUI_URL:-http://localhost:3000} - - # CORS - CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-*} - - # WebSocket/Socket.IO (Native Rust Implementation) - ENABLE_SOCKETIO: ${ENABLE_SOCKETIO:-true} - ENABLE_WEBSOCKET_SUPPORT: ${ENABLE_WEBSOCKET_SUPPORT:-true} - WEBSOCKET_MANAGER: ${WEBSOCKET_MANAGER:-redis} - WEBSOCKET_REDIS_URL: redis://redis:6379 - - # Features - ENABLE_OPENAI_API: ${ENABLE_OPENAI_API:-true} - ENABLE_CHANNELS: ${ENABLE_CHANNELS:-true} - ENABLE_IMAGE_GENERATION: ${ENABLE_IMAGE_GENERATION:-false} - ENABLE_CODE_EXECUTION: ${ENABLE_CODE_EXECUTION:-true} - CODE_EXECUTION_SANDBOX_URL: http://sandbox-executor:8090 - ENABLE_CODE_INTERPRETER: ${ENABLE_CODE_INTERPRETER:-true} - CODE_INTERPRETER_SANDBOX_URL: http://sandbox-executor:8090 - ENABLE_WEB_SEARCH: ${ENABLE_WEB_SEARCH:-false} - ENABLE_ADMIN_CHAT_ACCESS: ${ENABLE_ADMIN_CHAT_ACCESS:-true} - ENABLE_ADMIN_EXPORT: ${ENABLE_ADMIN_EXPORT:-true} - ENABLE_NOTES: ${ENABLE_NOTES:-true} - ENABLE_COMMUNITY_SHARING: ${ENABLE_COMMUNITY_SHARING:-true} - ENABLE_MESSAGE_RATING: ${ENABLE_MESSAGE_RATING:-true} - - # Storage - UPLOAD_DIR: /app/data/uploads - CACHE_DIR: /app/data/cache - STATIC_DIR: /app/static - - # Logging - GLOBAL_LOG_LEVEL: ${GLOBAL_LOG_LEVEL:-info} - RUST_LOG: ${RUST_LOG:-info} - - # OpenAI - OPENAI_API_BASE_URL: ${OPENAI_API_BASE_URL:-} - OPENAI_API_KEY: ${OPENAI_API_KEY:-} - - volumes: - - rust_backend_data:/app/data - ports: - - "${RUST_BACKEND_PORT_OVERRIDE:-8080}:8080" - depends_on: - postgres: - condition: service_healthy - redis: - condition: service_healthy - sandbox-executor: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:8080/health || exit 1"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 40s - deploy: - resources: - limits: - cpus: ${RUST_BACKEND_CPU_LIMIT:-2} - memory: ${RUST_BACKEND_MEMORY_LIMIT:-2G} - reservations: - cpus: ${RUST_BACKEND_CPU_RESERVATION:-0.5} - memory: ${RUST_BACKEND_MEMORY_RESERVATION:-512M} - networks: - - open-webui-network - - # Sandbox Runtime - sandbox-runtime: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/sandbox-runtime:${SANDBOX_RUNTIME_VERSION:-latest} - command: /bin/true - environment: - TZ: ${TZ:-UTC} - networks: - - open-webui-network - - # Sandbox Executor Service - sandbox-executor: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/sandbox-executor:${SANDBOX_EXECUTOR_VERSION:-latest} - user: root - ports: - - "${SANDBOX_EXECUTOR_PORT_OVERRIDE:-8090}:8090" - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - sandbox_logs:/var/log/sandbox-executor - environment: - SANDBOX_HOST: 0.0.0.0 - SANDBOX_PORT: 8090 - DOCKER_HOST: unix:///var/run/docker.sock - MAX_EXECUTION_TIME: ${SANDBOX_MAX_EXECUTION_TIME:-60} - MAX_MEMORY_MB: ${SANDBOX_MAX_MEMORY_MB:-512} - MAX_CPU_QUOTA: ${SANDBOX_MAX_CPU_QUOTA:-100000} - MAX_DISK_MB: ${SANDBOX_MAX_DISK_MB:-100} - MAX_CONCURRENT_EXECUTIONS: ${SANDBOX_MAX_CONCURRENT_EXECUTIONS:-10} - RATE_LIMIT_PER_MINUTE: ${SANDBOX_RATE_LIMIT_PER_MINUTE:-30} - RATE_LIMIT_BURST: ${SANDBOX_RATE_LIMIT_BURST:-10} - CONTAINER_IMAGE: public.ecr.aws/o3p7x2f5/knoxchat/sandbox-runtime:latest - NETWORK_MODE: ${SANDBOX_NETWORK_MODE:-none} - READ_ONLY_ROOT: ${SANDBOX_READ_ONLY_ROOT:-false} - DROP_ALL_CAPABILITIES: ${SANDBOX_DROP_ALL_CAPABILITIES:-true} - ENABLE_STREAMING: ${SANDBOX_ENABLE_STREAMING:-true} - KEEP_CONTAINERS: ${SANDBOX_KEEP_CONTAINERS:-false} - ENABLE_PYTHON: ${SANDBOX_ENABLE_PYTHON:-true} - ENABLE_JAVASCRIPT: ${SANDBOX_ENABLE_JAVASCRIPT:-true} - ENABLE_SHELL: ${SANDBOX_ENABLE_SHELL:-true} - ENABLE_RUST: ${SANDBOX_ENABLE_RUST:-true} - ENABLE_AUDIT_LOG: ${SANDBOX_ENABLE_AUDIT_LOG:-true} - AUDIT_LOG_PATH: /var/log/sandbox-executor/audit.log - TZ: ${TZ:-UTC} - depends_on: - - sandbox-runtime - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8090/api/v1/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 10s - deploy: - resources: - limits: - cpus: ${SANDBOX_EXECUTOR_CPU_LIMIT:-2} - memory: ${SANDBOX_EXECUTOR_MEMORY_LIMIT:-2G} - reservations: - cpus: ${SANDBOX_EXECUTOR_CPU_RESERVATION:-0.25} - memory: ${SANDBOX_EXECUTOR_MEMORY_RESERVATION:-256M} - networks: - - open-webui-network - - # Frontend (SvelteKit) - frontend: - <<: *defaults - image: ${GLOBAL_REGISTRY:-}public.ecr.aws/o3p7x2f5/knoxchat/open-webui-frontend:${FRONTEND_VERSION:-latest} - environment: - # Backend URLs (Socket.IO now served by Rust backend) - BACKEND_URL: http://rust-backend:8080 - SANDBOX_EXECUTOR_URL: http://sandbox-executor:8090 - - # Server - ENV: ${ENV:-prod} - PORT: 8080 - WEBUI_SECRET_KEY: ${WEBUI_SECRET_KEY} - TZ: ${TZ:-UTC} - - # Database - DATABASE_URL: postgresql://${POSTGRES_USER:-open_webui}:${POSTGRES_PASSWORD:-open_webui_password}@postgres:5432/${POSTGRES_DB:-open_webui} - - # OpenAI - OPENAI_API_BASE_URL: ${OPENAI_API_BASE_URL:-} - OPENAI_API_KEY: ${OPENAI_API_KEY:-} - - # RAG & Embeddings - RAG_EMBEDDING_MODEL: ${RAG_EMBEDDING_MODEL:-sentence-transformers/all-MiniLM-L6-v2} - RAG_RERANKING_MODEL: ${RAG_RERANKING_MODEL:-} - RAG_EMBEDDING_MODEL_AUTO_UPDATE: ${RAG_EMBEDDING_MODEL_AUTO_UPDATE:-false} - - # Whisper - WHISPER_MODEL: ${WHISPER_MODEL:-base} - - # Redis - REDIS_URL: redis://redis:6379 - - # Features - ENABLE_RAG_WEB_SEARCH: ${ENABLE_RAG_WEB_SEARCH:-false} - ENABLE_RAG_HYBRID_SEARCH: ${ENABLE_RAG_HYBRID_SEARCH:-false} - ENABLE_IMAGE_GENERATION: ${ENABLE_IMAGE_GENERATION:-false} - - # Analytics - SCARF_NO_ANALYTICS: ${SCARF_NO_ANALYTICS:-true} - DO_NOT_TRACK: ${DO_NOT_TRACK:-true} - - volumes: - - frontend_data:/app/backend/data - ports: - - "${FRONTEND_PORT_OVERRIDE:-3000}:8080" - depends_on: - rust-backend: - condition: service_healthy - postgres: - condition: service_healthy - redis: - condition: service_healthy - sandbox-executor: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:8080/health || exit 1"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 60s - deploy: - resources: - limits: - cpus: ${FRONTEND_CPU_LIMIT:-1} - memory: ${FRONTEND_MEMORY_LIMIT:-1G} - reservations: - cpus: ${FRONTEND_CPU_RESERVATION:-0.25} - memory: ${FRONTEND_MEMORY_RESERVATION:-256M} - networks: - - open-webui-network - -volumes: - postgres_data: - redis_data: - rust_backend_data: - sandbox_logs: - frontend_data: - -networks: - open-webui-network: - driver: bridge