-
Notifications
You must be signed in to change notification settings - Fork 7k
Expand file tree
/
Copy pathdocker-compose.zilliz.yml
More file actions
442 lines (418 loc) · 15.6 KB
/
docker-compose.zilliz.yml
File metadata and controls
442 lines (418 loc) · 15.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
# 用于部署的 docker-compose 文件:
# - FastGPT 端口映射为 3000:3000
# - FastGPT-mcp-server 端口映射 3005:3000
# - 建议修改账密后再运行
# root 默认密码(重启后会强制重置该密码成环境变量值)
x-default-root-psw: &x-default-root-psw '1234'
# 系统最高密钥凭证
x-system-key: &x-system-key 'fastgpt-xxx'
# plugin auth token
x-plugin-auth-token: &x-plugin-auth-token 'token'
# code sandbox token
x-code-sandbox-token: &x-code-sandbox-token 'codesandbox'
# volume manager auth token
x-volume-manager-auth-token: &x-volume-manager-auth-token 'vmtoken'
# aiproxy token
x-aiproxy-token: &x-aiproxy-token 'token'
# 数据库连接相关配置
x-share-db-config: &x-share-db-config
MONGODB_URI: mongodb://myusername:mypassword@mongo:27017/fastgpt?authSource=admin
DB_MAX_LINK: 100
REDIS_URL: redis://default:mypassword@redis:6379
# @see https://doc.fastgpt.cn/docs/self-host/config/object-storage
STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss
STORAGE_REGION: us-east-1
STORAGE_ACCESS_KEY_ID: minioadmin
STORAGE_SECRET_ACCESS_KEY: minioadmin
STORAGE_PUBLIC_BUCKET: fastgpt-public
STORAGE_PRIVATE_BUCKET: fastgpt-private
STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用)
STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口
STORAGE_S3_FORCE_PATH_STYLE: true
STORAGE_S3_MAX_RETRIES: 3
# Log 配置
x-log-config: &x-log-config
LOG_ENABLE_CONSOLE: true
LOG_CONSOLE_LEVEL: debug
LOG_ENABLE_OTEL: false
LOG_OTEL_LEVEL: info
LOG_OTEL_URL: http://localhost:4318/v1/logs
# 向量库相关配置
x-vec-config: &x-vec-config
MILVUS_ADDRESS: zilliz_cloud_address
MILVUS_TOKEN: zilliz_cloud_token
services:
# Vector DB
mongo:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29
container_name: mongo
restart: always
networks:
- fastgpt
command: mongod --keyFile /data/mongodb.key --replSet rs0
environment:
- MONGO_INITDB_ROOT_USERNAME=myusername
- MONGO_INITDB_ROOT_PASSWORD=mypassword
volumes:
- fastgpt-mongo:/data/db
healthcheck:
test: ['CMD', 'mongo', '-u', 'myusername', '-p', 'mypassword', '--authenticationDatabase', 'admin', '--eval', "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
entrypoint:
- bash
- -c
- |
openssl rand -base64 128 > /data/mongodb.key
chmod 400 /data/mongodb.key
chown 999:999 /data/mongodb.key
echo 'const isInited = rs.status().ok === 1
if(!isInited){
rs.initiate({
_id: "rs0",
members: [
{ _id: 0, host: "mongo:27017" }
]
})
}' > /data/initReplicaSet.js
# 启动MongoDB服务
exec docker-entrypoint.sh "$$@" &
# 等待MongoDB服务启动
until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do
echo "Waiting for MongoDB to start..."
sleep 2
done
# 执行初始化副本集的脚本
mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js
# 等待docker-entrypoint.sh脚本执行的MongoDB服务进程
wait $$!
redis:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine
container_name: redis
networks:
- fastgpt
restart: always
command: |
redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction
healthcheck:
test: ['CMD', 'redis-cli', '-a', 'mypassword', 'ping']
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
volumes:
- fastgpt-redis:/data
fastgpt-minio:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z
container_name: fastgpt-minio
restart: always
ports:
- 9000:9000
- 9001:9001
networks:
- fastgpt
environment:
- MINIO_ROOT_USER=minioadmin
- MINIO_ROOT_PASSWORD=minioadmin
volumes:
- fastgpt-minio:/data
command: server /data --console-address ":9001"
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live']
interval: 30s
timeout: 20s
retries: 3
fastgpt-app:
container_name: fastgpt-app
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.14.10.1
ports:
- 3000:3000
networks:
- fastgpt
depends_on:
- mongo
- code-sandbox
- vectorDB
restart: always
environment:
<<: [*x-share-db-config, *x-vec-config, *x-log-config]
# ==================== 基础配置 ====================
# 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。
FE_DOMAIN: http://localhost:3000
# root key(最高权限)
ROOT_KEY: *x-system-key
# root 密码,用户名为: root。如果需要修改 root 密码,直接修改这个环境变量,并重启即可。
DEFAULT_ROOT_PSW: *x-default-root-psw
# 数据库最大连接数
DB_MAX_LINK: 5
# 自动同步索引(0 表示不同步)
SYNC_INDEX: 1
TOKEN_KEY: fastgpt
# 文件阅读时的密钥
FILE_TOKEN_KEY: filetokenkey
# 密钥加密 key
AES256_SECRET_KEY: fastgptsecret
# 强制将图片转成 base64 传递给模型
MULTIPLE_DATA_TO_BASE64: true
# ==================== 服务地址与集成 ====================
# plugin 地址
PLUGIN_BASE_URL: http://fastgpt-plugin:3000
PLUGIN_TOKEN: *x-plugin-auth-token
# code-sandbox 地址
CODE_SANDBOX_URL: http://code-sandbox:3000
CODE_SANDBOX_TOKEN: *x-code-sandbox-token
# AI Proxy 的地址,如果配了该地址,优先使用
AIPROXY_API_ENDPOINT: http://aiproxy:3000
# AI Proxy 的 Admin Token,与 AI Proxy 中的环境变量 ADMIN_KEY
AIPROXY_API_TOKEN: *x-aiproxy-token
# ==================== Agent sandbox 配置 ====================
AGENT_SANDBOX_PROVIDER: opensandbox
# OpenSandbox 配置(PROVIDER: opensandbox 时生效)
AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090
AGENT_SANDBOX_OPENSANDBOX_API_KEY:
AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker
AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox
AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.1
# Volume 持久化配置(opensandbox provider 下可选)
AGENT_SANDBOX_ENABLE_VOLUME: true
AGENT_SANDBOX_VOLUME_MANAGER_URL: http://volume-manager:3000
AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token
# ==================== 日志与监控 ====================
# 传递给 OTLP 收集器的服务名称
LOG_OTEL_SERVICE_NAME: fastgpt-client
# ==================== 安全与运行限制 ====================
# 启动 IP 限流(true);部分接口启用 IP 限流策略以防止异常请求
USE_IP_LIMIT: false
# 工作流最大运行次数,避免极端死循环
WORKFLOW_MAX_RUN_TIMES: 1000
# 循环最大运行次数,避免极端死循环
WORKFLOW_MAX_LOOP_TIMES: 100
# 服务器接收请求的最大大小(MB)
SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
# 启用内网 IP 检查
CHECK_INTERNAL_IP: false
# ==================== 上传与账号策略 ====================
# 最大上传文件大小(MB)
UPLOAD_FILE_MAX_SIZE: 1000
# 最大上传文件数量
UPLOAD_FILE_MAX_AMOUNT: 1000
# LLM 请求追踪保留时长(小时)
LLM_REQUEST_TRACKING_RETENTION_HOURS: 6
# ==================== 功能开关与特殊配置 ====================
# 自定义跨域;不配置时默认允许所有跨域(逗号分割)
ALLOWED_ORIGINS:
# HTML 转 Markdown 最大字符数(超过后不执行转换)
MAX_HTML_TRANSFORM_CHARS: 1000000
volumes:
- ./config.json:/app/data/config.json
code-sandbox:
container_name: code-sandbox
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.14.10
networks:
- fastgpt
restart: always
environment:
<<: [*x-log-config]
LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox
SANDBOX_TOKEN: *x-code-sandbox-token
# ===== Resource Limits =====
# Execution timeout per request (ms)
SANDBOX_MAX_TIMEOUT: 60000
# Maximum allowed memory per user code execution (MB)
# Note: System automatically adds 50MB for runtime overhead
# Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB
SANDBOX_MAX_MEMORY_MB: 256
# ===== Process Pool =====
# Number of pre-warmed worker processes (JS + Python)
SANDBOX_POOL_SIZE: 20
# ===== Network Request Limits =====
# Whether to check if the request is to a private network
CHECK_INTERNAL_IP: false
# Maximum number of HTTP requests per execution
SANDBOX_REQUEST_MAX_COUNT: 30
# Timeout for each outbound HTTP request (ms)
SANDBOX_REQUEST_TIMEOUT: 60000
# Maximum response body size for outbound requests
SANDBOX_REQUEST_MAX_RESPONSE_MB: 10
# Maximum request body size for outbound requests (MB)
SANDBOX_REQUEST_MAX_BODY_MB: 5
# ===== Module Control =====
# JS allowed modules whitelist (comma-separated)
SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring
# Python allowed modules whitelist (comma-separated)
SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
interval: 30s
timeout: 20s
retries: 3
fastgpt-mcp-server:
container_name: fastgpt-mcp-server
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.14.10
networks:
- fastgpt
ports:
- 3005:3000
restart: always
environment:
<<: [*x-log-config]
FASTGPT_ENDPOINT: http://fastgpt-app:3000
fastgpt-plugin:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v0.5.6
container_name: fastgpt-plugin
restart: always
networks:
- fastgpt
environment:
<<: [*x-share-db-config, *x-log-config]
AUTH_TOKEN: *x-plugin-auth-token
# 工具网络请求,最大请求和响应体
SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10
# 最大 API 请求体大小
MAX_API_SIZE: 10
# 传递给 OTLP 收集器的服务名称
LOG_OTEL_SERVICE_NAME: fastgpt-plugin
depends_on:
fastgpt-minio:
condition: service_healthy
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:3000/health']
interval: 30s
timeout: 20s
retries: 3
# 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除
# runtime=docker 模式需要挂载 Docker socket
# 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用)
opensandbox-server:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9
container_name: opensandbox-server
restart: always
networks:
- fastgpt
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载
configs:
- source: opensandbox-config
target: /etc/opensandbox/config.toml
environment:
SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:8090/health']
interval: 10s
timeout: 5s
retries: 5
# 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC
volume-manager:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.1
container_name: volume-manager
restart: always
networks:
- fastgpt
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker 模式必须挂载(只读即可)
environment:
PORT: 3000
VM_RUNTIME: docker
VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN
VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀
VM_LOG_LEVEL: info
VM_DOCKER_API_VERSION: v1.44
healthcheck:
test:
[
'CMD',
'bun',
'-e',
"fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })"
]
interval: 10s
timeout: 5s
retries: 5
# Pre-pull only: not started by `docker compose up` (uses profile `prepull`).
agent-sandbox-image:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.1
profiles:
- prepull
# AI Proxy
aiproxy:
image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.3.5
container_name: aiproxy
restart: unless-stopped
depends_on:
aiproxy_pg:
condition: service_healthy
networks:
- fastgpt
- aiproxy
environment:
# 对应 fastgpt 里的AIPROXY_API_TOKEN
ADMIN_KEY: *x-aiproxy-token
# 错误日志详情保存时间(小时)
LOG_DETAIL_STORAGE_HOURS: 1
# 数据库连接地址
SQL_DSN: postgres://postgres:aiproxy@aiproxy_pg:5432/aiproxy
# 最大重试次数
RETRY_TIMES: 3
# 不需要计费
BILLING_ENABLED: false
# 不需要严格检测模型
DISABLE_MODEL_CONFIG: true
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:3000/api/status']
interval: 5s
timeout: 5s
retries: 10
aiproxy_pg:
image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub
restart: unless-stopped
container_name: aiproxy_pg
volumes:
- fastgpt-aiproxy_pg:/var/lib/postgresql/data
networks:
- aiproxy
environment:
TZ: Asia/Shanghai
POSTGRES_USER: postgres
POSTGRES_DB: aiproxy
POSTGRES_PASSWORD: aiproxy
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres', '-d', 'aiproxy']
interval: 5s
timeout: 5s
retries: 10
networks:
fastgpt:
aiproxy:
vector:
volumes:
fastgpt-pg:
fastgpt-mongo:
fastgpt-redis:
fastgpt-minio:
fastgpt-milvus-minio:
fastgpt-milvus-etcd:
fastgpt-milvus-data:
fastgpt-ob-data:
fastgpt-ob-config:
fastgpt-seekdb-data:
fastgpt-seekdb-config:
fastgpt-aiproxy_pg:
configs:
opensandbox-config:
content: |
[server]
host = "0.0.0.0"
port = 8090
log_level = "INFO"
[runtime]
type = "docker"
execd_image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/execd:v1.0.6"
[egress]
image = "sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.1"
[docker]
network_mode = "bridge"
# 容器内访问宿主机服务时需要设置为宿主机 IP 或 hostname
# macOS/Windows: host.docker.internal;Linux: 宿主机 LAN IP(如 192.168.1.100)
host_ip = "host.docker.internal"