diff --git a/.vscode/settings.json b/.vscode/settings.json index fbd765be6868..e318678700a6 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -46,6 +46,10 @@ "[typescriptreact]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, + "yaml.format.enable": false, + "[yaml]": { + "editor.formatOnSave": false + }, "mdx.server.enable": true, "markdown.copyFiles.overwriteBehavior": "nameIncrementally", "markdown.copyFiles.destination": { diff --git a/deploy/init.mjs b/deploy/init.mjs index d373326c074c..de43a4209c2b 100644 --- a/deploy/init.mjs +++ b/deploy/init.mjs @@ -112,7 +112,7 @@ const syncInstallScriptVersions = async (deployVersions) => { * `deploy/templates/vector/config.json` 维护向量库输出文件名、服务片段、连接配置 * 和额外 configs。版本模板只通过 `${{vec.*}}` 引用这些共享片段。 * - * @returns {Promise>} + * @returns {Promise>} */ const loadVectorConfigs = async () => { const vectorRoot = path.join(process.cwd(), 'templates', 'vector'); @@ -136,6 +136,16 @@ const loadVectorConfigs = async () => { config: await readOptionalFile(config.configFile), extra: await readOptionalFile(config.extraFile) }; + // 外部向量库(如 Zilliz)没有本地 fastgpt-vector 服务,不能注入 depends_on。 + vectors[name].depends = vectors[name].db.includes(' fastgpt-vector:') + ? ' fastgpt-vector:\n condition: service_healthy' + : ''; + vectors[name].extraConfig = vectors[name].extra + ? vectors[name].extra + .split('\n') + .map((line) => ` ${line}`) + .join('\n') + : ''; vectors[name].extraBlock = vectors[name].extra ? `configs:\n ${vectors[name].extra}` : ''; } @@ -175,18 +185,20 @@ const loadArgs = (version) => { }; /** - * replace all ${{}} + * 替换模板中的占位符。 + * + * YAML 块占位符应写成独立注释行(如 `# ${{vec.db}}`),这样模板文件本身 + * 仍能按 YAML 解析;普通镜像/tag 变量仍可写在行内。 + * * @param {string} source * @param {RegionEnum} region * @param {string | undefined} vec * @param {Record} args - * @param {Record} vectors + * @param {Record} vectors * @returns {string} */ const replace = (source, region, vec, args, vectors) => { - // Match ${{expr}}, capture "expr" inside {{}} - return source.replace(/\$\{\{([^}]*)\}\}/g, (_, expr) => { - // expr: a.b + const resolveExpr = (expr) => { /** * @type {String} */ @@ -208,7 +220,14 @@ const replace = (source, region, vec, args, vectors) => { } else if (b === 'image') { return args[a].image[region]; } - }); + }; + + return source + .replace(/^[^\S\r\n]*#\s*\$\{\{([^}]*)\}\}[^\S\r\n]*(?:\r?\n|$)/gm, (_, expr) => { + const value = resolveExpr(expr); + return value ? `${value}\n` : ''; + }) + .replace(/\$\{\{([^}]*)\}\}/g, (_, expr) => resolveExpr(expr)); }; const formatYamlOutput = (source) => `${source.trimEnd()}\n`; diff --git a/deploy/templates/vector/milvus.txt b/deploy/templates/vector/milvus.txt index e81fa7dfdd37..33120ae272c9 100644 --- a/deploy/templates/vector/milvus.txt +++ b/deploy/templates/vector/milvus.txt @@ -44,6 +44,7 @@ MINIO_ADDRESS: fastgpt-milvus-minio:9000 networks: - data + - vector volumes: - fastgpt-milvus-data:/var/lib/milvus healthcheck: diff --git a/deploy/version/main/docker-compose.template.yml b/deploy/version/main/docker-compose.template.yml index 47b6ed1cfdaa..85ceffeffc48 100644 --- a/deploy/version/main/docker-compose.template.yml +++ b/deploy/version/main/docker-compose.template.yml @@ -44,11 +44,11 @@ x-no-proxy-config: &x-no-proxy-config # 向量库相关配置 x-vec-config: &x-vec-config -${{vec.config}} + # ${{vec.config}} services: # Vector DB -${{vec.db}} + # ${{vec.db}} fastgpt-mongo: image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -147,8 +147,7 @@ ${{vec.db}} depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy + # ${{vec.depends}} fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -348,6 +347,8 @@ ${{vec.db}} networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: @@ -369,4 +370,4 @@ volumes: fastgpt-seekdb-config: fastgpt-aiproxy_pg: -${{vec.extraBlock}} +# ${{vec.extraBlock}} diff --git a/deploy/version/v4.14/docker-compose.template.yml b/deploy/version/v4.14/docker-compose.template.yml index 87205c39ec10..88979850ecb1 100644 --- a/deploy/version/v4.14/docker-compose.template.yml +++ b/deploy/version/v4.14/docker-compose.template.yml @@ -46,11 +46,11 @@ x-no-proxy-config: &x-no-proxy-config # 向量库相关配置 x-vec-config: &x-vec-config -${{vec.config}} + # ${{vec.config}} services: # Vector DB -${{vec.db}} + # ${{vec.db}} fastgpt-mongo: image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -150,8 +150,7 @@ ${{vec.db}} depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy + # ${{vec.depends}} fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -425,6 +424,8 @@ ${{vec.db}} networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: @@ -473,4 +474,4 @@ configs: [ingress] mode = "direct" - ${{vec.extra}} + # ${{vec.extraConfig}} diff --git a/deploy/version/v4.15/args.json b/deploy/version/v4.15/args.json new file mode 100644 index 000000000000..bccc0503ff94 --- /dev/null +++ b/deploy/version/v4.15/args.json @@ -0,0 +1,74 @@ +{ + "tags": { + "fastgpt": "v4.15.0", + "fastgpt-code-sandbox": "v4.15.0", + "fastgpt-mcp_server": "v4.15.0", + "fastgpt-plugin": "v1.0.0-beta2", + "volume-manager": "v0.2.0", + "agent-sandbox-image": "v0.2.0", + "agent-sandbox-proxy": "v0.2.0-beta2", + "aiproxy": "v0.6.1", + + "opensandbox-server": "v0.1.9", + "opensandbox-execd": "v1.0.7", + "opensandbox-egress": "v1.0.3", + "aiproxy-pg": "0.8.0-pg15", + "mongo": "5.0.32", + "redis": "7.2-alpine", + "minio": "RELEASE.2025-09-07T16-13-09Z", + "pg": "0.8.0-pg15", + "milvus-minio": "RELEASE.2023-03-20T20-16-18Z", + "milvus-etcd": "v3.5.5", + "milvus-standalone": "v2.4.3", + "oceanbase": "4.3.5-lts", + "seekdb": "1.0.1.0-100000392025122619" + }, + "images": { + "cn": { + "fastgpt": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt", + "fastgpt-plugin": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin", + "fastgpt-code-sandbox": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox", + "fastgpt-mcp_server": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server", + "volume-manager": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager", + "agent-sandbox-image": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox", + "agent-sandbox-proxy": "registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy", + "opensandbox-server": "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server", + "opensandbox-execd": "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd", + "opensandbox-egress": "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress", + "aiproxy": "registry.cn-hangzhou.aliyuncs.com/labring/aiproxy", + "aiproxy-pg": "registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector", + "mongo": "registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo", + "redis": "registry.cn-hangzhou.aliyuncs.com/fastgpt/redis", + "minio": "registry.cn-hangzhou.aliyuncs.com/fastgpt/minio", + "pg": "registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector", + "milvus-minio": "minio/minio", + "milvus-etcd": "quay.io/coreos/etcd", + "milvus-standalone": "milvusdb/milvus", + "oceanbase": "oceanbase/oceanbase-ce", + "seekdb": "oceanbase/seekdb" + }, + "global": { + "fastgpt": "ghcr.io/labring/fastgpt", + "fastgpt-plugin": "ghcr.io/labring/fastgpt-plugin", + "fastgpt-code-sandbox": "ghcr.io/labring/fastgpt-code-sandbox", + "fastgpt-mcp_server": "ghcr.io/labring/fastgpt-mcp_server", + "volume-manager": "ghcr.io/labring/fastgpt-agent-volume-manager", + "agent-sandbox-image": "ghcr.io/labring/fastgpt-agent-sandbox", + "agent-sandbox-proxy": "ghcr.io/labring/fastgpt-agent-sandbox-proxy", + "opensandbox-server": "opensandbox/server", + "opensandbox-execd": "opensandbox/execd", + "opensandbox-egress": "opensandbox/egress", + "aiproxy": "ghcr.io/labring/aiproxy", + "aiproxy-pg": "pgvector/pgvector", + "mongo": "mongo", + "redis": "redis", + "minio": "minio/minio", + "pg": "pgvector/pgvector", + "milvus-minio": "minio/minio", + "milvus-etcd": "quay.io/coreos/etcd", + "milvus-standalone": "milvusdb/milvus", + "oceanbase": "oceanbase/oceanbase-ce", + "seekdb": "oceanbase/seekdb" + } + } +} diff --git a/deploy/version/v4.15/docker-compose.template.yml b/deploy/version/v4.15/docker-compose.template.yml new file mode 100644 index 000000000000..ab170b96785b --- /dev/null +++ b/deploy/version/v4.15/docker-compose.template.yml @@ -0,0 +1,604 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ${{agent-sandbox-image.image}} + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: ${{agent-sandbox-image.tag}} + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + # ${{vec.config}} + +services: + # ${{vec.db}} + fastgpt-mongo: + image: ${{mongo.image}}:${{mongo.tag}} # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: ${{redis.image}}:${{redis.tag}} + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: ${{minio.image}}:${{minio.tag}} + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ${{fastgpt.image}}:${{fastgpt.tag}} + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + # ${{vec.depends}} + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ${{fastgpt-code-sandbox.image}}:${{fastgpt-code-sandbox.tag}} + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ${{agent-sandbox-proxy.image}}:${{agent-sandbox-proxy.tag}} + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ${{fastgpt-mcp_server.image}}:${{fastgpt-mcp_server.tag}} + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ${{fastgpt-plugin.image}}:${{fastgpt-plugin.tag}} + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: ${{opensandbox-server.image}}:${{opensandbox-server.tag}} + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ${{agent-sandbox-image.image}}:${{agent-sandbox-image.tag}} + profiles: + - prepull + opensandbox-execd-image: + image: ${{opensandbox-execd.image}}:${{opensandbox-execd.tag}} + profiles: + - prepull + opensandbox-egress-image: + image: ${{opensandbox-egress.image}}:${{opensandbox-egress.tag}} + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ${{volume-manager.image}}:${{volume-manager.tag}} + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ${{aiproxy.image}}:${{aiproxy.tag}} + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: ${{aiproxy-pg.image}}:${{aiproxy-pg.tag}} # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "${{opensandbox-execd.image}}:${{opensandbox-execd.tag}}" + + [egress] + image = "${{opensandbox-egress.image}}:${{opensandbox-egress.tag}}" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" + # ${{vec.extraConfig}} diff --git a/document/content/self-host/deploy/docker.en.mdx b/document/content/self-host/deploy/docker.en.mdx index 6e6c690878e5..0ba2e1472b3a 100644 --- a/document/content/self-host/deploy/docker.en.mdx +++ b/document/content/self-host/deploy/docker.en.mdx @@ -1,5 +1,5 @@ --- -title: Deploy with Docker-compose +title: Deploy with Docker Compose description: Quickly deploy FastGPT using Docker Compose --- @@ -124,11 +124,30 @@ Run in Linux/MacOS/Windows WSL. The script guides you through selecting deployme bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) ``` +The script automatically: + +- Downloads or copies `docker-compose.yml`, and downloads `config.json`. +- Guides you through selecting externally accessible S3 and MCP addresses, then writes them into the config files. +- Generates a random `root` login password, service tokens, app keys, and component passwords, then writes them into `docker-compose.yml`. +- Detects the host Docker socket path and updates the mount path in `docker-compose.yml` when needed. + +After the script finishes, the terminal prints the generated `root` login password. Keep the generated `docker-compose.yml` safe. For future upgrades, start from this file so you do not lose the generated passwords and keys. + +To use an existing local `docker-compose.yml` file, for example when testing a version that has not been published to the docs site yet, choose `本地 docker-compose.yml` (local docker-compose.yml) in the deployment version step and enter the local file path. You can also pass the path with an environment variable: + +```bash +FASTGPT_LOCAL_COMPOSE_PATH=/path/to/docker-compose.yml bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) +``` + #### Method 2: Manual Download -If your environment is non-\*nix or can't access external networks, manually download `docker-compose.yml`. +If you need to pin deployment to a specific `docker-compose.yml` file, we recommend downloading both `docker-compose.yml` and `install.sh`, then using the script's local compose mode to generate the final config. This keeps the script's random credential generation, S3/MCP address updates, and Docker socket detection. + +1. Download the required `docker-compose.yml` file to the server, for example: -1. Download the `docker-compose.yml` file: +```bash +curl -fsSL https://doc.fastgpt.cn/deploy/docker/v4.14/cn/docker-compose.pg.yml -o docker-compose.source.yml +```
Click to view docker-compose config file download links for different databases @@ -149,15 +168,23 @@ If your environment is non-\*nix or can't access external networks, manually dow - China mirror (Alibaba Cloud): [docker-compose.seekdb.yml](https://doc.fastgpt.cn/deploy/docker/v4.14/cn/docker-compose.seekdb.yml) - Global mirror (dockerhub, ghcr): [docker-compose.seekdb.yml](https://doc.fastgpt.cn/deploy/docker/v4.14/global/docker-compose.seekdb.yml) -2. Download the `config.json` file: +
-- [config.json](https://doc.fastgpt.cn/deploy/config/config.json) +2. Download `install.sh` to the server: - +```bash +curl -fsSL https://doc.fastgpt.cn/deploy/install.sh -o install.sh +``` -Download config.json file: +3. Run `install.sh` with the local compose file to generate the final deployment config: -- [config.json](https://doc.fastgpt.cn/deploy/config/config.json) +```bash +FASTGPT_LOCAL_COMPOSE_PATH=./docker-compose.source.yml bash install.sh +``` + +The script copies this compose file to the final `docker-compose.yml`, then downloads `config.json`, generates login passwords and credentials, and writes the S3/MCP addresses. After generation, log in with the root password printed in the terminal. + +For a fully offline environment, prepare `docker-compose.yml`, `config.json`, and `install.sh` in advance. If the script cannot download `config.json`, manually update `DEFAULT_ROOT_PSW`, service tokens, database passwords, and S3/MCP addresses. ### 2. Modify Environment Variables @@ -169,7 +196,7 @@ These ports must be accessible: 1. Port 3000 (FastGPT main service) 2. Port 9000 (S3 service) -3. Port 3005 (FastGPT SSE MCP server service) +3. Port 3003 (FastGPT SSE MCP server service) ### 4. Start Containers @@ -177,14 +204,15 @@ Run in the same directory as docker-compose.yml. Ensure `docker-compose` version ```bash # Start containers -docker compose --profile prepull pull opensandbox-agent-sandbox-image opensandbox-execd-image opensandbox-egress-image && dockercompose up -d +docker compose --profile prepull pull opensandbox-agent-sandbox-image opensandbox-execd-image opensandbox-egress-image && docker compose up -d ``` ### 5. Access FastGPT Access FastGPT via the port/domain opened in step 3. Login username is `root`, password is the `DEFAULT_ROOT_PSW` set in `docker-compose.yml` environment variables. -Each container restart automatically initializes the root user with password `1234` (matching `DEFAULT_ROOT_PSW`). + +If you deploy with the interactive script, it randomly generates `DEFAULT_ROOT_PSW` and prints the login password when it finishes. If you deploy manually, change the default password in `docker-compose.yml` before starting the service. Each container restart automatically updates the root user's password based on `DEFAULT_ROOT_PSW`. ### 6. Configure Models diff --git a/document/content/self-host/deploy/docker.mdx b/document/content/self-host/deploy/docker.mdx index 3d9284285a36..6ade32ca0cb5 100644 --- a/document/content/self-host/deploy/docker.mdx +++ b/document/content/self-host/deploy/docker.mdx @@ -1,5 +1,5 @@ --- -title: Docker-compose 部署 +title: Docker Compose 部署 description: 使用 Docker Compose 快速部署 FastGPT --- @@ -124,11 +124,30 @@ brew install orbstack bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) ``` +脚本会自动完成以下操作: + +- 下载或复制 `docker-compose.yml`,并下载 `config.json`。 +- 引导选择 S3 与 MCP 的外部访问地址,并写入配置文件。 +- 随机生成 `root` 登录密码、服务间 Token、应用密钥和组件密码,并写入 `docker-compose.yml`。 +- 自动检测宿主机 Docker socket 路径,必要时替换 `docker-compose.yml` 中的挂载路径。 + +执行完成后,终端会输出本次生成的 `root` 登录密码,请妥善保存生成后的 `docker-compose.yml`。后续升级时建议基于该文件调整,不要直接丢失已生成的密码和密钥。 + +如果需要使用本地已有的 `docker-compose.yml`(例如测试尚未发布到文档站的版本),可以在脚本的部署版本选择中选择 `本地 docker-compose.yml`,然后输入本地文件路径。也可以使用环境变量直接指定: + +```bash +FASTGPT_LOCAL_COMPOSE_PATH=/path/to/docker-compose.yml bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) +``` + #### 方法二:手动下载部署 -如果部署环境为非 \*nix 环境或无法访问外网,需要手动下载 `docker-compose.yml` 进行部署 +如果需要固定使用某个 `docker-compose.yml` 文件,推荐先手动下载 `docker-compose.yml` 和 `install.sh`,再通过 `install.sh` 的本地 compose 模式生成最终配置。这样仍然可以复用脚本里的随机密码、S3/MCP 地址写入、Docker socket 检测等能力。 + +1. 下载所需的 `docker-compose.yml` 文件到服务器,例如: -1. 下载 `docker-compose.yml` 文件: +```bash +curl -fsSL https://doc.fastgpt.cn/deploy/docker/v4.14/cn/docker-compose.pg.yml -o docker-compose.source.yml +```
点击展开查看不同数据库的 docker-compose 配置文件下载地址 @@ -149,15 +168,23 @@ bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) - 中国大陆地区镜像源(阿里云):[docker-compose.seekdb.yml](https://doc.fastgpt.cn/deploy/docker/v4.14/cn/docker-compose.seekdb.yml) - 全球镜像源(dockerhub, ghcr):[docker-compose.seekdb.yml](https://doc.fastgpt.cn/deploy/docker/v4.14/global/docker-compose.seekdb.yml) -2. 下载 `config.json` 文件: +
-- [config.json](https://doc.fastgpt.cn/deploy/config/config.json) +2. 下载 `install.sh` 到服务器: - +```bash +curl -fsSL https://doc.fastgpt.cn/deploy/install.sh -o install.sh +``` -下载 config.json 文件 +3. 使用 `install.sh` 读取本地 compose 文件并生成最终部署配置: -- [config.json](https://doc.fastgpt.cn/deploy/config/config.json) +```bash +FASTGPT_LOCAL_COMPOSE_PATH=./docker-compose.source.yml bash install.sh +``` + +脚本会复制该 compose 文件为最终的 `docker-compose.yml`,并继续下载 `config.json`、随机生成登录密码和各类凭证、写入 S3/MCP 地址。生成完成后,按终端输出的 root 密码登录。 + +完全离线环境下,需要同时准备 `docker-compose.yml`、`config.json` 和 `install.sh`。如果无法让脚本下载 `config.json`,则需要手动修改 `DEFAULT_ROOT_PSW`、服务 Token、数据库密码、S3/MCP 地址等配置。 ### 2. 修改环境变量 @@ -169,7 +196,7 @@ bash <(curl -fsSL https://doc.fastgpt.cn/deploy/install.sh) 1. 3000 端口(FastGPT 主服务) 2. 9000 端口(S3 服务) -3. 3005 端口(FastGPT SSE MCP server 服务) +3. 3003 端口(FastGPT SSE MCP server 服务) ### 4. 启动容器 @@ -183,7 +210,9 @@ docker compose --profile prepull pull opensandbox-agent-sandbox-image opensandbo ### 5. 访问 FastGPT -可通过第二步开放的端口/域名访问 FastGPT。登录用户名为 `root`,密码为 `docker-compose.yml` 环境变量里设置的 `DEFAULT_ROOT_PSW`。每次重启容器,都会自动初始化 root 用户,密码为 `1234`(与环境变量中的 `DEFAULT_ROOT_PSW` 一致)。 +可通过第三步开放的端口/域名访问 FastGPT。登录用户名为 `root`,密码为 `docker-compose.yml` 环境变量里设置的 `DEFAULT_ROOT_PSW`。 + +如果使用交互式脚本部署,脚本会随机生成 `DEFAULT_ROOT_PSW`,并在执行完成后输出本次登录密码;如果手动下载部署,请自行修改 `docker-compose.yml` 中的默认密码后再启动服务。每次重启容器,都会按 `DEFAULT_ROOT_PSW` 自动更新 root 用户密码。 ### 6. 配置模型 diff --git a/document/data/doc-last-modified.json b/document/data/doc-last-modified.json index e4e3dd01252d..58cc5c3f33d0 100644 --- a/document/data/doc-last-modified.json +++ b/document/data/doc-last-modified.json @@ -444,6 +444,6 @@ "content/self-host/upgrading/outdated/499.mdx": "2026-05-07T15:06:40+08:00", "content/self-host/upgrading/upgrade-intruction.en.mdx": "2026-04-26T21:08:47+08:00", "content/self-host/upgrading/upgrade-intruction.mdx": "2026-04-26T21:08:47+08:00", - "content/toc.en.mdx": "2026-06-25T14:51:00+08:00", - "content/toc.mdx": "2026-06-25T14:51:00+08:00" -} \ No newline at end of file + "content/toc.en.mdx": "2026-06-23T22:44:56+08:00", + "content/toc.mdx": "2026-06-23T22:44:56+08:00" +} diff --git a/document/public/deploy/config/config.json b/document/public/deploy/config/config.json deleted file mode 100644 index 8cdc4c13999e..000000000000 --- a/document/public/deploy/config/config.json +++ /dev/null @@ -1,22 +0,0 @@ -// 已使用 json5 进行解析,会自动去掉注释,无需手动去除 -{ - "feConfigs": { - "mcpServerProxyEndpoint": "" // mcp server 代理地址,例如: http://localhost:3005 - }, - "systemEnv": { - "datasetParseMaxProcess": 10, // 知识库文件解析最大线程数量 - "vectorMaxProcess": 10, // 向量处理线程数量 - "qaMaxProcess": 10, // 问答拆分线程数量 - "vlmMaxProcess": 10, // 图片理解模型最大处理进程 - "hnswEfSearch": 100, // 向量搜索参数,仅对 PG 和 OB 生效。越大,搜索越精确,但是速度越慢。设置为100,有99%+精度。 - "hnswMaxScanTuples": 100000, // 向量搜索最大扫描数据量,仅对 PG生效。 - "customPdfParse": { - "url": "", // 自定义 PDF 解析服务地址 - "key": "", // 自定义 PDF 解析服务密钥 - "doc2xKey": "", // doc2x 服务密钥 - "textinAppId": "", // 合合信息 Textin 服务 App ID - "textinSecretCode": "", // 合合信息 Textin 服务 Secret Code - "price": 0 // PDF 解析服务价格 - } - } -} diff --git a/document/public/deploy/docker/main/cn/docker-compose.milvus.yml b/document/public/deploy/docker/main/cn/docker-compose.milvus.yml index 5a4a59d09736..e8ed52c3081e 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.milvus.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.milvus.yml @@ -95,6 +95,7 @@ services: MINIO_ADDRESS: fastgpt-milvus-minio:9000 networks: - data + - vector volumes: - fastgpt-milvus-data:/var/lib/milvus healthcheck: @@ -405,6 +406,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/main/cn/docker-compose.oceanbase.yml index 0eb3c1a31a0d..1b10ade3ac24 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.oceanbase.yml @@ -383,6 +383,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/cn/docker-compose.opengauss.yml b/document/public/deploy/docker/main/cn/docker-compose.opengauss.yml index 47cc32a4200b..62384565f3f6 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.opengauss.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.opengauss.yml @@ -367,6 +367,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/cn/docker-compose.pg.yml b/document/public/deploy/docker/main/cn/docker-compose.pg.yml index be29f8bda387..949ab7a14624 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.pg.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.pg.yml @@ -365,6 +365,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/main/cn/docker-compose.seekdb.yml index b1612cf12bdb..16f6e5d2a2d5 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.seekdb.yml @@ -370,6 +370,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/main/cn/docker-compose.zilliz.yml index 216a18fd6f91..f27acf6a5e81 100644 --- a/document/public/deploy/docker/main/cn/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/main/cn/docker-compose.zilliz.yml @@ -49,7 +49,6 @@ x-vec-config: &x-vec-config services: # Vector DB - fastgpt-mongo: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -148,8 +147,6 @@ services: depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -349,6 +346,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.milvus.yml b/document/public/deploy/docker/main/global/docker-compose.milvus.yml index 7da9a44d83d9..7e8a250a4a3b 100644 --- a/document/public/deploy/docker/main/global/docker-compose.milvus.yml +++ b/document/public/deploy/docker/main/global/docker-compose.milvus.yml @@ -95,6 +95,7 @@ services: MINIO_ADDRESS: fastgpt-milvus-minio:9000 networks: - data + - vector volumes: - fastgpt-milvus-data:/var/lib/milvus healthcheck: @@ -405,6 +406,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/main/global/docker-compose.oceanbase.yml index 817ec6e0b95b..cd624a9067f8 100644 --- a/document/public/deploy/docker/main/global/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/main/global/docker-compose.oceanbase.yml @@ -383,6 +383,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.opengauss.yml b/document/public/deploy/docker/main/global/docker-compose.opengauss.yml index b7fa4ed53929..465129f3b759 100644 --- a/document/public/deploy/docker/main/global/docker-compose.opengauss.yml +++ b/document/public/deploy/docker/main/global/docker-compose.opengauss.yml @@ -367,6 +367,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.pg.yml b/document/public/deploy/docker/main/global/docker-compose.pg.yml index 122a9e7f4f99..d7af00a02dec 100644 --- a/document/public/deploy/docker/main/global/docker-compose.pg.yml +++ b/document/public/deploy/docker/main/global/docker-compose.pg.yml @@ -365,6 +365,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.seekdb.yml b/document/public/deploy/docker/main/global/docker-compose.seekdb.yml index cf02f1093b43..b39720dbf39c 100644 --- a/document/public/deploy/docker/main/global/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/main/global/docker-compose.seekdb.yml @@ -370,6 +370,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/main/global/docker-compose.zilliz.yml b/document/public/deploy/docker/main/global/docker-compose.zilliz.yml index 1c08716d3d5a..6c5822ae6fb1 100644 --- a/document/public/deploy/docker/main/global/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/main/global/docker-compose.zilliz.yml @@ -49,7 +49,6 @@ x-vec-config: &x-vec-config services: # Vector DB - fastgpt-mongo: image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -148,8 +147,6 @@ services: depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -349,6 +346,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.milvus.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.milvus.yml index aa93bc3f164f..f7151f5f57a7 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.milvus.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.milvus.yml @@ -97,6 +97,7 @@ services: MINIO_ADDRESS: fastgpt-milvus-minio:9000 networks: - data + - vector volumes: - fastgpt-milvus-data:/var/lib/milvus healthcheck: @@ -482,6 +483,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.oceanbase.yml index 49657059158d..cdd399741fc6 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.oceanbase.yml @@ -460,6 +460,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: @@ -509,6 +511,6 @@ configs: [ingress] mode = "direct" init_sql: - name: init_sql - content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; + name: init_sql + content: | + ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.opengauss.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.opengauss.yml index 5112e921a027..9d65148cb513 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.opengauss.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.opengauss.yml @@ -444,6 +444,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.pg.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.pg.yml index 6be454163c5d..ffb4ec86ae2a 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.pg.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.pg.yml @@ -442,6 +442,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.seekdb.yml index b07197a0ca66..54f8b71f26cc 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.seekdb.yml @@ -447,6 +447,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/v4.14/cn/docker-compose.zilliz.yml index 0595648b7d5e..330d9bee74cf 100644 --- a/document/public/deploy/docker/v4.14/cn/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/v4.14/cn/docker-compose.zilliz.yml @@ -51,7 +51,6 @@ x-vec-config: &x-vec-config services: # Vector DB - fastgpt-mongo: image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -151,8 +150,6 @@ services: depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -426,6 +423,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.milvus.yml b/document/public/deploy/docker/v4.14/global/docker-compose.milvus.yml index 1d51d8ca6d37..290eff316a6b 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.milvus.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.milvus.yml @@ -97,6 +97,7 @@ services: MINIO_ADDRESS: fastgpt-milvus-minio:9000 networks: - data + - vector volumes: - fastgpt-milvus-data:/var/lib/milvus healthcheck: @@ -482,6 +483,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/v4.14/global/docker-compose.oceanbase.yml index 9d3f21b8fb99..6fd80d075360 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.oceanbase.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.oceanbase.yml @@ -460,6 +460,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: @@ -509,6 +511,6 @@ configs: [ingress] mode = "direct" init_sql: - name: init_sql - content: | - ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; + name: init_sql + content: | + ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.opengauss.yml b/document/public/deploy/docker/v4.14/global/docker-compose.opengauss.yml index d3c1463099ee..5ea25f73cc6a 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.opengauss.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.opengauss.yml @@ -444,6 +444,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.pg.yml b/document/public/deploy/docker/v4.14/global/docker-compose.pg.yml index 54d73d74161d..c54d0fe8a1b9 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.pg.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.pg.yml @@ -442,6 +442,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.seekdb.yml b/document/public/deploy/docker/v4.14/global/docker-compose.seekdb.yml index ff3a1ce814b3..ee7d3d762c42 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.seekdb.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.seekdb.yml @@ -447,6 +447,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.14/global/docker-compose.zilliz.yml b/document/public/deploy/docker/v4.14/global/docker-compose.zilliz.yml index 70c7f8cd4d1b..2c750a609a5d 100644 --- a/document/public/deploy/docker/v4.14/global/docker-compose.zilliz.yml +++ b/document/public/deploy/docker/v4.14/global/docker-compose.zilliz.yml @@ -51,7 +51,6 @@ x-vec-config: &x-vec-config services: # Vector DB - fastgpt-mongo: image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 container_name: fastgpt-mongo @@ -151,8 +150,6 @@ services: depends_on: fastgpt-mongo: condition: service_healthy - fastgpt-vector: - condition: service_healthy fastgpt-redis: condition: service_healthy fastgpt-minio: @@ -426,6 +423,8 @@ services: networks: data: name: fastgpt_data + vector: + name: fastgpt_vector app: name: fastgpt_app codesandbox: diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.milvus.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.milvus.yml new file mode 100644 index 000000000000..235b776923d5 --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.milvus.yml @@ -0,0 +1,662 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + MILVUS_ADDRESS: http://fastgpt-vector:19530 + MILVUS_TOKEN: none + +services: + fastgpt-milvus-minio: + container_name: fastgpt-milvus-minio + image: minio/minio:RELEASE.2023-03-20T20-16-18Z + environment: + MINIO_ACCESS_KEY: minioadmin + MINIO_SECRET_KEY: minioadmin + networks: + - vector + volumes: + - fastgpt-milvus-minio:/minio_data + command: minio server /minio_data --console-address ":9001" + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live'] + interval: 30s + timeout: 20s + retries: 3 + # milvus + fastgpt-milvus-etcd: + container_name: fastgpt-milvus-etcd + image: quay.io/coreos/etcd:v3.5.5 + environment: + - ETCD_AUTO_COMPACTION_MODE=revision + - ETCD_AUTO_COMPACTION_RETENTION=1000 + - ETCD_QUOTA_BACKEND_BYTES=4294967296 + - ETCD_SNAPSHOT_COUNT=50000 + networks: + - vector + volumes: + - fastgpt-milvus-etcd:/etcd + command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd + healthcheck: + test: ['CMD', 'etcdctl', 'endpoint', 'health'] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-vector: + container_name: fastgpt-milvus-standalone + image: milvusdb/milvus:v2.4.3 + command: ['milvus', 'run', 'standalone'] + security_opt: + - seccomp:unconfined + environment: + ETCD_ENDPOINTS: fastgpt-milvus-etcd:2379 + MINIO_ADDRESS: fastgpt-milvus-minio:9000 + networks: + - data + - vector + volumes: + - fastgpt-milvus-data:/var/lib/milvus + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:9091/healthz'] + interval: 30s + start_period: 90s + timeout: 20s + retries: 3 + depends_on: + - 'fastgpt-milvus-etcd' + - 'fastgpt-milvus-minio' + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.oceanbase.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.oceanbase.yml new file mode 100644 index 000000000000..0d9a72e11092 --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.oceanbase.yml @@ -0,0 +1,643 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + OCEANBASE_URL: mysql://root%40tenantname:tenantpassword@fastgpt-vector:2881/mysql + +services: + fastgpt-vector: + image: oceanbase/oceanbase-ce:4.3.5-lts + container_name: fastgpt-ob + restart: always + # ports: # 生产环境建议不要暴露 + # - 2881:2881 + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - OB_SYS_PASSWORD=obsyspassword + # 不同于传统数据库,OceanBase 数据库的账号包含更多字段,包括用户名、租户名和集群名。经典格式为"用户名@租户名#集群名" + # 比如用mysql客户端连接时,根据本文件的默认配置,应该指定 "-uroot@tenantname" + - OB_TENANT_NAME=tenantname + - OB_TENANT_PASSWORD=tenantpassword + # MODE分为MINI和NORMAL, 后者会最大程度使用主机资源 + - MODE=MINI + - OB_SERVER_IP=127.0.0.1 + # 更多环境变量配置见oceanbase官方文档: https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000002013494 + volumes: + - fastgpt-ob-data:/root/ob + - fastgpt-ob-config:/root/.obd/cluster + configs: + - source: init_sql + target: /root/boot/init.d/init.sql + healthcheck: + # obclient -h127.0.0.1 -P2881 -uroot@tenantname -ptenantpassword -e "SELECT 1;" + test: + [ + "CMD-SHELL", + 'obclient -h$${OB_SERVER_IP} -P2881 -uroot@$${OB_TENANT_NAME} -p$${OB_TENANT_PASSWORD} -e "SELECT 1;"', + ] + interval: 30s + timeout: 10s + retries: 1000 + start_period: 10s + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" + init_sql: + name: init_sql + content: | + ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.opengauss.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.opengauss.yml new file mode 100644 index 000000000000..6972ee2db729 --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.opengauss.yml @@ -0,0 +1,623 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + OPENGAUSS_URL: postgresql://gaussdb:FastGPT@123@fastgpt-vector:5432/fastgpt + +services: + fastgpt-vector: + image: opengauss/opengauss:7.0.0-RC1 + container_name: fastgpt-opengauss + restart: always + privileged: true + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - GS_USERNAME=gaussdb # 默认会创建 gaussdb 用户 + - GS_PASSWORD=FastGPT@123 # 密码必须包含大写、小写、数字和特殊字符,且长度不少于8位 + - GS_DB=fastgpt # 默认会创建 postgres 数据库,这里以 fastgpt 为例 + volumes: + - ./opengauss/data:/var/lib/opengauss + healthcheck: + test: ['CMD-SHELL', 'su - omm -c "gsql -d postgres -p 5432 -c \"SELECT 1\""'] + interval: 10s + timeout: 5s + retries: 10 + start_period: 30s + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.pg.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.pg.yml new file mode 100644 index 000000000000..fbd3404d6bee --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.pg.yml @@ -0,0 +1,621 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + PG_URL: postgresql://username:password@fastgpt-vector:5432/postgres + +services: + fastgpt-vector: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 + container_name: fastgpt-pg + restart: always + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - POSTGRES_USER=username + - POSTGRES_PASSWORD=password + - POSTGRES_DB=postgres + volumes: + - fastgpt-pg:/var/lib/postgresql/data + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'username', '-d', 'postgres'] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.seekdb.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.seekdb.yml new file mode 100644 index 000000000000..ed9c05da2fa5 --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.seekdb.yml @@ -0,0 +1,626 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + SEEKDB_URL: mysql://root:seekdbpassword@fastgpt-vector:2881/mysql + +services: + fastgpt-vector: + image: oceanbase/seekdb:1.0.1.0-100000392025122619 + container_name: fastgpt-seekdb + restart: always + # ports: # 生产环境建议不要暴露 + # - 2881:2881 + # - 2886:2886 + networks: + - data + environment: + # SeekDB 连接配置(兼容 MySQL 协议) + - ROOT_PASSWORD=seekdbpassword + # MODE分为MINI和NORMAL, 后者会最大程度使用主机资源 + - MODE=MINI + volumes: + - fastgpt-seekdb-data:/var/lib/mysql + - fastgpt-seekdb-config:/etc/mysql/conf.d + healthcheck: + test: ['CMD', 'mysqladmin', 'ping', '-h', '127.0.0.1', '-P2881', '-uroot', '-pseekdbpassword'] + interval: 30s + timeout: 10s + retries: 1000 + start_period: 10s + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/cn/docker-compose.zilliz.yml b/document/public/deploy/docker/v4.15/cn/docker-compose.zilliz.yml new file mode 100644 index 000000000000..733b930d1240 --- /dev/null +++ b/document/public/deploy/docker/v4.15/cn/docker-compose.zilliz.yml @@ -0,0 +1,602 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + MILVUS_ADDRESS: zilliz_cloud_address + MILVUS_TOKEN: zilliz_cloud_token + +services: + fastgpt-mongo: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: registry.cn-hangzhou.aliyuncs.com/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: registry.cn-hangzhou.aliyuncs.com/fastgpt/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-execd:v1.0.7" + + [egress] + image = "registry.cn-hangzhou.aliyuncs.com/fastgpt/opensandbox-egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.milvus.yml b/document/public/deploy/docker/v4.15/global/docker-compose.milvus.yml new file mode 100644 index 000000000000..41c2e328f62c --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.milvus.yml @@ -0,0 +1,662 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + MILVUS_ADDRESS: http://fastgpt-vector:19530 + MILVUS_TOKEN: none + +services: + fastgpt-milvus-minio: + container_name: fastgpt-milvus-minio + image: minio/minio:RELEASE.2023-03-20T20-16-18Z + environment: + MINIO_ACCESS_KEY: minioadmin + MINIO_SECRET_KEY: minioadmin + networks: + - vector + volumes: + - fastgpt-milvus-minio:/minio_data + command: minio server /minio_data --console-address ":9001" + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:9000/minio/health/live'] + interval: 30s + timeout: 20s + retries: 3 + # milvus + fastgpt-milvus-etcd: + container_name: fastgpt-milvus-etcd + image: quay.io/coreos/etcd:v3.5.5 + environment: + - ETCD_AUTO_COMPACTION_MODE=revision + - ETCD_AUTO_COMPACTION_RETENTION=1000 + - ETCD_QUOTA_BACKEND_BYTES=4294967296 + - ETCD_SNAPSHOT_COUNT=50000 + networks: + - vector + volumes: + - fastgpt-milvus-etcd:/etcd + command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd + healthcheck: + test: ['CMD', 'etcdctl', 'endpoint', 'health'] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-vector: + container_name: fastgpt-milvus-standalone + image: milvusdb/milvus:v2.4.3 + command: ['milvus', 'run', 'standalone'] + security_opt: + - seccomp:unconfined + environment: + ETCD_ENDPOINTS: fastgpt-milvus-etcd:2379 + MINIO_ADDRESS: fastgpt-milvus-minio:9000 + networks: + - data + - vector + volumes: + - fastgpt-milvus-data:/var/lib/milvus + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:9091/healthz'] + interval: 30s + start_period: 90s + timeout: 20s + retries: 3 + depends_on: + - 'fastgpt-milvus-etcd' + - 'fastgpt-milvus-minio' + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.oceanbase.yml b/document/public/deploy/docker/v4.15/global/docker-compose.oceanbase.yml new file mode 100644 index 000000000000..983b4cdccfe1 --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.oceanbase.yml @@ -0,0 +1,643 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + OCEANBASE_URL: mysql://root%40tenantname:tenantpassword@fastgpt-vector:2881/mysql + +services: + fastgpt-vector: + image: oceanbase/oceanbase-ce:4.3.5-lts + container_name: fastgpt-ob + restart: always + # ports: # 生产环境建议不要暴露 + # - 2881:2881 + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - OB_SYS_PASSWORD=obsyspassword + # 不同于传统数据库,OceanBase 数据库的账号包含更多字段,包括用户名、租户名和集群名。经典格式为"用户名@租户名#集群名" + # 比如用mysql客户端连接时,根据本文件的默认配置,应该指定 "-uroot@tenantname" + - OB_TENANT_NAME=tenantname + - OB_TENANT_PASSWORD=tenantpassword + # MODE分为MINI和NORMAL, 后者会最大程度使用主机资源 + - MODE=MINI + - OB_SERVER_IP=127.0.0.1 + # 更多环境变量配置见oceanbase官方文档: https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000002013494 + volumes: + - fastgpt-ob-data:/root/ob + - fastgpt-ob-config:/root/.obd/cluster + configs: + - source: init_sql + target: /root/boot/init.d/init.sql + healthcheck: + # obclient -h127.0.0.1 -P2881 -uroot@tenantname -ptenantpassword -e "SELECT 1;" + test: + [ + "CMD-SHELL", + 'obclient -h$${OB_SERVER_IP} -P2881 -uroot@$${OB_TENANT_NAME} -p$${OB_TENANT_PASSWORD} -e "SELECT 1;"', + ] + interval: 30s + timeout: 10s + retries: 1000 + start_period: 10s + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" + init_sql: + name: init_sql + content: | + ALTER SYSTEM SET ob_vector_memory_limit_percentage = 30; diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.opengauss.yml b/document/public/deploy/docker/v4.15/global/docker-compose.opengauss.yml new file mode 100644 index 000000000000..cd89d2476ef2 --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.opengauss.yml @@ -0,0 +1,623 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + OPENGAUSS_URL: postgresql://gaussdb:FastGPT@123@fastgpt-vector:5432/fastgpt + +services: + fastgpt-vector: + image: opengauss/opengauss:7.0.0-RC1 + container_name: fastgpt-opengauss + restart: always + privileged: true + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - GS_USERNAME=gaussdb # 默认会创建 gaussdb 用户 + - GS_PASSWORD=FastGPT@123 # 密码必须包含大写、小写、数字和特殊字符,且长度不少于8位 + - GS_DB=fastgpt # 默认会创建 postgres 数据库,这里以 fastgpt 为例 + volumes: + - ./opengauss/data:/var/lib/opengauss + healthcheck: + test: ['CMD-SHELL', 'su - omm -c "gsql -d postgres -p 5432 -c \"SELECT 1\""'] + interval: 10s + timeout: 5s + retries: 10 + start_period: 30s + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.pg.yml b/document/public/deploy/docker/v4.15/global/docker-compose.pg.yml new file mode 100644 index 000000000000..99da96e5fe3f --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.pg.yml @@ -0,0 +1,621 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + PG_URL: postgresql://username:password@fastgpt-vector:5432/postgres + +services: + fastgpt-vector: + image: pgvector/pgvector:0.8.0-pg15 + container_name: fastgpt-pg + restart: always + networks: + - data + environment: + # 这里的配置只有首次运行生效。修改后,重启镜像是不会生效的。需要把持久化数据删除再重启,才有效果 + - POSTGRES_USER=username + - POSTGRES_PASSWORD=password + - POSTGRES_DB=postgres + volumes: + - fastgpt-pg:/var/lib/postgresql/data + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'username', '-d', 'postgres'] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.seekdb.yml b/document/public/deploy/docker/v4.15/global/docker-compose.seekdb.yml new file mode 100644 index 000000000000..7c3f252ce4b6 --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.seekdb.yml @@ -0,0 +1,626 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + SEEKDB_URL: mysql://root:seekdbpassword@fastgpt-vector:2881/mysql + +services: + fastgpt-vector: + image: oceanbase/seekdb:1.0.1.0-100000392025122619 + container_name: fastgpt-seekdb + restart: always + # ports: # 生产环境建议不要暴露 + # - 2881:2881 + # - 2886:2886 + networks: + - data + environment: + # SeekDB 连接配置(兼容 MySQL 协议) + - ROOT_PASSWORD=seekdbpassword + # MODE分为MINI和NORMAL, 后者会最大程度使用主机资源 + - MODE=MINI + volumes: + - fastgpt-seekdb-data:/var/lib/mysql + - fastgpt-seekdb-config:/etc/mysql/conf.d + healthcheck: + test: ['CMD', 'mysqladmin', 'ping', '-h', '127.0.0.1', '-P2881', '-uroot', '-pseekdbpassword'] + interval: 30s + timeout: 10s + retries: 1000 + start_period: 10s + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-vector: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/docker/v4.15/global/docker-compose.zilliz.yml b/document/public/deploy/docker/v4.15/global/docker-compose.zilliz.yml new file mode 100644 index 000000000000..5b0858f56c13 --- /dev/null +++ b/document/public/deploy/docker/v4.15/global/docker-compose.zilliz.yml @@ -0,0 +1,602 @@ +# 用于部署的 docker-compose 文件: +# - FastGPT 端口映射为 3000:3000 +# - FastGPT-mcp-server 端口映射 3003:3000 +# - Agent sandbox proxy 端口映射 1006:1006 +# - 建议修改账密后再运行 + +# root 默认密码(重启后会强制重置该密码成环境变量值) +x-default-root-psw: &x-default-root-psw "1234" +# 系统最高密钥凭证 +x-system-key: &x-system-key "fastgpt-xxx" +# 用户登录 JWT 密钥 +x-token-key: &x-token-key "fastgpt" +# 文件阅读 token 密钥 +x-file-token-key: &x-file-token-key "filetokenkey" +# 密钥加密 key +x-aes256-secret-key: &x-aes256-secret-key "fastgptsecret" +# Invoke 反向调用 JWT 密钥,至少 32 位 +x-invoke-token-secret: &x-invoke-token-secret "fastgpt_invoke_token_secret_32_chars_min" +# plugin auth token,v4.15 plugin 服务要求至少 32 位 +x-plugin-auth-token: &x-plugin-auth-token "fastgpt-plugin-token-please-change" +# code sandbox token +x-code-sandbox-token: &x-code-sandbox-token "codesandbox" +# volume manager auth token +x-volume-manager-auth-token: &x-volume-manager-auth-token "vmtoken" +# agent sandbox proxy secret,必须与 FastGPT 主站环境变量保持一致,且至少 32 位 +x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret "default_fastgpt_agent_sandbox_proxy_secret" +# aiproxy token +x-aiproxy-token: &x-aiproxy-token "token" +# 数据库连接相关配置 +x-share-db-config: &x-share-db-config + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin + REDIS_URL: redis://default:mypassword@fastgpt-redis:6379 + # @see https://doc.fastgpt.cn/self-host/config/object-storage + STORAGE_VENDOR: minio # minio | aws-s3 | cos | oss + STORAGE_REGION: us-east-1 + STORAGE_ACCESS_KEY_ID: minioadmin + STORAGE_SECRET_ACCESS_KEY: minioadmin + STORAGE_PUBLIC_BUCKET: fastgpt-public + STORAGE_PRIVATE_BUCKET: fastgpt-private + STORAGE_EXTERNAL_ENDPOINT: http://192.168.0.2:9000 # 一个服务器和客户端均可访问到存储桶的地址,可以是固定的宿主机 IP 或者域名,注意不要填写成 127.0.0.1 或者 localhost 等本地回环地址(因为容器里无法使用) + STORAGE_S3_CDN_ENDPOINT: + STORAGE_S3_ENDPOINT: http://fastgpt-minio:9000 # 协议://域名(IP):端口 + STORAGE_S3_FORCE_PATH_STYLE: true + STORAGE_S3_MAX_RETRIES: 3 + STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH: +# Log 配置 +x-log-config: &x-log-config + LOG_ENABLE_CONSOLE: true + LOG_CONSOLE_LEVEL: debug + LOG_ENABLE_OTEL: false + LOG_OTEL_LEVEL: info + LOG_OTEL_URL: http://localhost:4318/v1/logs + LOG_OTEL_SERVICE_NAME: fastgpt-client + METRICS_ENABLE_OTEL: false + METRICS_OTEL_URL: http://localhost:4318/v1/metrics + METRICS_OTEL_SERVICE_NAME: fastgpt-client + TRACING_ENABLE_OTEL: false + TRACING_OTEL_URL: http://localhost:4318/v1/traces + TRACING_OTEL_SERVICE_NAME: fastgpt-client +# 容器运行环境可能会自动注入 HTTP_PROXY/HTTPS_PROXY。 +# 明确绕过 compose 内部服务,避免内部请求被代理劫持。 +x-no-proxy-config: &x-no-proxy-config + NO_PROXY: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + no_proxy: localhost,127.0.0.1,::1,fastgpt-app,fastgpt-plugin,fastgpt-code-sandbox,fastgpt-agent-sandbox-proxy,fastgpt-aiproxy,fastgpt-aiproxy-pg,fastgpt-minio,fastgpt-mongo,fastgpt-redis,fastgpt-vector,fastgpt-mcp-server,opensandbox-server,fastgpt-volume-manager,host.docker.internal,*.orb.internal,*.orb.local + +# FastGPT 主服务的服务地址配置 +x-fastgpt-service-config: &x-fastgpt-service-config + PLUGIN_BASE_URL: http://fastgpt-plugin:3000 + PLUGIN_TOKEN: *x-plugin-auth-token + CODE_SANDBOX_URL: http://fastgpt-code-sandbox:3000 + CODE_SANDBOX_TOKEN: *x-code-sandbox-token + AIPROXY_API_ENDPOINT: http://fastgpt-aiproxy:3000 + AIPROXY_API_TOKEN: *x-aiproxy-token + +# FastGPT 主服务的 Agent Sandbox 配置 +x-agent-sandbox-config: &x-agent-sandbox-config + AGENT_SANDBOX_PROVIDER: opensandbox + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + # 浏览器访问 agent-sandbox-proxy 的地址。生产环境使用域名时,请改成浏览器可访问的 ws:// 或 wss:// 地址。 + AGENT_SANDBOX_PROXY_URL: ws://localhost:1006 + AGENT_SANDBOX_OPENSANDBOX_BASEURL: http://opensandbox-server:8090 + AGENT_SANDBOX_OPENSANDBOX_API_KEY: + AGENT_SANDBOX_OPENSANDBOX_RUNTIME: docker + AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: ghcr.io/labring/fastgpt-agent-sandbox + AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: v0.2.0 + AGENT_SANDBOX_OPENSANDBOX_USE_SERVER_PROXY: true + AGENT_SANDBOX_ENABLE_VOLUME: true + AGENT_SANDBOX_VOLUME_MANAGER_URL: http://fastgpt-volume-manager:3000 + AGENT_SANDBOX_VOLUME_MANAGER_TOKEN: *x-volume-manager-auth-token + AGENT_SANDBOX_MAX_EDIT_DEBUG: 100 + AGENT_SANDBOX_MAX_FILE_SIZE: 10 + AGENT_SANDBOX_ARCHIVE_MAX_SIZE: 50 + AGENT_SANDBOX_SKILL_MAX_SIZE: 10 + +# FastGPT App 专用环境变量(projects/app/src/env.ts · appEnv) +x-app-env-config: &x-app-env-config + DEFAULT_ROOT_PSW: *x-default-root-psw + SYSTEM_NAME: FastGPT + SYSTEM_DESCRIPTION: + SYSTEM_FAVICON: + MCP_SERVER_PROXY_ENDPOINT: + MARKETPLACE_URL: https://v2.marketplace.fastgpt.cn + PASSWORD_EXPIRED_MONTH: + SHOW_COUPON: false + SHOW_DISCOUNT_COUPON: false + HIDE_CHAT_COPYRIGHT_SETTING: + CHINESE_IP_REDIRECT_URL: + PAY_FORM_URL: + AGENT_SANDBOX_FREE_TIP: false + OPENAPI_KEY_MAX_COUNT: 100 + +# FastGPT 与 Pro 共用环境变量(packages/service/env.ts · serviceEnv) +x-service-env-config: &x-service-env-config + HOSTNAME: 0.0.0.0 + NEXT_PUBLIC_BASE_URL: + ROOT_KEY: *x-system-key + DB_MAX_LINK: 5 + SYNC_INDEX: true + TOKEN_KEY: *x-token-key + FILE_TOKEN_KEY: *x-file-token-key + AES256_SECRET_KEY: *x-aes256-secret-key + INVOKE_TOKEN_SECRET: *x-invoke-token-secret + MULTIPLE_DATA_TO_BASE64: true + USE_IP_LIMIT: false + CHECK_INTERNAL_IP: false + TRUSTED_PROXY_ENABLE: false + TRUSTED_PROXY_IPS: + PASSWORD_LOGIN_LOCK_SECONDS: + MAX_LOGIN_SESSION: + ALLOWED_ORIGINS: + AGENT_ENGINE: default + HELPER_BOT_MODEL: qwen-max + CHAT_TITLE_MODEL: + SKIP_FILE_TYPE_CHECK: false + WECHAT_CHANNEL_CONCURRENCY: 1000 + PARSE_FILE_WORKERS: 10 + PARSE_FILE_TIMEOUT_SECONDS: 600 + HTML_TO_MARKDOWN_WORKERS: 10 + TEXT_TO_CHUNKS_WORKERS: 10 + WORKFLOW_MAX_RUN_TIMES: 500 + WORKFLOW_MAX_LOOP_TIMES: 100 + WORKFLOW_PARALLEL_MAX_CONCURRENCY: 10 + CHAT_MAX_QPM: 5000 + SYSTEM_MAX_STRING_LENGTH_M: 100 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + MAX_FOLDER_DEPTH: 4 + APP_FOLDER_MAX_AMOUNT: 1000 + DATASET_FOLDER_MAX_AMOUNT: 1000 + UPLOAD_FILE_MAX_SIZE: 1000 + UPLOAD_FILE_MAX_AMOUNT: 1000 + LLM_REQUEST_TRACKING_RETENTION_HOURS: 6 + MAX_HTML_TRANSFORM_CHARS: 1000000 + DATASET_PARSE_MAX_PROCESS: 10 + VECTOR_MAX_PROCESS: 10 + QA_MAX_PROCESS: 10 + VLM_MAX_PROCESS: 10 + HNSW_EF_SEARCH: 100 + HNSW_MAX_SCAN_TUPLES: 100000 + CUSTOM_PDF_PARSE_URL: + CUSTOM_PDF_PARSE_KEY: + DOC2X_KEY: + TEXTIN_APP_ID: + TEXTIN_SECRET_CODE: + CUSTOM_PDF_PARSE_PRICE: 0 + FILE_URL_WHITELIST: + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: false + +# 向量库相关配置 +x-vec-config: &x-vec-config + MILVUS_ADDRESS: zilliz_cloud_address + MILVUS_TOKEN: zilliz_cloud_token + +services: + fastgpt-mongo: + image: mongo:5.0.32 # cpu 不支持 AVX 时候使用 4.4.29 + container_name: fastgpt-mongo + restart: always + networks: + - data + command: mongod --keyFile /data/mongodb.key --replSet rs0 + environment: + - MONGO_INITDB_ROOT_USERNAME=myusername + - MONGO_INITDB_ROOT_PASSWORD=mypassword + volumes: + - fastgpt-mongo:/data/db + healthcheck: + test: + [ + "CMD", + "mongo", + "-u", + "myusername", + "-p", + "mypassword", + "--authenticationDatabase", + "admin", + "--eval", + "db.adminCommand('ping')", + ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + entrypoint: + - bash + - -c + - | + openssl rand -base64 128 > /data/mongodb.key + chmod 400 /data/mongodb.key + chown 999:999 /data/mongodb.key + echo 'const isInited = rs.status().ok === 1 + if(!isInited){ + rs.initiate({ + _id: "rs0", + members: [ + { _id: 0, host: "fastgpt-mongo:27017" } + ] + }) + }' > /data/initReplicaSet.js + # 启动MongoDB服务 + exec docker-entrypoint.sh "$$@" & + + # 等待MongoDB服务启动 + until mongo -u myusername -p mypassword --authenticationDatabase admin --eval "print('waited for connection')"; do + echo "Waiting for MongoDB to start..." + sleep 2 + done + + # 执行初始化副本集的脚本 + mongo -u myusername -p mypassword --authenticationDatabase admin /data/initReplicaSet.js + + # 等待docker-entrypoint.sh脚本执行的MongoDB服务进程 + wait $$! + fastgpt-redis: + image: redis:7.2-alpine + container_name: fastgpt-redis + networks: + - data + restart: always + command: | + redis-server --requirepass mypassword --loglevel warning --maxclients 10000 --appendonly yes --save 60 10 --maxmemory 4gb --maxmemory-policy noeviction + healthcheck: + test: ["CMD", "redis-cli", "-a", "mypassword", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 30s + volumes: + - fastgpt-redis:/data + fastgpt-minio: + image: minio/minio:RELEASE.2025-09-07T16-13-09Z + container_name: fastgpt-minio + restart: always + ports: + - 9000:9000 + - 9001:9001 + networks: + - data + environment: + - MINIO_ROOT_USER=minioadmin + - MINIO_ROOT_PASSWORD=minioadmin + volumes: + - fastgpt-minio:/data + command: server /data --console-address ":9001" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + + fastgpt-app: + container_name: fastgpt-app + image: ghcr.io/labring/fastgpt:v4.15.0 + ports: + - 3000:3000 + networks: + - data + - app + - codesandbox + - opensandbox + - aiproxy + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-redis: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + fastgpt-code-sandbox: + condition: service_healthy + fastgpt-plugin: + condition: service_healthy + restart: always + environment: + # 完整变量请参考: https://github.com/labring/FastGPT/blob/main/projects/app/.env.template + <<: + [ + *x-share-db-config, + *x-vec-config, + *x-log-config, + *x-no-proxy-config, + *x-fastgpt-service-config, + *x-agent-sandbox-config, + *x-service-env-config, + *x-app-env-config, + ] + # 前端外部可访问的地址,用于自动补全文件资源路径。例如 https:fastgpt.cn,不能填 localhost。这个值可以不填,不填则发给模型的图片会是一个相对路径,而不是全路径,模型可能伪造Host。 + FE_DOMAIN: + # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 + FILE_DOMAIN: + fastgpt-code-sandbox: + container_name: fastgpt-code-sandbox + image: ghcr.io/labring/fastgpt-code-sandbox:v4.15.0 + networks: + - codesandbox + restart: always + read_only: true + tmpfs: + - /tmp:size=128m,noexec,nosuid,nodev + cap_drop: + - ALL + security_opt: + - no-new-privileges:true + environment: + <<: [*x-log-config, *x-no-proxy-config] + LOG_OTEL_SERVICE_NAME: fastgpt-code-sandbox + SANDBOX_TOKEN: *x-code-sandbox-token + # ===== Resource Limits ===== + # Maximum API JSON body size (MB), including variables + SANDBOX_API_MAX_BODY_MB: 8 + # Execution timeout per request (ms) + SANDBOX_MAX_TIMEOUT: 60000 + # Maximum allowed memory per user code execution (MB) + # Note: System automatically adds 50MB for runtime overhead + # Actual process limit = SANDBOX_MAX_MEMORY_MB + 50MB + SANDBOX_MAX_MEMORY_MB: 256 + SANDBOX_MAX_OUTPUT_MB: 10 + # Number of requests with the same queueId that may enter execution concurrently. Empty disables queueing. + SANDBOX_QUEUE_ID_CONCURRENCY: + + # ===== Process Pool ===== + # Number of pre-warmed worker processes (JS + Python) + SANDBOX_POOL_SIZE: 20 + + # ===== Network Request Limits ===== + # Whether to check if the request is to a private network + CHECK_INTERNAL_IP: true + # Maximum number of HTTP requests per execution + SANDBOX_REQUEST_MAX_COUNT: 30 + # Timeout for each outbound HTTP request (ms) + SANDBOX_REQUEST_TIMEOUT: 60000 + # Maximum response body size for outbound requests + SANDBOX_REQUEST_MAX_RESPONSE_MB: 10 + # Maximum request body size for outbound requests (MB) + SANDBOX_REQUEST_MAX_BODY_MB: 5 + + # ===== Module Control ===== + # JS allowed modules whitelist (comma-separated) + SANDBOX_JS_ALLOWED_MODULES: lodash,dayjs,moment,uuid,crypto-js,qs,url,querystring + # Python allowed modules whitelist (comma-separated) + SANDBOX_PYTHON_ALLOWED_MODULES: math,cmath,decimal,fractions,random,statistics,collections,array,heapq,bisect,queue,copy,itertools,functools,operator,string,re,difflib,textwrap,unicodedata,codecs,datetime,time,calendar,_strptime,json,csv,base64,binascii,struct,hashlib,hmac,secrets,uuid,typing,abc,enum,dataclasses,contextlib,pprint,weakref,numpy,pandas,matplotlib + healthcheck: + test: + [ + "CMD", + "node", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 30s + timeout: 20s + retries: 3 + fastgpt-agent-sandbox-proxy: + container_name: fastgpt-agent-sandbox-proxy + image: ghcr.io/labring/fastgpt-agent-sandbox-proxy:v0.2.0-beta2 + ports: + - 1006:1006 + networks: + - app + - opensandbox + restart: always + environment: + <<: [*x-no-proxy-config] + PORT: 1006 + FASTGPT_APP_URL: http://fastgpt-app:3000 + AGENT_SANDBOX_PROXY_SECRET: *x-agent-sandbox-proxy-secret + RUST_LOG: info,fastgpt_agent_sandbox_proxy=debug + depends_on: + fastgpt-app: + condition: service_started + fastgpt-mcp-server: + container_name: fastgpt-mcp-server + image: ghcr.io/labring/fastgpt-mcp_server:v4.15.0 + networks: + - app + ports: + - 3003:3000 + restart: always + environment: + <<: [*x-log-config, *x-no-proxy-config] + FASTGPT_ENDPOINT: http://fastgpt-app:3000 + fastgpt-plugin: + image: ghcr.io/labring/fastgpt-plugin:v1.0.0-beta2 + container_name: fastgpt-plugin + restart: always + networks: + - data + - app + environment: + <<: [*x-share-db-config, *x-log-config, *x-no-proxy-config] + # v4.15 plugin 服务使用独立数据库,避免和 FastGPT 主库集合冲突。 + MONGODB_URI: mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin + DB_MAX_LINK: 100 + AUTH_TOKEN: *x-plugin-auth-token + # 工具网络请求,最大请求和响应体 + SERVICE_REQUEST_MAX_CONTENT_LENGTH: 10 + # 最大 API 请求体大小 + MAX_API_SIZE: 10 + # 传递给 OTLP 收集器的服务名称 + LOG_OTEL_SERVICE_NAME: fastgpt-plugin + depends_on: + fastgpt-mongo: + condition: service_healthy + fastgpt-minio: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 20s + retries: 3 + + # 沙盒控制器:管理 Docker 容器的创建/执行/停止/删除 + # runtime=docker 模式需要挂载 Docker socket + # 配置 docker.host_ip 为宿主机 LAN IP(容器内访问宿主机服务用) + opensandbox-server: + image: opensandbox/server:v0.1.9 + container_name: fastgpt-opensandbox-server + restart: always + networks: + - opensandbox + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + configs: + - source: opensandbox-config + target: /etc/opensandbox/config.toml + environment: + <<: [*x-no-proxy-config] + SANDBOX_CONFIG_PATH: /etc/opensandbox/config.toml + healthcheck: + test: + [ + "CMD", + "python", + "-c", + 'import urllib.request,sys; sys.exit(0 if urllib.request.urlopen("http://localhost:8090/health",timeout=3).status==200 else 1)', + ] + interval: 10s + timeout: 5s + retries: 5 + # Pre-pull only: not started by `docker compose up` (uses profile `prepull`). + opensandbox-agent-sandbox-image: + image: ghcr.io/labring/fastgpt-agent-sandbox:v0.2.0 + profiles: + - prepull + opensandbox-execd-image: + image: opensandbox/execd:v1.0.7 + profiles: + - prepull + opensandbox-egress-image: + image: opensandbox/egress:v1.0.3 + profiles: + - prepull + # 卷管理微服务:负责幂等创建/删除 Docker named volume 或 k8s PVC + fastgpt-volume-manager: + image: ghcr.io/labring/fastgpt-agent-volume-manager:v0.2.0 + container_name: fastgpt-volume-manager + restart: always + networks: + - opensandbox + volumes: + - /var/run/docker.sock:/var/run/docker.sock # Docker 模式必须挂载,需检查是否与主机的 socket 文件一致 + environment: + <<: [*x-no-proxy-config] + PORT: 3000 + VM_RUNTIME: docker + VM_AUTH_TOKEN: *x-volume-manager-auth-token # 对应 AGENT_SANDBOX_VOLUME_MANAGER_TOKEN + VM_VOLUME_NAME_PREFIX: fastgpt-session # volume 名称前缀 + VM_LOG_LEVEL: info + VM_DOCKER_API_VERSION: v1.44 + healthcheck: + test: + [ + "CMD", + "bun", + "-e", + "fetch('http://localhost:3000/health').then((res) => { if (!res.ok) throw new Error(String(res.status)); })", + ] + interval: 10s + timeout: 5s + retries: 5 + + # AI Proxy + fastgpt-aiproxy: + image: ghcr.io/labring/aiproxy:v0.6.1 + container_name: fastgpt-aiproxy + restart: unless-stopped + depends_on: + fastgpt-aiproxy-pg: + condition: service_healthy + networks: + - aiproxy + environment: + # 对应 fastgpt 里的AIPROXY_API_TOKEN + ADMIN_KEY: *x-aiproxy-token + # 错误日志详情保存时间(小时) + LOG_DETAIL_STORAGE_HOURS: 1 + # 数据库连接地址 + SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy + # 最大重试次数 + RETRY_TIMES: 3 + # 不需要计费 + BILLING_ENABLED: false + # 不需要严格检测模型 + DISABLE_MODEL_CONFIG: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/api/status"] + interval: 5s + timeout: 5s + retries: 10 + fastgpt-aiproxy-pg: + image: pgvector/pgvector:0.8.0-pg15 # docker hub + restart: unless-stopped + container_name: fastgpt-aiproxy-pg + volumes: + - fastgpt-aiproxy_pg:/var/lib/postgresql/data + networks: + - aiproxy + environment: + TZ: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_DB: aiproxy + POSTGRES_PASSWORD: aiproxy + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres", "-d", "aiproxy"] + interval: 5s + timeout: 5s + retries: 10 +networks: + data: + name: fastgpt_data + vector: + name: fastgpt_vector + app: + name: fastgpt_app + codesandbox: + name: fastgpt_codesandbox + opensandbox: + name: fastgpt_opensandbox + aiproxy: + name: fastgpt_aiproxy + +volumes: + fastgpt-pg: + fastgpt-mongo: + fastgpt-redis: + fastgpt-minio: + fastgpt-milvus-minio: + fastgpt-milvus-etcd: + fastgpt-milvus-data: + fastgpt-ob-data: + fastgpt-ob-config: + fastgpt-seekdb-data: + fastgpt-seekdb-config: + fastgpt-aiproxy_pg: + +configs: + opensandbox-config: + content: | + [server] + host = "0.0.0.0" + port = 8090 + log_level = "INFO" + [runtime] + type = "docker" + execd_image = "opensandbox/execd:v1.0.7" + + [egress] + image = "opensandbox/egress:v1.0.3" + + [docker] + network_mode = "bridge" + # When server runs in a container, set host_ip to the host's IP or hostname so bridge-mode endpoints are reachable (e.g. host.docker.internal or the host LAN IP). + # It's required when server deployed with docker container under host. + host_ip = "host.docker.internal" + drop_capabilities = ["AUDIT_WRITE", "MKNOD", "NET_ADMIN", "NET_RAW", "SYS_ADMIN", "SYS_MODULE", "SYS_PTRACE", "SYS_TIME", "SYS_TTY_CONFIG"] + no_new_privileges = true + pids_limit = 512 + + [ingress] + mode = "direct" diff --git a/document/public/deploy/install.sh b/document/public/deploy/install.sh index e7c8b0b80a2d..9b08991ca138 100644 --- a/document/public/deploy/install.sh +++ b/document/public/deploy/install.sh @@ -51,24 +51,242 @@ radio_select() { # 恢复光标 tput cnorm 2>/dev/null + echo "" RADIO_RESULT=$selected } # 确保退出时恢复光标 trap 'tput cnorm 2>/dev/null; exit' INT TERM +# 生成安装期随机密钥。 +# 只使用 hex 字符,避免写入 YAML、URL、命令参数时触发转义问题。 +random_hex() { + local bytes="${1:-32}" + + if command -v openssl &>/dev/null; then + openssl rand -hex "$bytes" + return + fi + + if [ -r /dev/urandom ] && command -v od &>/dev/null; then + dd if=/dev/urandom bs="$bytes" count=1 2>/dev/null | od -An -tx1 | tr -d ' \n' + echo + return + fi + + echo "错误: 未找到 openssl,且无法读取 /dev/urandom 生成随机密钥" >&2 + exit 1 +} + +escape_sed_replacement() { + printf '%s' "$1" | sed -e 's/[\/&|]/\\&/g' +} + +replace_text() { + local old="$1" + local new="$2" + local file="${3:-docker-compose.yml}" + local escaped_new + + escaped_new="$(escape_sed_replacement "$new")" + if [[ "$OSTYPE" == "darwin"* ]]; then + sed -i '' "s|$old|$escaped_new|g" "$file" + else + sed -i "s|$old|$escaped_new|g" "$file" + fi +} + +# 替换 YAML anchor 默认值。v4.14 模板用单引号,v4.15 起改为双引号,两种都尝试。 +replace_anchor() { + local key="$1" + local old_value="$2" + local new_value="$3" + local file="${4:-docker-compose.yml}" + + replace_text "${key} \"${old_value}\"" "${key} \"${new_value}\"" "$file" + replace_text "${key} '${old_value}'" "${key} '${new_value}'" "$file" +} + +content_error() { + local file="$1" + local source="$2" + local type="$3" + local cleanup="${4:-false}" + + if [ "$cleanup" = true ]; then + rm -f "$file" + fi + + echo "错误: ${type} 文件内容异常: $source" >&2 + echo " 请确认该文件已经发布且内容正确,不能是 HTML 页面或空文件。" >&2 + exit 1 +} + +validate_compose_file() { + local file="$1" + local source="$2" + local cleanup="${3:-false}" + + if [ ! -s "$file" ]; then + content_error "$file" "$source" "docker-compose YAML" "$cleanup" + fi + + if LC_ALL=C grep -qiE ']' "$file"; then + content_error "$file" "$source" "docker-compose YAML" "$cleanup" + fi + + if ! LC_ALL=C grep -qE '^[[:space:]]*services:' "$file"; then + content_error "$file" "$source" "docker-compose YAML" "$cleanup" + fi +} + +resolve_input_path() { + local input="$1" + + if [ "$input" = "~" ]; then + input="$HOME" + elif [[ "$input" == ~/* ]]; then + input="$HOME/${input#~/}" + fi + + if [[ "$input" != /* ]]; then + input="$(pwd)/$input" + fi + + printf '%s\n' "$input" +} + +prompt_local_compose_path() { + local input resolved + + while true; do + read -r -p "请输入本地 docker-compose.yml 路径: " input + if [ -z "$input" ]; then + echo "路径不能为空" + continue + fi + + resolved="$(resolve_input_path "$input")" + if [ -f "$resolved" ]; then + LOCAL_COMPOSE_PATH="$resolved" + break + fi + + echo "未找到文件: $resolved" + done +} + +ROOT_LOGIN_PASSWORD="1234" + +randomize_compose_credentials() { + local system_key token_key file_token_key aes256_secret_key invoke_token_secret + local plugin_token code_sandbox_token volume_manager_token agent_proxy_secret aiproxy_token + local root_password mongo_password redis_password minio_password + local pg_password aiproxy_pg_password oceanbase_sys_password oceanbase_tenant_password seekdb_password opengauss_password + + system_key="$(random_hex 32)" + token_key="$(random_hex 32)" + file_token_key="$(random_hex 32)" + aes256_secret_key="$(random_hex 32)" + invoke_token_secret="$(random_hex 32)" + plugin_token="$(random_hex 32)" + code_sandbox_token="$(random_hex 32)" + volume_manager_token="$(random_hex 32)" + agent_proxy_secret="$(random_hex 32)" + aiproxy_token="$(random_hex 32)" + root_password="$(random_hex 8)" + mongo_password="$(random_hex 16)" + redis_password="$(random_hex 16)" + minio_password="$(random_hex 16)" + pg_password="$(random_hex 16)" + aiproxy_pg_password="$(random_hex 16)" + oceanbase_sys_password="$(random_hex 16)" + oceanbase_tenant_password="$(random_hex 16)" + seekdb_password="$(random_hex 16)" + # openGauss 要求密码同时包含大小写、数字和特殊字符。放在 URL 中时 @ 需要编码。 + opengauss_password="Fg$(random_hex 12)@123" + + if LC_ALL=C grep -qE "x-default-root-psw: &x-default-root-psw ['\"]1234['\"]" docker-compose.yml; then + ROOT_LOGIN_PASSWORD="$root_password" + replace_anchor "x-default-root-psw: &x-default-root-psw" "1234" "$root_password" + else + ROOT_LOGIN_PASSWORD="请查看 docker-compose.yml 中 DEFAULT_ROOT_PSW" + fi + + # YAML anchors: 多个服务共用的 token 只改锚点,引用方自动同步。 + replace_anchor "x-system-key: &x-system-key" "fastgpt-xxx" "$system_key" + replace_anchor "x-token-key: &x-token-key" "fastgpt" "$token_key" + replace_anchor "x-file-token-key: &x-file-token-key" "filetokenkey" "$file_token_key" + replace_anchor "x-aes256-secret-key: &x-aes256-secret-key" "fastgptsecret" "$aes256_secret_key" + replace_anchor "x-invoke-token-secret: &x-invoke-token-secret" "fastgpt_invoke_token_secret_32_chars_min" "$invoke_token_secret" + replace_anchor "x-plugin-auth-token: &x-plugin-auth-token" "token" "$plugin_token" + replace_anchor "x-plugin-auth-token: &x-plugin-auth-token" "fastgpt-plugin-token-please-change" "$plugin_token" + replace_anchor "x-code-sandbox-token: &x-code-sandbox-token" "codesandbox" "$code_sandbox_token" + replace_anchor "x-volume-manager-auth-token: &x-volume-manager-auth-token" "vmtoken" "$volume_manager_token" + replace_anchor "x-agent-sandbox-proxy-secret: &x-agent-sandbox-proxy-secret" "default_fastgpt_agent_sandbox_proxy_secret" "$agent_proxy_secret" + replace_anchor "x-aiproxy-token: &x-aiproxy-token" "token" "$aiproxy_token" + + # 旧版本没有为这些密钥设置 anchor,需要直接替换环境变量默认值。 + replace_text "TOKEN_KEY: fastgpt" "TOKEN_KEY: $token_key" + replace_text "FILE_TOKEN_KEY: filetokenkey" "FILE_TOKEN_KEY: $file_token_key" + replace_text "AES256_SECRET_KEY: fastgptsecret" "AES256_SECRET_KEY: $aes256_secret_key" + replace_text "INVOKE_TOKEN_SECRET: fastgpt_invoke_token_secret_32_chars_min" "INVOKE_TOKEN_SECRET: $invoke_token_secret" + + # MongoDB 主库与 plugin 独立库使用同一个 Mongo root 密码。 + replace_text "mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt?authSource=admin" "mongodb://myusername:$mongo_password@fastgpt-mongo:27017/fastgpt?authSource=admin" + replace_text "mongodb://myusername:mypassword@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin" "mongodb://myusername:$mongo_password@fastgpt-mongo:27017/fastgpt-plugin?authSource=admin" + replace_text "- MONGO_INITDB_ROOT_PASSWORD=mypassword" "- MONGO_INITDB_ROOT_PASSWORD=$mongo_password" + replace_text "'-p', 'mypassword'" "'-p', '$mongo_password'" + replace_text " mongo -u myusername -p mypassword " " mongo -u myusername -p $mongo_password " + + # Redis 密码需要同时改连接串、启动命令和健康检查。 + replace_text "redis://default:mypassword@fastgpt-redis:6379" "redis://default:$redis_password@fastgpt-redis:6379" + replace_text "redis-server --requirepass mypassword " "redis-server --requirepass $redis_password " + replace_text "'redis-cli', '-a', 'mypassword', 'ping'" "'redis-cli', '-a', '$redis_password', 'ping'" + + # FastGPT 自带 MinIO。用户名保持 minioadmin 便于识别和登录控制台,只随机化密钥。 + replace_text "STORAGE_SECRET_ACCESS_KEY: minioadmin" "STORAGE_SECRET_ACCESS_KEY: $minio_password" + replace_text "- MINIO_ROOT_PASSWORD=minioadmin" "- MINIO_ROOT_PASSWORD=$minio_password" + + # 本地 PG 向量库,仅在选择 pg 时存在。 + replace_text "PG_URL: postgresql://username:password@fastgpt-vector:5432/postgres" "PG_URL: postgresql://username:$pg_password@fastgpt-vector:5432/postgres" + replace_text "- POSTGRES_PASSWORD=password" "- POSTGRES_PASSWORD=$pg_password" + + # AIProxy 自带 PG。 + replace_text "SQL_DSN: postgres://postgres:aiproxy@fastgpt-aiproxy-pg:5432/aiproxy" "SQL_DSN: postgres://postgres:$aiproxy_pg_password@fastgpt-aiproxy-pg:5432/aiproxy" + replace_text "POSTGRES_PASSWORD: aiproxy" "POSTGRES_PASSWORD: $aiproxy_pg_password" + + # OceanBase / SeekDB 向量库,仅在对应选择下存在。 + replace_text "OCEANBASE_URL: mysql://root%40tenantname:tenantpassword@fastgpt-vector:2881/mysql" "OCEANBASE_URL: mysql://root%40tenantname:$oceanbase_tenant_password@fastgpt-vector:2881/mysql" + replace_text "- OB_SYS_PASSWORD=obsyspassword" "- OB_SYS_PASSWORD=$oceanbase_sys_password" + replace_text "- OB_TENANT_PASSWORD=tenantpassword" "- OB_TENANT_PASSWORD=$oceanbase_tenant_password" + replace_text "-ptenantpassword" "-p$oceanbase_tenant_password" + replace_text "SEEKDB_URL: mysql://root:seekdbpassword@fastgpt-vector:2881/mysql" "SEEKDB_URL: mysql://root:$seekdb_password@fastgpt-vector:2881/mysql" + replace_text "- ROOT_PASSWORD=seekdbpassword" "- ROOT_PASSWORD=$seekdb_password" + replace_text "'-pseekdbpassword'" "'-p$seekdb_password'" + + # openGauss 向量库,仅在对应选择下存在。连接串中的 @ 必须编码为 %40。 + replace_text "OPENGAUSS_URL: postgresql://gaussdb:FastGPT@123@fastgpt-vector:5432/fastgpt" "OPENGAUSS_URL: postgresql://gaussdb:${opengauss_password/@/%40}@fastgpt-vector:5432/fastgpt" + replace_text "- GS_PASSWORD=FastGPT@123" "- GS_PASSWORD=$opengauss_password" +} + # ========== 部署版本列表(由 deploy/init.mjs 自动生成) ========== # BEGIN GENERATED DEPLOY VERSIONS DEPLOY_VERSIONS=( + "v4.15" "v4.14" "main" ) # END GENERATED DEPLOY VERSIONS +LOCAL_DEPLOY_VERSION="local" +LOCAL_DEPLOY_LABEL="本地 docker-compose.yml" # 获取部署版本展示文案:main 为迭代版,其他版本均视为稳定版 get_version_label() { local version="$1" - if [ "$version" == "main" ]; then + if [ "$version" == "$LOCAL_DEPLOY_VERSION" ]; then + echo "$LOCAL_DEPLOY_LABEL" + elif [ "$version" == "main" ]; then echo "迭代版 main" else echo "稳定版 $version" @@ -94,7 +312,15 @@ if [ ${#DEPLOY_VERSIONS[@]} -eq 0 ]; then exit 1 fi -if [ -n "$FASTGPT_DEPLOY_VERSION" ]; then +LOCAL_COMPOSE_PATH="" +if [ -n "$FASTGPT_LOCAL_COMPOSE_PATH" ]; then + DEPLOY_VERSION="$LOCAL_DEPLOY_VERSION" + LOCAL_COMPOSE_PATH="$(resolve_input_path "$FASTGPT_LOCAL_COMPOSE_PATH")" + if [ ! -f "$LOCAL_COMPOSE_PATH" ]; then + echo "错误: FASTGPT_LOCAL_COMPOSE_PATH 指向的文件不存在: $LOCAL_COMPOSE_PATH" + exit 1 + fi +elif [ -n "$FASTGPT_DEPLOY_VERSION" ]; then version_matched=false for version in "${DEPLOY_VERSIONS[@]}"; do if [ "$FASTGPT_DEPLOY_VERSION" == "$version" ]; then @@ -107,7 +333,7 @@ if [ -n "$FASTGPT_DEPLOY_VERSION" ]; then DEPLOY_VERSION="$FASTGPT_DEPLOY_VERSION" else echo "错误: 不支持的 FASTGPT_DEPLOY_VERSION: $FASTGPT_DEPLOY_VERSION" - echo "可选版本: ${DEPLOY_VERSIONS[*]}" + echo "可选版本: ${DEPLOY_VERSIONS[*]} $LOCAL_DEPLOY_VERSION" exit 1 fi else @@ -115,20 +341,30 @@ else for version in "${DEPLOY_VERSIONS[@]}"; do VERSION_OPTIONS+=("$(get_version_label "$version")") done + VERSION_OPTIONS+=("$LOCAL_DEPLOY_LABEL") radio_select "请选择部署版本 (↑↓ 选择, 回车确认):" "${VERSION_OPTIONS[@]}" - DEPLOY_VERSION="${DEPLOY_VERSIONS[$RADIO_RESULT]}" + if [ $RADIO_RESULT -eq ${#DEPLOY_VERSIONS[@]} ]; then + DEPLOY_VERSION="$LOCAL_DEPLOY_VERSION" + prompt_local_compose_path + else + DEPLOY_VERSION="${DEPLOY_VERSIONS[$RADIO_RESULT]}" + fi fi # ========== 3. 选择向量数据库 ========== -radio_select "请选择向量数据库 (↑↓ 选择, 回车确认):" "PostgreSQL + pgvector" "Milvus" "Zilliz" "OceanBase" "SeekDB" -case $RADIO_RESULT in - 1) VECTOR="milvus" ;; - 2) VECTOR="zilliz" ;; - 3) VECTOR="oceanbase" ;; - 4) VECTOR="seekdb" ;; - *) VECTOR="pg" ;; -esac +if [ "$DEPLOY_VERSION" == "$LOCAL_DEPLOY_VERSION" ]; then + VECTOR="local" +else + radio_select "请选择向量数据库 (↑↓ 选择, 回车确认):" "PostgreSQL + pgvector" "Milvus" "Zilliz" "OceanBase" "SeekDB" + case $RADIO_RESULT in + 1) VECTOR="milvus" ;; + 2) VECTOR="zilliz" ;; + 3) VECTOR="oceanbase" ;; + 4) VECTOR="seekdb" ;; + *) VECTOR="pg" ;; + esac +fi # ========== 4. 检测可用 IP ========== IP_LIST=() @@ -250,8 +486,12 @@ fi echo "" echo "==============================" echo " 部署版本: $DEPLOY_VERSION_LABEL" -echo " 镜像源: $REGION_LABEL" -echo " 向量数据库: $VECTOR" +if [ "$DEPLOY_VERSION" == "$LOCAL_DEPLOY_VERSION" ]; then + echo " Compose 文件: $LOCAL_COMPOSE_PATH" +else + echo " 镜像源: $REGION_LABEL" + echo " 向量数据库: $VECTOR" +fi echo " S3 地址: $S3_DISPLAY" echo " MCP 地址: $MCP_DISPLAY" echo "==============================" @@ -262,36 +502,50 @@ if [ "$confirm" == "n" ]; then exit 1 fi -# ========== 下载文件 ========== +# ========== 获取配置文件 ========== echo "" -echo "正在下载配置文件..." - -# 构建下载链接(处理 global 下 zilliz 文件名差异) -VECTOR_FILE="$VECTOR" -if [ "$REGION" == "global" ] && [ "$VECTOR" == "zilliz" ]; then - VECTOR_FILE="zilliz" +if [ "$DEPLOY_VERSION" == "$LOCAL_DEPLOY_VERSION" ]; then + echo "正在复制本地配置文件..." +else + echo "正在下载配置文件..." fi -YML_URL="${BASE_URL}/docker/${DEPLOY_VERSION}/${REGION}/docker-compose.${VECTOR_FILE}.yml" +if [ "$DEPLOY_VERSION" == "$LOCAL_DEPLOY_VERSION" ]; then + LOCAL_COMPOSE_TMP="docker-compose.yml.tmp" + cp "$LOCAL_COMPOSE_PATH" "$LOCAL_COMPOSE_TMP" + if [ $? -ne 0 ]; then + echo "错误: 复制本地 docker-compose.yml 失败: $LOCAL_COMPOSE_PATH" + rm -f "$LOCAL_COMPOSE_TMP" + exit 1 + fi + validate_compose_file "$LOCAL_COMPOSE_TMP" "$LOCAL_COMPOSE_PATH" true + mv "$LOCAL_COMPOSE_TMP" docker-compose.yml + echo "已复制 docker-compose.yml" +else + # 构建下载链接(处理 global 下 zilliz 文件名差异) + VECTOR_FILE="$VECTOR" + if [ "$REGION" == "global" ] && [ "$VECTOR" == "zilliz" ]; then + VECTOR_FILE="zilliz" + fi -CONFIG_URL="${BASE_URL}/config/config.json" + YML_URL="${BASE_URL}/docker/${DEPLOY_VERSION}/${REGION}/docker-compose.${VECTOR_FILE}.yml" -# 下载 docker-compose YAML -curl -fsSL -O "$YML_URL" -if [ $? -ne 0 ]; then - echo "错误: 下载 YAML 文件失败: $YML_URL" - exit 1 + # 下载 docker-compose YAML + YML_FILE="docker-compose.${VECTOR_FILE}.yml" + curl -fsSL "$YML_URL" -o "$YML_FILE" + if [ $? -ne 0 ]; then + echo "错误: 下载 YAML 文件失败: $YML_URL" + rm -f "$YML_FILE" + exit 1 + fi + validate_compose_file "$YML_FILE" "$YML_URL" true + mv "$YML_FILE" docker-compose.yml + echo "已下载 docker-compose.yml" fi -mv "docker-compose.${VECTOR_FILE}.yml" docker-compose.yml -echo "已下载 docker-compose.yml" -# 下载 config.json -curl -fsSL -O "$CONFIG_URL" -if [ $? -ne 0 ]; then - echo "错误: 下载 config.json 失败: $CONFIG_URL" - exit 1 -fi -echo "已下载 config.json" +# ========== 随机化默认密钥 ========== +randomize_compose_credentials +echo "已随机生成 docker-compose.yml 中的登录密码、服务 Token、应用密钥和组件密码" # ========== 替换 S3 访问地址 ========== if [ -n "$S3_ADDR" ]; then @@ -355,21 +609,21 @@ if [ -n "$MCP_ADDR" ]; then fi if [[ "$OSTYPE" == "darwin"* ]]; then - sed -i '' "s|\"mcpServerProxyEndpoint\": \"\"|\"mcpServerProxyEndpoint\": \"$MCP_ENDPOINT\"|g" config.json + sed -i '' "s|^ MCP_SERVER_PROXY_ENDPOINT:.*| MCP_SERVER_PROXY_ENDPOINT: $MCP_ENDPOINT|g" docker-compose.yml else - sed -i "s|\"mcpServerProxyEndpoint\": \"\"|\"mcpServerProxyEndpoint\": \"$MCP_ENDPOINT\"|g" config.json + sed -i "s|^ MCP_SERVER_PROXY_ENDPOINT:.*| MCP_SERVER_PROXY_ENDPOINT: $MCP_ENDPOINT|g" docker-compose.yml fi if [ $? -eq 0 ]; then echo "已更新 MCP 访问地址为: $MCP_ENDPOINT" else - echo "警告: 替换 MCP 地址失败,请手动编辑 config.json 中的 mcpServerProxyEndpoint" + echo "警告: 替换 MCP 地址失败,请手动编辑 docker-compose.yml 中的 MCP_SERVER_PROXY_ENDPOINT" fi else - echo "警告: 未设置 MCP 地址,请手动编辑 config.json 中的 mcpServerProxyEndpoint" + echo "警告: 未设置 MCP 地址,请手动编辑 docker-compose.yml 中的 MCP_SERVER_PROXY_ENDPOINT" fi -if [ "$DEPLOY_VERSION" != "main" ]; then +if LC_ALL=C grep -q -- "- /var/run/docker.sock:/var/run/docker.sock" docker-compose.yml; then # ========== 检测并替换 docker.sock 路径 ========== # 某些发行版 / Docker Desktop / rootless 模式下,宿主机 docker.sock 不在 /var/run/docker.sock # 若路径错误,Docker 会把挂载目标在容器内创建为空目录,导致 volume-manager / opensandbox 无法调用 Docker API @@ -415,7 +669,7 @@ if [ "$DEPLOY_VERSION" != "main" ]; then else sed -i "s|- /var/run/docker.sock:/var/run/docker.sock|- ${ESCAPED_SOCK}:/var/run/docker.sock|g" docker-compose.yml fi - echo "已检测到 Docker socket: $HOST_SOCK,已更新 docker-compose.yml 挂载路径" + printf '已检测到 Docker socket: %s,已更新 docker-compose.yml 挂载路径\n' "$HOST_SOCK" else echo "Docker socket 路径正常: /var/run/docker.sock" fi @@ -429,18 +683,20 @@ fi # ========== 完成 ========== echo "" echo "配置下载成功! 后续操作:" -if [ "$DEPLOY_VERSION" != "main" ]; then +echo " 注意: docker-compose.yml 已随机生成登录密码、服务 Token、应用密钥和组件密码。" +echo " 请妥善保存该文件,后续升级时不要直接丢失这些凭证。" +if LC_ALL=C grep -q "opensandbox-agent-sandbox-image" docker-compose.yml; then echo " 1. 预热沙盒: docker compose --profile prepull pull opensandbox-agent-sandbox-image opensandbox-execd-image opensandbox-egress-image" echo " 2. 启动服务: docker compose up -d" echo " 3. 开放端口: 3000, 9000, 3003" echo " 4. 访问服务: http://localhost:3000" - echo " 5. 登录服务: 默认账号为 'root', 密码为: '1234'" + echo " 5. 登录服务: 默认账号为 'root', 密码为: '$ROOT_LOGIN_PASSWORD'" echo " 6. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" else echo " 1. 启动服务: docker compose up -d" echo " 2. 开放端口: 3000, 9000, 3003" echo " 3. 访问服务: http://localhost:3000" - echo " 4. 登录服务: 默认账号为 'root', 密码为: '1234'" + echo " 4. 登录服务: 默认账号为 'root', 密码为: '$ROOT_LOGIN_PASSWORD'" echo " 5. 配置模型: 在 '账号-模型提供商' 页面,进行模型配置" fi echo "" diff --git a/packages/global/openapi/admin/index.ts b/packages/global/openapi/admin/index.ts new file mode 100644 index 000000000000..086b4648f862 --- /dev/null +++ b/packages/global/openapi/admin/index.ts @@ -0,0 +1 @@ +export { adminOpenAPIDocument } from '../provider/admin'; diff --git a/packages/service/env.ts b/packages/service/env.ts index 77a142a2b215..7873e79df70f 100644 --- a/packages/service/env.ts +++ b/packages/service/env.ts @@ -17,6 +17,9 @@ const SYSTEM_STRING_LENGTH_UNIT = 1_000_000; const LogLevelSchema = z.enum(['trace', 'debug', 'info', 'warning', 'error', 'fatal']); const StorageVendorSchema = z.enum(['minio', 'aws-s3', 'cos', 'oss']); const StorageCosProtocolSchema = z.enum(['https:', 'http:']); +const AgentSandboxProxyUrlSchema = z.string().refine((url) => /^wss?:\/\//.test(url), { + message: 'AGENT_SANDBOX_PROXY_URL must start with ws:// or wss://' +}); const TEST_INVOKE_TOKEN_SECRET = 'fastgpt_test_invoke_token_secret_32'; /** @@ -74,6 +77,7 @@ export const serviceEnv = createEnv({ .string() .min(32, 'AGENT_SANDBOX_PROXY_SECRET must be at least 32 characters') .optional(), + AGENT_SANDBOX_PROXY_URL: AgentSandboxProxyUrlSchema.optional(), // Agent sandbox AGENT_SANDBOX_PROVIDER: z.enum(['sealosdevbox', 'opensandbox', 'e2b']).optional(), IDE_AGENT_BIND_ADDR: z.string().default('0.0.0.0:1318'), @@ -110,6 +114,26 @@ export const serviceEnv = createEnv({ AGENT_SANDBOX_NPM_REGISTRY: z.string().optional(), AGENT_SANDBOX_PYPI_INDEX_URL: z.string().optional(), + // PDF 增强解析 + CUSTOM_PDF_PARSE_URL: UrlSchema.optional().meta({ + description: '自定义 PDF 解析服务地址' + }), + CUSTOM_PDF_PARSE_KEY: z.string().optional().meta({ + description: '自定义 PDF 解析服务密钥' + }), + DOC2X_KEY: z.string().optional().meta({ + description: 'Doc2x PDF 解析服务密钥' + }), + TEXTIN_APP_ID: z.string().optional().meta({ + description: '合合信息 Textin 服务 App ID' + }), + TEXTIN_SECRET_CODE: z.string().optional().meta({ + description: '合合信息 Textin 服务 Secret Code' + }), + CUSTOM_PDF_PARSE_PRICE: NumSchema.default(0).meta({ + description: 'PDF 增强解析单价' + }), + // ==================== 数据库与缓存 ==================== // Redisg REDIS_URL: z.string().default('redis://default:mypassword@localhost:6379'), @@ -144,6 +168,12 @@ export const serviceEnv = createEnv({ MILVUS_ADDRESS: z.string().optional().meta({ description: 'Milvus 向量库连接参数' }), MILVUS_TOKEN: z.string().optional().meta({ description: 'Milvus 向量库Token' }), OPENGAUSS_URL: z.string().optional().meta({ description: 'openGauss 向量库连接参数' }), + HNSW_EF_SEARCH: IntSchema.min(1).default(100).meta({ + description: '向量检索 hnsw ef_search 参数,仅对 PG / OB / OpenGauss 生效' + }), + HNSW_MAX_SCAN_TUPLES: IntSchema.min(1).default(100000).meta({ + description: '向量检索最大扫描数据量,仅对 PG 生效' + }), // 对象存储 STORAGE_VENDOR: StorageVendorSchema.default('minio'), @@ -216,6 +246,9 @@ export const serviceEnv = createEnv({ .string() .optional() .meta({ description: '自定义跨域;不配置时默认允许所有跨域(逗号分割)' }), + FILE_URL_WHITELIST: z.string().optional().meta({ + description: '文件 URL 白名单,逗号或空白分隔' + }), MULTIPLE_DATA_TO_BASE64: BoolSchema.default(true).meta({ description: '是否强制将图片、音频、视频转成 base64 传递给模型' }), @@ -280,6 +313,21 @@ export const serviceEnv = createEnv({ EVAL_CONCURRENCY: IntSchema.default(3).meta({ description: '评估任务 worker 并发数' }), + DATASET_PARSE_MAX_PROCESS: IntSchema.min(1).default(10).meta({ + description: '知识库文件解析最大并发数' + }), + VECTOR_MAX_PROCESS: IntSchema.min(1).default(10).meta({ + description: '向量训练最大并发数' + }), + QA_MAX_PROCESS: IntSchema.min(1).default(10).meta({ + description: '问答拆分最大并发数' + }), + VLM_MAX_PROCESS: IntSchema.min(1).default(10).meta({ + description: '图片理解模型最大处理并发数' + }), + WORKFLOW_HTTP_IGNORE_HTTPS_CERT: BoolSchema.default(false).meta({ + description: '工作流 HTTP 节点是否忽略 HTTPS 证书校验' + }), // ==================== 资源限制 ==================== SERVICE_REQUEST_MAX_CONTENT_LENGTH: IntSchema.default(10).meta({ description: '服务器接收请求的最大大小(MB)' @@ -329,6 +377,14 @@ if (serviceEnv.WORKFLOW_PARALLEL_MAX_CONCURRENCY > serviceEnv.WORKFLOW_MAX_LOOP_ ); } +if (!isPhaseProductionBuild && hasAgentSandboxConfigFromEnv(process.env)) { + if (!serviceEnv.AGENT_SANDBOX_PROXY_URL) { + throw new Error( + 'AGENT_SANDBOX_PROXY_URL is required when Agent Sandbox is enabled. Please configure a browser-accessible ws:// or wss:// agent-sandbox-proxy URL.' + ); + } +} + export const SYSTEM_MAX_STRING_LENGTH = serviceEnv.SYSTEM_MAX_STRING_LENGTH_M * SYSTEM_STRING_LENGTH_UNIT; diff --git a/packages/service/test/core/ai/sandbox/provider/config.test.ts b/packages/service/test/core/ai/sandbox/provider/config.test.ts index 5b32bb215361..c57281b769dd 100644 --- a/packages/service/test/core/ai/sandbox/provider/config.test.ts +++ b/packages/service/test/core/ai/sandbox/provider/config.test.ts @@ -13,7 +13,8 @@ const originalEnv = { AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO: process.env.AGENT_SANDBOX_OPENSANDBOX_IMAGE_REPO, AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG: process.env.AGENT_SANDBOX_OPENSANDBOX_IMAGE_TAG, AGENT_SANDBOX_MAX_FILE_SIZE: process.env.AGENT_SANDBOX_MAX_FILE_SIZE, - AGENT_SANDBOX_PROXY_SECRET: process.env.AGENT_SANDBOX_PROXY_SECRET + AGENT_SANDBOX_PROXY_SECRET: process.env.AGENT_SANDBOX_PROXY_SECRET, + AGENT_SANDBOX_PROXY_URL: process.env.AGENT_SANDBOX_PROXY_URL }; const loadSandboxConfigModule = async () => { @@ -39,6 +40,7 @@ describe('sandbox provider config', () => { beforeEach(() => { vi.clearAllMocks(); vi.stubEnv('AGENT_SANDBOX_PROXY_SECRET', 'test-secret-123456789012345678901234'); + vi.stubEnv('AGENT_SANDBOX_PROXY_URL', 'ws://localhost:1006'); }); afterEach(() => { @@ -64,6 +66,7 @@ describe('sandbox provider config', () => { ); vi.stubEnv('AGENT_SANDBOX_MAX_FILE_SIZE', originalEnv.AGENT_SANDBOX_MAX_FILE_SIZE); vi.stubEnv('AGENT_SANDBOX_PROXY_SECRET', originalEnv.AGENT_SANDBOX_PROXY_SECRET); + vi.stubEnv('AGENT_SANDBOX_PROXY_URL', originalEnv.AGENT_SANDBOX_PROXY_URL); vi.unstubAllGlobals(); }); diff --git a/packages/service/test/core/workflow/dispatch/ai/agent/piAgent/index.test.ts b/packages/service/test/core/workflow/dispatch/ai/agent/piAgent/index.test.ts index 74da7a716370..96ec72c9e322 100644 --- a/packages/service/test/core/workflow/dispatch/ai/agent/piAgent/index.test.ts +++ b/packages/service/test/core/workflow/dispatch/ai/agent/piAgent/index.test.ts @@ -10,6 +10,7 @@ import { FlowNodeTypeEnum } from '@fastgpt/global/core/workflow/node/constant'; import { DispatchNodeResponseKeyEnum } from '@fastgpt/global/core/workflow/runtime/constants'; import { runWithContext } from '@fastgpt/service/core/workflow/utils/context'; import { SANDBOX_TOOLS } from '@fastgpt/global/core/ai/sandbox/tools'; +import { getSandboxRuntimeProfile } from '../../../../../../../core/ai/sandbox/runtime/profile'; const { agentPromptMock, @@ -486,7 +487,8 @@ describe('dispatchPiAgent user context', () => { expect.objectContaining({ url: '/current.pdf' }) - ] + ], + workDirectory: getSandboxRuntimeProfile().workDirectory }); expect(agentConstructorArgs[0].initialState.systemPrompt).not.toContain('pwd: /workspace'); expect(agentPromptMock.mock.calls[0][0]).toContain('当前 sandbox 工作目录: /workspace'); diff --git a/packages/service/test/env.test.ts b/packages/service/test/env.test.ts index 09d3793d8506..2f9b31c764ee 100644 --- a/packages/service/test/env.test.ts +++ b/packages/service/test/env.test.ts @@ -96,4 +96,43 @@ describe('serviceEnv', () => { } }); }); + + it('未启用 Agent Sandbox 时允许 AGENT_SANDBOX_PROXY_URL 为空', async () => { + vi.stubEnv('FILE_TOKEN_KEY', 'filetokenkey'); + vi.stubEnv('AES256_SECRET_KEY', 'fastgptsecret'); + vi.stubEnv('INVOKE_TOKEN_SECRET', validInvokeTokenSecret); + vi.stubEnv('VITEST', 'true'); + vi.stubEnv('AGENT_SANDBOX_PROVIDER', ''); + vi.stubEnv('AGENT_SANDBOX_PROXY_URL', ''); + + await expect(importServiceEnv()).resolves.toBeDefined(); + }); + + it('启用 opensandbox 时要求配置 AGENT_SANDBOX_PROXY_URL', async () => { + vi.stubEnv('FILE_TOKEN_KEY', 'filetokenkey'); + vi.stubEnv('AES256_SECRET_KEY', 'fastgptsecret'); + vi.stubEnv('INVOKE_TOKEN_SECRET', validInvokeTokenSecret); + vi.stubEnv('VITEST', 'true'); + vi.stubEnv('NODE_ENV', 'development'); + vi.stubEnv('AGENT_SANDBOX_PROVIDER', 'opensandbox'); + vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_BASEURL', 'http://mock-opensandbox.local'); + vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_API_KEY', 'mock-opensandbox-api-key'); + vi.stubEnv('AGENT_SANDBOX_PROXY_URL', ''); + + await expect(importServiceEnv()).rejects.toThrow('AGENT_SANDBOX_PROXY_URL is required'); + }); + + it('启用 opensandbox 时要求 AGENT_SANDBOX_PROXY_URL 是 WebSocket 地址', async () => { + vi.stubEnv('FILE_TOKEN_KEY', 'filetokenkey'); + vi.stubEnv('AES256_SECRET_KEY', 'fastgptsecret'); + vi.stubEnv('INVOKE_TOKEN_SECRET', validInvokeTokenSecret); + vi.stubEnv('VITEST', 'true'); + vi.stubEnv('NODE_ENV', 'development'); + vi.stubEnv('AGENT_SANDBOX_PROVIDER', 'opensandbox'); + vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_BASEURL', 'http://mock-opensandbox.local'); + vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_API_KEY', 'mock-opensandbox-api-key'); + vi.stubEnv('AGENT_SANDBOX_PROXY_URL', 'http://localhost:1006'); + + await expect(importServiceEnv()).rejects.toThrow('AGENT_SANDBOX_PROXY_URL'); + }); }); diff --git a/projects/app/.env.template b/projects/app/.env.template index 58112e18514b..9b060029d100 100644 --- a/projects/app/.env.template +++ b/projects/app/.env.template @@ -1,13 +1,43 @@ -# ==================== 基础配置 ==================== -LOG_DEPTH=3 +# appEnv:仅 FastGPT App 使用,定义见 projects/app/src/env.ts +# serviceEnv:App + Pro 共用,定义见 packages/service/env.ts + +# ==================== appEnv · 基础与前端 ==================== # 默认用户密码(用户名为 root),每次重启会自动更新。 DEFAULT_ROOT_PSW=123456 +# Next.js 构建注入的前端展示信息 +SYSTEM_NAME=AI +SYSTEM_DESCRIPTION= +SYSTEM_FAVICON= + +# ==================== appEnv · 产品功能开关 ==================== +# MCP Server 代理地址,用于 MCP 使用方式页拼接 SSE 地址(末尾不要带 /) +MCP_SERVER_PROXY_ENDPOINT=http://localhost:3003 +# 插件市场地址 +MARKETPLACE_URL=https://v2.marketplace.fastgpt.cn +# 是否展示兑换码功能 +SHOW_COUPON=false +# 是否展示优惠券功能 +SHOW_DISCOUNT_COUPON=false +# 是否隐藏版权信息配置,只有值为 true 时隐藏 +HIDE_CHAT_COPYRIGHT_SETTING= +# 中文 IP 重定向地址 +CHINESE_IP_REDIRECT_URL= +# 付费表单地址 +PAY_FORM_URL= +# 是否展示 Agent Sandbox 免费提示 +AGENT_SANDBOX_FREE_TIP=false +# 单个团队成员最多可创建的系统 API Key 数量,最小值为 1 +OPENAPI_KEY_MAX_COUNT=100 +# 密码过期月份(不设置则不过期) +PASSWORD_EXPIRED_MONTH= + +# ==================== serviceEnv · 基础配置 ==================== # 数据库最大连接数 DB_MAX_LINK=5 # 自动同步索引 SYNC_INDEX=true -# ==================== 密钥 ==================== +# ==================== serviceEnv · 密钥 ==================== # 用户账号密钥 TOKEN_KEY=fastgpt # 文件阅读时的密钥 @@ -19,7 +49,7 @@ INVOKE_TOKEN_SECRET=fastgpt_invoke_token_secret_32_chars_min # root key(最高权限) ROOT_KEY=fdafasd -# ==================== 服务地址与集成 ==================== +# ==================== serviceEnv · 服务地址与集成 ==================== # 商业版地址 # PRO_URL= @@ -35,8 +65,9 @@ CODE_SANDBOX_TOKEN=codesandbox AIPROXY_API_ENDPOINT=http://localhost:3010 AIPROXY_API_TOKEN=token -# 插件市场地址 -MARKETPLACE_URL=https://v2.marketplace.fastgpt.cn +# OpenAI 配置(按需启用) +# OPENAI_BASE_URL=https://api.openai.com/v1 +# CHAT_API_KEY=sk-xxxx # Agent sandbox AGENT_SANDBOX_PROVIDER= @@ -73,16 +104,31 @@ AGENT_SANDBOX_NPM_REGISTRY= # Agent 沙箱内 pip/python -m pip/uv 使用的 PyPI index URL(可选) AGENT_SANDBOX_PYPI_INDEX_URL= -# ==================== 沙盒代理 (agent-sandbox-proxy) 与网络配置 ==================== +# ==================== serviceEnv · PDF 增强解析(可选) ==================== +# 自定义 PDF 解析服务地址 +# CUSTOM_PDF_PARSE_URL= +# 自定义 PDF 解析服务密钥 +# CUSTOM_PDF_PARSE_KEY= +# Doc2x PDF 解析服务密钥 +# DOC2X_KEY= +# 合合信息 Textin 服务 App ID +# TEXTIN_APP_ID= +# 合合信息 Textin 服务 Secret Code +# TEXTIN_SECRET_CODE= +# PDF 增强解析单价 +CUSTOM_PDF_PARSE_PRICE=0 + +# ==================== serviceEnv · 沙盒代理 (agent-sandbox-proxy) ==================== # JWT 验签与内网安全物理阻断密钥 (必须与 Rust Proxy 的 AGENT_SANDBOX_PROXY_SECRET 环境变量保持完全一致) # 生产环境必须配置为至少 32 字节的高强度随机值,不能使用示例占位。 AGENT_SANDBOX_PROXY_SECRET=default_fastgpt_agent_sandbox_proxy_secret # 浏览器客户端连接沙盒代理的对外 WebSocket 地址。 -# 启用 Agent Sandbox(show_agent_sandbox)时必填;未启用时可留空。 +# 启用 Agent Sandbox 时必填;未启用时可留空。 # 开发环境建议配置为 ws://localhost:1006 (指向本地运行的 Rust 代理)。 # 生产环境请配置浏览器可访问的 ws:// 或 wss:// 代理地址。 AGENT_SANDBOX_PROXY_URL=ws://localhost:1006 -# ==================== 对象存储 ==================== + +# ==================== serviceEnv · 对象存储 ==================== # 存储供应商;如果是 Sealos 的对象存储请填 aws-s3 STORAGE_VENDOR=minio STORAGE_REGION=us-east-1 @@ -97,7 +143,7 @@ STORAGE_S3_FORCE_PATH_STYLE=true STORAGE_S3_MAX_RETRIES=3 STORAGE_PUBLIC_ACCESS_EXTRA_SUB_PATH= -# ==================== 数据库与缓存 ==================== +# ==================== serviceEnv · 数据库与缓存 ==================== # Redis URL REDIS_URL=redis://default:mypassword@localhost:6379 # 流式恢复 Redis 镜像 TTL(秒):生成中续期 / 结束后缩短,默认 300 / 30 @@ -127,8 +173,12 @@ PG_URL=postgresql://username:password@localhost:5432/postgres # MILVUS_TOKEN= # openGauss 向量库连接参数 # OPENGAUSS_URL=postgresql://gaussdb:FastGPT@123@localhost:5432/fastgpt +# 向量检索 hnsw ef_search 参数,仅对 PG / OB / OpenGauss 生效 +HNSW_EF_SEARCH=100 +# 向量检索最大扫描数据量,仅对 PG 生效 +HNSW_MAX_SCAN_TUPLES=100000 -# ==================== 日志配置 ==================== +# ==================== serviceEnv · 日志配置 ==================== # 日志等级: trace | debug | info | warning | error | fatal LOG_ENABLE_CONSOLE=true LOG_CONSOLE_LEVEL=debug @@ -147,7 +197,7 @@ TRACING_ENABLE_OTEL=true TRACING_OTEL_URL=http://localhost:4318/v1/traces TRACING_OTEL_SERVICE_NAME=fastgpt-client -# ==================== 域名与前端 ==================== +# ==================== serviceEnv · 域名与前端 ==================== # 页面地址,用于自动补全相对路径资源的 domain(注意结尾不要带 /) FE_DOMAIN=http://localhost:3000 # 文件域名(也指向 FastGPT 服务);如需更高安全性可独立分配域名,避免高危文件读取到主域名内容 @@ -155,40 +205,27 @@ FILE_DOMAIN=http://localhost:3000 # 二级路由,需要在打包时确定 # NEXT_PUBLIC_BASE_URL=/fastai -# ==================== 安全配置 ==================== +# ==================== serviceEnv · 安全配置 ==================== # 启动 IP 限流(true);部分接口启用 IP 限流策略以防止异常请求 USE_IP_LIMIT=false # 启用内网 IP 检查 CHECK_INTERNAL_IP=false # 是否启用可信反向代理客户端 IP 校验 TRUSTED_PROXY_ENABLE=false -# 可信反向代理 IP/CIDR 列表,逗号或空白分隔。仅 TRUSTED_PROXY_ENABLE=true 时生效;仅显式可信代理传入的 X-Forwarded-For/X-Real-IP 会用于客户端 IP 解析 +# 可信反向代理 IP/CIDR 列表,逗号或空白分隔。仅 TRUSTED_PROXY_ENABLE=true 时生效 TRUSTED_PROXY_IPS= # 密码错误锁定时长(秒) PASSWORD_LOGIN_LOCK_SECONDS= -# 密码过期月份(不设置则不过期) -PASSWORD_EXPIRED_MONTH= # 最大登录客户端数量(默认 10) MAX_LOGIN_SESSION= # 自定义跨域;不配置时默认允许所有跨域(逗号分割) ALLOWED_ORIGINS= +# 文件 URL 白名单,逗号或空白分隔 +# FILE_URL_WHITELIST= # 强制将图片转成 base64 传递给模型 MULTIPLE_DATA_TO_BASE64=true -# ==================== 功能开关与特殊配置 ==================== -# 是否展示兑换码功能 -SHOW_COUPON=false -# 是否展示优惠券功能 -SHOW_DISCOUNT_COUPON=false -# 自定义 config.json 路径 -CONFIG_JSON_PATH= -# 申请应用备案地址 -APP_REGISTRATION_URL= -# 是否隐藏版权信息配置,只有值为 true 时隐藏 -HIDE_CHAT_COPYRIGHT_SETTING= -# 单个团队成员最多可创建的系统 API Key 数量,最小值为 1 -OPENAPI_KEY_MAX_COUNT=100 - +# ==================== serviceEnv · Beta features ==================== # Agent 引擎选择:default(Plan+Step 编排)| pi(pi-agent-core 引擎) AGENT_ENGINE=default # 辅助生成模型(暂时只能指定一个,需保证系统中已激活该模型) @@ -196,8 +233,10 @@ HELPER_BOT_MODEL=qwen-max # 对话标题生成模型(不填则使用默认 LLM 模型) CHAT_TITLE_MODEL= SKIP_FILE_TYPE_CHECK=false +# 是否禁用系统内存缓存 +# DISABLE_CACHE=false -# ==================== 对话日志推送(可选) ==================== +# ==================== serviceEnv · 对话日志推送(可选) ==================== # 日志服务地址 # CHAT_LOG_URL=http://localhost:8080 # 日志推送间隔 @@ -205,27 +244,39 @@ SKIP_FILE_TYPE_CHECK=false # 日志来源 ID 前缀 # CHAT_LOG_SOURCE_ID_PREFIX=fastgpt- -# ==================== 并发控制与限制 ==================== -# 微信渠道 poll worker 并发数(默认 1000),需 ≥ online channel 数;channel 数超过该值时消息延迟会线性恶化 +# ==================== serviceEnv · 并发控制与限制 ==================== +# 微信渠道 poll worker 并发数(默认 1000),需 ≥ online channel 数 WECHAT_CHANNEL_CONCURRENCY=1000 # 文件解析 worker 并发数 PARSE_FILE_WORKERS=10 +# 知识库文件解析队列最大并发数 +DATASET_PARSE_MAX_PROCESS=10 # 文件解析超时时间(秒) PARSE_FILE_TIMEOUT_SECONDS=600 # HTML 转 Markdown worker 并发数 HTML_TO_MARKDOWN_WORKERS=10 # 文本切块 worker 并发数 TEXT_TO_CHUNKS_WORKERS=10 +# 向量训练队列最大并发数 +VECTOR_MAX_PROCESS=10 +# 问答拆分队列最大并发数 +QA_MAX_PROCESS=10 +# 图片理解模型处理队列最大并发数 +VLM_MAX_PROCESS=10 # 工作流最大运行次数,避免极端死循环 WORKFLOW_MAX_RUN_TIMES=500 # 循环/并行节点最大输入数组长度(默认 100) WORKFLOW_MAX_LOOP_TIMES=100 # 并行节点并发上限(最终会 clamp 到 [5, 100],默认 10) WORKFLOW_PARALLEL_MAX_CONCURRENCY=10 +# 工作流 HTTP 节点是否忽略 HTTPS 证书校验 +WORKFLOW_HTTP_IGNORE_HTTPS_CERT=false # 工作流 QPM(若用户套餐有限制,这里不生效) CHAT_MAX_QPM=5000 +# 系统同步字符串处理最大字符数(M,1M=1,000,000 字符) +SYSTEM_MAX_STRING_LENGTH_M=100 -# ==================== 资源限制 ==================== +# ==================== serviceEnv · 资源限制 ==================== # 服务器接收请求的最大大小(MB) SERVICE_REQUEST_MAX_CONTENT_LENGTH=10 # 允许的最深文件夹层级,默认 4,范围 2~20(根目录下最多 4 层文件夹) diff --git a/projects/app/Dockerfile b/projects/app/Dockerfile index 81451d61f2ba..63f37fe943b1 100644 --- a/projects/app/Dockerfile +++ b/projects/app/Dockerfile @@ -91,7 +91,6 @@ COPY --from=maindeps /app/node_modules/@zilliz/milvus2-sdk-node ./node_modules/@ # copy package.json to version file COPY --from=builder /app/projects/app/package.json ./package.json # copy config and data files (use --chown to avoid extra layer from chown) -COPY --chown=nextjs:nodejs ./projects/app/data/config.json /app/data/config.json COPY --chown=nextjs:nodejs ./projects/app/data/test.mp3 /app/data/test.mp3 COPY --chown=nextjs:nodejs ./projects/app/data/GeoLite2-City.mmdb /app/data/GeoLite2-City.mmdb diff --git a/projects/app/data/config.json b/projects/app/data/config.json deleted file mode 100644 index 1022a8f86240..000000000000 --- a/projects/app/data/config.json +++ /dev/null @@ -1,22 +0,0 @@ -// 已使用 json5 进行解析,会自动去掉注释,无需手动去除 -{ - "feConfigs": { - "mcpServerProxyEndpoint": "http://localhost:3003" // mcp server 代理地址,例如: http://localhost:3004 - }, - "systemEnv": { - "datasetParseMaxProcess": 10, // 知识库文件解析最大线程数量 - "vectorMaxProcess": 10, // 向量处理线程数量 - "qaMaxProcess": 10, // 问答拆分线程数量 - "vlmMaxProcess": 10, // 图片理解模型最大处理进程 - "hnswEfSearch": 100, // 向量搜索参数,仅对 PG 和 OB 生效。越大,搜索越精确,但是速度越慢。设置为100,有99%+精度。 - "hnswMaxScanTuples": 100000, // 向量搜索最大扫描数据量,仅对 PG生效。 - "customPdfParse": { - "url": "", // 自定义 PDF 解析服务地址 - "key": "", // 自定义 PDF 解析服务密钥 - "doc2xKey": "", // doc2x 服务密钥 - "textinAppId": "", // 合合信息 Textin 服务 App ID - "textinSecretCode": "", // 合合信息 Textin 服务 Secret Code - "price": 0 // PDF 解析服务价格 - } - } -} diff --git a/projects/app/src/env.ts b/projects/app/src/env.ts index 111134423c42..66a72d2aa006 100644 --- a/projects/app/src/env.ts +++ b/projects/app/src/env.ts @@ -1,17 +1,11 @@ import { createEnv } from '@t3-oss/env-core'; import z from 'zod'; -import { isPhaseProductionBuild } from '@fastgpt/global/common/system/constants'; import { BoolSchema, IntSchema, UrlSchema } from '@fastgpt/global/common/zod'; -import { hasAgentSandboxConfig } from '@fastgpt/global/core/ai/sandbox/env'; - -const AgentSandboxProxyUrlSchema = z.string().refine((url) => /^wss?:\/\//.test(url), { - message: 'AGENT_SANDBOX_PROXY_URL must start with ws:// or wss://' -}); export const appEnv = createEnv({ server: { DEFAULT_ROOT_PSW: z.string().default('123456'), - CONFIG_JSON_PATH: z.string().optional(), + MCP_SERVER_PROXY_ENDPOINT: UrlSchema.optional(), SYSTEM_NAME: z.string().default('AI'), SYSTEM_DESCRIPTION: z.string().default(''), SYSTEM_FAVICON: z.string().default(''), @@ -22,10 +16,8 @@ export const appEnv = createEnv({ SHOW_DISCOUNT_COUPON: BoolSchema.default(false), HIDE_CHAT_COPYRIGHT_SETTING: BoolSchema.default(false), AGENT_SANDBOX_FREE_TIP: BoolSchema.default(false), - AGENT_SANDBOX_PROXY_URL: AgentSandboxProxyUrlSchema.optional(), OPENAPI_KEY_MAX_COUNT: IntSchema.min(1).default(100), - // 临时 MARKETPLACE_URL: UrlSchema.default('https://v2.marketplace.fastgpt.cn'), PASSWORD_EXPIRED_MONTH: IntSchema.optional() }, @@ -41,11 +33,3 @@ export const appEnv = createEnv({ throw new Error(`Invalid app environment variables:\n${details}\n`); } }); - -if (!isPhaseProductionBuild && hasAgentSandboxConfig(process.env)) { - if (!appEnv.AGENT_SANDBOX_PROXY_URL) { - throw new Error( - 'AGENT_SANDBOX_PROXY_URL is required when Agent Sandbox is enabled. Please configure a browser-accessible ws:// or wss:// agent-sandbox-proxy URL.' - ); - } -} diff --git a/projects/app/src/service/common/system/index.ts b/projects/app/src/service/common/system/index.ts index d22799da691a..d733ec833152 100644 --- a/projects/app/src/service/common/system/index.ts +++ b/projects/app/src/service/common/system/index.ts @@ -1,8 +1,7 @@ -import fs, { existsSync } from 'fs'; +import fs from 'fs'; import type { FastGPTFeConfigsType } from '@fastgpt/global/common/system/types/index'; import type { FastGPTConfigFileType } from '@fastgpt/global/common/system/types/index'; import { getFastGPTConfigFromDB } from '@fastgpt/service/common/system/config/controller'; -import { isProduction } from '@fastgpt/global/common/system/constants'; import { initFastGPTConfig } from '@fastgpt/service/common/system/tools'; import json5 from 'json5'; import { defaultTemplateTypes } from '@fastgpt/web/core/workflow/constants'; @@ -30,29 +29,6 @@ const logger = getLogger(LogCategories.SYSTEM); const defaultOpenSourceLoginGuideDocUrl = 'https://doc.fastgpt.io/zh-CN/guide/version/cloud/faq#%E8%B4%A6%E5%8F%B7%E7%99%BB%E5%BD%95%E9%97%AE%E9%A2%98'; -export const readConfigData = async (name: string) => { - const splitName = name.split('.'); - const devName = `${splitName[0]}.local.${splitName[1]}`; - - const filename = (() => { - if (!isProduction) { - // check local file exists - const hasLocalFile = existsSync(`data/${devName}`); - if (hasLocalFile) { - return `data/${devName}`; - } - return `data/${name}`; - } - // Fallback to default production path - const envPath = appEnv.CONFIG_JSON_PATH || '/app/data'; - return `${envPath}/${name}`; - })(); - - const content = await fs.promises.readFile(filename, 'utf-8'); - - return content; -}; - /* Init global variables */ export function initGlobalVariables() { function initPlusRequest() { @@ -142,23 +118,15 @@ const defaultFeConfigs: FastGPTFeConfigsType = { }; export async function initSystemConfig() { - // load config - const [{ fastgptConfig, licenseData }, fileConfig] = await Promise.all([ - getFastGPTConfigFromDB(), - readConfigData('config.json') - ]); + const { fastgptConfig, licenseData } = await getFastGPTConfigFromDB(); global.licenseData = licenseData; - const fileRes = json5.parse(fileConfig) as FastGPTConfigFileType; - - // get config from database const config: FastGPTConfigFileType = { feConfigs: { - ...fileRes?.feConfigs, ...defaultFeConfigs, + mcpServerProxyEndpoint: appEnv.MCP_SERVER_PROXY_ENDPOINT, ...(fastgptConfig.feConfigs || {}), limit: { - ...fileRes?.feConfigs?.limit, ...defaultFeConfigs.limit, ...(fastgptConfig.feConfigs?.limit || {}) }, @@ -172,12 +140,35 @@ export async function initSystemConfig() { payFormUrl: appEnv.PAY_FORM_URL || '', agentSandboxFree: appEnv.AGENT_SANDBOX_FREE_TIP, - agentSandboxProxyUrl: appEnv.AGENT_SANDBOX_PROXY_URL || '' - }, - systemEnv: { - ...fileRes.systemEnv, - ...(fastgptConfig.systemEnv || {}) + agentSandboxProxyUrl: serviceEnv.AGENT_SANDBOX_PROXY_URL || '' }, + systemEnv: Object.assign( + { + datasetParseMaxProcess: serviceEnv.DATASET_PARSE_MAX_PROCESS, + vectorMaxProcess: serviceEnv.VECTOR_MAX_PROCESS, + qaMaxProcess: serviceEnv.QA_MAX_PROCESS, + vlmMaxProcess: serviceEnv.VLM_MAX_PROCESS, + hnswEfSearch: serviceEnv.HNSW_EF_SEARCH, + hnswMaxScanTuples: serviceEnv.HNSW_MAX_SCAN_TUPLES, + customPdfParse: { + url: serviceEnv.CUSTOM_PDF_PARSE_URL, + key: serviceEnv.CUSTOM_PDF_PARSE_KEY, + doc2xKey: serviceEnv.DOC2X_KEY, + textinAppId: serviceEnv.TEXTIN_APP_ID, + textinSecretCode: serviceEnv.TEXTIN_SECRET_CODE, + price: serviceEnv.CUSTOM_PDF_PARSE_PRICE + }, + fileUrlWhitelist: serviceEnv.FILE_URL_WHITELIST + ? serviceEnv.FILE_URL_WHITELIST.split(/[,;\s]+/) + .map((item) => item.trim()) + .filter(Boolean) + : undefined, + workflowHttpNode: { + ignoreHttpsCertificate: serviceEnv.WORKFLOW_HTTP_IGNORE_HTTPS_CERT + } + }, + fastgptConfig.systemEnv || {} + ), subPlans: fastgptConfig.subPlans }; diff --git a/projects/app/test/env.test.ts b/projects/app/test/env.test.ts index 6dad4a3019d0..5fecbd64d64f 100644 --- a/projects/app/test/env.test.ts +++ b/projects/app/test/env.test.ts @@ -5,31 +5,13 @@ const importAppEnv = async () => { return import('../src/env'); }; -const disableAgentSandboxEnv = () => { - vi.stubEnv('AGENT_SANDBOX_PROVIDER', ''); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_BASEURL', ''); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_API_KEY', ''); - vi.stubEnv('AGENT_SANDBOX_SEALOS_BASEURL', ''); - vi.stubEnv('AGENT_SANDBOX_SEALOS_TOKEN', ''); - vi.stubEnv('AGENT_SANDBOX_E2B_API_KEY', ''); - vi.stubEnv('AGENT_SANDBOX_PROXY_URL', ''); -}; - describe('app env validation', () => { afterEach(() => { vi.unstubAllEnvs(); vi.resetModules(); }); - it('未启用 Agent Sandbox 时允许 AGENT_SANDBOX_PROXY_URL 为空', async () => { - vi.stubEnv('AGENT_SANDBOX_PROVIDER', ''); - vi.stubEnv('AGENT_SANDBOX_PROXY_URL', ''); - - await expect(importAppEnv()).resolves.toBeDefined(); - }); - it('OPENAPI_KEY_MAX_COUNT 默认值为 100,且允许配置为最小值 1', async () => { - disableAgentSandboxEnv(); vi.stubEnv('OPENAPI_KEY_MAX_COUNT', ''); await expect(importAppEnv()).resolves.toMatchObject({ @@ -48,7 +30,6 @@ describe('app env validation', () => { }); it('OPENAPI_KEY_MAX_COUNT 必须是大于等于 1 的整数', async () => { - disableAgentSandboxEnv(); vi.stubEnv('OPENAPI_KEY_MAX_COUNT', '0'); await expect(importAppEnv()).rejects.toThrow('OPENAPI_KEY_MAX_COUNT'); @@ -57,22 +38,4 @@ describe('app env validation', () => { await expect(importAppEnv()).rejects.toThrow('OPENAPI_KEY_MAX_COUNT'); }); - - it('启用 opensandbox 时要求配置 AGENT_SANDBOX_PROXY_URL', async () => { - vi.stubEnv('AGENT_SANDBOX_PROVIDER', 'opensandbox'); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_BASEURL', 'http://mock-opensandbox.local'); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_API_KEY', 'mock-opensandbox-api-key'); - vi.stubEnv('AGENT_SANDBOX_PROXY_URL', ''); - - await expect(importAppEnv()).rejects.toThrow('AGENT_SANDBOX_PROXY_URL is required'); - }); - - it('启用 opensandbox 时要求 AGENT_SANDBOX_PROXY_URL 是 WebSocket 地址', async () => { - vi.stubEnv('AGENT_SANDBOX_PROVIDER', 'opensandbox'); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_BASEURL', 'http://mock-opensandbox.local'); - vi.stubEnv('AGENT_SANDBOX_OPENSANDBOX_API_KEY', 'mock-opensandbox-api-key'); - vi.stubEnv('AGENT_SANDBOX_PROXY_URL', 'http://localhost:1006'); - - await expect(importAppEnv()).rejects.toThrow('AGENT_SANDBOX_PROXY_URL'); - }); }); diff --git a/test/mocks/common/system.ts b/test/mocks/common/system.ts index 294cf1425a04..526c2334885e 100644 --- a/test/mocks/common/system.ts +++ b/test/mocks/common/system.ts @@ -11,9 +11,6 @@ vi.mock(import('@/service/common/system'), async (importOriginal) => { getSystemVersion: async () => { return '0.0.0'; }, - readConfigData: async () => { - return readFileSync('projects/app/data/config.json', 'utf-8'); - }, initSystemConfig: async () => { // read env from projects/app/.env const str = readFileSync('projects/app/.env.local', 'utf-8');