feat: 添加安全模块 + Dockerfile添加curl支持健康检查
主要更新: - 新增 security/ 安全模块 (风险评估、威胁检测、蜜罐等) - Dockerfile 添加 curl 以支持 Docker 健康检查 - 前端页面更新 (管理后台、用户端) - 数据库迁移和 schema 更新 - 新增 kdocs 上传服务 - 添加安全相关测试用例 Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Yu Yon
@@ -7,60 +7,48 @@ services:
|
||||
ports:
|
||||
- "51232:51233"
|
||||
volumes:
|
||||
- ./data:/app/data # 数据库持久化
|
||||
- ./logs:/app/logs # 日志持久化
|
||||
- ./截图:/app/截图 # 截图持久化
|
||||
- ./playwright:/ms-playwright # Playwright浏览器持久化(避免重复下载)
|
||||
- /etc/localtime:/etc/localtime:ro # 时区同步
|
||||
- ./static:/app/static # 静态文件(实时更新)
|
||||
- ./templates:/app/templates # 模板文件(实时更新)
|
||||
- ./app.py:/app/app.py # 主程序(实时更新)
|
||||
- ./database.py:/app/database.py # 数据库模块(实时更新)
|
||||
- ./data:/app/data
|
||||
- ./logs:/app/logs
|
||||
- ./截图:/app/截图
|
||||
- ./playwright:/ms-playwright
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- ./static:/app/static
|
||||
- ./templates:/app/templates
|
||||
- ./app.py:/app/app.py
|
||||
- ./database.py:/app/database.py
|
||||
# 代码热更新
|
||||
- ./services:/app/services
|
||||
- ./routes:/app/routes
|
||||
- ./db:/app/db
|
||||
- ./security:/app/security
|
||||
- ./realtime:/app/realtime
|
||||
- ./api_browser.py:/app/api_browser.py
|
||||
- ./app_config.py:/app/app_config.py
|
||||
- ./app_logger.py:/app/app_logger.py
|
||||
- ./app_security.py:/app/app_security.py
|
||||
- ./browser_pool_worker.py:/app/browser_pool_worker.py
|
||||
- ./crypto_utils.py:/app/crypto_utils.py
|
||||
- ./db_pool.py:/app/db_pool.py
|
||||
- ./email_service.py:/app/email_service.py
|
||||
- ./password_utils.py:/app/password_utils.py
|
||||
- ./playwright_automation.py:/app/playwright_automation.py
|
||||
- ./task_checkpoint.py:/app/task_checkpoint.py
|
||||
dns:
|
||||
- 223.5.5.5
|
||||
- 114.114.114.114
|
||||
- 119.29.29.29
|
||||
environment:
|
||||
- TZ=Asia/Shanghai
|
||||
- PYTHONUNBUFFERED=1
|
||||
- PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
|
||||
- PLAYWRIGHT_DOWNLOAD_HOST=https://npmmirror.com/mirrors/playwright
|
||||
# Flask 配置
|
||||
- FLASK_ENV=production
|
||||
- FLASK_DEBUG=false
|
||||
# 服务器配置
|
||||
- SERVER_HOST=0.0.0.0
|
||||
- SERVER_PORT=51233
|
||||
# 数据库配置
|
||||
- DB_FILE=data/app_data.db
|
||||
- DB_POOL_SIZE=5
|
||||
# 并发控制配置
|
||||
- MAX_CONCURRENT_GLOBAL=2
|
||||
- MAX_CONCURRENT_PER_ACCOUNT=1
|
||||
- MAX_CONCURRENT_CONTEXTS=100
|
||||
# 安全配置
|
||||
- SESSION_LIFETIME_HOURS=24
|
||||
- SESSION_COOKIE_SECURE=false
|
||||
- MAX_CAPTCHA_ATTEMPTS=5
|
||||
- MAX_IP_ATTEMPTS_PER_HOUR=10
|
||||
# 日志配置
|
||||
- LOG_LEVEL=INFO
|
||||
- LOG_FILE=logs/app.log
|
||||
- API_DIAGNOSTIC_LOG=0
|
||||
- API_DIAGNOSTIC_SLOW_MS=0
|
||||
# 知识管理平台配置
|
||||
- ZSGL_LOGIN_URL=https://postoa.aidunsoft.com/admin/login.aspx
|
||||
- ZSGL_INDEX_URL_PATTERN=index.aspx
|
||||
- PAGE_LOAD_TIMEOUT=60000
|
||||
restart: unless-stopped
|
||||
shm_size: 2gb # 为Chromium分配共享内存
|
||||
|
||||
# 内存和CPU资源限制
|
||||
mem_limit: 4g # 硬限制:最大4GB内存
|
||||
mem_reservation: 2g # 软限制:预留2GB
|
||||
cpus: '2.0' # 限制使用2个CPU核心
|
||||
|
||||
# 健康检查(可选)
|
||||
shm_size: 2gb
|
||||
mem_limit: 4g
|
||||
mem_reservation: 2g
|
||||
cpus: '2.0'
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -f http://localhost:51233 || exit 1"]
|
||||
interval: 5m
|
||||
|
||||
Reference in New Issue
Block a user