From 482206ece90305de46db4678c3517f4fffc85e06 Mon Sep 17 00:00:00 2001 From: wayne liu Date: Sun, 18 Aug 2024 21:05:52 +0800 Subject: [PATCH] modify deploy method for v0.8.0 (#490) --- README.md | 35 +- all-in-one-CN.yml | 206 --------- all-in-one.yml | 205 --------- deploy/all_in_one/.env | 33 ++ deploy/all_in_one/.kube/config | 0 {script => deploy}/all_in_one/README.md | 12 +- deploy/all_in_one/auth/htpasswd | 1 + deploy/all_in_one/casdoor/conf/app.conf | 30 ++ deploy/all_in_one/casdoor/conf/init_data.json | 233 ++++++++++ deploy/all_in_one/casdoor/token_jwt_key.pem | 29 ++ deploy/all_in_one/coredns/Corefile | 11 + deploy/all_in_one/coredns/db.space.internal | 10 + deploy/all_in_one/docker-compose.yml | 404 ++++++++++++++++++ .../all_in_one/nats/nats-server.conf | 0 .../all_in_one/nginx/nginx.conf | 71 ++- {script => deploy}/all_in_one/startup.sh | 12 +- docs/all_in_one_readme_en.md | 10 +- docs/readme_cn.md | 32 +- docs/readme_en.md | 35 +- script/all_in_one/.env | 7 - script/all_in_one/docker-compose.yml | 219 ---------- 21 files changed, 842 insertions(+), 753 deletions(-) delete mode 100644 all-in-one-CN.yml delete mode 100644 all-in-one.yml create mode 100644 deploy/all_in_one/.env create mode 100644 deploy/all_in_one/.kube/config rename {script => deploy}/all_in_one/README.md (67%) create mode 100644 deploy/all_in_one/auth/htpasswd create mode 100644 deploy/all_in_one/casdoor/conf/app.conf create mode 100644 deploy/all_in_one/casdoor/conf/init_data.json create mode 100644 deploy/all_in_one/casdoor/token_jwt_key.pem create mode 100644 deploy/all_in_one/coredns/Corefile create mode 100644 deploy/all_in_one/coredns/db.space.internal create mode 100644 deploy/all_in_one/docker-compose.yml rename {script => deploy}/all_in_one/nats/nats-server.conf (100%) rename {script => deploy}/all_in_one/nginx/nginx.conf (76%) rename {script => deploy}/all_in_one/startup.sh (73%) delete mode 100644 script/all_in_one/.env delete mode 100644 script/all_in_one/docker-compose.yml diff --git a/README.md b/README.md index 5bad4908b..5b90ce204 100644 --- a/README.md +++ b/README.md @@ -74,40 +74,7 @@ If you want to dive deep into CSGHub Server detail or wish to integrate the Serv ### QUICK START -You can quickly deploy a CSGHub instance with portal/server and all other relevant dependencies to your environment using the following commands: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one.yml -o all-in-one.yml -docker compose -f all-in-one.yml up -d -``` - -if you are in China or you meet dockerhub network connection issue, you can try our aliyun docker registry alternative version with below: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` - -or if you still meet Github network connection issue, you can try this one: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://opencsg-public-resource.oss-cn-beijing.aliyuncs.com/csghub/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` - -Then, you could visit `http://[IP Address]` with your web browser to access this new CSHub instance; you could try all feature with your -inital admin account: admin001/admin001 -You can check our website for more user guide information: [User Guide](https://opencsg.com/docs/) - -**Note:** - -* `SERVER_DOMAIN` ([IP Address]) should be the IP address or domain name of the target host. Please avoid using `127.0.0.1` or `localhost`. -* Released container images are for the x86_64 architecture only and have been tested on Linux/Windows and Mac environments. For Mac Silicon user, it is necessary to enable the [Rosetta for x86/AMD64 emulation Feature](https://docs.docker.com/desktop/settings/mac/#general) in your Docker Desktop. -* **WARNING: This quick start is only for trial testing and does not support production-level deployment.** The CSGHub instance that deployed with this all-in-one script do not effectively persist user data: When using the `docker compose up` command to reload the service, errors may occur. In this case, you can use the `docker compose down -v` to completely remove the instance before relaunch it. Please always follow the [Step-by-Step Deployment Guide](/script/all_in_one/README.md) for regular service deployment. -* **WARNING: The quick start does not include space application's deployment.** Starting from CSGHhub v0.4.0, the space function is supported. Since it still requires addtional Kubernetes and other services, please refer [Full Deployment Guide](/docs/full_deployment_en.md). +You can refer to [here](/deploy/all_in_one/README.md)quickly deploy a basic csghub instance. #### Tech docs in detail - [setup development env](/docs/setup_en.md) diff --git a/all-in-one-CN.yml b/all-in-one-CN.yml deleted file mode 100644 index fdba80924..000000000 --- a/all-in-one-CN.yml +++ /dev/null @@ -1,206 +0,0 @@ -version: '2.4' - -services: - nginx: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_nginx:latest - ports: - - 80:80 - volumes: - - ./nginx/logs:/var/log/nginx - - ./nginx/tmpdata:/var/nginx/client_body_temp - environment: - - SERVER_DOMAIN=${SERVER_DOMAIN} - privileged: true - networks: - - opencsg - restart: always - - postgres: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_postgres:14.4 - environment: - POSTGRES_USER: "postgres" - POSTGRES_PASSWORD: "sdfa23Sh!322" - POSTGRES_MULTIPLE_DATABASES: "starhub_server,gitea" - ports: - - "5433:5432" - networks: - - opencsg - healthcheck: - test: pg_isready -U postgres -h 127.0.0.1 - interval: 5s - - csghub_portal: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_portal:latest - restart: always - command: > - bash -c "bundle exec rails assets:precompile - && bundle exec rails db:create - && bundle exec rails db:migrate - && bundle exec rails db:seed - && bundle exec rails s -p 3000 -b '0.0.0.0'" - volumes: - - ./log:/myapp/log - environment: - DATABASE_URL: postgresql://postgres:sdfa23Sh!322@postgres:5432/open_portal_db - ASSET_HOST: http://127.0.0.1:3000 - RAILS_MASTER_KEY: 64f15f995b044427e43fe4897370fd66 - RAILS_SERVE_STATIC_FILES: 'false' - STARHUB_BASE_URL: http://${SERVER_DOMAIN} - STARHUB_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - BUCKET_NAME: opencsg-portal-storage - ENDPOINT: http://${SERVER_DOMAIN}:9000 - ACCESS_ID: admin - ACCESS_SECRET: Password_123 - REGION: cn-beijing - ON_PREMISE: true - FORCE_PATH_STYLE: true - ports: - - "3000:3000" - networks: - - opencsg - depends_on: - - postgres - - csghub_server: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:latest - depends_on: - - postgres - - gitea - environment: - STARHUB_SERVER_GITSERVER_URL: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_FRONTEND_URL: http://${SERVER_DOMAIN} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - STARHUB_DATABASE_TIMEZONE: Asia/Shanghai - STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 - STARHUB_SERVER_GITSERVER_USERNAME: root - STARHUB_SERVER_GITSERVER_PASSWORD: password123 - STARHUB_SERVER_GITSERVER_WEBHOOK_URL: http://csghub_server:8080/api/v1/callback/git - GITEA_USERNAME: root - GITEA_PASSWORD: password123 - POSTGRES_USER: postgres - POSTGRES_PASSWORD: sdfa23Sh!322 - POSTGRES_DB: starhub_server - GIN_MODE: release - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - STARHUB_SERVER_S3_ACCESS_KEY_ID: admin - STARHUB_SERVER_S3_ACCESS_KEY_SECRET: Password_123 - STARHUB_SERVER_S3_ENDPOINT: minio:9000 # used to generate download links for lfs files - STARHUB_SERVER_S3_BUCKET: opencsg-server-lfs - STARHUB_SERVER_S3_REGION: cn-beijing - STARHUB_SERVER_MIRRORSERVER_TYPE: gitea - STARHUB_SERVER_MIRRORSERVER_HOST: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_MIRRORSERVER_USERNAME: root - STARHUB_SERVER_MIRRORSERVER_PASSWORD: password123 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_SERVER_HOST: http://account_server - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - ports: - - "8080:8080" - restart: always - networks: - - opencsg - - - gitea: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_git:latest - depends_on: - - postgres - environment: - - GITEA_ROOT_URL=http://${SERVER_DOMAIN}/gitserver - - GITEA_DOMAIN=${SERVER_DOMAIN}/gitserver - - GITEA_SSH_DOMAIN=${SERVER_DOMAIN} - - GITEA_HTTP_PORT=3001 - - GITEA_SSH_LISTEN_PORT=2222 - - GITEA_ADMIN_USER=root - - GITEA_ADMIN_PASSWORD=password123 - - GITEA_ADMIN_EMAIL=root@opencsg.com - - GITEA_DATABASE_TYPE=postgres - - GITEA_DATABASE_HOST=postgres - - GITEA_DATABASE_PORT_NUMBER=5432 - - GITEA_DATABASE_NAME=gitea - - GITEA_DATABASE_USERNAME=postgres - - GITEA_DATABASE_PASSWORD=sdfa23Sh!322 - - GITEA_DATABASE_SSL_MODE=disable - - GITEA_APP_NAME=git - - GITEA_SMTP_ENABLED=false - - BITNAMI_DEBUG=true - - GITEA_LFS_ROOT_PATH=/opt/bitnami/gitea/data/lfs - - GITEA_LFS_START_SERVER=true - - GITEA_LFS_STORAGE_TYPE=minio - - GITEA_LFS_MINIO_ACCESS_KEY_ID=admin - - GITEA_LFS_MINIO_SECRET_ACCESS_KEY=Password_123 - - GITEA_LFS_MINIO_ENDPOINT=minio:9000 - - GITEA_LFS_MINIO_BUCKET=opencsg-server-lfs - - GITEA_LFS_MINIO_LOCATION=cn-beijing - - GITEA_LFS_MINIO_USE_SSL=false - - GITEA_SERVICE_DEFAULT_ALLOW_CREATE_ORGANIZATION=true - - GITEA_SERVICE_DISABLE_REGISTRATION=false - ports: - - "3001:3001" - - "2222:2222" - healthcheck: - test: curl -fSs 127.0.0.1:3001/api/healthz || exit 1 - interval: 5s - timeout: 10s - retries: 3 - networks: - - opencsg - privileged: true - restart: always - - minio: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_minio:latest - ports: - - "9000:9000" # api - - "9001:9001" # console - environment: - MINIO_ROOT_USER: admin - MINIO_ROOT_PASSWORD: Password_123 - MINIO_DEFAULT_BUCKETS: opencsg-server-lfs:public,opencsg-portal-storage:public - MINIO_SCHEME: http - volumes: - - minio_data:/bitnami/minio/data - networks: - - opencsg - - natsmaster: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_nats:2.10.16 - ports: - - "4222:4222" # api - - "6222:6222" # cluster - - "8222:8222" # monitor - restart: always - networks: - - opencsg - - account_server: - image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:latest - entrypoint: - - /starhub-bin/starhub - - accounting - - launch - depends_on: - - natsmaster - environment: - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_FEE_EVENT_SUBJECT: "accounting.fee.>" - OPENCSG_ACCOUNTING_NOTIFY_NOBALANCE_SUBJECT: "accounting.notify.nobalance" - OPENCSG_ACCOUNTING_MSG_FETCH_TIMEOUTINSEC: 5 - OPENCSG_ACCOUNTING_CHARGING_ENABLE: true - GIN_MODE: release - ports: - - "8086:8086" - restart: always - networks: - - opencsg - -networks: - opencsg: - driver: bridge - -volumes: - minio_data: - driver: local diff --git a/all-in-one.yml b/all-in-one.yml deleted file mode 100644 index ef1082e5b..000000000 --- a/all-in-one.yml +++ /dev/null @@ -1,205 +0,0 @@ -version: '2.4' - -services: - nginx: - image: opencsg/csghub-nginx:latest - ports: - - 80:80 - volumes: - - ./nginx/logs:/var/log/nginx - - ./nginx/tmpdata:/var/nginx/client_body_temp - environment: - - SERVER_DOMAIN=${SERVER_DOMAIN} - privileged: true - networks: - - opencsg - restart: always - - postgres: - image: gradescope/postgresql-multiple-databases:14.4 - environment: - POSTGRES_USER: "postgres" - POSTGRES_PASSWORD: "sdfa23Sh!322" - POSTGRES_MULTIPLE_DATABASES: "starhub_server,gitea" - ports: - - "5433:5432" - networks: - - opencsg - healthcheck: - test: pg_isready -U postgres -h 127.0.0.1 - interval: 5s - - csghub_portal: - image: opencsg/csghub-portal:latest - restart: always - command: > - bash -c "bundle exec rails assets:precompile - && bundle exec rails db:create - && bundle exec rails db:migrate - && bundle exec rails db:seed - && bundle exec rails s -p 3000 -b '0.0.0.0'" - volumes: - - ./log:/myapp/log - environment: - DATABASE_URL: postgresql://postgres:sdfa23Sh!322@postgres:5432/open_portal_db - ASSET_HOST: http://127.0.0.1:3000 - RAILS_MASTER_KEY: 64f15f995b044427e43fe4897370fd66 - RAILS_SERVE_STATIC_FILES: 'false' - STARHUB_BASE_URL: http://${SERVER_DOMAIN} - STARHUB_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - BUCKET_NAME: opencsg-portal-storage - ENDPOINT: http://${SERVER_DOMAIN}:9000 - ACCESS_ID: admin - ACCESS_SECRET: Password_123 - REGION: cn-beijing - ON_PREMISE: true - FORCE_PATH_STYLE: true - ports: - - "3000:3000" - networks: - - opencsg - depends_on: - - postgres - - csghub_server: - image: opencsg/csghub-server:latest - depends_on: - - postgres - - gitea - environment: - STARHUB_SERVER_GITSERVER_URL: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_FRONTEND_URL: http://${SERVER_DOMAIN} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - STARHUB_DATABASE_TIMEZONE: Asia/Shanghai - STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 - STARHUB_SERVER_GITSERVER_USERNAME: root - STARHUB_SERVER_GITSERVER_PASSWORD: password123 - STARHUB_SERVER_GITSERVER_WEBHOOK_URL: http://csghub_server:8080/api/v1/callback/git - GITEA_USERNAME: root - GITEA_PASSWORD: password123 - POSTGRES_USER: postgres - POSTGRES_PASSWORD: sdfa23Sh!322 - POSTGRES_DB: starhub_server - GIN_MODE: release - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - STARHUB_SERVER_S3_ACCESS_KEY_ID: admin - STARHUB_SERVER_S3_ACCESS_KEY_SECRET: Password_123 - STARHUB_SERVER_S3_ENDPOINT: minio:9000 # used to generate download links for lfs files - STARHUB_SERVER_S3_BUCKET: opencsg-server-lfs - STARHUB_SERVER_S3_REGION: cn-beijing - STARHUB_SERVER_MIRRORSERVER_TYPE: gitea - STARHUB_SERVER_MIRRORSERVER_HOST: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_MIRRORSERVER_USERNAME: root - STARHUB_SERVER_MIRRORSERVER_PASSWORD: password123 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_SERVER_HOST: http://account_server - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - ports: - - "8080:8080" - restart: always - networks: - - opencsg - - - gitea: - image: opencsg/csghub-git:latest - depends_on: - - postgres - environment: - - GITEA_ROOT_URL=http://${SERVER_DOMAIN}/gitserver - - GITEA_DOMAIN=${SERVER_DOMAIN}/gitserver - - GITEA_SSH_DOMAIN=${SERVER_DOMAIN} - - GITEA_HTTP_PORT=3001 - - GITEA_SSH_LISTEN_PORT=2222 - - GITEA_ADMIN_USER=root - - GITEA_ADMIN_PASSWORD=password123 - - GITEA_ADMIN_EMAIL=root@opencsg.com - - GITEA_DATABASE_TYPE=postgres - - GITEA_DATABASE_HOST=postgres - - GITEA_DATABASE_PORT_NUMBER=5432 - - GITEA_DATABASE_NAME=gitea - - GITEA_DATABASE_USERNAME=postgres - - GITEA_DATABASE_PASSWORD=sdfa23Sh!322 - - GITEA_DATABASE_SSL_MODE=disable - - GITEA_APP_NAME=git - - GITEA_SMTP_ENABLED=false - - BITNAMI_DEBUG=true - - GITEA_LFS_ROOT_PATH=/opt/bitnami/gitea/data/lfs - - GITEA_LFS_START_SERVER=true - - GITEA_LFS_STORAGE_TYPE=minio - - GITEA_LFS_MINIO_ACCESS_KEY_ID=admin - - GITEA_LFS_MINIO_SECRET_ACCESS_KEY=Password_123 - - GITEA_LFS_MINIO_ENDPOINT=minio:9000 - - GITEA_LFS_MINIO_BUCKET=opencsg-server-lfs - - GITEA_LFS_MINIO_LOCATION=cn-beijing - - GITEA_LFS_MINIO_USE_SSL=false - - GITEA_SERVICE_DEFAULT_ALLOW_CREATE_ORGANIZATION=true - - GITEA_SERVICE_DISABLE_REGISTRATION=false - ports: - - "3001:3001" - - "2222:2222" - healthcheck: - test: curl -fSs 127.0.0.1:3001/api/healthz || exit 1 - interval: 5s - timeout: 10s - retries: 3 - networks: - - opencsg - privileged: true - restart: always - - minio: - image: bitnami/minio:2023 - ports: - - "9000:9000" # api - - "9001:9001" # console - environment: - MINIO_ROOT_USER: admin - MINIO_ROOT_PASSWORD: Password_123 - MINIO_DEFAULT_BUCKETS: opencsg-server-lfs:public,opencsg-portal-storage:public - MINIO_SCHEME: http - volumes: - - minio_data:/bitnami/minio/data - networks: - - opencsg - - natsmaster: - image: opencsg/csghub-nats:2.10.16 - ports: - - "4222:4222" # api - - "6222:6222" # cluster - - "8222:8222" # monitor - restart: always - networks: - - opencsg - - account_server: - image: opencsg/csghub-server:latest - entrypoint: - - /starhub-bin/starhub - - accounting - - launch - depends_on: - - natsmaster - environment: - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN:-c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_FEE_EVENT_SUBJECT: "accounting.fee.>" - OPENCSG_ACCOUNTING_NOTIFY_NOBALANCE_SUBJECT: "accounting.notify.nobalance" - OPENCSG_ACCOUNTING_MSG_FETCH_TIMEOUTINSEC: 5 - OPENCSG_ACCOUNTING_CHARGING_ENABLE: true - GIN_MODE: release - ports: - - "8086:8086" - restart: always - networks: - - opencsg -networks: - opencsg: - driver: bridge - -volumes: - minio_data: - driver: local diff --git a/deploy/all_in_one/.env b/deploy/all_in_one/.env new file mode 100644 index 000000000..2b88f04e3 --- /dev/null +++ b/deploy/all_in_one/.env @@ -0,0 +1,33 @@ +# Common Configuration +## csghub service's domain name, can be ip or domain name +SERVER_DOMAIN= +SERVER_PORT=80 + + +## Casdoor Configuration +SERVER_CASDOOR_PORT=31001 + +## Default csghub server token. A 128-bit string consisting of numbers and lowercase letters. +HUB_SERVER_API_TOKEN=c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c + +## Space Configuration +### The namespace that user's space app will use +SPACE_APP_NS=space + +### User space app's internal domain name. It is knative network layer endpoint, it can be an internal lb or ip which will not be exposed to external +SPACE_APP_INTERNAL_DOMAIN=app.internal +### if internal domain uses lb service, it should be 80 or 443 +SPACE_APP_INTERNAL_DOMAIN_PORT=30541 +### User space app's external domain name (it should be a wildcard domain, CAN NOT BE ip address!!) +SPACE_APP_EXTERNAL_DOMAIN=opencsg.public + +### space builder sever. the docker daemon that used to build space image, such as "59.110.62.16:31375" +SPACE_BUILDER_SERVER=xx.xx.xx.xx:62375 + + +## Registry configuration +DOCKER_REGISTRY_SECRET=space-registry-credential +DOCKER_REGISTRY_SERVER=172.31.54.92:5000 +DOCKER_REGISTRY_USERNAME=csghub +DOCKER_REGISTRY_PASSWD=csghub@2024! +DOCKER_REGISTRY_NS=opencsg_space diff --git a/deploy/all_in_one/.kube/config b/deploy/all_in_one/.kube/config new file mode 100644 index 000000000..e69de29bb diff --git a/script/all_in_one/README.md b/deploy/all_in_one/README.md similarity index 67% rename from script/all_in_one/README.md rename to deploy/all_in_one/README.md index f95af70fa..7249d3832 100644 --- a/script/all_in_one/README.md +++ b/deploy/all_in_one/README.md @@ -9,9 +9,15 @@ * postgresql * git-server * minio +* casdoor +* account server +* user server +* space builder +* registry **注意:** -从CSGHhub v0.4.0开始支持了space功能,由于space的构建部署需要Kubernetes以及其他相关环境和配置,因此这里的一键部署功能`不包含space的构建和部署` +1. CSGHhub v0.4.0支持了space功能,v0.7.0支持了模型微调、推理等功能。而space,模型微调以及推理等都需要Kubernetes以及其他相关环境和配置,而基于compose部署不包括Kubernetes部分,因此这里的一键部署功能`不包含space,模型微调和推理功能` +1. 可以使用CSGHub的[helm chart](https://github.com/OpenCSGs/CSGHub-helm)来安装完整版CSGHub实例。 ### 前置条件 @@ -30,13 +36,15 @@ docker engine(>=5:20.10.24) ### 使用方法 1. 切换到all_in_one目录 2. 编辑.env文件,设置`SERVER_DOMAIN`为当前主机的ip地址或者自定义域名(域名可能会有备案问题,因此推荐使用ip地址,公网/内网ip皆可)。请不要使用`127.0.0.1`或者`localhost`。 -3. 运行`startup.sh`脚本,待所有服务启动完毕,即可以通过`http://[SERVER_DOMAIN]`访问到自部署的CSGHub服务。 +3. 没有kubernetes情况下,.env中的space和registry相关配置可以忽略。 +4. 运行`startup.sh`脚本,待所有服务启动完毕,即可以通过`http://[SERVER_DOMAIN]:[SERVER_PORT]`访问到自部署的CSGHub服务。 详细使用方法可参看[使用文档](https://opencsg.com/docs/) ### 注意事项 1. 自部署CSGHub使用local类型的docker volume来进行相关持久化,比如postgresql,minio。请确保docker local volume有足够的磁盘空间。 1. 确保主机的`2222`对外端口正常,否则无法以ssh协议进行git操作。 +1. 确保主机的`31001`对外端口正常,这是用于提供用户注册登录的casdoor服务使用的。 1. 可通过主机的`9001`端口访问minio console,如果不需要访问minio console,该端口可关闭。 1. 默认只支持http协议的CSGHub服务,如果要https协议,需要自行更改相关配置。 1. 不要随意更改和删除`gitdata`和`gitlog`两个文件夹。这是两个运行时文件夹,会mount到相关容器服务中,文件夹的owner必须是`1001`,如果更改为其他或者删除掉这两个目录,会导致相关服务启动报错。 diff --git a/deploy/all_in_one/auth/htpasswd b/deploy/all_in_one/auth/htpasswd new file mode 100644 index 000000000..5481013f2 --- /dev/null +++ b/deploy/all_in_one/auth/htpasswd @@ -0,0 +1 @@ +csghub:$2y$05$A4C6ggeSXk/PvlFY1sIDPeR8BRN57u4jCjhRM8zSvQQ.GNdMz2JmC \ No newline at end of file diff --git a/deploy/all_in_one/casdoor/conf/app.conf b/deploy/all_in_one/casdoor/conf/app.conf new file mode 100644 index 000000000..aecc1b3a8 --- /dev/null +++ b/deploy/all_in_one/casdoor/conf/app.conf @@ -0,0 +1,30 @@ +appname = casdoor +httpport = 8000 +runmode = prod +copyrequestbody = true +driverName = postgres +dataSourceName = "user=postgres password=sdfa23Sh!322 host=postgres port=5432 sslmode=disable dbname=casdoor" +dbName = +tableNamePrefix = +showSql = false +redisEndpoint = +defaultStorageProvider = +isCloudIntranet = false +authState = "casdoor" +socks5Proxy = "127.0.0.1:10808" +verificationCodeTimeout = 10 +initScore = 0 +logPostOnly = true +origin = +originFrontend = +staticBaseUrl = "https://cdn.casbin.org" +isDemoMode = false +batchSize = 100 +enableGzip = true +ldapServerPort = 389 +radiusServerPort = 1812 +radiusSecret = "secret" +quota = {"organization": -1, "user": -1, "application": -1, "provider": -1} +logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"} +initDataFile = "/conf/init_data.json" +frontendBaseDir = "../casdoor" \ No newline at end of file diff --git a/deploy/all_in_one/casdoor/conf/init_data.json b/deploy/all_in_one/casdoor/conf/init_data.json new file mode 100644 index 000000000..f480060e6 --- /dev/null +++ b/deploy/all_in_one/casdoor/conf/init_data.json @@ -0,0 +1,233 @@ +{ + "organizations": [ + { + "owner": "admin", + "name": "OpenCSG", + "displayName": "OpenCSG", + "websiteUrl": "https://door.casdoor.com", + "favicon": "", + "passwordType": "plain", + "passwordSalt": "", + "passwordOptions": [], + "countryCodes": [ + "CN", + "US" + ], + "defaultAvatar": "https://cdn.casbin.org/img/casbin.svg", + "defaultApplication": "", + "tags": [], + "languages": [ + "zh", + "en" + ], + "masterPassword": "", + "defaultPassword": "", + "initScore": 2000, + "enableSoftDeletion": false, + "isProfilePublic": true, + "accountItems": [] + } + ], + "applications": [ + { + "owner": "admin", + "name": "CSGHub", + "displayName": "CSGHub", + "logo": "https://cdn.casbin.org/img/casdoor-logo_1185x256.png", + "homepageUrl": "https://opencsg.com", + "organization": "OpenCSG", + "cert": "CSGHubCert", + "enablePassword": true, + "enableSignUp": true, + "enableAutoSignin": true, + "enableSigninSession": false, + "clientId": "d554744494d93c21a6ab", + "clientSecret": "2d942276879382c66363ef6303e0d66d37e5d98d", + "providers": [], + "signinMethods": [ + { + "name": "Password", + "displayName": "Password", + "rule": "All" + } + ], + "signupItems": [ + { + "name": "ID", + "visible": false, + "required": true, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "Random" + }, + { + "name": "Username", + "visible": true, + "required": true, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "None" + }, + { + "name": "Display name", + "visible": true, + "required": false, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "None" + }, + { + "name": "Password", + "visible": true, + "required": true, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "None" + }, + { + "name": "Confirm password", + "visible": true, + "required": true, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "None" + }, + { + "name": "Email", + "visible": true, + "required": false, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "No verification" + }, + { + "name": "Phone", + "visible": true, + "required": false, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "No verification" + }, + { + "name": "Agreement", + "visible": true, + "required": true, + "prompted": false, + "label": "", + "placeholder": "", + "regex": "", + "rule": "None" + } + ], + "grantTypes": [ + "authorization_code", + "id_token" + ], + "redirectUris": [ + "http://_CSGHUB_DOMAINNAME:_CSGHUB_DOMAINPORT/api/v1/callback/casdoor", + "http://localhost:9000/callback" + ], + "tokenFormat": "JWT", + "tokenFields": [], + "expireInHours": 168, + "failedSigninLimit": 5, + "failedSigninFrozenTime": 15 + } + ], + "users": [ + { + "owner": "built-in", + "name": "admin", + "type": "normal-user", + "password": "123", + "displayName": "Admin", + "avatar": "", + "email": "admin@example.com", + "phone": "12345678912", + "countryCode": "", + "address": [], + "affiliation": "", + "tag": "", + "score": 2000, + "ranking": 1, + "isAdmin": true, + "isForbidden": false, + "isDeleted": false, + "signupApplication": "", + "createdIp": "", + "groups": [] + } + ], + "providers": [ + ], + "certs": [ + { + "owner": "admin", + "name": "cert-built-in", + "displayName": "Built-in Cert", + "scope": "JWT", + "type": "x509", + "cryptoAlgorithm": "RS256", + "bitSize": 4096, + "expireInYears": 20, + "certificate": "-----BEGIN CERTIFICATE-----\nMIIE3TCCAsWgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMCgxDjAMBgNVBAoTBWFk\nbWluMRYwFAYDVQQDEw1jZXJ0LWJ1aWx0LWluMB4XDTI0MDgxODA0MDgwOVoXDTQ0\nMDgxODA0MDgwOVowKDEOMAwGA1UEChMFYWRtaW4xFjAUBgNVBAMTDWNlcnQtYnVp\nbHQtaW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHxpqtoBYmKjQ5\nHInYb1/T4nJ8skRD4TEbgxB9CtSn5DcsH4+SrT1PBo7eVnU0mpYwaStymE4QBExz\nbPYu5yWjCQB9YdQJZfPOiTrwdSHzoy8yURhC81D7Aof/giUZGnk6ibd/4j2gm35A\ngz5nl9bOKbFoDgjf5FMdQIITj+P5SQ8EfmguRjDnstP1xEzQIRUi7YbBhWcIN9zI\nvR0BzGBlK81kN2NE6L1WsnU+R9tQP1nXp2nDOgGj6//OtwS+ONGd76SX1TX3pUTH\ndI2kTTD61+8j2VPKNOUb4CaXZcnUOBZYo2dXWLIibay3Hsb9HhQlz9H1FkcuLHMn\np1En9j6iNIx7bVwgtIOk/C8o2Lp97RGU6bfqciim9w/jxPjw+IvSbgxaDCPOOuk0\nS69qGX6vQCc+MVQanbmByqpV/i+TRFwxPx0W355tLSAm89ZJpZMW1o4XFtB1Ayq1\nmvfZyhS4DGVTJs8wzQlzOLhX3zeX3sXNWGwuytiq1pSb92kkjPIs0IKRre1FiShg\n00wfPHxVPqdt0MXFcWbcZtSJDmASKodF0WPGZM7NJQxqqK45Lp/nW7YW65jgKzDy\nF8W5N3L9H6RKl6Yki3rCWVn8CJcqcb3f71mgPSsPJvEec/GiIIBQQzfeSby1bsRc\n3fpM145Ry3W8Dq59MFmcR2iYxoPfwQIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0G\nCSqGSIb3DQEBCwUAA4ICAQDCF04ogqxelySPArz66H8w5iDMwTGL+TYuBuGHE/Tm\nNV6pg++zgxu4qYYzRM6q3STKvKS0VpMkuQdzSK27vpGofF2gjeGd+6PojZxa4i/4\nxjCXIZY6HV0ftsEVzLbgdcXVUVYCtO+zCC2SEoK6c970YnT0lySRsE5zUi5Ondm5\nJmkCS+15sEfPSW/TmLCQffMZl1HNfooizvCXKVJC29L+t9ME1+6/MmuXFckus6PI\nv6ssMC6CMTRFmQgJuz9AP/+aGVPQ6YshjO5Pzs+aEuxB3DVseG7vFr8pVlHYU3XZ\np+Xu8zyE6XljtJSL4YexjsvvTmIJnfvu8pJh2st5ZnZxUOZePd4CjiTFBA1pABtp\nktjXh/x80p/5jHJcpb3Jw0B1Gb0QSAMTKMI9JonTsK6f0bbbN/L4oAo35nucscSz\nw3hwSE8KAQem/wvgND+OCZGNCsOZ4+YoiTtFAW6Y+5EwKWCNOKcl8lEq4okAAyDU\n0RQSFyyax+Scb7PjAPa6SujDtVjdnfg3uVSFQcVfSwo0oh90/dFyEpKPcjSM9wXn\nWMsRCrBtzOldB+h05T0PGxHzH6DURTKNlb+OV1gjcEgN5gY6HkAe+I+I4zMcC9Gm\npjurypHiUb1LgUQJcJB9vJsn7KsjWgw2BWjF1COGXNvPnfCPlMpL1kqS/BASE5pR\n1g==\n-----END CERTIFICATE-----\n", + "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIJJwIBAAKCAgEAx8aaraAWJio0ORyJ2G9f0+JyfLJEQ+ExG4MQfQrUp+Q3LB+P\nkq09TwaO3lZ1NJqWMGkrcphOEARMc2z2LuclowkAfWHUCWXzzok68HUh86MvMlEY\nQvNQ+wKH/4IlGRp5Oom3f+I9oJt+QIM+Z5fWzimxaA4I3+RTHUCCE4/j+UkPBH5o\nLkYw57LT9cRM0CEVIu2GwYVnCDfcyL0dAcxgZSvNZDdjROi9VrJ1PkfbUD9Z16dp\nwzoBo+v/zrcEvjjRne+kl9U196VEx3SNpE0w+tfvI9lTyjTlG+Aml2XJ1DgWWKNn\nV1iyIm2stx7G/R4UJc/R9RZHLixzJ6dRJ/Y+ojSMe21cILSDpPwvKNi6fe0RlOm3\n6nIopvcP48T48PiL0m4MWgwjzjrpNEuvahl+r0AnPjFUGp25gcqqVf4vk0RcMT8d\nFt+ebS0gJvPWSaWTFtaOFxbQdQMqtZr32coUuAxlUybPMM0Jczi4V983l97FzVhs\nLsrYqtaUm/dpJIzyLNCCka3tRYkoYNNMHzx8VT6nbdDFxXFm3GbUiQ5gEiqHRdFj\nxmTOzSUMaqiuOS6f51u2FuuY4Csw8hfFuTdy/R+kSpemJIt6wllZ/AiXKnG93+9Z\noD0rDybxHnPxoiCAUEM33km8tW7EXN36TNeOUct1vA6ufTBZnEdomMaD38ECAwEA\nAQKCAgAcUZDXj9vT6SOh/OOlZJRG6tCj0HlQzfkyFzAdKY3fhsAzZv3pItmP/DQA\nXG0c2dT0Y9Qe2GwoZROZQRbcqzNwmvQQ0e9GrccTvew27cO0T6t/DHPN+cO+8Srq\nEz7DAjexDpiObjmiLKiG6JPOB34Rl2NohqTHaAxIFz7ZGwqL6clRL8IA3T5NedIG\nAp+I2Uevvc/eWtSyG4kWg4g7GweHD+B7lkZiHEPKqF1qSLFT/Mb1hOu/Gtfkrq2C\nVfs8I73DD5dbVoPh6PGI/IKfibmptTZW9JWmEj1v6CRQTcOAa7rvMaqSfSYzLyzO\ngHRgqQTeH0l53oCUkQR52IPukD9saqgBhGKJIl0O6LP2cQKp7L3ekoypCJgSLkXB\nAJ/MZkgTkePK4EArWA/QbdpR1DsqN1Ux++dfGDaDVabUHneMJIfz+r1zRBT5jyyv\nmEtu2gZjqkLVpcVK1ma/4gSdoPjhdhbVrnr5zSNIHbywkuw4uK89U8/nC1H1loUN\nufCSOqNsDMcC7YflS1VlryxuLutwLDP0Xc7/ZSoBjWHCqW+XDggZu+5BdPvlot5K\nUUrSt6rWWRV1+4sjFiIorWIhQtE7ol79QUm2FpPZimQkHV2m8rYKW7FIbpDsZ9FF\nxq/2t8LgZyiDL2CZmJWrN1j59NL7mogtsYzBThkW75B8MeZmSQKCAQEA7e4eR1SD\nvuekG9F0JJc9mfT38n84Y+jbZdLN8LBWilI4QvNxNiTZTyeHcNc8hdUaWyT2KtJI\nZrlDyk0tZ0BiyMrcHgfH3mAERXpPimonZqBFxbmYgcX3tSYqOtDXgogHuBPqZwAf\niFnikAFRM6DWCOuVVtcWzarNMHZsM3BryEjtdDKdiayw3ctxDMOUe9sjkQcbqQSQ\nc7nERsi2QSBjoSaS/GUkfBd1JHNCvqokmUm/YNqNrWvJk4+PW11D5DuskAFfQk3R\nyHk9QzIOC+yINhRLQOGGo7Dd9iJIdvBpi4yyKga4XjfvFRvQb3ohseYx+8TOGnLI\nXaze/Otvb9OmMwKCAQEA1vKumEcPvC0i1SdxcF+TArUhObV7n+HqliU9xpfwEvHZ\nYkhzcalSfxjLnfqh57zNwesK3/IdLhVc6lBvCx8tEEKP3FFhs3kBO7A8koIlu6KU\npNmRP7M6kkJRfFtECmpJS+CnfJujpTbHI0OcXjAznmjn8/2emK4y815i8Cn89v0q\naYKcVOT1zL4SpXZfV1/MxrL9ETsjkhytqecd8WVdlgWaaoQ+SSBtXXc6jcfJVy5r\nVIge5vTbCQTJiMzNJizUrYusADlP1THn5caH7mYQgRPdRdHD9UIdjMzrCuaB8eIk\naGtWiGBRelxVLi2u+6J9rqEbGV32jJ1/7qGnJqsmOwKCAQBFEdgGWvl35OTWEoLF\n0IXYeK213squ7j0qnPydv4MP2nhsryERV7ch7Fa8Ii92pntlNCCmI69S6rtMMgVZ\nMO68XW9y5E1YN8VlqfEHPHO9rg8zLAKiwaZ8Ft0xf8jgIr8i590nE3kT6wwDQ+6f\nrzQTGNicggojoE66n9YfRKZ1WP5dugfTnKcna9SgoPIs1lvH0Sltcl7AyY+6ALAv\nzcg+UuVekbn6sBCYiUE5+khvm2IMKsXwLxcwV/+ExVldGxmoIE3YAKFCsjdfl1tO\niNat5ExIRHACeuikeCVTKc1p7mkWHCdPaqtkFFP42JqJe0rNTL+MHAAgeXuuLmaG\nLwnTAoIBAHCkLKrQUoaigKaDTQc+jqPUl9zOJkLa+TxFt+HirYTACNNgdF8UBI9m\nRw460a3HW2xL6B8DmhcUSuTf0dFaPRtQRmOGolSTDPpimNuOKIfz40GgYmWnXwJW\njq1EhpuOp2qECEFcrp1d322zeLZDPEm/YA6U0g/g+gJfbCm/Vzl34kn4kERM2CK7\nWLotFjmLkpxuIABvpWxkav2miCKApFKCDTHUq29W9vkMCjtSf0iYotZhnxAZMM/B\nGnv+F2PyCmIH19MmNZfb11Kqf4GHKw75gfOcwbw9MY8fs+y6b0562+l8lpRRJWGi\nEWFpv1FPDd39v13Dx/hYcTp0rEuvVRECggEAZEqNvoHX/FUppxLJFpz53BVMtxya\nxtLqQ9qJBn6Wdb945qAeL2S6a2g1/+OQc3kAn8uxP/lHzP7xHt/LKFpPn80SiJlS\nUUeTCSFlYQsiY5+qrl5+Vly/VmbOFLAcJraB/gPZuBIcAJlBVNB0XQCkup1NPbaD\n8hwG9IYMprhdQkx+68OZZyctCwPI5fXdJSMMG4cb0yiE4UNQOkfRgWL5Cns71R6X\nb9N8QR4EEMfv28LgtJ8FcPIMeKDSuvaDcdELspdt8e3vK3wuDF+qVx9td0s3Iuky\ngMm3fDpCVHPIy64lj07Nalsm2USpCNr24TZ51i9g4EFyzHHUifiU5nbfag==\n-----END RSA PRIVATE KEY-----\n" + }, + { + "owner": "admin", + "name": "CSGHubCert", + "displayName": "CSGHubCert", + "scope": "JWT", + "type": "x509", + "cryptoAlgorithm": "RS256", + "bitSize": 4096, + "expireInYears": 20, + "certificate": "-----BEGIN CERTIFICATE-----\nMIIE3TCCAsWgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMCgxDjAMBgNVBAoTBWFk\nbWluMRYwFAYDVQQDEw1jZXJ0LWJ1aWx0LWluMB4XDTI0MDgxODA0MzQ1M1oXDTQ0\nMDgxODA0MzQ1M1owKDEOMAwGA1UEChMFYWRtaW4xFjAUBgNVBAMTDWNlcnQtYnVp\nbHQtaW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCeBZW/OdBt35ug\neW8/aE1vKBE+huk3SIbKrVV9cINy/tMAkewZhaRsF8TkioTDAhRZXBNSaEGTFIig\nggQoYDhXyge3lGG4qc/wEu9UkOOaa4uywzTeSo7a8wjWa6c4vt4RrpS8v0at4Lcl\nR40R0wWWAO769VvXq+j+iwJDcfvV6hKmLO6Ohb5GrP2/FJJxOKHaW6BzJppB04wF\nylmfqpFwjdASwI5HFDjV58Zaw2XnsWy3ScCezNoxnV6c9/zahIYngRf3URHHD+0K\n31EuG/HtO33xi59HHMBkuJbkB/QQPdrrSB8nJxftJKY551aLUIz3sb1luo+339K4\ncjrdGkofLrmDC1AOLV5aa0TdH0d+TXOpnIZ2pZfxW4c7K3RDkGGmPREU769lZ4Dz\nmRl2X7phaHCa/yBsNKkz9V3WpGD2B3WgejAlrF3IYShAfUx+Ox6geqPMZCyWM18Z\nfqNEQwe+a7q7hCn1a2QKBpcwzPRdYIrbQSoY3FJ+HSMlvO2RUTOnUKrUw/AM3cyo\nI/cgGdArcxGIitvogzeHiNs9+Vd+Gx0/X12Esa8iR6tQnnBKasXMQkveYuq9kgmP\nH1+QTkatEjZ/Pm0de8KnRX6o20uQZyN+1v2lwKW4NqYB7b9kupMW6n6tFbuBCe8a\n8fEjdVllGrSrUjg1o9WZAEGlB47C8wIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0G\nCSqGSIb3DQEBCwUAA4ICAQCDi+e5S8KI3YppoMIszzhMDpFbNKb8FAwpMoihTpR2\nJeu26tnRM5v3NNbOjWBInONQFWr2ccToxzy2Ap8eRanTyzWOpciR+gnb2h8iF2We\nE5VsX/k6VXyR14mwYogPBpd9FIZPenMw5C7ZvOOBnjyfeJTpaeVzenFFrCuOGpJx\nyhbIkU86GapJsSgjpLmZQw8Z0Mi9rtve5SELzaWPxN3bfQcqNwvz8s0OEgw89J0g\nOR1dN4gO1FnJGnaszIzh3QcdM8madHkAcdQ/lGwmMwgywm6ywf44wyq+PZVMWWjh\nzCwTpk10bMmNj9kIPnJpEkOwnQKNrRuWKeK93BeNZBLlp0Cy5ITiNeiqx0xIgiSu\nxkH+oZ77WqPtPGjber/6X/Mom/8DtI7ITyxDU4i76Sxid7zIKGwwGhAX6PmwSXbu\nmT7UVQugD8SKgixsgCRjryiDPAsiaeM4z8nfYcQ3EZWa3IS6UdahNRsziE0Oh7MH\nRZvb5QBHN1Cp0Gyj5ZUQIZjxKPsFqh9xpZXO5dOnoOb3y5fWhRUN5qciQ2Qz2Lei\nxQevlSIcArU0M5hNL5iR3jhxOomNCUw/E4hRElhnG+key75ZMxXjrC1nMKHpOi+V\ncNoDmjk6b0CnAqiHGFMmB+/JdhFASXuPPIMY5VWs2Qmv6hhOXQNO+0SRe2zw18zl\nug==\n-----END CERTIFICATE-----\n", + "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAngWVvznQbd+boHlvP2hNbygRPobpN0iGyq1VfXCDcv7TAJHs\nGYWkbBfE5IqEwwIUWVwTUmhBkxSIoIIEKGA4V8oHt5RhuKnP8BLvVJDjmmuLssM0\n3kqO2vMI1munOL7eEa6UvL9GreC3JUeNEdMFlgDu+vVb16vo/osCQ3H71eoSpizu\njoW+Rqz9vxSScTih2lugcyaaQdOMBcpZn6qRcI3QEsCORxQ41efGWsNl57Fst0nA\nnszaMZ1enPf82oSGJ4EX91ERxw/tCt9RLhvx7Tt98YufRxzAZLiW5Af0ED3a60gf\nJycX7SSmOedWi1CM97G9ZbqPt9/SuHI63RpKHy65gwtQDi1eWmtE3R9Hfk1zqZyG\ndqWX8VuHOyt0Q5Bhpj0RFO+vZWeA85kZdl+6YWhwmv8gbDSpM/Vd1qRg9gd1oHow\nJaxdyGEoQH1MfjseoHqjzGQsljNfGX6jREMHvmu6u4Qp9WtkCgaXMMz0XWCK20Eq\nGNxSfh0jJbztkVEzp1Cq1MPwDN3MqCP3IBnQK3MRiIrb6IM3h4jbPflXfhsdP19d\nhLGvIkerUJ5wSmrFzEJL3mLqvZIJjx9fkE5GrRI2fz5tHXvCp0V+qNtLkGcjftb9\npcCluDamAe2/ZLqTFup+rRW7gQnvGvHxI3VZZRq0q1I4NaPVmQBBpQeOwvMCAwEA\nAQKCAgBSQBXxsuYKSpl2rb56ApBLi09ufEpnvBhs5kvZPvcso/awFUQPBMDQgo65\nZmA0IKD24jYsbpezNrzmzsXbPjoVd9MMeu9ibwEMtM5d9gyCE/hi07hw+93fmSDA\neshPgQmVqolAtU7UsmKhxNxoqq39pf6+IXfsik58L16+PFYYwf1zAXAqPvMLVn+9\nNbgDtraIMakSRsWD/dikKu77bIzHSQlEuXVVCfGLZViZZZtlPbSYsorQHVB1ArR8\nf5fdJZ2uckNHN6tJMcDwJ8zZczI5iP3E/CernAuIYYwopPskeQ256ZBNkMujY7Ah\n84fYe9TkGF+805561sWXu91nuIdbYjSKrhno3piNr2YF4mae2LOCOVJcFRjBhtm7\nS4JGwTy7Jca4sj3adDEShTkow3bNXhryH97kpYSOAXizWrIN5dhQ2FWGPuUTIHNA\npiW4WHlrrW+lIZnYBKBoRvd1oyxbpGeDK+TuFx0ggOmCNPQubrOrGSXQHIfesBBq\nQclkLgAxSQLRVTXulr2YuHbYAmn2rLiUbQ/UF2a+i6wVXuiDwNKiKZjKbO7ZD1oV\nu/yvuLEp+1e72Ql7pSLIfeDpQbSMoWEa1vPm4zw3KKvI4QuukT3Y2Xf1m4+74122\ngqkhFVe3qKrWUxII/Rv+7RIxBp3xF8a41PJQF4/TBnTUDZ9gAQKCAQEA0EolUiM4\npts5rWkeymhyptSdMHFatV7++j9/NDwrtuUZqWBlWF9Yo0btwHr7PZxPIc/VUqcG\naSZg+IMtKkwmjuiUPyqc+ELZATec2xyJIqeeRWqabA3OkQTEkAzJsQaXjCg37U4r\nR5BNpUreYvF/gVGfnEViuXAfM+bMDL2dea8x6xSjrAFHGqxdIuwM2O3MJvjCz0nG\nR/Sl8Bu/HVI0jEO/ehvWcazBzd5y4otwttxK4Gu0QoG/PJbBStviV8wL7Eiqv5wd\nqac7TUYaaVbjZB97s+WegMIvTr/JDE+QROjgUeCLY+8Ud2uH9I+dcnZEdy0x9S/R\nkFiFjp3eq4sjswKCAQEAwjfLc7zAcs8pzsLZKkVXECZKhlgwxoUlDfvUqW2/7aIK\nKBbC2xsfH2WuBijxT/1I34qOemUw7ciPs1FhSUpMpl99N18e4l6FqtGmzhZFzK8s\nLsZDnGP9re/ZMwhV3h36j1ao6DVpJiT4MTFm1qGUmsPYmykVsstaKynmwogK9fvR\ni56jtHS/bFcr2/F+5Cvo+SFowJUBwci4ZI5Bx2I0mEmglZCKLz/PcEptLZY7w4Pm\n3zibHIcY4Xe+shozOfpIIMhlIBYtwYNy5bUQB6e166DBKTYskQT61XStWcE2c8w3\njcrOnkicfRprDosVb1KejfokJIOM09l0TB4NbOtDwQKCAQEAjF/sFxc1rv5AOOaH\nodISsuzHo0ZB48pJ/U2d5Q5IR9LPIJ+erZhUnHXI9dfsSvF1Q0xWcIWwhF0hLVr6\nrW707YtBnfCSKZ6jsXZReDobEgf1WsMln30Ooh2ce5iitXPD3umcB4qPEIPoUGXM\nytIHJJhmAWOhzWgLH2eETXHdF41DDzOxutKBoTBY9JgxcGGTHRC5+gm2X/g5fUC1\n5ITqdT2TZjAsrh/H3X713kgrhpGgxO7RZaEbyTGww0q9mH4j6vJuYQRN2XCjPsjo\nM+YjCe9N50fxMsWsLF6EmI9mo4pu4795MbiHCpSl4+SGMAYUzlzfNmcrzSRbnmo3\nD1WOkQKCAQAtsajZWxBAMsNYVPl4+4VnVEr2XqtjGZJFPvmivyKHyzbuhaRknnXt\nEiQmaN2Vfzb0+QlafJJNb4F3o+7qqmNsRU0ViPigM7LpJJhFJnJXnOMdQiJIGjJm\nCOcmHZDuSElaDf6BW4eYpNwL3t6eIrfuzaMZpknnnfZh72LOY+mIRC3h1noXi9w5\npiy4e5HqJvaSHq0hmi0mpY3Ugq+xNEbBiZkRd0c7pJyug6Q6NH1tG4xm+k9sH9DX\nwy+HgaiJvHvZ0qwQJ4euXrnal4Xk9y1S+ahYhNlpaS2GqQPb+RxRlDuBzbRdAyJm\nQJ/tdQWfAmYxayezu4uXkDLPccag2J1BAoIBADEnvSEyW4cWZw1QeJGc1MSPEeIY\nxPeJJ6f/ZaJJSE/zDL5Gc55aNUVa38cMiR+ScKcBQKFx6CueLQHNZv5PE4tOpv2F\nMTJJ3UpLuAGy+/7s8/UJkoQYKqET0l6JnXFfC9O7UrEwylbWyji/762AEtRbciBl\n2olLgMgJh+SFJRnQKEjuHiPaMDa+5Ya0zKJ2/GiWERdXSlxHmqGErnsd4YxA5aF8\nocJOeB1kJP8FbUdLx4RJ0WiVmcwefHpfh5nixKjqi6v/AYj0sNAY85fdsk1QI0IF\nLAifteso8wnTENzzDltR/IAH4AVGNf96yrP7fxpv42sMAgAUbcgqGK+HiKY=\n-----END RSA PRIVATE KEY-----\n" + } + ], + "ldaps": [ + ], + "models": [ + ], + "permissions": [ + ], + "payments": [ + ], + "products": [ + ], + "resources": [ + ], + "roles": [ + ], + "syncers": [ + ], + "tokens": [ + ], + "webhooks": [ + ], + "groups": [ + ], + "adapters": [ + ], + "enforcers": [ + ], + "plans": [ + ], + "pricings": [ + ] +} \ No newline at end of file diff --git a/deploy/all_in_one/casdoor/token_jwt_key.pem b/deploy/all_in_one/casdoor/token_jwt_key.pem new file mode 100644 index 000000000..14bfc7351 --- /dev/null +++ b/deploy/all_in_one/casdoor/token_jwt_key.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE3TCCAsWgAwIBAgIDAeJAMA0GCSqGSIb3DQEBCwUAMCgxDjAMBgNVBAoTBWFk +bWluMRYwFAYDVQQDEw1jZXJ0LWJ1aWx0LWluMB4XDTI0MDgxODA0MzQ1M1oXDTQ0 +MDgxODA0MzQ1M1owKDEOMAwGA1UEChMFYWRtaW4xFjAUBgNVBAMTDWNlcnQtYnVp +bHQtaW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCeBZW/OdBt35ug +eW8/aE1vKBE+huk3SIbKrVV9cINy/tMAkewZhaRsF8TkioTDAhRZXBNSaEGTFIig +ggQoYDhXyge3lGG4qc/wEu9UkOOaa4uywzTeSo7a8wjWa6c4vt4RrpS8v0at4Lcl +R40R0wWWAO769VvXq+j+iwJDcfvV6hKmLO6Ohb5GrP2/FJJxOKHaW6BzJppB04wF +ylmfqpFwjdASwI5HFDjV58Zaw2XnsWy3ScCezNoxnV6c9/zahIYngRf3URHHD+0K +31EuG/HtO33xi59HHMBkuJbkB/QQPdrrSB8nJxftJKY551aLUIz3sb1luo+339K4 +cjrdGkofLrmDC1AOLV5aa0TdH0d+TXOpnIZ2pZfxW4c7K3RDkGGmPREU769lZ4Dz +mRl2X7phaHCa/yBsNKkz9V3WpGD2B3WgejAlrF3IYShAfUx+Ox6geqPMZCyWM18Z +fqNEQwe+a7q7hCn1a2QKBpcwzPRdYIrbQSoY3FJ+HSMlvO2RUTOnUKrUw/AM3cyo +I/cgGdArcxGIitvogzeHiNs9+Vd+Gx0/X12Esa8iR6tQnnBKasXMQkveYuq9kgmP +H1+QTkatEjZ/Pm0de8KnRX6o20uQZyN+1v2lwKW4NqYB7b9kupMW6n6tFbuBCe8a +8fEjdVllGrSrUjg1o9WZAEGlB47C8wIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0G +CSqGSIb3DQEBCwUAA4ICAQCDi+e5S8KI3YppoMIszzhMDpFbNKb8FAwpMoihTpR2 +Jeu26tnRM5v3NNbOjWBInONQFWr2ccToxzy2Ap8eRanTyzWOpciR+gnb2h8iF2We +E5VsX/k6VXyR14mwYogPBpd9FIZPenMw5C7ZvOOBnjyfeJTpaeVzenFFrCuOGpJx +yhbIkU86GapJsSgjpLmZQw8Z0Mi9rtve5SELzaWPxN3bfQcqNwvz8s0OEgw89J0g +OR1dN4gO1FnJGnaszIzh3QcdM8madHkAcdQ/lGwmMwgywm6ywf44wyq+PZVMWWjh +zCwTpk10bMmNj9kIPnJpEkOwnQKNrRuWKeK93BeNZBLlp0Cy5ITiNeiqx0xIgiSu +xkH+oZ77WqPtPGjber/6X/Mom/8DtI7ITyxDU4i76Sxid7zIKGwwGhAX6PmwSXbu +mT7UVQugD8SKgixsgCRjryiDPAsiaeM4z8nfYcQ3EZWa3IS6UdahNRsziE0Oh7MH +RZvb5QBHN1Cp0Gyj5ZUQIZjxKPsFqh9xpZXO5dOnoOb3y5fWhRUN5qciQ2Qz2Lei +xQevlSIcArU0M5hNL5iR3jhxOomNCUw/E4hRElhnG+key75ZMxXjrC1nMKHpOi+V +cNoDmjk6b0CnAqiHGFMmB+/JdhFASXuPPIMY5VWs2Qmv6hhOXQNO+0SRe2zw18zl +ug== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/deploy/all_in_one/coredns/Corefile b/deploy/all_in_one/coredns/Corefile new file mode 100644 index 000000000..a4120335a --- /dev/null +++ b/deploy/all_in_one/coredns/Corefile @@ -0,0 +1,11 @@ +internal { + file /root/db.space.internal + log + errors +} + +.:53 { + log + forward . /etc/resolv.conf + errors +} \ No newline at end of file diff --git a/deploy/all_in_one/coredns/db.space.internal b/deploy/all_in_one/coredns/db.space.internal new file mode 100644 index 000000000..540d042bd --- /dev/null +++ b/deploy/all_in_one/coredns/db.space.internal @@ -0,0 +1,10 @@ +$ORIGIN space.app.internal. +@ 3600 IN SOA ns1.space.app.internal. admin.space.app.internal. ( + 2022042401 ; Serial + 3600 ; Refresh + 1800 ; Retry + 604800 ; Expire + 86400 ; Minimum TTL +) + +* 3600 IN A [knative lb] \ No newline at end of file diff --git a/deploy/all_in_one/docker-compose.yml b/deploy/all_in_one/docker-compose.yml new file mode 100644 index 000000000..cc792a038 --- /dev/null +++ b/deploy/all_in_one/docker-compose.yml @@ -0,0 +1,404 @@ +version: '2.4' + +services: + nginx: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/public/nginx:latest + ports: + - ${SERVER_PORT}:${SERVER_PORT} + - ${SERVER_CASDOOR_PORT}:${SERVER_CASDOOR_PORT} + volumes: + - ./nginx/nginx.conf:/etc/nginx/nginx.conf + - ./nginx/logs:/var/log/nginx + - ./nginx/tmpdata:/var/nginx/client_body_temp + privileged: true + networks: + - opencsg + restart: always + + redis: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/redis:7.2.5 + ports: + - "6379:6379" + volumes: + - redis:/data + networks: + - opencsg + healthcheck: + test: redis-cli ping + interval: 1s + timeout: 3s + retries: 30 + + coredns: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/coredns/coredns:1.11.1 + ports: + - "1053:53/udp" + - "1053:53/tcp" + command: "-conf /root/Corefile" + volumes: + - ./coredns/:/root/:r + privileged: true + networks: + opencsg: + ipv4_address: 172.25.0.25 + + registry: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/registry:2 + ports: + - "5000:5000" + volumes: + - registry:/var/lib/registry + - ./auth:/auth + networks: + - opencsg + environment: + REGISTRY_AUTH: "htpasswd" + REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm" + REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd" + + postgres: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/gradescope/postgresql-multiple-databases:14.4 + environment: + POSTGRES_USER: "postgres" + POSTGRES_PASSWORD: "sdfa23Sh!322" + POSTGRES_MULTIPLE_DATABASES: "starhub_server,gitea,casdoor" + ports: + - "5433:5432" + networks: + - opencsg + healthcheck: + test: pg_isready -U postgres -h 127.0.0.1 + interval: 5s + volumes: + - pgdata:/var/lib/postgresql/data + + csghub_portal: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_portal:v0.8.1 + restart: always + command: > + bash -c "bundle exec rails assets:precompile + && bundle exec rails db:create + && bundle exec rails db:migrate + && bundle exec rails db:seed + && bundle exec rails s -p 3000 -b '0.0.0.0'" + volumes: + - ./log:/myapp/log + environment: + DATABASE_URL: postgresql://postgres:sdfa23Sh!322@postgres:5432/open_portal_db + ASSET_HOST: http://127.0.0.1:3000 + RAILS_MASTER_KEY: 64f15f995b044427e43fe4897370fd66 + RAILS_SERVE_STATIC_FILES: 'false' + STARHUB_BASE_URL: http://${SERVER_DOMAIN}:${SERVER_PORT} + STARHUB_INNER_BASE_URL: http://csghub_server:8080 + LOGIN_URL: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT}/login/oauth/authorize?client_id=d554744494d93c21a6ab&response_type=code&redirect_uri=http://${SERVER_DOMAIN}:${SERVER_PORT}/api/v1/callback/casdoor&scope=read&state=casdoor + SIGNUP_URL: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT}/signup/CSGHub + OIDC_IDENTIFIER: d554744494d93c21a6ab + OIDC_SECRET: 2d942276879382c66363ef6303e0d66d37e5d98d + OIDC_REDIRECT_URI: http://${SERVER_DOMAIN}:${SERVER_PORT}/oidc/callback + OIDC_AUTHORIZATION_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT}/login/oauth/authorize + OIDC_TOKEN_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT}/api/login/oauth/access_token + OIDC_USERINFO_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT}/api/userinfo + STARHUB_TOKEN: ${HUB_SERVER_API_TOKEN} + BUCKET_NAME: opencsg-portal-storage + ENDPOINT: http://${SERVER_DOMAIN}:9000 + ACCESS_ID: admin + ACCESS_SECRET: Password_123 + REGION: cn-beijing + ON_PREMISE: false + FORCE_PATH_STYLE: true + ports: + - "3000:3000" + networks: + - opencsg + depends_on: + - postgres + + csghub_server: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:v0.8.0 + depends_on: + - postgres + - gitea + environment: + STARHUB_SERVER_GITSERVER_URL: http://${SERVER_DOMAIN}:${SERVER_PORT}/gitserver + STARHUB_SERVER_FRONTEND_URL: http://${SERVER_DOMAIN}:${SERVER_PORT} + STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable + STARHUB_DATABASE_TIMEZONE: Asia/Shanghai + STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 + STARHUB_SERVER_GITSERVER_USERNAME: root + STARHUB_SERVER_GITSERVER_PASSWORD: password123 + STARHUB_SERVER_GITSERVER_WEBHOOK_URL: http://csghub_server:8080/api/v1/callback/git + GITEA_USERNAME: root + GITEA_PASSWORD: password123 + POSTGRES_USER: postgres + POSTGRES_PASSWORD: sdfa23Sh!322 + POSTGRES_DB: starhub_server + GIN_MODE: release + STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN} + STARHUB_SERVER_S3_ACCESS_KEY_ID: admin + STARHUB_SERVER_S3_ACCESS_KEY_SECRET: Password_123 + STARHUB_SERVER_S3_ENDPOINT: ${SERVER_DOMAIN}:9000 # used to generate download links for lfs files + STARHUB_SERVER_S3_BUCKET: opencsg-server-lfs + STARHUB_SERVER_S3_REGION: cn-beijing + STARHUB_SERVER_SPACE_BUILDER_ENDPOINT: http://space_builder:8080 + STARHUB_SERVER_SPACE_RUNNER_ENDPOINT: http://csghub_server_runner:8082 + STARHUB_SERVER_PUBLIC_ROOT_DOMAIN: ${SPACE_APP_EXTERNAL_DOMAIN}:${SERVER_PORT} #opencsg.public:80 + STARHUB_SERVER_INTERNAL_ROOT_DOMAIN: ${SPACE_APP_NS}.${SPACE_APP_INTERNAL_DOMAIN}:${SPACE_APP_INTERNAL_DOMAIN_PORT} #space.lwf.internal:30446 + STARHUB_SERVER_MODEL_DOWNLOAD_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_PORT} + STARHUB_SERVER_SAAS: false + STARHUB_SERVER_MIRRORSERVER_ENABLE : false + STARHUB_SERVER_CASDOOR_CLIENT_ID: d554744494d93c21a6ab + STARHUB_SERVER_CASDOOR_CLIENT_SECRET: 2d942276879382c66363ef6303e0d66d37e5d98d + STARHUB_SERVER_CASDOOR_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT} + STARHUB_SERVER_CASDOOR_CERTIFICATE: /starhub-bin/casdoor/token_jwt_key.pem + STARHUB_SERVER_CASDOOR_ORGANIZATION_NAME: OpenCSG + STARHUB_SERVER_CASDOOR_APPLICATION_NAME: CSGHub + STARHUB_JWT_SIGNING_KEY: e2kk6awudc3620ed9a + OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 + OPENCSG_ACCOUNTING_SERVER_HOST: http://account_server + OPENCSG_ACCOUNTING_SERVER_PORT: 8086 + OPENCSG_USER_SERVER_HOST: http://user_server + OPENCSG_USER_SERVER_PORT: 8088 + ports: + - "8080:8080" + restart: always + networks: + - opencsg + volumes: + - ./gitlog:/starhub-bin/logs:r + + csghub_server_runner: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:v0.8.0 + entrypoint: + - /starhub-bin/starhub + - deploy + - runner + environment: + STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable + STARHUB_DATABASE_TIMEZONE: Asia/Shanghai + STARHUB_SERVER_DOCKER_REG_BASE: ${DOCKER_REGISTRY_SERVER}/${DOCKER_REGISTRY_NS}/ + STARHUB_SERVER_INTERNAL_ROOT_DOMAIN: ${SPACE_APP_NS}.${SPACE_APP_INTERNAL_DOMAIN}:${SPACE_APP_INTERNAL_DOMAIN_PORT} + STARHUB_SERVER_DOCKER_IMAGE_PULL_SECRET: ${DOCKER_REGISTRY_SECRET} #space-registry-credential + ports: + - "8082:8082" + restart: always + networks: + - opencsg + dns: + - "172.25.0.25" + volumes: + - ./.kube:/root/.kube:r + + csghub_server_proxy: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:v0.8.0 + entrypoint: + - /starhub-bin/starhub + - start + - rproxy + environment: + STARHUB_SERVER_SPACE_SESSION_SECRET_KEY: c8f771f2a178089b99172cbbd7e3b01d + STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable + STARHUB_DATABASE_TIMEZONE: Asia/Shanghai + STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 + STARHUB_SERVER_GITSERVER_URL: http://gitea:3001 + STARHUB_SERVER_GITSERVER_USERNAME: root + STARHUB_SERVER_GITSERVER_PASSWORD: password123 + STARHUB_SERVER_GITSERVER_WEBHOOK_URL: http://csghub_server:8080/api/v1/callback/git + STARHUB_SERVER_INTERNAL_ROOT_DOMAIN: ${SPACE_APP_NS}.${SPACE_APP_INTERNAL_DOMAIN}:${SPACE_APP_INTERNAL_DOMAIN_PORT} + STARHUB_SERVER_SAAS: false + STARHUB_SERVER_MIRRORSERVER_ENABLE : false + STARHUB_JWT_SIGNING_KEY: e2kk6awudc3620ed9a + ports: + - "8083:8083" + networks: + - opencsg + dns: + - "172.25.0.25" + restart: always + + space_builder: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub-space-builder:v0.8.0 + environment: + - REDIS_ENDPOINT=redis:6379 + - SPACE_DATA_PATH=/opt/data + - DOCKER_HOST=${SPACE_BUILDER_SERVER} + - REGISTRY_ADDRESS=${DOCKER_REGISTRY_SERVER} + - REGISTRY_USERNAME=${DOCKER_REGISTRY_USERNAME} + - REGISTRY_PASSWORD=${DOCKER_REGISTRY_PASSWD} + - REGISTRY_NAMESPACE=${DOCKER_REGISTRY_NS} #opencsg_space + ports: + - "8085:8080" + restart: always + networks: + - opencsg + volumes: + - ./space_data:/opt/data:rw + + gitea: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_git:v0.7.0 + depends_on: + - postgres + environment: + - GITEA_ROOT_URL=http://${SERVER_DOMAIN}:${SERVER_PORT}/gitserver + - GITEA_DOMAIN=${SERVER_DOMAIN}:${SERVER_PORT}/gitserver + - GITEA_SSH_DOMAIN=${SERVER_DOMAIN} + - GITEA_HTTP_PORT=3001 + - GITEA_SSH_LISTEN_PORT=2222 + - GITEA_ADMIN_USER=root + - GITEA_ADMIN_PASSWORD=password123 + - GITEA_ADMIN_EMAIL=root@opencsg.com + - GITEA_DATABASE_TYPE=postgres + - GITEA_DATABASE_HOST=postgres + - GITEA_DATABASE_PORT_NUMBER=5432 + - GITEA_DATABASE_NAME=gitea + - GITEA_DATABASE_USERNAME=postgres + - GITEA_DATABASE_PASSWORD=sdfa23Sh!322 + - GITEA_DATABASE_SSL_MODE=disable + - GITEA_APP_NAME=git + - GITEA_SMTP_ENABLED=false + - BITNAMI_DEBUG=true + - GITEA_LFS_START_SERVER=true + - GITEA_LFS_ROOT_PATH=/opt/bitnami/gitea/data/lfs + - GITEA_LFS_STORAGE_TYPE=minio + - GITEA_LFS_MINIO_ACCESS_KEY_ID=admin + - GITEA_LFS_MINIO_SECRET_ACCESS_KEY=Password_123 + - GITEA_LFS_MINIO_ENDPOINT=minio:9000 + - GITEA_LFS_MINIO_BUCKET=opencsg-server-lfs + - GITEA_LFS_MINIO_LOCATION=cn-beijing + - GITEA_LFS_MINIO_USE_SSL=false + - GITEA_SERVICE_DEFAULT_ALLOW_CREATE_ORGANIZATION=true + - GITEA_SERVICE_DISABLE_REGISTRATION=false + - GITEA_LOG_MODE=file + - GITEA_LOG_ROOT_PATH=/bitnami/logs + ports: + - "3001:3001" + - "2222:2222" + healthcheck: + test: curl -fSs 127.0.0.1:3001/api/healthz || exit 1 + interval: 5s + timeout: 10s + retries: 3 + networks: + - opencsg + privileged: true + restart: always + volumes: + - ./gitdata:/bitnami/gitea + - ./gitlog:/bitnami/logs + + minio: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/bitnami/minio:2023 + ports: + - "9000:9000" # api + - "9001:9001" # console + environment: + MINIO_ROOT_USER: admin + MINIO_ROOT_PASSWORD: Password_123 + MINIO_DEFAULT_BUCKETS: opencsg-server-lfs:public,opencsg-portal-storage:public + MINIO_SCHEME: http + volumes: + - minio_data:/bitnami/minio/data + networks: + - opencsg + + natsmaster: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_nats:2.10.16 + ports: + - "4222:4222" # api + - "6222:6222" # cluster + - "8222:8222" # monitor + restart: always + volumes: + - ./nats/nats-server.conf:/nats-server.conf + - ./nats/jetstream:/data/jetstream + networks: + - opencsg + + account_server: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:v0.8.0 + entrypoint: + - /starhub-bin/starhub + - accounting + - launch + depends_on: + - natsmaster + environment: + STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN} + STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable + OPENCSG_ACCOUNTING_SERVER_PORT: 8086 + OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 + OPENCSG_ACCOUNTING_FEE_EVENT_SUBJECT: "accounting.fee.>" + OPENCSG_ACCOUNTING_NOTIFY_NOBALANCE_SUBJECT: "accounting.notify.nobalance" + OPENCSG_ACCOUNTING_MSG_FETCH_TIMEOUTINSEC: 5 + OPENCSG_ACCOUNTING_CHARGING_ENABLE: true + GIN_MODE: release + ports: + - "8086:8086" + restart: always + networks: + - opencsg + + user_server: + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server:v0.8.0 + entrypoint: + - /starhub-bin/starhub + - user + - launch + depends_on: + - gitea + environment: + STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN} + STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable + STARHUB_DATABASE_TIMEZONE: Asia/Shanghai + POSTGRES_USER: postgres + POSTGRES_PASSWORD: sdfa23Sh!322 + POSTGRES_DB: starhub_server + STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 + STARHUB_SERVER_GITSERVER_USERNAME: root + STARHUB_SERVER_GITSERVER_PASSWORD: password123 + STARHUB_SERVER_CASDOOR_CLIENT_ID: d554744494d93c21a6ab + STARHUB_SERVER_CASDOOR_CLIENT_SECRET: 2d942276879382c66363ef6303e0d66d37e5d98d + STARHUB_SERVER_CASDOOR_ENDPOINT: http://${SERVER_DOMAIN}:${SERVER_CASDOOR_PORT} + STARHUB_SERVER_CASDOOR_CERTIFICATE: /starhub-bin/casdoor/token_jwt_key.pem + STARHUB_SERVER_CASDOOR_ORGANIZATION_NAME: OpenCSG + STARHUB_SERVER_CASDOOR_APPLICATION_NAME: CSGHub + STARHUB_JWT_SIGNING_KEY: e2kk6awudc3620ed9a + OPENCSG_USER_SERVER_PORT: 8088 + OPENCSG_USER_SERVER_SIGNIN_SUCCESS_REDIRECT_URL: http://${SERVER_DOMAIN}:${SERVER_PORT}/server/callback + ports: + - "8088:8088" + networks: + - opencsg + volumes: + - ./casdoor:/starhub-bin/casdoor:r + + casdoor: + restart: always + image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/casbin/casdoor:v1.571.0 + ports: + - "8087:8000" + depends_on: + - postgres + networks: + - opencsg + environment: + RUNNING_IN_DOCKER: "true" + volumes: + - ./casdoor/conf:/conf/ + + +networks: + opencsg: + ipam: + driver: default + config: + - subnet: "172.25.0.0/16" + +volumes: + redis: + driver: local + minio_data: + driver: local + pgdata: + driver: local + registry: + driver: local \ No newline at end of file diff --git a/script/all_in_one/nats/nats-server.conf b/deploy/all_in_one/nats/nats-server.conf similarity index 100% rename from script/all_in_one/nats/nats-server.conf rename to deploy/all_in_one/nats/nats-server.conf diff --git a/script/all_in_one/nginx/nginx.conf b/deploy/all_in_one/nginx/nginx.conf similarity index 76% rename from script/all_in_one/nginx/nginx.conf rename to deploy/all_in_one/nginx/nginx.conf index 7123c3e54..48d2aac18 100644 --- a/script/all_in_one/nginx/nginx.conf +++ b/deploy/all_in_one/nginx/nginx.conf @@ -87,31 +87,35 @@ http { proxy_redirect off; proxy_http_version 1.1; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } server { - listen 80; - server_name _CSGHUB_DOMAINNAME; + listen _CSGHUB_DOMAINPORT; + server_name _CSGHUB_DOMAINNAME; - # open gitea console - location /gitserver/ { - proxy_pass http://gitea:3001/; + # open gitea console + location /gitserver/ { + proxy_pass http://gitea:3001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; - } + } - location / { + location / { proxy_pass http://csghub_portal:3000; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Host $server_name:_CSGHUB_DOMAINPORT; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } - location /api/ { + location /api/ { proxy_pass http://csghub_server:8080/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -129,7 +133,7 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # used for git operations + # used for git operations location ~ ^/*datasets/(.*)\.git/(info|git-upload-pack|git-receive-pack|HEAD|objects)(.*)$ { rewrite ^/*datasets/(.*)\.git/(info|git-upload-pack|git-receive-pack|HEAD|objects)(.*)$ /datasets_$1.git/$2$3 break; proxy_pass http://gitea:3001; @@ -165,7 +169,50 @@ http { error_page 500 502 503 504 /50x.html; location = /50x.html { - root /usr/share/nginx/html; + root /usr/share/nginx/html; } } -} + + + server { + listen 31001; + server_name _CSGHUB_DOMAINNAME; + + location / { + proxy_pass http://casdoor:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + + + server { + listen _CSGHUB_DOMAINPORT; + server_name *._CSGHUB_SPACE_EXTERNAL_DOMAINNAME; + + location / { + proxy_pass http://csghub_server_proxy:8083; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } +} \ No newline at end of file diff --git a/script/all_in_one/startup.sh b/deploy/all_in_one/startup.sh similarity index 73% rename from script/all_in_one/startup.sh rename to deploy/all_in_one/startup.sh index fddbee241..a264786f8 100644 --- a/script/all_in_one/startup.sh +++ b/deploy/all_in_one/startup.sh @@ -24,12 +24,13 @@ function initialCheck(){ function checkOS(){ arch_info=`arch` if [[ $arch_info != "x86_64" && $arch_info != "amd64" ]]; then - echo "Current OS arch is $arch_info, Only x86_64 and amd64 are supported!" + echo "Current OS arch is $arch_info, Only x86_64 and amd64 are supported!" exit 1 fi } nginx_conf=${CURRENT_DIR}/nginx/nginx.conf +casdoor_init_data_conf=${CURRENT_DIR}/casdoor/conf/init_data.json ## check for root, OS etc.. initialCheck @@ -40,9 +41,16 @@ if [[ $? -ne 0 ]]; then exit 1 fi -echo "1. replace domain name in nginx.conf" +echo "1. replace domain name and space external domane name in nginx.conf" echo "the configured domain name is ${SERVER_DOMAIN}" +echo "the configured domain name is ${SPACE_APP_EXTERNAL_DOMAIN}" sed -i "s/_CSGHUB_DOMAINNAME/${SERVER_DOMAIN}/g" ${nginx_conf} +sed -i "s/_CSGHUB_DOMAINPORT/${SERVER_PORT}/g" ${nginx_conf} +sed -i "s/_CSGHUB_SPACE_EXTERNAL_DOMAINNAME/${SPACE_APP_EXTERNAL_DOMAIN}/g" ${nginx_conf} + +echo "replace domain name and port in casdoor's init_data.json" +sed -i "s/_CSGHUB_DOMAINNAME/${SERVER_DOMAIN}/g" ${casdoor_init_data_conf} +sed -i "s/_CSGHUB_DOMAINPORT/${SERVER_PORT}/g" ${casdoor_init_data_conf} echo "2. prepare and check mounted folder" gitdata_folder=${CURRENT_DIR}/gitdata diff --git a/docs/all_in_one_readme_en.md b/docs/all_in_one_readme_en.md index 5a146d9d5..a7e1baff7 100644 --- a/docs/all_in_one_readme_en.md +++ b/docs/all_in_one_readme_en.md @@ -8,9 +8,15 @@ This script enables the one-click deployment of an all-in-one CSGHub instance, i * postgresql * git-server * minio +* casdoor +* account server +* user server +* space builder +* registry + **Notice:** -Starting from CSGHhub v0.4.0, the space function is supported. Since it requires addtional Kubernetes and services, the All-in-one deployment here `does not include the construction and deployment of space`. +CSGHhub v0.4.0 supports the space function, and v0.7.0 supports model fine-tuning, inference. Space, model fine-tuning and inference all require Kubernetes and other related environments and configurations, since Kubernetes is not included here, the All-in-one deployment here `does not include space, model fine-tuning and inference functions`. ### Prerequisites * Hardware @@ -28,11 +34,13 @@ Docker Engine (>=5:20.10.24) ### Usage 1. Navigate to the `all_in_one` directory. 2. Edit the `.env` file and set `SERVER_DOMAIN` to the current host's IP address or domain name. DO NOT use `127.0.0.1` or `localhost`. +3. the space and registry related configurations in .env can be ignored without Kubernetes cluster. 3. Run the `startup.sh` script. Once all services are started, you can visit the self-deployed CSGHub service at `http://[SERVER_DOMAIN]`. ### Notes 1. Self-deployed CSGHub uses local-type Docker volumes for persistence, such as for PostgreSQL and Minio. Ensure that Docker local volumes have sufficient disk space. 1. Ensure that the external port `2222` of the host is accessible, as Git operations via the SSH protocol depend on it. +1. Make sure the host's external port 31001 is accessible, which is used by the casdoor service for user registration and login. 1. The Minio console can be visited through the port `9001`. If Minio console is not required, this port can be closed. 1. By default, only HTTP protocol is supported for CSGHub services. If HTTPS is required, configure it accordingly. 1. Do not arbitrarily modify or delete the `gitdata` and `gitlog` folders. These are runtime folders mounted into relevant container services, and the owner of these folders must be `1001`. Changing file owner or deleting these directories will result in startup errors. diff --git a/docs/readme_cn.md b/docs/readme_cn.md index b5e36f0bd..9e27b46fd 100644 --- a/docs/readme_cn.md +++ b/docs/readme_cn.md @@ -71,37 +71,7 @@ CSGHub由Portal和Server两部分服务组成,本项目代码部分对应CSGHu ### 快速使用 -【适合高速访问github和dockerhub用户】可使用如下命令快速部署一个CSBHub实例(包含Portal、Server和完整的其他依赖组件)到本地环境。 -```shell -# 请将[IP Address]替换为您的内网IP地址 -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one.yml -o all-in-one.yml -docker compose -f all-in-one.yml up -d -``` - -【适合访问dockerhub慢/异常的用户】中国国内用户可选择使用阿里云容器镜像版本的部署脚本,以加快镜像下载和服务启动,完整命令如下: -```shell -# 请将[IP Address]替换为您的内网IP地址 -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` -【适合访问github和dockerhub慢/异常的用户】如果遇到Github网络连接和下载问题,你可以选择从阿里云对象存储中下载一键部署脚本: -```shell -# 请将[IP Address]替换为您的内网IP地址 -export SERVER_DOMAIN=[IP Address] -curl -L https://opencsg-public-resource.oss-cn-beijing.aliyuncs.com/csghub/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` - -部署完毕后,就可以在浏览器上通过`http://[IP Address]`访问到新部署的CSGHub实例; -实例启动后,您可以使用初始管理员账号:admin001/admin001,详细用户文档可参看[使用文档](https://opencsg.com/docs/) - -**快速安装注意事项:** -* `SERVER_DOMAIN` ([IP Address])为目标主机的IP地址或者域名,请不要使用`127.0.0.1`或者`localhost`。 -* 当前发布的服务镜像仅支持x86_64架构,已测试Linux/Windows和Mac环境,Mac Silicon架构环境需要开启Docker Desktop的[Rosetta for x86/AMD64 emulation](https://docs.docker.com/desktop/settings/mac/#general)。 -* **请注意:快速安装仅适用于试用测试,不能支持服务级部署。** 使用该all-in-one脚本启动过的实例无法有效持久化用户数据。服务启动后,使用`docker compose up`命令重新加载服务会出现错误,此时可以选择使用`docker compose down -v`命令彻底清除实例再重新启动。请务必参照[完整一键部署指南](/script/all_in_one/README.md)进行服务部署。 -* **请注意:快速安装不包含space部署相关功能。** 从CSGHhub v0.4.0开始支持了space功能,由于space的构建部署需要Kubernetes以及其他相关环境和配置,请参考该[完整部署文档](/docs/full_deployment_cn.md)进行完全版功能部署。 +请参考[部署帮助文档](/deploy/all_in_one/README.md)部署一个基本功能的VSGHub实例. ### 详细技术文档 - [开发环境搭建](/docs/setup.md) diff --git a/docs/readme_en.md b/docs/readme_en.md index d9f4440c3..7a3449326 100644 --- a/docs/readme_en.md +++ b/docs/readme_en.md @@ -74,40 +74,7 @@ If you want to dive deep into CSGHub Server detail or wish to integrate the Serv ### QUICK START -You can quickly deploy a CSGHub instance with portal/server and all other relevant dependencies to your environment using the following commands: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one.yml -o all-in-one.yml -docker compose -f all-in-one.yml up -d -``` - -if you are in China or you meet dockerhub network connection issue, you can try our aliyun docker registry alternative version with below: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://raw.githubusercontent.com/OpenCSGs/csghub/main/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` - -or if you still meet Github network connection issue, you can try this one: -```shell -# please replace [IP Address] with your own LAN/WLAN ip address -export SERVER_DOMAIN=[IP Address] -curl -L https://opencsg-public-resource.oss-cn-beijing.aliyuncs.com/csghub/all-in-one-CN.yml -o all-in-one-CN.yml -docker compose -f all-in-one-CN.yml up -d -``` - -Then, you could visit `http://[IP Address]` with your web browser to access this new CSHub instance; you could try all feature with your -inital admin account: admin001/admin001 -You can check our website for more user guide information: [User Guide](https://opencsg.com/docs/) - -**Note:** - -* `SERVER_DOMAIN` ([IP Address]) should be the IP address or domain name of the target host. Please avoid using `127.0.0.1` or `localhost`. -* Released container images are for the x86_64 architecture only and have been tested on Linux/Windows and Mac environments. For Mac Silicon user, it is necessary to enable the [Rosetta for x86/AMD64 emulation Feature](https://docs.docker.com/desktop/settings/mac/#general) in your Docker Desktop. -* **WARNING: This quick start is only for trial testing and does not support production-level deployment.** The CSGHub instance that deployed with this all-in-one script do not effectively persist user data: When using the `docker compose up` command to reload the service, errors may occur. In this case, you can use the `docker compose down -v` to completely remove the instance before relaunch it. Please always follow the [Step-by-Step Deployment Guide](/script/all_in_one/README.md) for regular service deployment. -* **WARNING: The quick start does not include space application's deployment.** Starting from CSGHhub v0.4.0, the space function is supported. Since it still requires addtional Kubernetes and other services, please refer [Full Deployment Guide](/docs/full_deployment_en.md). +You can refer to [here](/deploy/all_in_one/README.md)quickly deploy a basic csghub instance. #### Tech docs in detail - [setup development env](/docs/setup_en.md) diff --git a/script/all_in_one/.env b/script/all_in_one/.env deleted file mode 100644 index 09d709986..000000000 --- a/script/all_in_one/.env +++ /dev/null @@ -1,7 +0,0 @@ -# Configurations - -## Service domain,ip address or domain name (Required) -SERVER_DOMAIN= - -### Default csghub server token. A 128-bit string consisting of numbers and lowercase letters. -HUB_SERVER_API_TOKEN=c7ab4948c36d6ecdf35fd4582def759ddd820f8899f5ff365ce16d7185cb2f609f3052e15681e931897259872391cbf46d78f4e75763a0a0633ef52abcdc840c diff --git a/script/all_in_one/docker-compose.yml b/script/all_in_one/docker-compose.yml deleted file mode 100644 index 54c2be431..000000000 --- a/script/all_in_one/docker-compose.yml +++ /dev/null @@ -1,219 +0,0 @@ -version: '2.4' - -services: - nginx: - image: nginx:latest - ports: - - 80:80 - volumes: - - ./nginx/nginx.conf:/etc/nginx/nginx.conf - - ./nginx/logs:/var/log/nginx - - ./nginx/tmpdata:/var/nginx/client_body_temp - privileged: true - networks: - - opencsg - restart: always - - postgres: - image: gradescope/postgresql-multiple-databases:14.4 - environment: - POSTGRES_USER: "postgres" - POSTGRES_PASSWORD: "sdfa23Sh!322" - POSTGRES_MULTIPLE_DATABASES: "starhub_server,gitea" - ports: - - "5433:5432" - networks: - - opencsg - healthcheck: - test: pg_isready -U postgres -h 127.0.0.1 - interval: 5s - volumes: - - pgdata:/var/lib/postgresql/data - - csghub_portal: - image: opencsg/csghub-portal:latest - restart: always - command: > - bash -c "bundle exec rails assets:precompile - && bundle exec rails db:create - && bundle exec rails db:migrate - && bundle exec rails db:seed - && bundle exec rails s -p 3000 -b '0.0.0.0'" - volumes: - - ./log:/myapp/log - environment: - DATABASE_URL: postgresql://postgres:sdfa23Sh!322@postgres:5432/open_portal_db - ASSET_HOST: http://127.0.0.1:3000 - RAILS_MASTER_KEY: 64f15f995b044427e43fe4897370fd66 - RAILS_SERVE_STATIC_FILES: 'false' - STARHUB_BASE_URL: http://${SERVER_DOMAIN} - STARHUB_TOKEN: ${HUB_SERVER_API_TOKEN} - BUCKET_NAME: opencsg-portal-storage - ENDPOINT: http://${SERVER_DOMAIN}:9000 - ACCESS_ID: admin - ACCESS_SECRET: Password_123 - REGION: cn-beijing - ON_PREMISE: true - FORCE_PATH_STYLE: true - ports: - - "3000:3000" - networks: - - opencsg - depends_on: - - postgres - - csghub_server: - image: opencsg/csghub-server:latest - depends_on: - - postgres - - gitea - environment: - STARHUB_SERVER_GITSERVER_URL: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_FRONTEND_URL: http://${SERVER_DOMAIN} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - STARHUB_DATABASE_TIMEZONE: Asia/Shanghai - STARHUB_SERVER_GITSERVER_HOST: http://gitea:3001 - STARHUB_SERVER_GITSERVER_USERNAME: root - STARHUB_SERVER_GITSERVER_PASSWORD: password123 - STARHUB_SERVER_GITSERVER_WEBHOOK_URL: http://csghub_server:8080/api/v1/callback/git - GITEA_USERNAME: root - GITEA_PASSWORD: password123 - POSTGRES_USER: postgres - POSTGRES_PASSWORD: sdfa23Sh!322 - POSTGRES_DB: starhub_server - GIN_MODE: release - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN} - STARHUB_SERVER_S3_ACCESS_KEY_ID: admin - STARHUB_SERVER_S3_ACCESS_KEY_SECRET: Password_123 - STARHUB_SERVER_S3_ENDPOINT: minio:9000 # used to generate download links for lfs files - STARHUB_SERVER_S3_BUCKET: opencsg-server-lfs - STARHUB_SERVER_S3_REGION: cn-beijing - STARHUB_SERVER_MIRRORSERVER_TYPE: gitea - STARHUB_SERVER_MIRRORSERVER_HOST: http://${SERVER_DOMAIN}/gitserver - STARHUB_SERVER_MIRRORSERVER_USERNAME: root - STARHUB_SERVER_MIRRORSERVER_PASSWORD: password123 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_SERVER_HOST: http://account_server - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - ports: - - "8080:8080" - restart: always - networks: - - opencsg - volumes: - - ./gitlog:/starhub-bin/logs:r - - - gitea: - image: opencsg/csghub-git:latest - depends_on: - - postgres - environment: - - GITEA_ROOT_URL=http://${SERVER_DOMAIN}/gitserver - - GITEA_DOMAIN=${SERVER_DOMAIN}/gitserver - - GITEA_SSH_DOMAIN=${SERVER_DOMAIN} - - GITEA_HTTP_PORT=3001 - - GITEA_SSH_LISTEN_PORT=2222 - - GITEA_ADMIN_USER=root - - GITEA_ADMIN_PASSWORD=password123 - - GITEA_ADMIN_EMAIL=root@opencsg.com - - GITEA_DATABASE_TYPE=postgres - - GITEA_DATABASE_HOST=postgres - - GITEA_DATABASE_PORT_NUMBER=5432 - - GITEA_DATABASE_NAME=gitea - - GITEA_DATABASE_USERNAME=postgres - - GITEA_DATABASE_PASSWORD=sdfa23Sh!322 - - GITEA_DATABASE_SSL_MODE=disable - - GITEA_APP_NAME=git - - GITEA_SMTP_ENABLED=false - - BITNAMI_DEBUG=true - - GITEA_LFS_START_SERVER=true - - GITEA_LFS_ROOT_PATH=/opt/bitnami/gitea/data/lfs - - GITEA_LFS_STORAGE_TYPE=minio - - GITEA_LFS_MINIO_ACCESS_KEY_ID=admin - - GITEA_LFS_MINIO_SECRET_ACCESS_KEY=Password_123 - - GITEA_LFS_MINIO_ENDPOINT=minio:9000 - - GITEA_LFS_MINIO_BUCKET=opencsg-server-lfs - - GITEA_LFS_MINIO_LOCATION=cn-beijing - - GITEA_LFS_MINIO_USE_SSL=false - - GITEA_SERVICE_DEFAULT_ALLOW_CREATE_ORGANIZATION=true - - GITEA_SERVICE_DISABLE_REGISTRATION=false - - GITEA_LOG_MODE=file - - GITEA_LOG_ROOT_PATH=/bitnami/logs - ports: - - "3001:3001" - - "2222:2222" - healthcheck: - test: curl -fSs 127.0.0.1:3001/api/healthz || exit 1 - interval: 5s - timeout: 10s - retries: 3 - networks: - - opencsg - privileged: true - restart: always - volumes: - - ./gitdata:/bitnami/gitea - - ./gitlog:/bitnami/logs - - minio: - image: bitnami/minio:2023 - ports: - - "9000:9000" # api - - "9001:9001" # console - environment: - MINIO_ROOT_USER: admin - MINIO_ROOT_PASSWORD: Password_123 - MINIO_DEFAULT_BUCKETS: opencsg-server-lfs:public,opencsg-portal-storage:public - MINIO_SCHEME: http - volumes: - - minio_data:/bitnami/minio/data - networks: - - opencsg - - natsmaster: - image: nats:2.10.16 - ports: - - "4222:4222" # api - - "6222:6222" # cluster - - "8222:8222" # monitor - restart: always - volumes: - - ./nats/nats-server.conf:/nats-server.conf - - ./nats/jetstream:/data/jetstream - networks: - - opencsg - - account_server: - image: opencsg/csghub-server:latest - entrypoint: - - /starhub-bin/starhub - - accounting - - launch - depends_on: - - natsmaster - environment: - STARHUB_SERVER_API_TOKEN: ${HUB_SERVER_API_TOKEN} - STARHUB_DATABASE_DSN: postgresql://postgres:sdfa23Sh!322@postgres:5432/starhub_server?sslmode=disable - OPENCSG_ACCOUNTING_SERVER_PORT: 8086 - OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222 - OPENCSG_ACCOUNTING_FEE_EVENT_SUBJECT: "accounting.fee.>" - OPENCSG_ACCOUNTING_NOTIFY_NOBALANCE_SUBJECT: "accounting.notify.nobalance" - OPENCSG_ACCOUNTING_MSG_FETCH_TIMEOUTINSEC: 5 - OPENCSG_ACCOUNTING_CHARGING_ENABLE: true - GIN_MODE: release - ports: - - "8086:8086" - restart: always - networks: - - opencsg - -networks: - opencsg: - driver: bridge - -volumes: - minio_data: - driver: local - pgdata: - driver: local