security: fix docker-compose security vulnerabilities - Remove exposed PostgreSQL/Qdrant/Ollama ports - Use env vars for DB credentials
This commit is contained in:
MerCry
parent
dd1c6aba14
commit
b8b27cef21
|
|
@ -1,6 +1,10 @@
|
||||||
# AI Service Environment Variables
|
# AI Service Environment Variables
|
||||||
# Copy this file to .env and modify as needed
|
# Copy this file to .env and modify as needed
|
||||||
|
|
||||||
|
# Database Configuration (IMPORTANT: Use strong passwords!)
|
||||||
|
DB_USER=postgres
|
||||||
|
DB_PASSWORD=your-strong-password-here
|
||||||
|
|
||||||
# LLM Configuration (OpenAI)
|
# LLM Configuration (OpenAI)
|
||||||
AI_SERVICE_LLM_PROVIDER=openai
|
AI_SERVICE_LLM_PROVIDER=openai
|
||||||
AI_SERVICE_LLM_API_KEY=your-api-key-here
|
AI_SERVICE_LLM_API_KEY=your-api-key-here
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- AI_SERVICE_DEBUG=false
|
- AI_SERVICE_DEBUG=false
|
||||||
- AI_SERVICE_LOG_LEVEL=INFO
|
- AI_SERVICE_LOG_LEVEL=INFO
|
||||||
- AI_SERVICE_DATABASE_URL=postgresql+asyncpg://postgres:postgres@postgres:5432/ai_service
|
- AI_SERVICE_DATABASE_URL=postgresql+asyncpg://${DB_USER:-postgres}:${DB_PASSWORD}@postgres:5432/ai_service
|
||||||
- AI_SERVICE_QDRANT_URL=http://qdrant:6333
|
- AI_SERVICE_QDRANT_URL=http://qdrant:6333
|
||||||
- AI_SERVICE_LLM_PROVIDER=${AI_SERVICE_LLM_PROVIDER:-openai}
|
- AI_SERVICE_LLM_PROVIDER=${AI_SERVICE_LLM_PROVIDER:-openai}
|
||||||
- AI_SERVICE_LLM_API_KEY=${AI_SERVICE_LLM_API_KEY:-}
|
- AI_SERVICE_LLM_API_KEY=${AI_SERVICE_LLM_API_KEY:-}
|
||||||
|
|
@ -54,18 +54,16 @@ services:
|
||||||
container_name: ai-postgres
|
container_name: ai-postgres
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=postgres
|
- POSTGRES_USER=${DB_USER:-postgres}
|
||||||
- POSTGRES_PASSWORD=postgres
|
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||||
- POSTGRES_DB=ai_service
|
- POSTGRES_DB=ai_service
|
||||||
volumes:
|
volumes:
|
||||||
- postgres_data:/var/lib/postgresql/data
|
- postgres_data:/var/lib/postgresql/data
|
||||||
- ./ai-service/scripts/init_db.sql:/docker-entrypoint-initdb.d/init_db.sql:ro
|
- ./ai-service/scripts/init_db.sql:/docker-entrypoint-initdb.d/init_db.sql:ro
|
||||||
ports:
|
|
||||||
- "5432:5432"
|
|
||||||
networks:
|
networks:
|
||||||
- ai-network
|
- ai-network
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "pg_isready -U postgres -d ai_service"]
|
test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-postgres} -d ai_service"]
|
||||||
interval: 10s
|
interval: 10s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|
@ -74,9 +72,6 @@ services:
|
||||||
image: qdrant/qdrant:latest
|
image: qdrant/qdrant:latest
|
||||||
container_name: ai-qdrant
|
container_name: ai-qdrant
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
|
||||||
- "6333:6333"
|
|
||||||
- "6334:6334"
|
|
||||||
volumes:
|
volumes:
|
||||||
- qdrant_data:/qdrant/storage
|
- qdrant_data:/qdrant/storage
|
||||||
networks:
|
networks:
|
||||||
|
|
@ -86,8 +81,6 @@ services:
|
||||||
image: ollama/ollama:latest
|
image: ollama/ollama:latest
|
||||||
container_name: ai-ollama
|
container_name: ai-ollama
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
|
||||||
- "11434:11434"
|
|
||||||
volumes:
|
volumes:
|
||||||
- ollama_data:/root/.ollama
|
- ollama_data:/root/.ollama
|
||||||
networks:
|
networks:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue