Docker Compose 部署
Docker Compose 让你能够通过一个配置文件定义和运行多容器应用。
创建项目目录
Section titled “创建项目目录”mkdir pocketbase-dockercd pocketbase-dockerdocker-compose.yml
Section titled “docker-compose.yml”version: "3.8"
services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest container_name: pocketbase restart: unless-stopped ports: - "8090:8090" volumes: - ./pb_data:/pb_data - ./pb_migrations:/pb_migrations - ./pb_hooks:/pb_hooks environment: - POCKETBASE_ENCRYPTION_ENV=your_encryption_key_here healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8090/api/health"] interval: 30s timeout: 10s retries: 3 start_period: 40sdocker-compose up -d完整配置(含 Nginx)
Section titled “完整配置(含 Nginx)”pocketbase-docker/├── docker-compose.yml├── .env├── nginx/│ ├── nginx.conf│ └── ssl/├── pb_data/├── pb_migrations/└── pb_hooks/docker-compose.yml
Section titled “docker-compose.yml”version: "3.8"
services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest container_name: pocketbase restart: unless-stopped expose: - "8090" volumes: - ./pb_data:/pb_data - ./pb_migrations:/pb_migrations - ./pb_hooks:/pb_hooks environment: - POCKETBASE_ENCRYPTION_ENV=${ENCRYPTION_KEY} - TZ=Asia/Shanghai networks: - pocketbase-network healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8090/api/health"] interval: 30s timeout: 10s retries: 3
nginx: image: nginx:alpine container_name: pocketbase-nginx restart: unless-stopped ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/ssl:/etc/nginx/ssl:ro - ./nginx/logs:/var/log/nginx depends_on: pocketbase: condition: service_healthy networks: - pocketbase-network
networks: pocketbase-network: driver: bridge.env 文件
Section titled “.env 文件”# 生成加密密钥ENCRYPTION_KEY=$(openssl rand -base64 32)
ENCRYPTION_KEY=your_generated_encryption_key_hereDOMAIN=your-domain.comnginx/nginx.conf
Section titled “nginx/nginx.conf”events { worker_connections 1024;}
http { upstream pocketbase { server pocketbase:8090; }
# 限制上传大小 client_max_body_size 10M;
# HTTP 重定向 server { listen 80; server_name _; return 301 https://$host$request_uri; }
# HTTPS server { listen 443 ssl http2; server_name _;
# SSL 证书(使用 Certbot) ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# SSL 配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
# 安全头部 add_header Strict-Transport-Security "max-age=31536000" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always;
location / { proxy_pass http://pocketbase; proxy_http_version 1.1;
# WebSocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
# 标准 headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }}SSL 证书配置
Section titled “SSL 证书配置”使用 Certbot
Section titled “使用 Certbot”# 获取证书docker run --rm -it \ -v ./nginx/ssl:/etc/letsencrypt \ -v ./nginx/logs:/var/log/letsencrypt \ -p 80:80 \ certbot/certbot certonly --standalone \ -d your-domain.com
# 续期docker run --rm \ -v ./nginx/ssl:/etc/letsencrypt \ -v ./nginx/logs:/var/log/letsencrypt \ -p 80:80 \ certbot/certbot renew# 添加到 docker-compose.ymlcertbot-renew: image: certbot/certbot container_name: certbot-renew volumes: - ./nginx/ssl:/etc/letsencrypt - ./nginx/logs:/var/log/letsencrypt entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" networks: - pocketbase-network对象存储配置
Section titled “对象存储配置”添加 S3 存储
Section titled “添加 S3 存储”services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest environment: - S3_ENDPOINT=${S3_ENDPOINT} - S3_ACCESS_KEY=${S3_ACCESS_KEY} - S3_SECRET_KEY=${S3_SECRET_KEY} - S3_BUCKET=${S3_BUCKET} - S3_REGION=${S3_REGION}使用 MinIO(本地 S3)
Section titled “使用 MinIO(本地 S3)”version: "3.8"
services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest environment: - S3_ENDPOINT=http://minio:9000 - S3_ACCESS_KEY=minioadmin - S3_SECRET_KEY=minioadmin - S3_BUCKET=pocketbase - S3_REGION=us-east-1 depends_on: - minio
minio: image: minio/minio container_name: minio command: server /data --console-address ":9001" ports: - "9000:9000" - "9001:9001" volumes: - ./minio_data:/data environment: - MINIO_ROOT_USER=minioadmin - MINIO_ROOT_PASSWORD=minioadmin# 添加备份服务backup: image: alpine:latest container_name: pocketbase-backup volumes: - ./pb_data:/data - ./backups:/backups - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - TZ=Asia/Shanghai command: > sh -c " while true; do tar -czf /backups/pb_data_$$(date +%Y%m%d_%H%M%S).tar.gz -C /data . find /backups -name 'pb_data_*.tar.gz' -mtime +7 -delete sleep 86400 done " restart: unless-stopped定时备份到 S3
Section titled “定时备份到 S3”#!/bin/bashBACKUP_NAME="pb_data_$(date +%Y%m%d_%H%M%S).tar.gz"docker exec pocketbase tar -czf /tmp/${BACKUP_NAME} /pb_datadocker cp pocketbase:/tmp/${BACKUP_NAME} ./backups/aws s3 cp ./backups/${BACKUP_NAME} s3://your-bucket/backups/version: "3.8"
services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest ports: - "8090:8090" volumes: - ./pb_data:/pb_data - ./pb_migrations:/pb_migrations - ./pb_hooks:/pb_hooks environment: - GO_ENV=development启动开发环境
Section titled “启动开发环境”docker-compose -f docker-compose.dev.yml up -dversion: "3.8"
services: pocketbase: image: ghcr.io/muchenski/pocketbase:latest deploy: replicas: 2 resources: limits: cpus: "1" memory: 512M reservations: cpus: "0.5" memory: 256M environment: - GO_ENV=production logging: driver: "json-file" options: max-size: "10m" max-file: "3"启动生产环境
Section titled “启动生产环境”docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d# 查看所有日志docker-compose logs -f
# 查看特定服务日志docker-compose logs -f pocketbase
# 查看最近 100 行docker-compose logs --tail=100 pocketbase# 检查服务状态docker-compose ps
# 进入容器docker exec -it pocketbase shQ: 数据存储在哪里?
Section titled “Q: 数据存储在哪里?”数据存储在宿主机的 ./pb_data 目录,通过 volume 映射到容器内。
Q: 如何备份数据?
Section titled “Q: 如何备份数据?”# 停止服务docker-compose down
# 备份数据目录cp -r pb_data pb_data.backup
# 重启服务docker-compose up -dQ: 如何更新 PocketBase?
Section titled “Q: 如何更新 PocketBase?”# 拉取最新镜像docker-compose pull
# 重启服务docker-compose up -dQ: 如何修改端口?
Section titled “Q: 如何修改端口?”修改 docker-compose.yml 中的端口映射:
ports: - "9090:8090" # 宿主机 9090 映射到容器 8090Q: 如何设置自动重启?
Section titled “Q: 如何设置自动重启?”restart: unless-stopped # 除非手动停止,否则自动重启- 使用环境变量:敏感信息不要写在配置文件中
- 数据持久化:始终将 pb_data 映射到宿主机
- 日志管理:配置日志轮转,避免磁盘占满
- 健康检查:配置健康检查,自动重启异常容器
- 网络隔离:使用独立的网络,提高安全性
- 定期备份:设置自动备份任务
- 版本锁定:生产环境固定镜像版本
# 固定版本image: ghcr.io/muchenski/pocketbase:v0.22.0