Services/sass-admin-agent-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update docker-compose.yml

Browse Source
This commit is contained in:
ZF Sun
2025-11-28 13:54:41 +08:00
parent ad955403fb
commit 03bb1063ad
4 changed files with 128 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.env.example Normal file
View File

@@ -0,0 +1,16 @@
# 数据库连接配置
DB_HOST=host.docker.internal
DB_PORT=3306
DB_USER=your_database_username
DB_PASSWORD=your_database_password
DB_NAME=your_database_name
# API配置
ADMIN_API_KEY=sk-admin-xxxxxxxxxxxxxxxx
PORT=8080
# 注意:
# 1. 生产环境中请替换所有占位符为实际值
# 2. DB_HOST使用host.docker.internal可以让Docker容器连接到宿主机的MySQL
# 3. 确保MySQL用户权限允许从Docker容器访问
# 4. 敏感信息请勿提交到版本控制系统

95
DOCKER_MYSQL_CONNECTION.md Normal file
View File

@@ -0,0 +1,95 @@
# Docker容器连接宿主机MySQL数据库配置
## 问题描述
当Docker容器需要连接到宿主机上的MySQL数据库而MySQL的用户账号只允许`@localhost`访问时,需要进行特殊配置。
## 解决方案
### 1. 修改Docker Compose配置
`docker-compose.yml`文件中,将数据库主机地址修改为`host.docker.internal`这是Docker提供的特殊DNS名称可以解析到宿主机的IP地址。
```yaml
environment:
DB_HOST: host.docker.internal
DB_PORT: 3306
DB_USER: shop_mallnew
DB_PASSWORD: shop_mallnew
DB_NAME: huawei_shop_mallnew
```
### 2. 处理MySQL用户权限
由于MySQL用户账号默认只允许`@localhost`访问需要修改用户权限以允许Docker容器访问。
#### 解决方案1修改现有用户的host权限推荐用于测试环境
```sql
-- 登录到宿主机的MySQL
mysql -u root -p
-- 执行以下SQL语句
UPDATE mysql.user SET Host = '%' WHERE User = 'shop_mallnew' AND Host = 'localhost';
FLUSH PRIVILEGES;
```
#### 解决方案2创建新用户允许从任何IP连接
```sql
-- 登录到宿主机的MySQL
mysql -u root -p
-- 执行以下SQL语句
CREATE USER 'shop_mallnew'@'%' IDENTIFIED BY 'shop_mallnew';
GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'%';
FLUSH PRIVILEGES;
```
#### 解决方案3创建新用户仅允许从Docker容器IP范围连接推荐用于生产环境
```sql
-- 登录到宿主机的MySQL
mysql -u root -p
-- 执行以下SQL语句假设Docker容器IP范围为172.17.0.0/16
CREATE USER 'shop_mallnew'@'172.17.0.0/255.255.0.0' IDENTIFIED BY 'shop_mallnew';
GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'172.17.0.0/255.255.0.0';
FLUSH PRIVILEGES;
```
### 3. 启动Docker容器
```bash
docker-compose up -d
```
## 注意事项
1. **安全性考虑**:使用`%`作为host会允许从任何IP连接在生产环境中应限制为Docker容器的IP范围。
2. **端口映射**确保宿主机的MySQL服务监听在0.0.0.0而不仅仅是localhost以便外部连接。
3. **防火墙设置**确保宿主机的防火墙允许Docker容器访问MySQL端口默认3306
4. **MySQL版本兼容性**不同版本的MySQL可能有不同的权限管理方式请根据实际版本调整SQL语句。
5. **Windows系统**在Windows系统上`host.docker.internal`可能需要Docker Desktop 18.03+版本才能正常工作。
6. **Linux系统**在Linux系统上可能需要使用`--add-host=host.docker.internal:host-gateway`参数或修改`/etc/hosts`文件。
## 故障排查
1. **无法连接到数据库**
- 检查宿主机MySQL服务是否正在运行
- 检查MySQL配置是否允许远程连接
- 检查防火墙设置
- 检查用户权限是否正确配置
2. **连接被拒绝**
- 检查MySQL用户的host权限是否包含Docker容器的IP
- 检查MySQL服务是否监听在0.0.0.0
3. **权限错误**
- 检查用户是否有足够的权限访问指定的数据库
- 检查`FLUSH PRIVILEGES`是否已执行
## 相关文件
- `docker-compose.yml`Docker容器配置文件
- `update_mysql_user.sql`MySQL用户权限修改脚本
- `.env`:本地开发环境配置文件

32
docker-compose.yml
View File

@@ -2,44 +2,16 @@
version: '3.8' version: '3.8'
services: services:
# mysql:
# image: mysql:8.0
# container_name: saas-mysql
# restart: always
# environment:
# MYSQL_ROOT_PASSWORD: root_secure_password
# MYSQL_DATABASE: lucky_sass
# MYSQL_USER: saas_admin
# MYSQL_PASSWORD: saas_secure_password
# ports:
# - "3306:3306"
# volumes:
# - ./init_v2.0.sql:/docker-entrypoint-initdb.d/init.sql:ro
# - mysql_data:/var/lib/mysql
# command: --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
saas-admin-api: saas-admin-api:
build: . build: .
container_name: saas-admin-api container_name: saas-admin-api
restart: always restart: always
ports: ports:
- "8080:8080" - "8080:8080"
environment: env_file:
DB_HOST: mysql - .env
DB_PORT: 3306
DB_USER: saas_admin
DB_PASSWORD: saas_secure_password
DB_NAME: lucky_sass
ADMIN_API_KEY: sk-admin-xxxxxxxxxxxxxxxx
PORT: 8080
depends_on:
# - mysql
# 等待 MySQL 就绪(可选:使用 wait-for-it.sh 更健壮)
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"] test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
volumes:
mysql_data:

15
update_mysql_user.sql Normal file
View File

@@ -0,0 +1,15 @@
-- 解决方案1修改现有用户的host权限允许从任何IP连接
-- 注意这会允许从任何IP连接安全性较低建议仅在测试环境使用
UPDATE mysql.user SET Host = '%' WHERE User = 'shop_mallnew' AND Host = 'localhost';
FLUSH PRIVILEGES;
-- 或者解决方案2创建一个新用户允许从任何IP连接
-- CREATE USER 'shop_mallnew'@'%' IDENTIFIED BY 'shop_mallnew';
-- GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'%';
-- FLUSH PRIVILEGES;
-- 或者解决方案3创建一个新用户仅允许从Docker容器的IP范围连接
-- 假设Docker容器的IP范围是172.17.0.0/16
-- CREATE USER 'shop_mallnew'@'172.17.0.0/255.255.0.0' IDENTIFIED BY 'shop_mallnew';
-- GRANT ALL PRIVILEGES ON huawei_shop_mallnew.* TO 'shop_mallnew'@'172.17.0.0/255.255.0.0';
-- FLUSH PRIVILEGES;