优化沙箱环境增加Jupter，暴露，更加方便管理环境

2026-02-04 19:15:04 +08:00 · 2026-02-04 19:15:04 +08:00 · 55bbf50e3c
commit 55bbf50e3c
parent 1aad0ee9cc
3 changed files with 27 additions and 4 deletions
--- a/.env.sample
+++ b/.env.sample
@ -23,6 +23,10 @@ VIDEO_EDIT_PORT=8000

 #沙箱环境对外端口，不建议暴露，如果需要暴露，取消docker-compose.yml中的对应注释
 SANDBOX_PORT=8081
+#SANDBOX jupyterlab 端口
+SANDBOX_JUPYTERLAB_PORT=8888
+# 配置Jupter的token，安全考虑，建议设置
+SANDBOX_JUPYTER_TOKEN=easyaiisbest
 SANDBOX_SERVICE_BASE_URL=


--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -282,15 +282,19 @@ services:
    #沙箱环境默认不对外暴露
 #    ports:
 #      - "${SANDBOX_PORT}:8000"
+#      - "${SANDBOX_JUPYTERLAB_PORT}:8888"
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
    volumes:
      - ./sandbox-data:/app/data
      - ./local_packages:/app/local_packages
-      - ./env/python-packages:/home/sandbox/.local
+      - ./env/python-packages:/root/.local
      - ./env/node-modules:/app/node_modules_extra
    tmpfs:
      - /app/tmp:mode=1777
      - /tmp:mode=1777
-    read_only: true
+# 需要更加强的安全性，可以将ready only设置为true，可能影响使用Jupterlab 操作容器改动
+#    read_only: true
    security_opt:
      - no-new-privileges:true
    environment:
@ -301,8 +305,14 @@ services:
      - PIP_CACHE_DIR=/app/tmp/.pip
      - TMPDIR=/app/tmp
      - NPM_CONFIG_CACHE=/app/tmp/.npm
-      - PYTHON_EXTRA_DIR=/home/sandbox/.local/lib/python3.12/site-packages
-      - PYTHON_EXTRA_PATH=/home/sandbox/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_DIR=/root/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_PATH=/root/.local/lib/python3.12/site-packages
+      # Jupyter 运行时与数据写到可写目录，避免挂载 /root/.local 导致无法写入
+      - JUPYTER_DATA_DIR=/app/tmp/jupyter_data
+      - JUPYTER_RUNTIME_DIR=/app/tmp/jupyter_runtime
+      - JUPYTER_CONFIG_DIR=/app/tmp/jupyter_config
+      # Jupyter 访问 token：不设或为空则无需 token；设置后打开 JupyterLab 需填写该 token
+      - JUPYTER_TOKEN=${SANDBOX_JUPYTER_TOKEN}
    restart: unless-stopped
    deploy:
      resources:
--- a/easyai-proxy.conf.sample
+++ b/easyai-proxy.conf.sample
@ -97,6 +97,15 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }
+    location /jupyterlab/ {
+        proxy_pass http://127.0.0.1:8888/lab/;
+        proxy_redirect off;
+        proxy_set_header X-Original-Prefix '/lab';
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+    }
    location /socket.io {
        proxy_pass http://127.0.0.1:3002;
        proxy_read_timeout 300s;