From 55bbf50e3c52b739d90014d86c45022db70c84a5 Mon Sep 17 00:00:00 2001
From: wangbo <wangbolhr@163.com>
Date: Wed, 4 Feb 2026 19:15:04 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=B2=99=E7=AE=B1=E7=8E=AF?=
 =?UTF-8?q?=E5=A2=83=E5=A2=9E=E5=8A=A0Jupter=EF=BC=8C=E6=9A=B4=E9=9C=B2?=
 =?UTF-8?q?=EF=BC=8C=E6=9B=B4=E5=8A=A0=E6=96=B9=E4=BE=BF=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E7=8E=AF=E5=A2=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.sample              |  4 ++++
 docker-compose.yml       | 18 ++++++++++++++----
 easyai-proxy.conf.sample |  9 +++++++++
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/.env.sample b/.env.sample
index 26e46a0..220faa0 100644
--- a/.env.sample
+++ b/.env.sample
@@ -23,6 +23,10 @@ VIDEO_EDIT_PORT=8000
 
 #沙箱环境对外端口，不建议暴露，如果需要暴露，取消docker-compose.yml中的对应注释
 SANDBOX_PORT=8081
+#SANDBOX jupyterlab 端口
+SANDBOX_JUPYTERLAB_PORT=8888
+# 配置Jupter的token，安全考虑，建议设置
+SANDBOX_JUPYTER_TOKEN=easyaiisbest
 SANDBOX_SERVICE_BASE_URL=
 
 
diff --git a/docker-compose.yml b/docker-compose.yml
index f0c6af8..da464be 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -282,15 +282,19 @@ services:
     #沙箱环境默认不对外暴露
 #    ports:
 #      - "${SANDBOX_PORT}:8000"
+#      - "${SANDBOX_JUPYTERLAB_PORT}:8888"
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     volumes:
       - ./sandbox-data:/app/data
       - ./local_packages:/app/local_packages
-      - ./env/python-packages:/home/sandbox/.local
+      - ./env/python-packages:/root/.local
       - ./env/node-modules:/app/node_modules_extra
     tmpfs:
       - /app/tmp:mode=1777
       - /tmp:mode=1777
-    read_only: true
+# 需要更加强的安全性，可以将ready only设置为true，可能影响使用Jupterlab 操作容器改动
+#    read_only: true
     security_opt:
       - no-new-privileges:true
     environment:
@@ -301,8 +305,14 @@ services:
       - PIP_CACHE_DIR=/app/tmp/.pip
       - TMPDIR=/app/tmp
       - NPM_CONFIG_CACHE=/app/tmp/.npm
-      - PYTHON_EXTRA_DIR=/home/sandbox/.local/lib/python3.12/site-packages
-      - PYTHON_EXTRA_PATH=/home/sandbox/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_DIR=/root/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_PATH=/root/.local/lib/python3.12/site-packages
+      # Jupyter 运行时与数据写到可写目录，避免挂载 /root/.local 导致无法写入
+      - JUPYTER_DATA_DIR=/app/tmp/jupyter_data
+      - JUPYTER_RUNTIME_DIR=/app/tmp/jupyter_runtime
+      - JUPYTER_CONFIG_DIR=/app/tmp/jupyter_config
+      # Jupyter 访问 token：不设或为空则无需 token；设置后打开 JupyterLab 需填写该 token
+      - JUPYTER_TOKEN=${SANDBOX_JUPYTER_TOKEN}
     restart: unless-stopped
     deploy:
       resources:
diff --git a/easyai-proxy.conf.sample b/easyai-proxy.conf.sample
index 594ff13..0fcf700 100644
--- a/easyai-proxy.conf.sample
+++ b/easyai-proxy.conf.sample
@@ -97,6 +97,15 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $host;
     }
+    location /jupyterlab/ {
+        proxy_pass http://127.0.0.1:8888/lab/;
+        proxy_redirect off;
+        proxy_set_header X-Original-Prefix '/lab';
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+    }
     location /socket.io {
         proxy_pass http://127.0.0.1:3002;
         proxy_read_timeout 300s;