wangbo/easyai
35
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化沙箱环境增加Jupter,暴露,更加方便管理环境

Browse Source
This commit is contained in:
wangbo 2026-02-04 19:15:04 +08:00
parent 1aad0ee9cc
commit 55bbf50e3c
3 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.sample
View File

@ -23,6 +23,10 @@ VIDEO_EDIT_PORT=8000
#沙箱环境对外端口不建议暴露如果需要暴露取消docker-compose.yml中的对应注释 #沙箱环境对外端口不建议暴露如果需要暴露取消docker-compose.yml中的对应注释
SANDBOX_PORT=8081 SANDBOX_PORT=8081
#SANDBOX jupyterlab 端口
SANDBOX_JUPYTERLAB_PORT=8888
# 配置Jupter的token安全考虑建议设置
SANDBOX_JUPYTER_TOKEN=easyaiisbest
SANDBOX_SERVICE_BASE_URL= SANDBOX_SERVICE_BASE_URL=

18
docker-compose.yml
View File

@ -282,15 +282,19 @@ services:
#沙箱环境默认不对外暴露 #沙箱环境默认不对外暴露
# ports: # ports:
# - "${SANDBOX_PORT}:8000" # - "${SANDBOX_PORT}:8000"
# - "${SANDBOX_JUPYTERLAB_PORT}:8888"
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes: volumes:
- ./sandbox-data:/app/data - ./sandbox-data:/app/data
- ./local_packages:/app/local_packages - ./local_packages:/app/local_packages
- ./env/python-packages:/home/sandbox/.local - ./env/python-packages:/root/.local
- ./env/node-modules:/app/node_modules_extra - ./env/node-modules:/app/node_modules_extra
tmpfs: tmpfs:
- /app/tmp:mode=1777 - /app/tmp:mode=1777
- /tmp:mode=1777 - /tmp:mode=1777
read_only: true # 需要更加强的安全性可以将ready only设置为true可能影响使用Jupterlab 操作容器改动
# read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
environment: environment:
@ -301,8 +305,14 @@ services:
- PIP_CACHE_DIR=/app/tmp/.pip - PIP_CACHE_DIR=/app/tmp/.pip
- TMPDIR=/app/tmp - TMPDIR=/app/tmp
- NPM_CONFIG_CACHE=/app/tmp/.npm - NPM_CONFIG_CACHE=/app/tmp/.npm
- PYTHON_EXTRA_DIR=/home/sandbox/.local/lib/python3.12/site-packages - PYTHON_EXTRA_DIR=/root/.local/lib/python3.12/site-packages
- PYTHON_EXTRA_PATH=/home/sandbox/.local/lib/python3.12/site-packages - PYTHON_EXTRA_PATH=/root/.local/lib/python3.12/site-packages
# Jupyter 运行时与数据写到可写目录,避免挂载 /root/.local 导致无法写入
- JUPYTER_DATA_DIR=/app/tmp/jupyter_data
- JUPYTER_RUNTIME_DIR=/app/tmp/jupyter_runtime
- JUPYTER_CONFIG_DIR=/app/tmp/jupyter_config
# Jupyter 访问 token不设或为空则无需 token设置后打开 JupyterLab 需填写该 token
- JUPYTER_TOKEN=${SANDBOX_JUPYTER_TOKEN}
restart: unless-stopped restart: unless-stopped
deploy: deploy:
resources: resources:

9
easyai-proxy.conf.sample
View File

@ -97,6 +97,15 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;
} }
location /jupyterlab/ {
proxy_pass http://127.0.0.1:8888/lab/;
proxy_redirect off;
proxy_set_header X-Original-Prefix '/lab';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
location /socket.io { location /socket.io {
proxy_pass http://127.0.0.1:3002; proxy_pass http://127.0.0.1:3002;
proxy_read_timeout 300s; proxy_read_timeout 300s;