增加脚本沙箱容器，用以执行JS和Python脚本

2026-02-03 19:36:53 +08:00 · 2026-02-03 19:36:53 +08:00 · 6e41007de3
commit 6e41007de3
parent a47aa8a2f5
2 changed files with 46 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -21,6 +21,9 @@ NUXT_APP_CDN_URL=
 #视频编辑对外暴露端口
 VIDEO_EDIT_PORT=8000

+#沙箱环境对外端口，不建议暴露，如果需要暴露，取消docker-compose.yml中的对应注释
+SANDBOX_PORT=8081
+SANDBOX_SERVICE_BASE_URL=



--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -101,6 +101,8 @@ services:
      - CONFIG_MQ_VHOST=${CONFIG_MQ_VHOST}
      # 视频编辑接口
      - CONFIG_VIDEO_EDIT_API_URL=http://video-edit:8000
+      # 沙箱环境baseURL
+      - SANDBOX_SERVICE_BASE_URL=${SANDBOX_SERVICE_BASE_URL:-http://sandbox:8000}
    # 日志大小设置，避免日志文件过大
    env_file:
      - .env
@ -272,6 +274,47 @@ services:
      - ./data:/data
    ports:
      - 8080:8080
+  sandbox:
+    image: registry.cn-shanghai.aliyuncs.com/easyaigc/sandbox:latest
+    container_name: sandbox
+    networks:
+      - comfyai
+    #沙箱环境默认不对外暴露
+#    ports:
+#      - "${SANDBOX_PORT}:8000"
+    volumes:
+      - ./sandbox-data:/app/data
+      - ./local_packages:/app/local_packages
+      - ./env/python-packages:/home/sandbox/.local
+      - ./env/node-modules:/app/node_modules_extra
+    tmpfs:
+      - /app/tmp:mode=1777
+      - /tmp:mode=1777
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    environment:
+      - NODE_PATH=/app/node_modules:/app/node_modules_extra/node_modules
+      - NODE_MODULES_EXTRA=/app/node_modules_extra
+      - NODE_MODULES_EXTRA_PATH=/app/node_modules_extra/node_modules
+      - SANDBOX_TMPDIR=/app/tmp
+      - PIP_CACHE_DIR=/app/tmp/.pip
+      - TMPDIR=/app/tmp
+      - NPM_CONFIG_CACHE=/app/tmp/.npm
+      - PYTHON_EXTRA_DIR=/home/sandbox/.local/lib/python3.12/site-packages
+      - PYTHON_EXTRA_PATH=/home/sandbox/.local/lib/python3.12/site-packages
+    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          cpus: "1"
+          memory: 1G
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:8000/health" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
 #  portainer:
 #    image: registry.cn-shanghai.aliyuncs.com/comfy-ai/portainer-ce:2.21.5
 #    container_name: portainer