np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

690418:1638 Refactor Infra gitea
CI / CD Pipeline / build (push) Has been cancelled
Details
CI / CD Pipeline / deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
admin
2026-04-18 16:38:04 +07:00
parent 8b658e8530
commit 29a6509c58
36 changed files with 1824 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files
specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/n8n/docker-compose.yml
+198
View File
@@ -0,0 +1,198 @@
# File: /share/np-dms/n8n/docker-compose.yml
# DMS Container v1.8.6 — Application: n8n
# ============================================================
# 🔒 SECURITY:
# - secrets อยู่ใน .env (gitignored) — หลีกปัญหาการตีความหมาย `$` ใน YAML
# - n8n ไม่ได้ mount /var/run/docker.sock โดยตรง (H3)
# ใช้ docker-socket-proxy จำกัด capability — read-only Containers/Images API
# ============================================================
x-restart: &restart_policy
restart: unless-stopped
x-logging: &default_logging
logging:
driver: 'json-file'
options:
max-size: '10m'
max-file: '5'
services:
n8n-db:
<<: [*restart_policy, *default_logging]
image: postgres:16.4-alpine
container_name: n8n-db
env_file:
- .env
environment:
- POSTGRES_USER=n8n
- POSTGRES_PASSWORD=${N8N_DB_PASSWORD:?N8N_DB_PASSWORD required}
- POSTGRES_DB=n8n
volumes:
- '/share/np-dms/n8n/postgres-data:/var/lib/postgresql/data'
networks:
lcbp3: {}
healthcheck:
test: ['CMD-SHELL', 'pg_isready -h localhost -U n8n -d n8n']
interval: 10s
timeout: 5s
retries: 5
# ----------------------------------------------------------------
# Docker Socket Proxy (H3) — ให้เฉพาะ read-only Containers/Images API
# n8n ต้องตั้ง DOCKER_HOST=tcp://docker-socket-proxy:2375 (ถ้าใช้ docker node)
# ----------------------------------------------------------------
docker-socket-proxy:
<<: [*restart_policy, *default_logging]
image: tecnativa/docker-socket-proxy:0.2
container_name: docker-socket-proxy
environment:
TZ: 'Asia/Bangkok'
# เปิดเฉพาะ endpoint ที่ n8n จำเป็นต้องใช้
CONTAINERS: '1'
IMAGES: '1'
INFO: '1'
VERSION: '1'
# ปิดหมดที่อันตราย ซึ่งเป็นค่า default ของ image
POST: '0'
DELETE: '0'
EXEC: '0'
VOLUMES: '0'
NETWORKS: '0'
SERVICES: '0'
TASKS: '0'
SWARM: '0'
SYSTEM: '0'
AUTH: '0'
SECRETS: '0'
NODES: '0'
CONFIGS: '0'
DISTRIBUTION: '0'
PLUGINS: '0'
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
lcbp3: {}
expose:
- '2375'
healthcheck:
test: ['CMD-SHELL', 'wget -qO- http://localhost:2375/version || exit 1']
interval: 30s
timeout: 5s
retries: 3
tika:
<<: [*restart_policy, *default_logging]
image: apache/tika:2.9.2.1-full
container_name: tika
user: 'root'
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
security_opt:
- no-new-privileges:true
environment:
TZ: 'Asia/Bangkok'
TESSDATA_PREFIX: '/tessdata'
volumes:
- /share/np-dms/n8n/tessdata:/tessdata
networks:
lcbp3: {}
expose:
- '9998'
healthcheck:
test: ['CMD-SHELL', 'wget -qO- http://localhost:9998/tika || exit 1']
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
n8n:
<<: [*restart_policy, *default_logging]
image: n8nio/n8n:1.66.0
container_name: n8n
depends_on:
n8n-db:
condition: service_healthy
docker-socket-proxy:
condition: service_healthy
deploy:
resources:
limits:
cpus: '1.5'
memory: 3G
reservations:
cpus: '0.25'
memory: 512M
env_file:
- .env
environment:
TZ: 'Asia/Bangkok'
NODE_ENV: 'production'
# N8N_PATH: "/n8n/"
N8N_PUBLIC_URL: 'https://n8n.np-dms.work/'
WEBHOOK_URL: 'https://n8n.np-dms.work/'
N8N_EDITOR_BASE_URL: 'https://n8n.np-dms.work/'
N8N_PROTOCOL: 'https'
N8N_HOST: 'n8n.np-dms.work'
N8N_PORT: 5678
N8N_PROXY_HOPS: '1'
N8N_DIAGNOSTICS_ENABLED: 'false'
N8N_SECURE_COOKIE: 'true'
N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY:?N8N_ENCRYPTION_KEY required}
# File access control for "Read/Write Files from Disk" nodes
# Ref: https://github.com/n8n-io/n8n/blob/master/packages/@n8n/config/src/configs/security.config.ts
N8N_RESTRICT_FILE_ACCESS_TO: '/home/node/.n8n-files'
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES: 'false'
GENERIC_TIMEZONE: 'Asia/Bangkok'
NODE_FUNCTION_ALLOW_BUILTIN: '*'
NODES_EXCLUDE: '[]'
# H3: ใช้ socket proxy แทนการผูก docker.sock โดยตรง
DOCKER_HOST: 'tcp://docker-socket-proxy:2375'
# DB Setup
DB_TYPE: postgresdb
DB_POSTGRESDB_DATABASE: n8n
DB_POSTGRESDB_HOST: n8n-db
DB_POSTGRESDB_PORT: 5432
DB_POSTGRESDB_USER: n8n
DB_POSTGRESDB_PASSWORD: ${N8N_DB_PASSWORD:?N8N_DB_PASSWORD required}
# Data Prune
EXECUTIONS_DATA_PRUNE: 'true'
EXECUTIONS_DATA_MAX_AGE: 168
# EXECUTIONS_DATA_PRUNE_TIMEOUT: 60
ports:
- '5678:5678'
networks:
lcbp3: {}
volumes:
- '/share/np-dms/n8n:/home/node/.n8n'
- '/share/np-dms/n8n/cache:/home/node/.cache'
- '/share/np-dms/n8n/scripts:/scripts'
- '/share/np-dms/n8n/data:/data'
# H3: ลบ docker.sock direct mount — ใช้ docker-socket-proxy แทน
# read-only: อ่านไฟล์ PDF ต้นฉบับเท่านั้น
- '/share/np-dms-as/Legacy:/home/node/.n8n-files/staging_ai:ro' # Add alias for np-dms-as to match the node setting
# read-write: เขียน Log และ CSV ทั้งหมด
- '/share/np-dms/n8n/migration_logs:/home/node/.n8n-files/migration_logs:rw'
healthcheck:
test: ['CMD-SHELL', 'wget -qO- http://127.0.0.1:5678/healthz || exit 1']
interval: 30s
timeout: 10s
start_period: 60s
retries: 5
networks:
lcbp3:
external: true
# สำหรับ n8n volumes
# chown -R 1000:1000 /share/np-dms/n8n
# chmod -R 755 /share/np-dms/n8n3
# chown -R 999:999 /share/np-dms/n8n/postgres-data
# chmod -R 700 /share/np-dms/n8n/postgres-data
#
# docker compose -f docker-compose-lcbp3-n8n.yml build n8n