v0.1.0: CRM/ERP 系统内测版本 - 安全加固完成

- Docker bridge 网络隔离（8000 端口封死） - Gunicorn 4 Worker 多进程 - Alembic 数据库迁移基线 - 日志轮转 20m×3 - JWT 密钥 + DB 密码 + CORS 收紧 - 3-2-1 备份链路（NAS + R740-B 冷备） - 连接池 pool_pre_ping + pool_recycle=3600
2026-03-16 07:31:37 +00:00
commit 423baff73b
2578 changed files with 824643 additions and 0 deletions
@@ -0,0 +1,40 @@
+# ── 全局日志策略：所有服务强制轮转，防磁盘爆满 ──
+x-logging: &default-logging
+  driver: "json-file"
+  options:
+    max-size: "20m"
+    max-file: "3"
+
+services:
+  # ---- 后端 API (Gunicorn + Uvicorn Workers) ----
+  backend:
+    build:
+      context: .
+      dockerfile: Dockerfile.backend
+    container_name: crm-backend
+    env_file:
+      - ./server/.env
+    environment:
+      - TZ=Asia/Shanghai
+    restart: always
+    volumes:
+      # 上传文件目录 — 挂载群晖 NAS (192.168.1.48)
+      - /mnt/nas-uploads:/app/uploads
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    logging: *default-logging
+
+  # ---- 前端网关 (Nginx + Vue3 SPA) ----
+  frontend:
+    build:
+      context: .
+      dockerfile: Dockerfile.frontend
+    container_name: crm-frontend
+    ports:
+      - "80:80"
+    depends_on:
+      - backend
+    environment:
+      - TZ=Asia/Shanghai
+    restart: always
+    logging: *default-logging