feat: setup wizard via SSH tunnel, config volume architecture

- Wizard binds 127.0.0.1 only, requires SSH tunnel for access - Shared config volume: wizard writes, backend reads - Backend waits for config file before starting uvicorn - Frontend detects backend health, shows setup wizard if not ready - Remove wizard-init container and init-config directory - Remove backend volume mount of source code - Update README with full deployment flow
2026-03-06 13:47:02 +00:00
parent 6673372532
commit 4b67356e87
6 changed files with 66 additions and 95 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,7 @@ services:
    volumes:
      - mysql_data:/var/lib/mysql
    ports:
-      - "${MYSQL_PORT:-3306}:3306"
+      - "127.0.0.1:${MYSQL_PORT:-3306}:3306"
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 10s
@@ -25,59 +25,25 @@ services:
          cpus: '0.5'
          memory: 512M

-  # AbstractWizard — 初始化配置管理
+  # AbstractWizard — 初始化配置管理 (localhost only, SSH tunnel access)
  wizard:
    image: git.hangman-lab.top/hzhang/abstract-wizard:latest
    container_name: harborforge-wizard
    restart: unless-stopped
    volumes:
      - wizard_config:/config
-      - ./init-config:/init-config:ro
    environment:
      CONFIG_DIR: /config
      LISTEN_ADDR: "0.0.0.0:8080"
      MAX_BACKUPS: "5"
-    # distroless image — no shell for healthcheck
-    # wizard-init will retry until wizard is reachable
+    ports:
+      - "127.0.0.1:${WIZARD_PORT:-18080}:8080"
    deploy:
      resources:
        limits:
          cpus: '0.1'
          memory: 64M

-  # 初始化 — 将默认配置写入 AbstractWizard
-  wizard-init:
-    image: curlimages/curl:latest
-    container_name: harborforge-wizard-init
-    depends_on:
-      - wizard
-    volumes:
-      - ./init-config:/init-config:ro
-    entrypoint: ["/bin/sh", "-c"]
-    command:
-      - |
-        echo "Waiting for AbstractWizard to be ready..."
-        for i in $$(seq 1 30); do
-          if curl -sf http://wizard:8080/health > /dev/null 2>&1; then
-            break
-          fi
-          echo "  attempt $$i/30..."
-          sleep 2
-        done
-
-        echo "Checking if harborforge.json exists in wizard..."
-        STATUS=$$(curl -s -o /dev/null -w '%%{http_code}' http://wizard:8080/api/v1/config/harborforge.json)
-        if [ "$$STATUS" = "404" ]; then
-          echo "Config not found, uploading init-config/harborforge.json..."
-          curl -s -X PUT http://wizard:8080/api/v1/config/harborforge.json \
-            -H "Content-Type: application/json" \
-            -d @/init-config/harborforge.json
-          echo ""
-          echo "Init config uploaded successfully."
-        else
-          echo "Config already exists (status=$$STATUS), skipping upload."
-        fi
-
  backend:
    build:
      context: ./HarborForge.Backend
@@ -85,18 +51,17 @@ services:
    container_name: harborforge-backend
    restart: unless-stopped
    environment:
-      DATABASE_URL: mysql+pymysql://${MYSQL_USER:-harborforge}:${MYSQL_PASSWORD:-harborforge_pass}@mysql:3306/${MYSQL_DATABASE:-harborforge}
+      CONFIG_DIR: /config
+      CONFIG_FILE: harborforge.json
      SECRET_KEY: ${SECRET_KEY:-change_me_in_production}
      LOG_LEVEL: ${LOG_LEVEL:-INFO}
-      WIZARD_URL: http://wizard:8080
-      WIZARD_CONFIG: harborforge.json
+    volumes:
+      - wizard_config:/config:ro
    ports:
      - "${BACKEND_PORT:-8000}:8000"
    depends_on:
      mysql:
        condition: service_healthy
-      wizard-init:
-        condition: service_completed_successfully
    deploy:
      resources:
        limits:
@@ -115,13 +80,13 @@ services:
      dockerfile: Dockerfile
      args:
        VITE_API_BASE: ${VITE_API_BASE:-/api}
+        VITE_WIZARD_PORT: ${WIZARD_PORT:-18080}
    container_name: harborforge-frontend
    restart: unless-stopped
    ports:
      - "${FRONTEND_PORT:-3000}:3000"
    depends_on:
-      backend:
-        condition: service_healthy
+      - backend
    deploy:
      resources:
        limits: