a7a21faa82
- KnowledgeBaseController: ingest, list, firmOrgs, search, delete - VectorService (Qdrant + buildAuthzFilter), EmbedService (Voyage), RagService (pipeline) - AIService::askWithRag con fallback graceful - docker-compose: servizio qdrant + env Voyage (chiave da .env/vault, no hardcoded) - SQL 012 consulting_firms, 013 firm_assignments + kb_uploaded_documents - public/kb.html + kb.js (upload, lista, search preview) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
117 lines
4.1 KiB
YAML
117 lines
4.1 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
# ── PHP-FPM Application ──────────────────────────────────────────────────
|
|
app:
|
|
build:
|
|
context: ..
|
|
dockerfile: docker/Dockerfile
|
|
container_name: nis2-app
|
|
restart: unless-stopped
|
|
mem_limit: 256m
|
|
volumes:
|
|
- ../application:/var/www/nis2-agile/application
|
|
- ../public:/var/www/nis2-agile/public
|
|
- nis2-uploads:/var/www/nis2-agile/public/uploads
|
|
- /opt/devenv/scripts/vault-entrypoint.sh:/usr/local/bin/vault-entrypoint.sh:ro
|
|
env_file:
|
|
- ../.env
|
|
environment:
|
|
- APP_ENV=${APP_ENV:-production}
|
|
- APP_DEBUG=${APP_DEBUG:-false}
|
|
- DB_HOST=db
|
|
- DB_PORT=3306
|
|
- DB_NAME=${DB_NAME:-nis2_agile_db}
|
|
- DB_USER=${DB_USER:-nis2_user}
|
|
- DB_PASS=${DB_PASS}
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
|
|
- VOYAGE_API_KEY=${VOYAGE_API_KEY}
|
|
- VOYAGE_MODEL=${VOYAGE_MODEL:-voyage-3-lite}
|
|
- QDRANT_URL=http://172.21.0.5:6333
|
|
- VAULT_STEWARD_URL=https://vault-steward:8443
|
|
- VAULT_APP_TOKEN=${VAULT_APP_TOKEN_NIS2}
|
|
- VAULT_PREFIX=tier1__nis2-app__
|
|
- VAULT_REQUIRED=true
|
|
entrypoint: ["/usr/local/bin/vault-entrypoint.sh"]
|
|
command: ["docker-php-entrypoint", "php-fpm"]
|
|
networks:
|
|
- nis2-network
|
|
- vault-net
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
|
|
# ── Nginx Web Server ─────────────────────────────────────────────────────
|
|
web:
|
|
image: nginx:1.27-alpine
|
|
container_name: nis2-web
|
|
restart: unless-stopped
|
|
mem_limit: 128m
|
|
ports:
|
|
- "${WEB_PORT:-8080}:8080"
|
|
volumes:
|
|
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
|
- ../public:/var/www/nis2-agile/public:ro
|
|
- nis2-uploads:/var/www/nis2-agile/public/uploads:ro
|
|
networks:
|
|
- nis2-network
|
|
depends_on:
|
|
- app
|
|
|
|
# ── MySQL Database ───────────────────────────────────────────────────────
|
|
db:
|
|
image: mysql:8.0
|
|
container_name: nis2-db
|
|
restart: unless-stopped
|
|
mem_limit: 512m
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-rootpass}
|
|
MYSQL_DATABASE: ${DB_NAME:-nis2_agile_db}
|
|
MYSQL_USER: ${DB_USER:-nis2_user}
|
|
MYSQL_PASSWORD: ${DB_PASS}
|
|
ports:
|
|
- "127.0.0.1:${DB_EXPOSE_PORT:-3307}:3306"
|
|
volumes:
|
|
- nis2-db-data:/var/lib/mysql
|
|
- ../docs/sql/001_initial_schema.sql:/docker-entrypoint-initdb.d/001_initial_schema.sql:ro
|
|
- ../docs/sql/002_email_log.sql:/docker-entrypoint-initdb.d/002_email_log.sql:ro
|
|
- ../docs/sql/003_voluntary_compliance.sql:/docker-entrypoint-initdb.d/003_voluntary_compliance.sql:ro
|
|
- ../docs/sql/004_ncr_capa.sql:/docker-entrypoint-initdb.d/004_ncr_capa.sql:ro
|
|
healthcheck:
|
|
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${DB_ROOT_PASSWORD:-rootpass}"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 30s
|
|
networks:
|
|
- nis2-network
|
|
|
|
# -- Qdrant Vector DB (Migration 012-014: KB multi-livello) --
|
|
qdrant:
|
|
image: qdrant/qdrant:v1.7.4
|
|
container_name: nis2-qdrant
|
|
restart: unless-stopped
|
|
mem_limit: 512m
|
|
volumes:
|
|
- nis2-qdrant-data:/qdrant/storage
|
|
networks:
|
|
- nis2-network
|
|
|
|
# ── Volumes ──────────────────────────────────────────────────────────────
|
|
volumes:
|
|
nis2-db-data:
|
|
driver: local
|
|
nis2-uploads:
|
|
driver: local
|
|
nis2-qdrant-data:
|
|
driver: local
|
|
|
|
# ── Networks ─────────────────────────────────────────────────────────────
|
|
networks:
|
|
nis2-network:
|
|
driver: bridge
|
|
vault-net:
|
|
external: true
|
|
name: vault-net
|