本文适用于 omnivore android-0.200.5 版本,其他分支是否有变化暂无可知,内容仅做参考,测试于 2024-4-12
部署架构
- api 服务
- migrate 脚本
- web 服务
- content-fetch 服务
- PostgreSQL 数据库
- redis 数据库
- 本地存储
一些问题:
- content-fetch 服务报错 redisURL not supplied,缺少 redis 支持,需要安装 redis 数据库并给服务配置环境变量
REDIS_URL=redis://redis:6379和MQ_REDIS_URL=redis://redis:6379 - web 页面重置密码错误,api 后台报错 redis 初始化失败错误,解决办法同上,可通过查看源码发现问题
- web 页面重置密码,提示邮件已发送,但是未收到,可能是邮箱配置(还未解决,源码发现使用的是 Sendgrid 服务来发送邮件,
packages/api/src/utils/sendEmail.ts,SENDGRID_MSGS_API_KEY) web 页面注册页 提示
Application error: a client-side exception has occurred (see the browser console for more information).怀疑是谷歌人机校验问题,检查源码./packages/web/components/templates/auth/EmailSignup.tsx和./packages/api/src/routers/auth/auth_router.ts部分,确定环境变量RECAPTCHA_CHALLENGE_SECRET_KEY- API 服务的所有环境变量可在此查看
packages/api/src/util.ts - 不使用 GAE 部署,即使用本地自建时,api 服务的环境变量 API_ENV 设置应为
API_ENV=local 页面无修改密码的接口,考虑修改数据库实现(重置密码依赖邮件发送服务 Sendgrid),参考
packages/db/setup.sh# create demo user with email: demo@omnivore.app, password: demo_password if [ -z "${NO_DEMO_USER}" ]; then USER_ID=$(uuidgen) PASSWORD='$2a$10$41G6b1BDUdxNjH1QFPJYDOM29EE0C9nTdjD1FoseuQ8vZU1NWtrh6' psql --host $PG_HOST --username $POSTGRES_USER --dbname $PG_DB --command "INSERT INTO omnivore.user (id, source, email, source_user_id, name, password) VALUES ('$USER_ID', 'EMAIL', 'demo@omnivore.app', 'demo@omnivore.app', 'Demo User', '$PASSWORD'); INSERT INTO omnivore.user_profile (user_id, username) VALUES ('$USER_ID', 'demo_user');" echo "created demo user with email: demo@omnivore.app, password: demo_password" fi- web 剪藏插件默认连接官方地址,暂未发现配置修改方式,可能需要修改源码重新制作插件
- Android 版可正常连接自建服务,但是添加稍后读貌似不行,原因没细究,web 端应该是好使的。
- 问题太多了,自建还不太成熟,要不从源码开始调整,要么放弃吧
下载源代码
git clone https://github.com/extdomains/github.com/omnivore-app/omnivore.git
cd omnivore
git checkout android-0.200.5镜像构建
国内构建需要修改 apk,apt 和 npm 源,因此需要逐个修改 Dockerfile,修改项为以下几个,后面会给我修改后的文件内容:
使用 alpine 镜像的,需在 apk 执行前添加
RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories
使用 yarn install 的,需在 yarn install 执行前添加
RUN sed -i "s/registry.yarnpkg.com/registry.npmmirror.com/g" yarn.lock
使用 node:18.16 镜像的,需在 apt-get 执行前添加
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list.d/*
api 服务
Dockerfile 文件位于:omnivore/self-hosting/Dockerfile
FROM node:18.16-alpine as builder
WORKDIR /app
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories
RUN apk add --no-cache g++ make python3
COPY package.json .
COPY yarn.lock .
COPY tsconfig.json .
COPY .prettierrc .
COPY .eslintrc .
RUN sed -i "s/registry.yarnpkg.com/registry.npmmirror.com/g" yarn.lock
COPY /packages/readabilityjs/package.json ./packages/readabilityjs/package.json
COPY /packages/api/package.json ./packages/api/package.json
COPY /packages/text-to-speech/package.json ./packages/text-to-speech/package.json
COPY /packages/content-handler/package.json ./packages/content-handler/package.json
COPY /packages/db/package.json ./packages/db/package.json
COPY /packages/liqe/package.json ./packages/liqe/package.json
RUN yarn install --pure-lockfile
COPY /packages/readabilityjs ./packages/readabilityjs
COPY /packages/api ./packages/api
COPY /packages/text-to-speech ./packages/text-to-speech
COPY /packages/content-handler ./packages/content-handler
COPY /packages/db ./packages/db
COPY /packages/liqe ./packages/liqe
RUN yarn workspace @omnivore/text-to-speech-handler build
RUN yarn workspace @omnivore/content-handler build
RUN yarn workspace @omnivore/liqe build
RUN yarn workspace @omnivore/api build
RUN rm -rf /app/packages/api/node_modules
RUN rm -rf /app/node_modules
RUN yarn install --pure-lockfile --production
FROM node:18.16-alpine as runner
WORKDIR /app
ENV NODE_ENV production
ENV NODE_OPTIONS=--max-old-space-size=4096
ENV PORT=8080
COPY --from=builder /app/packages/api/dist /app/packages/api/dist
COPY --from=builder /app/packages/readabilityjs/ /app/packages/readabilityjs/
COPY --from=builder /app/packages/api/package.json /app/packages/api/package.json
COPY --from=builder /app/packages/api/node_modules /app/packages/api/node_modules
COPY --from=builder /app/node_modules /app/node_modules
COPY --from=builder /app/package.json /app/package.json
COPY --from=builder /app/packages/text-to-speech/ /app/packages/text-to-speech/
COPY --from=builder /app/packages/content-handler/ /app/packages/content-handler/
COPY --from=builder /app/packages/liqe/ /app/packages/liqe/
COPY --from=builder /app/packages/db/ /app/packages/db/
RUN apk add --no-cache postgresql-client
EXPOSE 8080
CMD ["yarn", "workspace", "@omnivore/api", "start"]content-fetch 服务
Dockerfile 文件位于:omnivore/packages/content-fetch/Dockerfile
FROM node:18.16
LABEL org.opencontainers.image.source="https://github.com/omnivore-app/omnivore"
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list.d/*
# Installs latest Chromium (92) package.
RUN apt-get update && apt-get install -y \
chromium \
ca-certificates \
nodejs \
yarn \
g++ \
make \
python3
WORKDIR /app
ENV CHROMIUM_PATH /usr/bin/chromium
ENV LAUNCH_HEADLESS=true
COPY package.json .
COPY yarn.lock .
COPY tsconfig.json .
COPY .prettierrc .
COPY .eslintrc .
RUN sed -i "s/registry.yarnpkg.com/registry.npmmirror.com/g" yarn.lock
COPY /packages/content-fetch/package.json ./packages/content-fetch/package.json
COPY /packages/readabilityjs/package.json ./packages/readabilityjs/package.json
COPY /packages/content-handler/package.json ./packages/content-handler/package.json
COPY /packages/puppeteer-parse/package.json ./packages/puppeteer-parse/package.json
RUN yarn install --pure-lockfile
ADD /packages/content-fetch ./packages/content-fetch
ADD /packages/content-handler ./packages/content-handler
ADD /packages/puppeteer-parse ./packages/puppeteer-parse
ADD /packages/readabilityjs ./packages/readabilityjs
RUN yarn workspace @omnivore/content-handler build
RUN yarn workspace @omnivore/puppeteer-parse build
RUN yarn workspace @omnivore/content-fetch build
# After building, fetch the production dependencies
RUN rm -rf /app/packages/content-fetch/node_modules
RUN rm -rf /app/node_modules
RUN yarn install --pure-lockfile --production
EXPOSE 8080
CMD ["yarn", "workspace", "@omnivore/content-fetch", "start"]migrate 服务(初始化数据库,非常驻服务)
Dockerfile 文件位于:omnivore/packages/db/Dockerfile
FROM node:18.16
WORKDIR /app
COPY package.json .
COPY yarn.lock .
COPY tsconfig.json .
COPY /packages/db/package.json ./packages/db/package.json
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list.d/*
RUN sed -i "s/registry.yarnpkg.com/registry.npmmirror.com/g" yarn.lock
RUN apt-get update && apt-get install -y \
postgresql \
uuid-runtime
RUN yarn install --pure-lockfile
ADD /packages/db ./packages/db
ADD /packages/db/setup.sh ./packages/db/setup.sh
CMD ["yarn", "workspace", "@omnivore/db", "migrate"]web 服务
Dockerfile 文件位于:omnivore/packages/web/Dockerfile
# Note this docker file is meant for local testing
# and not for production.
FROM node:18.16-alpine as builder
ENV NODE_OPTIONS=--max-old-space-size=8192
ARG APP_ENV
ARG BASE_URL
ARG SERVER_BASE_URL
ARG HIGHLIGHTS_BASE_URL
ENV NEXT_PUBLIC_APP_ENV=$APP_ENV
ENV NEXT_PUBLIC_BASE_URL=$BASE_URL
ENV NEXT_PUBLIC_SERVER_BASE_URL=$SERVER_BASE_URL
ENV NEXT_PUBLIC_HIGHLIGHTS_BASE_URL=$HIGHLIGHTS_BASE_URL
RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories
RUN apk add g++ make python3
WORKDIR /app
COPY package.json .
COPY yarn.lock .
COPY tsconfig.json .
COPY .prettierrc .
COPY .eslintrc .
COPY /packages/web/package.json ./packages/web/package.json
RUN sed -i "s/registry.yarnpkg.com/registry.npmmirror.com/g" yarn.lock
RUN yarn config set registry https://registry.npmmirror.com && yarn install --verbose --pure-lockfile
ADD /packages/web ./packages/web
# We want an empty next.config.js when running in docker
RUN echo "module.exports = {}" > ./packages/web/next.config.js
RUN yarn config set registry https://registry.npmmirror.com && yarn workspace @omnivore/web build
FROM node:18.16-alpine as runner
LABEL org.opencontainers.image.source="https://github.com/omnivore-app/omnivore"
ENV NODE_ENV production
ENV PORT=8080
ENV NEXT_TELEMETRY_DISABLED 1
WORKDIR /app
COPY --from=builder /app/packages/web/next.config.js /app/packages/web/next.config.js
COPY --from=builder /app/packages/web/public/ /app/packages/web/public/
COPY --from=builder /app/packages/web/.next/ /app/packages/web/.next/
COPY --from=builder /app/packages/web/package.json /app/packages/web/package.json
COPY --from=builder /app/packages/web/node_modules /app/packages/web/node_modules
COPY --from=builder /app/node_modules /app/node_modules
COPY --from=builder /app/package.json /app/package.json
EXPOSE 8080
CMD ["yarn", "workspace", "@omnivore/web", "start"]构建命令
cd omnivore/self-hosting
export BASE_URL='https://omnivore.yourapp'
export SERVER_BASE_URL='https://api-omnivore.yourapp'
export HIGHLIGHTS_BASE_URL='https://omnivore.yourapp'
export DOCKER_HUB_USER=
export APP_ENV=prod
export DOCKER_TAG=$(git rev-parse --short HEAD)
# --cpu-period=100000 --cpu-quota=70000 限制编译时候只能使用70%CPU资源,避免编译时把服务器卡死导致编译失败
docker build -t omnivore-web:${DOCKER_TAG} --build-arg="APP_ENV=${APP_ENV}" --build-arg="BASE_URL=${BASE_URL}" --build-arg="SERVER_BASE_URL=${SERVER_BASE_URL}" --build-arg="HIGHLIGHTS_BASE_URL=${HIGHLIGHTS_BASE_URL}" -f ../packages/web/Dockerfile .. --cpu-period=100000 --cpu-quota=70000
docker build -t omnivore-content-fetch:${DOCKER_TAG} -f ../packages/content-fetch/Dockerfile .. --cpu-period=100000 --cpu-quota=70000
docker build -t omnivore-api:${DOCKER_TAG} -f Dockerfile .. --cpu-period=100000 --cpu-quota=70000
docker build -t omnivore-migrate:${DOCKER_TAG} -f ../packages/db/Dockerfile .. --cpu-period=100000 --cpu-quota=70000当以上镜像都构建完成后,可以按需选择是 k8s 部署还是 docker-compose 部署,几个镜像都比较大,合计近 9G
K8S 资源文件(暂不推荐)
说明
如何暴露服务请查看 k8s ingress 内容或者 service 改成 nodeport 形式,此处只供参考
创建密钥
# omnivore-image-proxy-secret
kubectl create secret generic omnivore-image-proxy-secret \
--from-literal=IMAGE_PROXY_SECRET='PEMGssF7-g=;SUAU'
# omnivore-jwt-secret
kubectl create secret generic omnivore-jwt-secret \
--from-literal=JWT_SECRET='5jBAw9,2v;V0xb(z'
# omnivore-sso-jwt-secret
kubectl create secret generic omnivore-sso-jwt-secret \
--from-literal=SSO_JWT_SECRET='P!xobDom{HJ%m(b.'
# omnivore-pg-password
kubectl create secret generic omnivore-pg-password \
--from-literal=PG_PASSWORD='pkkgG4P2g-gxOFCu'
# postgres-admin-user-and-password
kubectl create secret generic postgres-admin-user-and-password \
--from-literal=PGPASSWORD='iJS^5wUp8c1,&+9m' \
--from-literal=POSTGRES_USER=admin
# omnivore-content-fetch-verification-token
kubectl create secret generic omnivore-content-fetch-verification-token \
--from-literal=VERIFICATION_TOKEN='K%)w1xf2dhHef5s6'
# omnivore-content-fetch-token
kubectl create secret generic omnivore-content-fetch-token \
--from-literal=VERIFICATION_TOKEN='K%)w1xf2dhHef5s6'创建资源配置
---
# Source: app-template/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: omnivore-api
labels:
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
app.kubernetes.io/service: omnivore-api
helm.sh/chart: app-template-3.1.0
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/component: api
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
---
# Source: app-template/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: omnivore-content-fetch
labels:
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
app.kubernetes.io/service: omnivore-content-fetch
helm.sh/chart: app-template-3.1.0
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/component: content-fetch
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
---
# Source: app-template/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: omnivore-web
labels:
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
app.kubernetes.io/service: omnivore-web
helm.sh/chart: app-template-3.1.0
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/component: web
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
---
# Source: app-template/templates/common.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: omnivore-api
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
helm.sh/chart: app-template-3.1.0
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/component: api
app.kubernetes.io/name: omnivore
app.kubernetes.io/instance: omnivore
template:
metadata:
labels:
app.kubernetes.io/component: api
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
initContainers:
- args:
- ./packages/db/setup.sh
command:
- /bin/sh
- -c
- --
env:
- name: NO_DEMO_USER
value: "1"
- name: PG_DB
value: omnivore
- name: PG_HOST
value: 10.0.12.5
- name: PG_USER
value: app_user
envFrom:
- secretRef:
name: omnivore-pg-password
- secretRef:
name: postgres-admin-user-and-password
image: omnivore-migrate:72213ee58
imagePullPolicy: Never
name: migrate
containers:
- env:
# 保持为local,非local会校验GCS_UPLOAD_BUCKET参数,不使用
- name: API_ENV
value: local
- name: CLIENT_URL
value: https://omnivore.yourapp
- name: CONTENT_FETCH_URL
value: http://omnivore-content-fetch:8080/?token=$(VERIFICATION_TOKEN)
- name: GATEWAY_URL
value: http://omnivore-api:8080/api
- name: PG_DB
value: omnivore
- name: PG_HOST
value: 10.0.12.5
- name: PG_POOL_MAX
value: "20"
- name: PG_PORT
value: "5432"
- name: PG_USER
value: app_user
envFrom:
- secretRef:
name: omnivore-image-proxy-secret
- secretRef:
name: omnivore-jwt-secret
- secretRef:
name: omnivore-sso-jwt-secret
- secretRef:
name: omnivore-pg-password
- secretRef:
name: omnivore-content-fetch-verification-token
image: omnivore-api:72213ee58
imagePullPolicy: Never
name: api
---
# Source: app-template/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: omnivore-content-fetch
labels:
app.kubernetes.io/component: content-fetch
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
helm.sh/chart: app-template-3.1.0
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/component: content-fetch
app.kubernetes.io/name: omnivore
app.kubernetes.io/instance: omnivore
template:
metadata:
labels:
app.kubernetes.io/component: content-fetch
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: REST_BACKEND_ENDPOINT
value: http://omnivore-api:8080/api
envFrom:
- secretRef:
name: omnivore-jwt-secret
- secretRef:
name: omnivore-content-fetch-token
image: omnivore-content-fetch:72213ee58
imagePullPolicy: Never
name: content-fetch
---
# Source: app-template/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: omnivore-web
labels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: omnivore
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: omnivore
helm.sh/chart: app-template-3.1.0
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/component: web
app.kubernetes.io/name: omnivore
app.kubernetes.io/instance: omnivore
template:
metadata:
labels:
app.kubernetes.io/component: web
app.kubernetes.io/instance: omnivore
app.kubernetes.io/name: omnivore
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- image: omnivore-web:72213ee58
imagePullPolicy: Never
name: webdocker compose 部署
在选定的目录下创建 docker-compose.yaml 文件,内容如下,执行命令 docker-compose up -d 即可,注意修改对应环境变量,启动后访问 WEB 端 地址,这个地址是 BASE_URL 配置,api 地址是 SERVER_BASE_URL 配置
version: '3'
services:
pgvector:
image: "ankane/pgvector:v0.5.1"
container_name: "omnivore-postgres"
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=jbB0GXN472vaPFI
- POSTGRES_DB=omnivore
- PG_POOL_MAX=20
healthcheck:
test: "exit 0"
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./pg-data:/var/lib/postgresql/data
redis:
image: redis:alpine
container_name: omnivore-redis
environment:
- TZ=Asia/Shanghai
healthcheck:
test: "redis-cli ping"
interval: 10s
timeout: 5s
retries: 10
volumes:
- ./redis-data:/data
migrate:
image: "omnivore-migrate:72213ee58"
container_name: "omnivore-migrate"
command: '/bin/sh ./packages/db/setup.sh' # Also create a demo user with email: demo@omnivore.app, password: demo_password
environment:
- PGPASSWORD=jbB0GXN472vaPFI
- POSTGRES_USER=postgres
- PG_HOST=pgvector
- PG_PASSWORD=jbB0GXN472vaPFI
- PG_DB=omnivore
depends_on:
pgvector:
condition: service_healthy
api:
image: "omnivore-api:72213ee58"
container_name: "omnivore-api"
ports:
- "4000:8080"
healthcheck:
test: ["CMD-SHELL", "nc -z 0.0.0.0 8080 || exit 1"]
interval: 15s
timeout: 90s
environment:
- API_ENV=local
- PG_HOST=pgvector
- PG_USER=app_user
- PG_PASSWORD=jbB0GXN472vaPFI
- PG_DB=omnivore
- PG_PORT=5432
- PG_POOL_MAX=20
# - JAEGER_HOST=jaeger
- IMAGE_PROXY_SECRET='PEMGssF7-g=;SUAU'
- JWT_SECRET='5jBAw9,2v;V0xb(z'
- SSO_JWT_SECRET='P!xobDom{HJ%m(b.'
- VERIFICATION_TOKEN='PEMGssF7gSUAU'
- CLIENT_URL=https://omnivore.yourapp
- GATEWAY_URL=http://api:8080/api
- CONTENT_FETCH_URL=http://content-fetch:8080/?token=PEMGssF7gSUAU
- REDIS_URL=redis://redis:6379
- MQ_REDIS_URL=redis://redis:6379
depends_on:
migrate:
condition: service_completed_successfully
web:
image: "omnivore-web:72213ee58"
container_name: "omnivore-web"
ports:
- "3000:8080"
environment:
# 在构建镜像时指定了以下参数,所以以下参数需和镜像内同步
- NEXT_PUBLIC_APP_ENV=prod
- NEXT_PUBLIC_BASE_URL=https://omnivore.yourapp
- NEXT_PUBLIC_SERVER_BASE_URL=https://api-omnivore.yourapp
- NEXT_PUBLIC_HIGHLIGHTS_BASE_URL=https://omnivore.yourapp
depends_on:
api:
condition: service_healthy
content-fetch:
image: "omnivore-content-fetch:72213ee58"
container_name: "omnivore-content-fetch"
ports:
- "9090:8080"
environment:
- JWT_SECRET='5jBAw9,2v;V0xb(z'
- VERIFICATION_TOKEN='PEMGssF7gSUAU'
- REST_BACKEND_ENDPOINT=http://api:8080/api
- REDIS_URL=redis://redis:6379
- MQ_REDIS_URL=redis://redis:6379
depends_on:
api:
condition: service_healthy