PocketBase Deploy

# PocketBase 生产环境部署 ## 单二进制文件部署 PocketBase 是一个单一的二进制文件。没有运行时依赖。 bash # 下载 wget https://github.com/pocketbase/pocketbase/releases/download/v0.X.X/pocketbase_0.X.X_linux_amd64.zip unzip pocketbase_*.zip chmod +x pocketbase # 运行 ./pocketbase serve --http="0.0.0.0:8090" 数据存储在 `pb_data/` 中（SQLite 数据库、上传的文件、日志）。 ## systemd 服务 ini # /etc/systemd/system/pocketbase.service [Unit] Description=PocketBase After=network.target [Service] Type=simple User=pocketbase Group=pocketbase LimitNOFILE=4096 Restart=always RestartSec=5s WorkingDirectory=/opt/pocketbase ExecStart=/opt/pocketbase/pocketbase serve --http="127.0.0.1:8090" # 安全加固 NoNewPrivileges=true ProtectSystem=strict ProtectHome=true ReadWritePaths=/opt/pocketbase/pb_data /opt/pocketbase/pb_hooks /opt/pocketbase/pb_migrations PrivateTmp=true # 内存限制（根据您的服务器调整） # MemoryMax=512M [Install] WantedBy=multi-user.target bash # 设置 sudo useradd --system --no-create-home pocketbase sudo mkdir -p /opt/pocketbase sudo cp pocketbase /opt/pocketbase/ sudo chown -R pocketbase:pocketbase /opt/pocketbase # 启用并启动 sudo systemctl daemon-reload sudo systemctl enable pocketbase sudo systemctl start pocketbase sudo systemctl status pocketbase # 日志 sudo journalctl -u pocketbase -f ### 文件描述符限制 对于高流量部署，请增加限制： ini # 在 [Service] 部分： LimitNOFILE=65535 同时在 `/etc/security/limits.conf` 中设置系统范围的限制： pocketbase soft nofile 65535 pocketbase hard nofile 65535 ### Go 内存限制 对于受限环境： ini Environment=GOMEMLIMIT=400MiB ## Docker ### Dockerfile dockerfile FROM alpine:latest ARG PB_VERSION=0.25.0 RUN apk add --no-cache unzip ca-certificates # 下载并安装 PocketBase # 注意：在生产环境中验证校验和 — 参见 https://github.com/pocketbase/pocketbase/releases ADD https://github.com/pocketbase/pocketbase/releases/download/v${PB_VERSION}/pocketbase_${PB_VERSION}_linux_amd64.zip /tmp/pb.zip RUN unzip /tmp/pb.zip -d /pb/ && rm /tmp/pb.zip # 复制 hooks 和迁移文件 COPY ./pb_hooks /pb/pb_hooks COPY ./pb_migrations /pb/pb_migrations EXPOSE 8090 CMD ["/pb/pocketbase", "serve", "--http=0.0.0.0:8090"] ### docker-compose.yml yaml services: pocketbase: build: . ports: - "127.0.0.1:8090:8090" # 仅绑定到 localhost