app/insforge

使用 Pigsty 托管的 PostgreSQL 部署 InsForge 后端即服务平台

app/insforge 配置模板用于部署 InsForge OSS，并使用 Pigsty 托管的 PostgreSQL 作为外部数据库。

配置概览

配置名称： app/insforge
节点数量：单节点
配置说明：部署 InsForge App、PostgREST、Deno Runtime，并创建所需 PostgreSQL 用户、角色、数据库与扩展
适用系统：el8, el9, el10, d12, d13, u22, u24, u26
适用架构：x86_64, aarch64
相关配置：meta、supabase

启用方式：

./configure -c app/insforge [-i <primary_ip>]

配置内容

源文件地址：pigsty/conf/app/insforge.yml

---
#==============================================================#
# File      :   insforge.yml
# Desc      :   pigsty config for running 1-node insforge app
# Ctime     :   2026-03-10
# Mtime     :   2026-03-14
# Docs      :   https://pigsty.io/docs/app/insforge
# License   :   Apache-2.0 @ https://pigsty.io/docs/about/license/
# Copyright :   2018-2026  Ruohang Feng / Vonng (rh@vonng.com)
#==============================================================#
# InsForge: Open-source Backend-as-a-Service for AI coding agents
# GitHub: https://github.com/InsForge/InsForge
#
# how to use this template:
#
#  curl -fsSL https://repo.pigsty.io/get | bash; cd ~/pigsty
# ./bootstrap                  # prepare local repo & ansible
# ./configure -c app/insforge  # use this insforge config template
# vi pigsty.yml                # IMPORTANT: CHANGE CREDENTIALS!!
# ./deploy.yml                 # install pigsty & pgsql
# ./docker.yml                 # install docker & docker-compose
# ./app.yml                    # install insforge with docker-compose
#
# To replace domain name:
#   sed -ie 's/isf.pigsty/isf.yourdomain.com/g' pigsty.yml


all:
  children:

    # the insforge application
    insforge:
      hosts: { 10.10.10.10: {} }
      vars:
        app: insforge   # specify app name to be installed (in the apps)
        apps:           # define all applications
          insforge:     # app name, should have corresponding ~/pigsty/app/insforge folder
            conf:       # override /opt/insforge/.env config file

              # secrets (CHANGE THESE!)
              JWT_SECRET: your-secret-key-here-must-be-32-char-or-above
              ADMIN_EMAIL: admin@example.com
              ADMIN_PASSWORD: pigsty

              # database credentials (must match pg_users below)
              POSTGRES_HOST: 10.10.10.10
              POSTGRES_PORT: 5432
              POSTGRES_DB: insforge
              POSTGRES_USER: dbuser_insforge
              POSTGRES_PASSWORD: DBUser.Insforge

              # optional: LLM model gateway via OpenRouter
              #OPENROUTER_API_KEY: sk-or-xxxxx

              # optional: MCP / Cloud API access
              #ACCESS_API_KEY: ik_xxxxx
              #CLOUD_API_HOST: https://api.insforge.dev

              # optional: object storage / CDN
              #AWS_ACCESS_KEY_ID:
              #AWS_SECRET_ACCESS_KEY:
              #AWS_REGION:
              #AWS_S3_BUCKET:
              #S3_ACCESS_KEY_ID:
              #S3_SECRET_ACCESS_KEY:
              #S3_ENDPOINT_URL:
              #AWS_CLOUDFRONT_URL:
              #AWS_CLOUDFRONT_KEY_PAIR_ID:
              #AWS_CLOUDFRONT_PRIVATE_KEY:
              #MAX_FILE_SIZE:

              # optional: Deno edge function subhosting
              #DENO_SUBHOSTING_TOKEN:
              #DENO_SUBHOSTING_ORG_ID:

              # optional: managed / hybrid cloud metadata
              #DEPLOYMENT_ID:
              #PROJECT_ID:
              #APP_KEY:

              # optional: OAuth providers
              #GOOGLE_CLIENT_ID:
              #GOOGLE_CLIENT_SECRET:
              #GITHUB_CLIENT_ID:
              #GITHUB_CLIENT_SECRET:

    pg-meta:
      hosts: { 10.10.10.10: { pg_seq: 1, pg_role: primary } }
      vars:
        pg_cluster: pg-meta
        pg_users:
          - { name: dbuser_insforge ,password: DBUser.Insforge ,pgbouncer: true ,roles: [dbrole_admin] ,superuser: true ,comment: 'insforge superuser' }
          - { name: anon            ,login: false ,comment: 'insforge anonymous role for PostgREST' }
          - { name: authenticated   ,login: false ,comment: 'insforge authenticated role' }
          - { name: project_admin   ,login: false ,comment: 'insforge project admin with RLS bypass' }
        pg_databases:
          - name: insforge
            owner: dbuser_insforge
            baseline: insforge.sql
            extensions: [pgcrypto, http, pg_cron]
            comment: InsForge BaaS database
        pg_libs: 'pg_cron, pg_stat_statements, auto_explain'
        pg_parameters: { cron.database_name: insforge }
        pg_extensions: [ pg_cron, pg_http ]
        pg_hba_rules:
          - { user: dbuser_insforge ,db: all ,addr: 172.17.0.0/16 ,auth: pwd ,title: 'allow insforge access from local docker network' }
        pg_crontab: [ '00 01 * * * /pg/bin/pg-backup full' ] # make a full backup every 1am

    infra: { hosts: { 10.10.10.10: { infra_seq: 1 } } }
    etcd:  { hosts: { 10.10.10.10: { etcd_seq: 1 } }, vars: { etcd_cluster: etcd } }
    #minio: { hosts: { 10.10.10.10: { minio_seq: 1 } }, vars: { minio_cluster: minio } }

  vars:                               # global variables
    version: v4.3.0                   # pigsty version string
    admin_ip: 10.10.10.10             # admin node ip address
    region: default                   # upstream mirror region: default|china|europe
    node_tune: oltp                   # node tuning specs: oltp,olap,tiny,crit
    pg_conf: oltp.yml                 # pgsql tuning specs: {oltp,olap,tiny,crit}.yml

    docker_enabled: true              # enable docker on app group
    #docker_registry_mirrors: ["https://docker.1panel.live","https://docker.1ms.run","https://docker.xuanyuan.me","https://registry-1.docker.io"]

    proxy_env:                        # global proxy env when downloading packages & pull docker images
      no_proxy: "localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,*.pigsty,*.aliyun.com,mirrors.*,*.tsinghua.edu.cn"
      #http_proxy:  127.0.0.1:12345 # add your proxy env here for downloading packages or pull images
      #https_proxy: 127.0.0.1:12345 # usually the proxy is format as http://user:pass@proxy.xxx.com
      #all_proxy:   127.0.0.1:12345

    infra_portal:                     # domain names and upstream servers
      home    :  { domain: i.pigsty }
      insforge:                       # nginx server config for insforge
        domain: isf.pigsty            # REPLACE WITH YOUR OWN DOMAIN!
        endpoint: "10.10.10.10:7130"  # insforge API+dashboard endpoint: IP:PORT
        websocket: true               # add websocket support
        certbot: isf.pigsty           # certbot cert name, apply with `make cert`

    repo_enabled: false
    node_repo_modules: node,infra,pgsql
    pg_version: 17

    #----------------------------------------------#
    # PASSWORD : https://pigsty.io/docs/setup/security/
    #----------------------------------------------#
    grafana_admin_password: pigsty
    grafana_view_password: DBUser.Viewer
    pg_admin_password: DBUser.DBA
    pg_monitor_password: DBUser.Monitor
    pg_replication_password: DBUser.Replicator
    patroni_password: Patroni.API
    haproxy_admin_password: pigsty
    minio_secret_key: S3User.MinIO
    etcd_root_password: Etcd.Root
...

配置解读

app/insforge 模板默认部署：

InsForge 主服务：ghcr.io/insforge/insforge-oss:v2.0.1，端口 7130
PostgREST：postgrest/postgrest:v12.2.12，端口 5430
Deno Runtime：端口 7133
PostgreSQL 数据库：insforge
扩展：pgcrypto、http、pg_cron
Nginx 入口：isf.pigsty -> 10.10.10.10:7130

访问方式：

http://<IP>:7130
http://isf.pigsty

默认管理员账号为 admin@example.com / pigsty，生产环境必须修改 JWT_SECRET、ADMIN_PASSWORD 与数据库密码。

意见反馈

这个页面对您有帮助吗？

感谢反馈！请告诉我们如何改进。

抱歉给您带来不便。请告诉我们如何改进。

最后修改 2026-05-07: docs: sync v4.3 config template references (f4ab76e)