# yaml-language-server: $schema=https://schema.zeabur.app/template.json apiVersion: zeabur.com/v1 kind: Template metadata: name: Sub2API spec: description: Deploy Sub2API with PostgreSQL and Redis on Zeabur. icon: https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/frontend/public/logo.png variables: - key: PUBLIC_DOMAIN type: DOMAIN name: Public Domain description: Domain used for the Sub2API dashboard and API gateway. tags: - AI - API - Tool readme: |- # Sub2API This template deploys a complete Sub2API stack on Zeabur: - `Sub2API` web UI and API gateway - `PostgreSQL 18` - `Redis 8` ## What is included - Pinned Sub2API image: `weishaw/sub2api:latest` - Persistent volumes for app data, PostgreSQL, and Redis - `AUTO_SETUP=true` so the app initializes itself on first boot - A public HTTP endpoint bound to your selected domain ## Default credentials - Admin email: `admin@sub2api.local` - Admin password: generated from the service environment on first install You can view the initial admin password from the `Sub2API` service instructions after deployment. This only applies on the first bootstrap of a fresh database. Later redeploys do not overwrite an existing admin password. ## Production notes - Update `ADMIN_EMAIL` after deployment if you want to use your own login address. - `JWT_SECRET` is generated by the template. - `TOTP_ENCRYPTION_KEY` is left unset by default. - If you want 2FA to survive restarts and redeploys, set `TOTP_ENCRYPTION_KEY` manually after deployment to a 64-character hex string generated with `openssl rand -hex 32`. - Changing `TOTP_ENCRYPTION_KEY` later invalidates previously configured 2FA secrets. - PostgreSQL and Redis forwarding are disabled by default so they stay internal to the project. ## Upstream project - GitHub: https://github.com/Wei-Shaw/sub2api - Latest pinned release in this template: `latest` resourceUsage: cpu: 1 memory: 1024 services: - name: PostgreSQL icon: https://raw.githubusercontent.com/zeabur/service-icons/main/marketplace/postgresql.svg template: PREBUILT spec: id: postgresql source: image: postgres:18-alpine ports: - id: database port: 5432 type: TCP volumes: - id: data dir: /var/lib/postgresql/data env: PGDATA: default: /var/lib/postgresql/data POSTGRES_DB: default: sub2api POSTGRES_PASSWORD: default: ${PASSWORD} POSTGRES_USER: default: sub2api SUB2API_POSTGRES_DB: default: ${POSTGRES_DB} expose: true SUB2API_POSTGRES_HOST: default: ${CONTAINER_HOSTNAME} expose: true SUB2API_POSTGRES_PASSWORD: default: ${POSTGRES_PASSWORD} expose: true SUB2API_POSTGRES_PORT: default: ${DATABASE_PORT} expose: true SUB2API_POSTGRES_URI: default: postgresql://${SUB2API_POSTGRES_USER}:${SUB2API_POSTGRES_PASSWORD}@${SUB2API_POSTGRES_HOST}:${SUB2API_POSTGRES_PORT}/${SUB2API_POSTGRES_DB}?sslmode=disable expose: true SUB2API_POSTGRES_USER: default: ${POSTGRES_USER} expose: true TZ: default: Asia/Shanghai portForwarding: enabled: false - name: Redis icon: https://raw.githubusercontent.com/zeabur/service-icons/main/marketplace/redis.svg template: PREBUILT spec: id: redis source: image: redis:8-alpine command: - sh - -c - redis-server --save 60 1 --appendonly yes --appendfsync everysec --requirepass "$REDIS_PASSWORD" ports: - id: database port: 6379 type: TCP volumes: - id: data dir: /data env: REDIS_PASSWORD: default: ${PASSWORD} SUB2API_REDIS_HOST: default: ${CONTAINER_HOSTNAME} expose: true SUB2API_REDIS_PASSWORD: default: ${REDIS_PASSWORD} expose: true SUB2API_REDIS_PORT: default: ${DATABASE_PORT} expose: true SUB2API_REDIS_URI: default: redis://:${SUB2API_REDIS_PASSWORD}@${SUB2API_REDIS_HOST}:${SUB2API_REDIS_PORT} expose: true TZ: default: Asia/Shanghai portForwarding: enabled: false - name: Sub2API icon: https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/frontend/public/logo.png template: PREBUILT spec: id: sub2api source: image: weishaw/sub2api:latest ports: - id: web port: 8080 type: HTTP volumes: - id: data dir: /app/data instructions: - title: Open Sub2API content: https://${PUBLIC_DOMAIN} - title: Admin email content: ${ADMIN_EMAIL} - title: Initial admin password content: ${ADMIN_PASSWORD} - title: Optional 2FA setup content: Leave 2FA disabled, or set TOTP_ENCRYPTION_KEY later to a 64-character hex string from `openssl rand -hex 32` if you want enrolled 2FA to survive restarts. - title: Bootstrap note content: The admin email and password shown here are only for first-time bootstrap on a fresh database. Redeploying does not reset an existing admin account. env: ADMIN_EMAIL: default: admin@sub2api.local ADMIN_PASSWORD: default: ${PASSWORD} AUTO_SETUP: default: "true" DATABASE_DBNAME: default: ${SUB2API_POSTGRES_DB} DATABASE_HOST: default: ${SUB2API_POSTGRES_HOST} DATABASE_PASSWORD: default: ${SUB2API_POSTGRES_PASSWORD} DATABASE_PORT: default: ${SUB2API_POSTGRES_PORT} DATABASE_SSLMODE: default: disable DATABASE_USER: default: ${SUB2API_POSTGRES_USER} JWT_SECRET: default: ${PASSWORD} REDIS_DB: default: "0" REDIS_HOST: default: ${SUB2API_REDIS_HOST} REDIS_PASSWORD: default: ${SUB2API_REDIS_PASSWORD} REDIS_PORT: default: ${SUB2API_REDIS_PORT} RUN_MODE: default: standard SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP: default: "false" SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS: default: "false" SECURITY_URL_ALLOWLIST_ENABLED: default: "false" SERVER_HOST: default: 0.0.0.0 SERVER_MODE: default: release SERVER_PORT: default: "8080" TZ: default: Asia/Shanghai healthCheck: type: HTTP port: web http: path: /health domainKey: PUBLIC_DOMAIN localization: zh-CN: description: 在 Zeabur 上部署包含 PostgreSQL 和 Redis 的 Sub2API。 variables: - key: PUBLIC_DOMAIN type: DOMAIN name: 公网域名 description: 用于 Sub2API 管理后台和 API 网关的域名。 readme: |- # Sub2API 这个模板会在 Zeabur 上部署一套完整的 Sub2API 服务: - `Sub2API` Web 管理后台和 API 网关 - `PostgreSQL 18` - `Redis 8` ## 模板内容 - 固定版本的 Sub2API 镜像:`weishaw/sub2api:latest` - 为应用数据、PostgreSQL 和 Redis 启用持久化存储 - 设置 `AUTO_SETUP=true`,首次启动自动初始化 - 使用你在部署时填写的域名对外提供 HTTP 服务 ## 默认凭据 - 管理员邮箱:`admin@sub2api.local` - 管理员密码:首次安装时根据服务环境生成 部署完成后,可以在 `Sub2API` 服务的 instructions 中查看初始管理员密码。 这只适用于全新数据库的第一次初始化;后续重新部署不会覆盖已有管理员密码。 ## 生产环境说明 - 如果需要,请在部署后把 `ADMIN_EMAIL` 改成你自己的邮箱。 - `JWT_SECRET` 由模板自动生成。 - `TOTP_ENCRYPTION_KEY` 默认留空。 - 如果你希望 2FA 在重启和重新部署后仍然有效,请在部署后手动把 `TOTP_ENCRYPTION_KEY` 设置为 64 位十六进制字符串,可用 `openssl rand -hex 32` 生成。 - 后续修改 `TOTP_ENCRYPTION_KEY` 会让之前配置的 2FA 失效。 - PostgreSQL 和 Redis 默认关闭端口转发,仅在项目内部可访问。 ## 上游项目 - GitHub: https://github.com/Wei-Shaw/sub2api - 当前模板固定版本:`latest`