Update Dockerfile

Dockerfile

@@ -1,24 +1,25 @@
 # ╔══════════════════════════════════════════════════════════════╗
 # ║  Dockerfile — Cloudflare AI API                              ║
-# ║                                                              ║
-# ║  Stack:  Python 3.11 · FastAPI · Chrome · Xvfb              ║
-# ║  Port:   7860  (HuggingFace Spaces default)                  ║
-# ║                                                              ║
-# ║  KEY FIX: /tmp/.X11-unix is pre-created as root with         ║
-# ║  sticky-bit 1777 so non-root Xvfb can use it.               ║
-# ║  Xvfb is started by entrypoint.sh (not pyvirtualdisplay)    ║
-# ║  so we have full control over display :99.                   ║
+# ║  Stack: Python 3.11 · FastAPI · Chrome · Xvfb               ║
+# ║  Port: 7860                                                  ║
 # ╚══════════════════════════════════════════════════════════════╝
 
 FROM python:3.11-slim
 
-# ── System deps ───────────────────────────────────────────────
+ENV DEBIAN_FRONTEND=noninteractive \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# System deps
 RUN apt-get update && apt-get install -y --no-install-recommends \
         xvfb \
         x11-utils \
         wget \
-        gnupg \
         ca-certificates \
+        gnupg \
+        curl \
         libx11-6 \
         libx11-xcb1 \
         libxcb1 \
@@ -50,7 +51,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
         procps \
     && rm -rf /var/lib/apt/lists/*
 
-# ── Google Chrome stable ───────────────────────────────────────
+# Google Chrome stable
 RUN wget -q -O /tmp/chrome.deb \
         https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \
     && apt-get update \
@@ -59,46 +60,30 @@ RUN wget -q -O /tmp/chrome.deb \
     && rm -rf /var/lib/apt/lists/* \
     && google-chrome --version
 
-# ── Pre-create X11 socket directory AS ROOT ───────────────────
-# CRITICAL FIX: Xvfb needs /tmp/.X11-unix to exist with sticky-bit.
-# When running as non-root, Xvfb cannot create it → "euid != 0" error.
-# Creating it here (as root at build time) permanently fixes this.
+# Pre-create X11 socket directory
 RUN mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix
 
-# ── Working directory ──────────────────────────────────────────
 WORKDIR /app
 
-# ── Python deps ────────────────────────────────────────────────
+# Python deps
 COPY requirements.txt .
 RUN pip install --no-cache-dir --upgrade pip \
     && pip install --no-cache-dir -r requirements.txt
 
-# ── App source ─────────────────────────────────────────────────
-COPY cloudflare_provider.py .
-COPY server.py              .
-COPY entrypoint.sh          .
+# App source
+COPY cloudflare_provider.py server.py entrypoint.sh ./
 
-# ── Directories + permissions ──────────────────────────────────
-RUN mkdir -p /app/cache \
-    && useradd -m -u 1000 appuser \
+# User + permissions
+RUN useradd -m -u 1000 appuser \
+    && mkdir -p /app/cache \
     && chown -R appuser:appuser /app \
     && chmod +x /app/entrypoint.sh \
-    # Keep X11 socket dir world-writable after user creation
     && chmod 1777 /tmp/.X11-unix
 
 USER appuser
 
-# ── Environment ────────────────────────────────────────────────
-ENV PYTHONUNBUFFERED=1 \
-    PYTHONDONTWRITEBYTECODE=1 \
-    # Display set by entrypoint.sh (Xvfb :99)
-    DISPLAY=:99 \
-    # VR_DISPLAY=0: we manage Xvfb ourselves in entrypoint.sh
-    # so pyvirtualdisplay does NOT try to start a second Xvfb
-    VR_DISPLAY=0 \
-    # Signals the provider that a real display exists via DISPLAY env
+ENV DISPLAY=:99 \
     XVFB_EXTERNAL=1 \
-    # Pool config
     POOL_SIZE=2 \
     PORT=7860 \
     HOST=0.0.0.0 \
@@ -107,4 +92,4 @@ ENV PYTHONUNBUFFERED=1 \
 
 EXPOSE 7860
 
-CMD ["/app/start.sh"]
+CMD ["/app/entrypoint.sh"]