Spaces:
Paused
Paused
File size: 3,367 Bytes
fcd7f14 da29987 fcd7f14 da29987 fcd7f14 da29987 43c8e9e fcd7f14 da29987 fcd7f14 da29987 9a61f4e fcd7f14 da29987 9a61f4e fcd7f14 da29987 9a61f4e da29987 fcd7f14 da29987 fcd7f14 da29987 fcd7f14 da29987 9a61f4e da29987 9a61f4e da29987 9a61f4e da29987 fcd7f14 da29987 9a61f4e da29987 9a61f4e da29987 9a61f4e da29987 9a61f4e da29987 fcd7f14 da29987 fcd7f14 da29987 9a61f4e |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# --- Stage 1: Build remotemoe ---
FROM golang:1.21-alpine AS builder
# Install git
RUN apk add --no-cache git
WORKDIR /app
# Clone the repo
RUN git clone https://github.com/fasmide/remotemoe.git .
RUN go mod download
# Build statically
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o remotemoe main.go
# --- Stage 2: Runtime ---
FROM alpine:latest
# Install Nginx, Supervisor, and curl
RUN apk add --no-cache nginx supervisor curl
# Install websocat (Bridge for SSH over WebSocket)
RUN curl -L -o /usr/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl \
&& chmod +x /usr/bin/websocat
# Create a non-root user
RUN adduser -D -u 1000 appuser
WORKDIR /home/appuser
# Copy binary
COPY --from=builder /app/remotemoe .
# --- CONFIGURATION SECTION ---
# 1. Create a custom Nginx Config (Non-root compliant)
# We write this to the user's home directory to avoid permission errors in /etc/nginx
RUN echo ' \
worker_processes auto; \
daemon off; \
pid /home/appuser/nginx.pid; \
error_log /home/appuser/nginx_error.log warn; \
\
events { \
worker_connections 1024; \
} \
\
http { \
access_log /home/appuser/nginx_access.log; \
client_body_temp_path /home/appuser/client_body_temp; \
proxy_temp_path /home/appuser/proxy_temp; \
fastcgi_temp_path /home/appuser/fastcgi_temp; \
uwsgi_temp_path /home/appuser/uwsgi_temp; \
scgi_temp_path /home/appuser/scgi_temp; \
\
map $http_upgrade $connection_upgrade { \
default upgrade; \
"" close; \
} \
\
server { \
listen 7860 default_server; \
\
# Route 1: SSH Tunnel via WebSocket \
location /ssh { \
proxy_pass http://127.0.0.1:9999; \
proxy_http_version 1.1; \
proxy_set_header Upgrade $http_upgrade; \
proxy_set_header Connection $connection_upgrade; \
proxy_read_timeout 86400; \
} \
\
# Route 2: Web Dashboard \
location / { \
proxy_pass http://127.0.0.1:8080; \
proxy_set_header Host $host; \
proxy_set_header X-Real-IP $remote_addr; \
} \
} \
} ' > /home/appuser/nginx.conf
# 2. Configure Supervisor
RUN mkdir -p /etc/supervisor.d/ && echo ' \
[supervisord] \
nodaemon=true \
logfile=/home/appuser/supervisord.log \
pidfile=/home/appuser/supervisord.pid \
\
[program:remotemoe] \
command=/home/appuser/remotemoe --ssh-addr :2222 --http-addr :8080 \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
directory=/home/appuser \
\
[program:websocat] \
command=/usr/bin/websocat --binary --exit-on-eof -s 9999 tcp:127.0.0.1:2222 \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
\
[program:nginx] \
command=nginx -c /home/appuser/nginx.conf \
stdout_logfile=/dev/stdout \
stderr_logfile=/dev/stderr \
' > /etc/supervisord.conf
# 3. Create necessary temp directories and set permissions
RUN mkdir -p /home/appuser/client_body_temp \
/home/appuser/proxy_temp \
/home/appuser/fastcgi_temp \
/home/appuser/uwsgi_temp \
/home/appuser/scgi_temp \
&& chown -R appuser:appuser /home/appuser
# Switch to non-root user
USER appuser
# Expose the HF App Port
EXPOSE 7860
# Start Supervisor
CMD ["supervisord", "-c", "/etc/supervisord.conf"] |