Spaces:
Paused
Paused
| # --- Stage 1: Build remotemoe --- | |
| FROM golang:1.21-alpine AS builder | |
| # Install git | |
| RUN apk add --no-cache git | |
| WORKDIR /app | |
| # Clone the repo | |
| RUN git clone https://github.com/fasmide/remotemoe.git . | |
| RUN go mod download | |
| # Build statically | |
| RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o remotemoe main.go | |
| # --- Stage 2: Runtime --- | |
| FROM alpine:latest | |
| # Install Nginx, Supervisor, and curl | |
| RUN apk add --no-cache nginx supervisor curl | |
| # Install websocat (Bridge for SSH over WebSocket) | |
| RUN curl -L -o /usr/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl \ | |
| && chmod +x /usr/bin/websocat | |
| # Create a non-root user | |
| RUN adduser -D -u 1000 appuser | |
| WORKDIR /home/appuser | |
| # Copy binary | |
| COPY --from=builder /app/remotemoe . | |
| # --- CONFIGURATION SECTION --- | |
| # 1. Create a custom Nginx Config (Non-root compliant) | |
| # We write this to the user's home directory to avoid permission errors in /etc/nginx | |
| RUN echo ' \ | |
| worker_processes auto; \ | |
| daemon off; \ | |
| pid /home/appuser/nginx.pid; \ | |
| error_log /home/appuser/nginx_error.log warn; \ | |
| \ | |
| events { \ | |
| worker_connections 1024; \ | |
| } \ | |
| \ | |
| http { \ | |
| access_log /home/appuser/nginx_access.log; \ | |
| client_body_temp_path /home/appuser/client_body_temp; \ | |
| proxy_temp_path /home/appuser/proxy_temp; \ | |
| fastcgi_temp_path /home/appuser/fastcgi_temp; \ | |
| uwsgi_temp_path /home/appuser/uwsgi_temp; \ | |
| scgi_temp_path /home/appuser/scgi_temp; \ | |
| \ | |
| map $http_upgrade $connection_upgrade { \ | |
| default upgrade; \ | |
| "" close; \ | |
| } \ | |
| \ | |
| server { \ | |
| listen 7860 default_server; \ | |
| \ | |
| # Route 1: SSH Tunnel via WebSocket \ | |
| location /ssh { \ | |
| proxy_pass http://127.0.0.1:9999; \ | |
| proxy_http_version 1.1; \ | |
| proxy_set_header Upgrade $http_upgrade; \ | |
| proxy_set_header Connection $connection_upgrade; \ | |
| proxy_read_timeout 86400; \ | |
| } \ | |
| \ | |
| # Route 2: Web Dashboard \ | |
| location / { \ | |
| proxy_pass http://127.0.0.1:8080; \ | |
| proxy_set_header Host $host; \ | |
| proxy_set_header X-Real-IP $remote_addr; \ | |
| } \ | |
| } \ | |
| } ' > /home/appuser/nginx.conf | |
| # 2. Configure Supervisor | |
| RUN mkdir -p /etc/supervisor.d/ && echo ' \ | |
| [supervisord] \ | |
| nodaemon=true \ | |
| logfile=/home/appuser/supervisord.log \ | |
| pidfile=/home/appuser/supervisord.pid \ | |
| \ | |
| [program:remotemoe] \ | |
| command=/home/appuser/remotemoe --ssh-addr :2222 --http-addr :8080 \ | |
| stdout_logfile=/dev/stdout \ | |
| stderr_logfile=/dev/stderr \ | |
| directory=/home/appuser \ | |
| \ | |
| [program:websocat] \ | |
| command=/usr/bin/websocat --binary --exit-on-eof -s 9999 tcp:127.0.0.1:2222 \ | |
| stdout_logfile=/dev/stdout \ | |
| stderr_logfile=/dev/stderr \ | |
| \ | |
| [program:nginx] \ | |
| command=nginx -c /home/appuser/nginx.conf \ | |
| stdout_logfile=/dev/stdout \ | |
| stderr_logfile=/dev/stderr \ | |
| ' > /etc/supervisord.conf | |
| # 3. Create necessary temp directories and set permissions | |
| RUN mkdir -p /home/appuser/client_body_temp \ | |
| /home/appuser/proxy_temp \ | |
| /home/appuser/fastcgi_temp \ | |
| /home/appuser/uwsgi_temp \ | |
| /home/appuser/scgi_temp \ | |
| && chown -R appuser:appuser /home/appuser | |
| # Switch to non-root user | |
| USER appuser | |
| # Expose the HF App Port | |
| EXPOSE 7860 | |
| # Start Supervisor | |
| CMD ["supervisord", "-c", "/etc/supervisord.conf"] |