Update Dockerfile

Dockerfile

@@ -1,78 +1,121 @@
 # --- Stage 1: Build remotemoe ---
 FROM golang:1.21-alpine AS builder
+
+# Install git
 RUN apk add --no-cache git
+
 WORKDIR /app
+
+# Clone the repo
 RUN git clone https://github.com/fasmide/remotemoe.git .
 RUN go mod download
+
+# Build statically
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o remotemoe main.go
 
 # --- Stage 2: Runtime ---
 FROM alpine:latest
 
-# Install Nginx, Supervisor, and tools
+# Install Nginx, Supervisor, and curl
 RUN apk add --no-cache nginx supervisor curl
 
-# Install websocat (The bridge between HF WebSockets and internal SSH)
+# Install websocat (Bridge for SSH over WebSocket)
 RUN curl -L -o /usr/bin/websocat https://github.com/vi/websocat/releases/download/v1.13.0/websocat.x86_64-unknown-linux-musl \
     && chmod +x /usr/bin/websocat
 
-# Create user
+# Create a non-root user
 RUN adduser -D -u 1000 appuser
+
 WORKDIR /home/appuser
+
+# Copy binary
 COPY --from=builder /app/remotemoe .
 
-# --- Configuration ---
+# --- CONFIGURATION SECTION ---
 
-# 1. Nginx Configuration
-RUN mkdir -p /etc/nginx/http.d/ && echo ' \
-server { \
-    listen 7860 default_server; \
+# 1. Create a custom Nginx Config (Non-root compliant)
+# We write this to the user's home directory to avoid permission errors in /etc/nginx
+RUN echo ' \
+worker_processes auto; \
+daemon off; \
+pid /home/appuser/nginx.pid; \
+error_log /home/appuser/nginx_error.log warn; \
+\
+events { \
+    worker_connections 1024; \
+} \
+\
+http { \
+    access_log /home/appuser/nginx_access.log; \
+    client_body_temp_path /home/appuser/client_body_temp; \
+    proxy_temp_path /home/appuser/proxy_temp; \
+    fastcgi_temp_path /home/appuser/fastcgi_temp; \
+    uwsgi_temp_path /home/appuser/uwsgi_temp; \
+    scgi_temp_path /home/appuser/scgi_temp; \
     \
-    # Route 1: The SSH Tunnel (via WebSocket) \
-    location /ssh { \
-        proxy_pass http://127.0.0.1:9999; \
-        proxy_http_version 1.1; \
-        proxy_set_header Upgrade $http_upgrade; \
-        proxy_set_header Connection "Upgrade"; \
-        proxy_read_timeout 86400; \
+    map $http_upgrade $connection_upgrade { \
+        default upgrade; \
+        ""      close; \
     } \
     \
-    # Route 2: The Web Dashboard \
-    location / { \
-        proxy_pass http://127.0.0.1:8080; \
-        proxy_set_header Host $host; \
-        proxy_set_header X-Real-IP $remote_addr; \
+    server { \
+        listen 7860 default_server; \
+        \
+        # Route 1: SSH Tunnel via WebSocket \
+        location /ssh { \
+            proxy_pass http://127.0.0.1:9999; \
+            proxy_http_version 1.1; \
+            proxy_set_header Upgrade $http_upgrade; \
+            proxy_set_header Connection $connection_upgrade; \
+            proxy_read_timeout 86400; \
+        } \
+        \
+        # Route 2: Web Dashboard \
+        location / { \
+            proxy_pass http://127.0.0.1:8080; \
+            proxy_set_header Host $host; \
+            proxy_set_header X-Real-IP $remote_addr; \
+        } \
     } \
-} ' > /etc/nginx/http.d/default.conf
+} ' > /home/appuser/nginx.conf
 
-# 2. Supervisor Configuration
-# We run 3 services: Nginx (Front), Websocat (Bridge), Remotemoe (App)
+# 2. Configure Supervisor
 RUN mkdir -p /etc/supervisor.d/ && echo ' \
 [supervisord] \
 nodaemon=true \
-logfile=/dev/null \
-pidfile=/tmp/supervisord.pid \
+logfile=/home/appuser/supervisord.log \
+pidfile=/home/appuser/supervisord.pid \
 \
 [program:remotemoe] \
 command=/home/appuser/remotemoe --ssh-addr :2222 --http-addr :8080 \
 stdout_logfile=/dev/stdout \
 stderr_logfile=/dev/stderr \
+directory=/home/appuser \
 \
 [program:websocat] \
-# Listen on 9999, unwrap WebSocket, forward to SSH port 2222 \
 command=/usr/bin/websocat --binary --exit-on-eof -s 9999 tcp:127.0.0.1:2222 \
 stdout_logfile=/dev/stdout \
 stderr_logfile=/dev/stderr \
 \
 [program:nginx] \
-command=nginx -g "daemon off;" \
+command=nginx -c /home/appuser/nginx.conf \
 stdout_logfile=/dev/stdout \
 stderr_logfile=/dev/stderr \
 ' > /etc/supervisord.conf
 
-# Permissions and Startup
-RUN chown -R appuser:appuser /home/appuser /var/lib/nginx /var/log/nginx /etc/nginx
+# 3. Create necessary temp directories and set permissions
+RUN mkdir -p /home/appuser/client_body_temp \
+             /home/appuser/proxy_temp \
+             /home/appuser/fastcgi_temp \
+             /home/appuser/uwsgi_temp \
+             /home/appuser/scgi_temp \
+    && chown -R appuser:appuser /home/appuser
+
+# Switch to non-root user
 USER appuser
 
+# Expose the HF App Port
 EXPOSE 7860
+
+# Start Supervisor
 CMD ["supervisord", "-c", "/etc/supervisord.conf"]