Hugging Face's logo

Spaces:
MCP-1st-Birthday
/
ProjectMIND
Build error

App Files Community
arymandeshwal commited on
Commit
2afbf95
·
1 Parent(s): a353db0

fix: run as non-root user

Browse files
Files changed (1) hide show
  1. Dockerfile +47 -59
Dockerfile CHANGED
@@ -17,13 +17,9 @@ RUN apt-get update && apt-get install -y \
17
  gcc \
18
  g++ \
19
  nginx \
20
- supervisor \
21
  curl \
22
  && rm -rf /var/lib/apt/lists/*
23
 
24
- # Create non-root user for HF Spaces
25
- RUN useradd -m -u 1000 user
26
-
27
  # Set working directory
28
  WORKDIR /app
29
 
@@ -35,69 +31,61 @@ RUN pip install --no-cache-dir -r requirements.txt
35
  COPY backend/ ./backend/
36
 
37
  # Copy built frontend to nginx directory
38
- COPY --from=frontend-builder /app/frontend/dist /usr/share/nginx/html
39
 
40
  # Create nginx configuration
41
- RUN echo 'server { \n\
42
- listen 7860; \n\
43
- server_name localhost; \n\
44
- \n\
45
- location / { \n\
46
- root /usr/share/nginx/html; \n\
47
- try_files $uri $uri/ /index.html; \n\
48
- } \n\
49
- \n\
50
- location /api { \n\
51
- proxy_pass http://127.0.0.1:8000; \n\
52
- proxy_http_version 1.1; \n\
53
- proxy_set_header Upgrade $http_upgrade; \n\
54
- proxy_set_header Connection "upgrade"; \n\
55
- proxy_set_header Host $host; \n\
56
- proxy_set_header X-Real-IP $remote_addr; \n\
57
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; \n\
58
- proxy_set_header X-Forwarded-Proto $scheme; \n\
59
- proxy_read_timeout 300s; \n\
60
- proxy_connect_timeout 300s; \n\
 
 
 
 
 
 
 
 
 
61
  } \n\
62
- }' > /etc/nginx/conf.d/default.conf
63
 
64
- # Remove default nginx config that listens on port 80
65
- RUN rm -f /etc/nginx/sites-enabled/default 2>/dev/null || true
 
 
 
 
66
 
67
- # Create supervisor configuration
68
- RUN echo '[supervisord] \n\
69
- nodaemon=true \n\
70
- user=root \n\
71
- \n\
72
- [program:backend] \n\
73
- command=python -m uvicorn backend.app.main:app --host 0.0.0.0 --port 8000 \n\
74
- directory=/app \n\
75
- autostart=true \n\
76
- autorestart=true \n\
77
- redirect_stderr=true \n\
78
- stdout_logfile=/dev/stdout \n\
79
- stdout_logfile_maxbytes=0 \n\
80
- \n\
81
- [program:nginx] \n\
82
- command=nginx -g "daemon off;" \n\
83
- autostart=true \n\
84
- autorestart=true \n\
85
- redirect_stderr=true \n\
86
- stdout_logfile=/dev/stdout \n\
87
- stdout_logfile_maxbytes=0' > /etc/supervisor/conf.d/supervisord.conf
88
 
89
- # Create persistent data directory and set permissions
90
- RUN mkdir -p /data && chown -R 1000:1000 /data
91
- RUN chown -R 1000:1000 /app
92
- RUN chown -R 1000:1000 /usr/share/nginx/html
93
- RUN touch /var/run/nginx.pid && chown 1000:1000 /var/run/nginx.pid
94
- RUN chown -R 1000:1000 /var/log/nginx /var/lib/nginx
95
 
96
- # Set environment for database path
97
  ENV DATABASE_PATH=/data/project_memory.db
98
 
99
- # Hugging Face Spaces expects port 7860
100
  EXPOSE 7860
101
 
102
- # Start both services with supervisor
103
- CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 
 
 
17
  gcc \
18
  g++ \
19
  nginx \
 
20
  curl \
21
  && rm -rf /var/lib/apt/lists/*
22
 
 
 
 
23
  # Set working directory
24
  WORKDIR /app
25
 
 
31
  COPY backend/ ./backend/
32
 
33
  # Copy built frontend to nginx directory
34
+ COPY --from=frontend-builder /app/frontend/dist /var/www/html
35
 
36
  # Create nginx configuration
37
+ RUN echo 'error_log /dev/stderr; \n\
38
+ pid /tmp/nginx.pid; \n\
39
+ worker_processes auto; \n\
40
+ events { worker_connections 1024; } \n\
41
+ http { \n\
42
+ include /etc/nginx/mime.types; \n\
43
+ default_type application/octet-stream; \n\
44
+ access_log /dev/stdout; \n\
45
+ client_body_temp_path /tmp/client_body; \n\
46
+ proxy_temp_path /tmp/proxy; \n\
47
+ fastcgi_temp_path /tmp/fastcgi; \n\
48
+ uwsgi_temp_path /tmp/uwsgi; \n\
49
+ scgi_temp_path /tmp/scgi; \n\
50
+ server { \n\
51
+ listen 7860; \n\
52
+ server_name localhost; \n\
53
+ root /var/www/html; \n\
54
+ index index.html; \n\
55
+ location / { \n\
56
+ try_files $uri $uri/ /index.html; \n\
57
+ } \n\
58
+ location /api { \n\
59
+ proxy_pass http://127.0.0.1:8000; \n\
60
+ proxy_http_version 1.1; \n\
61
+ proxy_set_header Upgrade $http_upgrade; \n\
62
+ proxy_set_header Connection "upgrade"; \n\
63
+ proxy_set_header Host $host; \n\
64
+ proxy_read_timeout 300s; \n\
65
+ } \n\
66
  } \n\
67
+ }' > /etc/nginx/nginx.conf
68
 
69
+ # Create startup script
70
+ RUN echo '#!/bin/bash \n\
71
+ mkdir -p /tmp/client_body /tmp/proxy /tmp/fastcgi /tmp/uwsgi /tmp/scgi \n\
72
+ cd /app && python -m uvicorn backend.app.main:app --host 0.0.0.0 --port 8000 & \n\
73
+ sleep 2 \n\
74
+ nginx -g "daemon off;"' > /app/start.sh && chmod +x /app/start.sh
75
 
76
+ # Set permissions for non-root user
77
+ RUN chmod -R 777 /var/www/html /var/log/nginx /var/lib/nginx /etc/nginx /app
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
78
 
79
+ # Create data directory
80
+ RUN mkdir -p /data && chmod 777 /data
 
 
 
 
81
 
82
+ # Environment
83
  ENV DATABASE_PATH=/data/project_memory.db
84
 
85
+ # HF Spaces port
86
  EXPOSE 7860
87
 
88
+ # Run as non-root
89
+ USER 1000
90
+
91
+ CMD ["/bin/bash", "/app/start.sh"]