Spaces:
Running
Running
Update entrypoint.sh
Browse files- entrypoint.sh +21 -82
entrypoint.sh
CHANGED
|
@@ -1,105 +1,44 @@
|
|
| 1 |
#!/bin/sh
|
| 2 |
set -eu
|
| 3 |
|
| 4 |
-
|
| 5 |
-
|
| 6 |
-
# -----------------------------------------------------
|
| 7 |
-
# 1. 检查目标 URL
|
| 8 |
-
# -----------------------------------------------------
|
| 9 |
if [ -z "${APP_ARCHIVE_URL:-}" ]; then
|
| 10 |
-
echo "
|
| 11 |
exit 1
|
| 12 |
fi
|
| 13 |
|
| 14 |
-
|
| 15 |
-
mkdir -p
|
| 16 |
-
cd
|
| 17 |
ARCHIVE_FILE="app_archive"
|
| 18 |
|
| 19 |
-
#
|
| 20 |
-
|
| 21 |
-
|
| 22 |
-
CF_ID_RAW="${CF_ACCESS_CLIENT_ID:-}"
|
| 23 |
-
CF_SECRET_RAW="${CF_ACCESS_CLIENT_SECRET:-}"
|
| 24 |
-
|
| 25 |
-
# 清洗逻辑:tr -d '\r\n "\047'
|
| 26 |
-
# 解释:删除 回车(\r)、换行(\n)、空格( )、双引号(")、单引号(')
|
| 27 |
-
# 作用:无论你在 HF Secret 里填了 "123" 还是 '123',这里都会还原成纯净的 123
|
| 28 |
-
if [ -n "$CF_ID_RAW" ]; then
|
| 29 |
-
CF_ID="$(printf '%s' "$CF_ID_RAW" | tr -d '\r\n "\047')"
|
| 30 |
-
else
|
| 31 |
-
CF_ID=""
|
| 32 |
-
fi
|
| 33 |
-
|
| 34 |
-
if [ -n "$CF_SECRET_RAW" ]; then
|
| 35 |
-
CF_SECRET="$(printf '%s' "$CF_SECRET_RAW" | tr -d '\r\n "\047')"
|
| 36 |
-
else
|
| 37 |
-
CF_SECRET=""
|
| 38 |
-
fi
|
| 39 |
-
|
| 40 |
-
# -----------------------------------------------------
|
| 41 |
-
# 3. 组装 Curl 参数 (含伪装)
|
| 42 |
-
# -----------------------------------------------------
|
| 43 |
-
echo "[entrypoint] 正在构建请求..." >&2
|
| 44 |
-
|
| 45 |
-
# 基础参数:
|
| 46 |
-
# -f: 失败(4xx/5xx)时不输出内容到 stdout (但我们要看错误详情,下面会处理)
|
| 47 |
-
# -s: 静默模式
|
| 48 |
-
# -S: 发生错误时显示错误信息
|
| 49 |
-
# -L: 跟随重定向
|
| 50 |
-
# -A: 伪装 User-Agent (关键!防止被 Cloudflare WAF 拦截)
|
| 51 |
-
USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
| 52 |
|
| 53 |
-
|
|
|
|
|
|
|
|
|
|
| 54 |
|
| 55 |
-
# 注入 Cloudflare Access 凭证
|
| 56 |
if [ -n "$CF_ID" ] && [ -n "$CF_SECRET" ]; then
|
| 57 |
-
echo "[entrypoint] ✅ 检测到 Cloudflare Access 凭证" >&2
|
| 58 |
-
# 调试:只打印前 4 位,验证是否包含引号
|
| 59 |
-
echo "[entrypoint] 🔍 ID 校验: ${CF_ID%%????*}**** (长度: ${#CF_ID})" >&2
|
| 60 |
-
|
| 61 |
-
# 使用 -H 添加头部
|
| 62 |
set -- -H "CF-Access-Client-Id: $CF_ID" \
|
| 63 |
-H "CF-Access-Client-Secret: $CF_SECRET" \
|
| 64 |
"$@"
|
| 65 |
-
else
|
| 66 |
-
echo "[entrypoint] ⚠️ 未检测到 Cloudflare Access 凭证,尝试匿名下载..." >&2
|
| 67 |
fi
|
| 68 |
|
| 69 |
-
#
|
| 70 |
-
|
| 71 |
-
|
| 72 |
-
echo "
|
| 73 |
-
|
| 74 |
-
# 这里暂时捕获输出,如果失败则打印,方便调试 403 原因
|
| 75 |
-
if ! curl -f "$@"; then
|
| 76 |
-
echo "=============================================" >&2
|
| 77 |
-
echo "[entrypoint] ❌ 下载失败 (HTTP 403/401/404)" >&2
|
| 78 |
-
echo "[entrypoint] 正在尝试获取服务器返回的错误详情..." >&2
|
| 79 |
-
|
| 80 |
-
# 去掉 -f 参数再跑一次,把服务器返回的 HTML/JSON 打印出来
|
| 81 |
-
# 移除 -o 参数,直接输出到 stderr
|
| 82 |
-
# 注意:这里为了安全不打印 Secret,只重试基础连接看报错
|
| 83 |
-
curl -s -v -A "$USER_AGENT" \
|
| 84 |
-
-H "CF-Access-Client-Id: $CF_ID" \
|
| 85 |
-
-H "CF-Access-Client-Secret: ***HIDDEN***" \
|
| 86 |
-
"$APP_ARCHIVE_URL" > /dev/stderr
|
| 87 |
-
|
| 88 |
-
echo "=============================================" >&2
|
| 89 |
-
echo "[entrypoint] 💡 排查建议:" >&2
|
| 90 |
-
echo "1. 如果看到 'Access allowed', 说明 Token 其实是对的,但之前的请求被截断了。" >&2
|
| 91 |
-
echo "2. 如果看到 Cloudflare 的图形验证码页面代码,说明 HF 的 IP 被 WAF 拦截了。" >&2
|
| 92 |
-
echo "3. 如果看到 'Invalid token',请检查 HF Secret 是否填反了 ID 和 Secret。" >&2
|
| 93 |
exit 1
|
| 94 |
fi
|
| 95 |
|
| 96 |
-
|
| 97 |
-
|
| 98 |
-
# -----------------------------------------------------
|
| 99 |
-
# 5. 解压与启动
|
| 100 |
-
# -----------------------------------------------------
|
| 101 |
-
echo "[entrypoint] 解压中..." >&2
|
| 102 |
unzip -oq "$ARCHIVE_FILE" 2>/dev/null || tar -xzf "$ARCHIVE_FILE" 2>/dev/null
|
|
|
|
| 103 |
|
| 104 |
-
|
|
|
|
| 105 |
exec uvicorn app:app --host 0.0.0.0 --port 7860
|
|
|
|
| 1 |
#!/bin/sh
|
| 2 |
set -eu
|
| 3 |
|
| 4 |
+
# 1. 环境检查
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
if [ -z "${APP_ARCHIVE_URL:-}" ]; then
|
| 6 |
+
echo "Error: APP_ARCHIVE_URL is not set." >&2
|
| 7 |
exit 1
|
| 8 |
fi
|
| 9 |
|
| 10 |
+
# 2. 准备目录
|
| 11 |
+
mkdir -p /opt/app
|
| 12 |
+
cd /opt/app
|
| 13 |
ARCHIVE_FILE="app_archive"
|
| 14 |
|
| 15 |
+
# 3. 清洗 Cloudflare 变量 (核心修正:去除换行、空格、单双引号)
|
| 16 |
+
CF_ID="$(printf '%s' "${CF_ACCESS_CLIENT_ID:-}" | tr -d '\r\n "\047')"
|
| 17 |
+
CF_SECRET="$(printf '%s' "${CF_ACCESS_CLIENT_SECRET:-}" | tr -d '\r\n "\047')"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 18 |
|
| 19 |
+
# 4. 组装 Curl (含浏览器伪装,防止 WAF 拦截)
|
| 20 |
+
# -f: 失败报错 -s: 静默 -S: 出错时显示 -L: 跟随重定向
|
| 21 |
+
UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
| 22 |
+
set -- -fsSL -A "$UA" "$APP_ARCHIVE_URL" -o "$ARCHIVE_FILE"
|
| 23 |
|
|
|
|
| 24 |
if [ -n "$CF_ID" ] && [ -n "$CF_SECRET" ]; then
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
set -- -H "CF-Access-Client-Id: $CF_ID" \
|
| 26 |
-H "CF-Access-Client-Secret: $CF_SECRET" \
|
| 27 |
"$@"
|
|
|
|
|
|
|
| 28 |
fi
|
| 29 |
|
| 30 |
+
# 5. 下载
|
| 31 |
+
echo "[entrypoint] Downloading..." >&2
|
| 32 |
+
if ! curl "$@"; then
|
| 33 |
+
echo "Error: Download failed." >&2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 34 |
exit 1
|
| 35 |
fi
|
| 36 |
|
| 37 |
+
# 6. 解压
|
| 38 |
+
echo "[entrypoint] Extracting..." >&2
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39 |
unzip -oq "$ARCHIVE_FILE" 2>/dev/null || tar -xzf "$ARCHIVE_FILE" 2>/dev/null
|
| 40 |
+
rm -f "$ARCHIVE_FILE"
|
| 41 |
|
| 42 |
+
# 7. 启动
|
| 43 |
+
echo "[entrypoint] Starting app..." >&2
|
| 44 |
exec uvicorn app:app --host 0.0.0.0 --port 7860
|