| # 使用Python 3.11作为基础镜像 | |
| FROM python:3.11-slim | |
| # 设置工作目录 | |
| WORKDIR /app | |
| # 创建非root用户 - 遵循安全最佳实践 | |
| RUN useradd -m -u 1000 appuser && chown -R appuser:appuser /app | |
| USER appuser | |
| # 设置环境变量 | |
| ENV PYTHONUNBUFFERED=1 | |
| ENV PYTHONDONTWRITEBYTECODE=1 | |
| ENV PATH="/home/appuser/.local/bin:$PATH" | |
| # 复制requirements文件 | |
| COPY --chown=appuser:appuser requirements.txt . | |
| # 安装Python依赖 | |
| RUN pip install --no-cache-dir --user -r requirements.txt | |
| # 复制应用代码 | |
| COPY --chown=appuser:appuser appigence_api.py . | |
| # 健康检查 | |
| HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \ | |
| CMD python -c "import requests; requests.get('http://localhost:7860/health')" || exit 1 | |
| # 暴露端口 | |
| EXPOSE 7860 | |
| # 使用Gunicorn启动应用以支持并发 - 遵循性能优化原则 | |
| CMD ["gunicorn", "--bind", "0.0.0.0:7860", "--workers", "4", "--worker-class", "uvicorn.workers.UvicornWorker", "--worker-connections", "1000", "--max-requests", "1000", "--max-requests-jitter", "100", "--preload", "--timeout", "300", "appigence_api:app"] |