Hugging Face's logo

Spaces:
abrown31
/
open-range
Runtime error

App Files Community
Aaron Brown commited on
Commit
50e0b84
Β·
1 Parent(s): 8b07a89

Switch to single-stage Ubuntu 22.04 build with Python 3.11 PPA

Browse files
Files changed (1) hide show
  1. Dockerfile +46 -53
Dockerfile CHANGED
@@ -1,87 +1,80 @@
1
  # =============================================================================
2
  # OpenRange β€” Production All-in-One Dockerfile
3
  # =============================================================================
4
- # Multi-stage build:
5
- # Stage 1 (builder): OpenEnv base image, install Python deps via uv sync
6
- # Stage 2 (runtime): Ubuntu 22.04 with all range services + Python env
7
  # =============================================================================
8
 
9
- # ---------------------------------------------------------------------------
10
- # Stage 1: Builder β€” install Python dependencies using the OpenEnv base image
11
- # ---------------------------------------------------------------------------
12
- ARG BASE_IMAGE=ghcr.io/meta-pytorch/openenv-base:latest
13
- FROM ${BASE_IMAGE} AS builder
14
-
15
- WORKDIR /app
16
-
17
- COPY . /app/env
18
- WORKDIR /app/env
19
-
20
- # Install git for git+ dependencies
21
- RUN apt-get update && apt-get install -y --no-install-recommends git \
22
- && rm -rf /var/lib/apt/lists/*
23
-
24
- # Two-pass install for better layer caching
25
- RUN --mount=type=cache,target=/root/.cache/uv \
26
- if [ -f uv.lock ]; then \
27
- uv sync --frozen --no-install-project --no-editable; \
28
- else \
29
- uv sync --no-install-project --no-editable; \
30
- fi
31
-
32
- RUN --mount=type=cache,target=/root/.cache/uv \
33
- if [ -f uv.lock ]; then \
34
- uv sync --frozen --no-editable; \
35
- else \
36
- uv sync --no-editable; \
37
- fi
38
-
39
- # ---------------------------------------------------------------------------
40
- # Stage 2: Runtime β€” same base image (Python 3.11) + range services
41
- # ---------------------------------------------------------------------------
42
- FROM ${BASE_IMAGE}
43
 
44
  ENV DEBIAN_FRONTEND=noninteractive
45
 
46
- # Install ALL service packages in one RUN layer
 
47
  RUN apt-get update && apt-get install -y --no-install-recommends \
 
 
 
 
 
 
48
  nginx \
49
- php-fpm php-mysql php-ldap php-xml php-mbstring \
50
- default-mysql-server \
 
 
51
  slapd ldap-utils \
 
52
  rsyslog \
 
53
  samba \
 
54
  postfix \
 
55
  openssh-server \
 
56
  nmap sqlmap hydra nikto \
57
  netcat-openbsd dnsutils tcpdump curl wget sshpass \
58
  iputils-ping whois \
59
- jq procps iproute2 \
 
60
  && rm -rf /var/lib/apt/lists/*
61
 
62
- # Create directories and fix permissions for services
63
- RUN mkdir -p /var/log/siem/consolidated /run/sshd /run/php /var/run/mysqld /var/log/mysql \
64
- && (chown mysql:mysql /var/log/siem /var/run/mysqld /var/log/mysql 2>/dev/null || true) \
 
 
 
 
 
 
 
65
  && chmod 755 /var/log/siem
66
 
 
 
67
  WORKDIR /app
 
 
68
 
69
- # Copy the Python virtual environment from builder
70
- COPY --from=builder /app/env/.venv /app/.venv
 
 
 
 
71
 
72
- # Copy the application code from builder
73
- COPY --from=builder /app/env /app/env
74
 
75
- # Copy start.sh
76
- COPY start.sh /app/env/start.sh
77
- RUN chmod +x /app/env/start.sh
78
 
79
- # Environment configuration
80
  ENV PATH="/app/.venv/bin:$PATH"
81
  ENV PYTHONPATH="/app/env/src:/app/env:$PYTHONPATH"
82
  ENV OPENRANGE_EXECUTION_MODE=subprocess
83
 
84
- # Health check β€” services need time to boot
 
85
  HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
86
  CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')" || exit 1
87
 
 
1
  # =============================================================================
2
  # OpenRange β€” Production All-in-One Dockerfile
3
  # =============================================================================
4
+ # Single-stage build on Ubuntu 22.04 with Python 3.11 + all range services.
5
+ # Installs uv for Python dependency management, then all system services.
 
6
  # =============================================================================
7
 
8
+ FROM ubuntu:22.04
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
 
10
  ENV DEBIAN_FRONTEND=noninteractive
11
 
12
+ # ── 1. System packages: services + security tools ────────────────────────────
13
+
14
  RUN apt-get update && apt-get install -y --no-install-recommends \
15
+ # Python 3.11 via deadsnakes PPA
16
+ software-properties-common \
17
+ && add-apt-repository -y ppa:deadsnakes/ppa \
18
+ && apt-get update && apt-get install -y --no-install-recommends \
19
+ python3.11 python3.11-venv python3.11-dev \
20
+ # Web
21
  nginx \
22
+ php8.1-fpm php8.1-mysql php8.1-ldap php8.1-xml php8.1-mbstring \
23
+ # Database
24
+ mysql-server \
25
+ # LDAP
26
  slapd ldap-utils \
27
+ # Logging
28
  rsyslog \
29
+ # File sharing
30
  samba \
31
+ # Mail
32
  postfix \
33
+ # SSH
34
  openssh-server \
35
+ # Security tools (agent toolkit β€” no artificial allowlists)
36
  nmap sqlmap hydra nikto \
37
  netcat-openbsd dnsutils tcpdump curl wget sshpass \
38
  iputils-ping whois \
39
+ # Utilities
40
+ jq procps iproute2 git ca-certificates \
41
  && rm -rf /var/lib/apt/lists/*
42
 
43
+ # ── 2. Install uv for Python dependency management ──────────────────────────
44
+
45
+ RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
46
+ && mv /root/.local/bin/uv /usr/local/bin/uv
47
+
48
+ # ── 3. Create directories and fix permissions ────────────────────────────────
49
+
50
+ RUN mkdir -p /var/log/siem/consolidated /run/sshd /run/php \
51
+ /var/run/mysqld /var/log/mysql /var/log/nginx \
52
+ && chown mysql:mysql /var/run/mysqld /var/log/mysql 2>/dev/null || true \
53
  && chmod 755 /var/log/siem
54
 
55
+ # ── 4. Copy application code and install Python deps ────────────────────────
56
+
57
  WORKDIR /app
58
+ COPY . /app/env
59
+ WORKDIR /app/env
60
 
61
+ RUN uv venv --python python3.11 /app/.venv \
62
+ && if [ -f uv.lock ]; then \
63
+ uv sync --frozen --no-editable; \
64
+ else \
65
+ uv sync --no-editable; \
66
+ fi
67
 
68
+ RUN chmod +x /app/env/start.sh 2>/dev/null || true
 
69
 
70
+ # ── 5. Environment ──────────────────────────────────────────────────────────
 
 
71
 
 
72
  ENV PATH="/app/.venv/bin:$PATH"
73
  ENV PYTHONPATH="/app/env/src:/app/env:$PYTHONPATH"
74
  ENV OPENRANGE_EXECUTION_MODE=subprocess
75
 
76
+ # ── 6. Health check (60s start-period for service boot) ─���───────────────────
77
+
78
  HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
79
  CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')" || exit 1
80