# Use a lightweight Debian base for a simplified Linux environment FROM debian:bookworm-slim # Set environment variables to avoid interactive prompts during installation ENV DEBIAN_FRONTEND=noninteractive ENV HOME=/home/user ENV PATH=$HOME/.local/bin:$PATH # Install essential system packages and build tools RUN apt-get update && apt-get install -y \ curl \ wget \ git \ sudo \ vim \ nano \ unzip \ procps \ net-tools \ netcat-openbsd \ build-essential \ cmake \ pkg-config \ python3 \ nginx \ xz-utils \ bzip2 \ ca-certificates \ && apt-get clean && rm -rf /var/lib/apt/lists/* # Install ttyd (Web Terminal) RUN wget https://github.com/tsl0922/ttyd/releases/download/1.7.7/ttyd.x86_64 -O /usr/bin/ttyd \ && chmod +x /usr/bin/ttyd # Install oauth2-proxy # Download v7.6.0 release RUN wget https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.6.0/oauth2-proxy-v7.6.0.linux-amd64.tar.gz \ && tar -xzf oauth2-proxy-v7.6.0.linux-amd64.tar.gz \ && mv oauth2-proxy-v7.6.0.linux-amd64/oauth2-proxy /usr/bin/oauth2-proxy \ && chmod +x /usr/bin/oauth2-proxy \ && rm -rf oauth2-proxy-v7.6.0.linux-amd64* # Install Node.js (for manual OpenClaw installation later) RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \ apt-get install -y nodejs # Create a non-root user 'user' (UID 1000) RUN useradd -m -u 1000 user && \ echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # Set up Nginx directories and permissions RUN mkdir -p /var/www/html/game && \ mkdir -p /var/www/html/theme && \ chown -R user:user /var/www/html && \ chown -R user:user /var/log/nginx && \ chown -R user:user /var/lib/nginx && \ chown -R user:user /etc/nginx # Switch to non-root user WORKDIR $HOME USER user # Copy configuration files COPY --chown=user:user nginx.conf /etc/nginx/nginx.conf COPY --chown=user:user oauth2-proxy.cfg . COPY --chown=user:user start.sh . COPY --chown=user:user sign_in.html /var/www/html/theme/sign_in.html RUN chmod +x start.sh # Expose port 7860 (Standard for Hugging Face Spaces) EXPOSE 7860 # Start services CMD ["./start.sh"]