File size: 1,091 Bytes
4802b69 7b4a866 f6a3fca 7c29d13 4802b69 f6a3fca 7c29d13 4802b69 9d927eb 4802b69 9d927eb 4802b69 9d927eb 7c29d13 4802b69 f6a3fca 4802b69 f6a3fca 4802b69 f6a3fca 7c29d13 7b4a866 f6a3fca 7c29d13 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# 1. Use an official lightweight Python image
FROM python:3.9-slim
# 2. Set environment variables
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=1
# 3. Create a non-root user (Security Best Practice for HF Spaces)
RUN useradd -m -u 1000 user
USER user
ENV PATH="/home/user/.local/bin:$PATH"
# 4. Set the working directory
WORKDIR /app
# 5. Install system dependencies
USER root
RUN apt-get update && apt-get install -y \
git \
build-essential \
&& rm -rf /var/lib/apt/lists/*
USER user
# 6. Copy requirements first
COPY --chown=user requirements.txt ./
# 7. Install Python dependencies
RUN pip install --upgrade pip && \
pip install -r requirements.txt
# 8. Copy the rest of the application files
COPY --chown=user . .
# 9. Expose the port
EXPOSE 7860
# 10. Run the Streamlit app (WITH THE SECURITY FIXES)
CMD ["streamlit", "run", "app.py", \
"--server.address", "0.0.0.0", \
"--server.port", "7860", \
"--server.enableXsrfProtection=false", \
"--server.enableCORS=false", \
"--server.fileWatcherType", "none"] |