Spaces:

dragg2
/

cloudpasteview

Running

App Files Files Community

dragg2 commited on 9 days ago

Commit

4d8577b

verified ·

1 Parent(s): 444c787

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +174 -64

Dockerfile CHANGED Viewed

@@ -2,107 +2,217 @@ FROM ymlisoft/kkfileview
 USER root
-# 1. 安装所有必要依赖
-# ffmpeg: 用于视频转码
-# fonts-*: 解决 CAD
-# libfreetype6, fontconfig: 字体支持库
 RUN apt-get update && apt-get install -y \
     nginx \
     apache2-utils \
     xvfb \
-    net-tools \
-    curl \
-    ffmpeg \
-    libfreetype6 \
-    fontconfig \
-    fonts-wqy-microhei \
     fonts-wqy-zenhei \
-    fonts-arphic-ukai \
-    fonts-arphic-uming \
-    xfonts-75dpi \
-    xfonts-100dpi \
-    && rm -rf /var/lib/apt/lists/* && \
-    fc-cache -fv
-ENV SERVER_PORT=8012
-ENV KKFILEVIEW_SECURITY_TRUST_HOST=default
-ENV AUTH_USERNAME=admin
-ENV AUTH_PASSWORD=yourpassword
-# 修复 Aspose 字体问题
-ENV JAVA_OPTS="-Dsun.java2d.fontpath=/usr/share/fonts -Djava.awt.headless=true"
-# Nginx 配置
-RUN rm -rf /etc/nginx/sites-enabled/* && \
-    rm -rf /etc/nginx/conf.d/* && \
-    printf 'server {\n\
-    listen 7860 default_server;\n\
-    server_name _;\n\
-    auth_basic "Restricted Access";\n\
-    auth_basic_user_file /etc/nginx/.htpasswd;\n\
     client_max_body_size 500M;\n\
-    location / {\n\
-        proxy_pass http://127.0.0.1:8012;\n\
-        proxy_set_header Host $http_host;\n\
-        proxy_set_header X-Real-IP $remote_addr;\n\
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
-        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;\n\
-        proxy_buffering off;\n\
     }\n\
-}\n' > /etc/nginx/conf.d/kkfileview.conf
-# 启动脚本
 RUN printf '#!/bin/bash\n\
 set -e\n\
 \n\
-echo "=== Starting Secure kkFileView ==="\n\
 \n\
-STARTUP_SCRIPT=$(find /opt -name "startup.sh" -o -name "kkFileView" | grep "bin/" | head -n 1)\n\
-KK_ROOT_DIR=$(dirname $(dirname "$STARTUP_SCRIPT"))\n\
 \n\
 htpasswd -cb /etc/nginx/.htpasswd "$AUTH_USERNAME" "$AUTH_PASSWORD"\n\
 \n\
 Xvfb :99 -screen 0 1024x768x24 >/dev/null 2>&1 &\n\
 export DISPLAY=:99\n\
 sleep 2\n\
 \n\
-echo "Starting kkFileView on port 8012..."\n\
-# 关键：确保 JAVA_OPTS 被传递\n\
-# 如果脚本不支持 JAVA_OPTS 变量，我们尝试通过 export 注入\n\
-export JAVA_OPTS="$JAVA_OPTS"\n\
 \n\
 if [[ "$STARTUP_SCRIPT" == *".sh" ]]; then\n\
-    bash "$STARTUP_SCRIPT" 2>&1 | tee /var/log/kkfileview.log &\n\
 else\n\
-    "$STARTUP_SCRIPT" --server.port=8012 2>&1 | tee /var/log/kkfileview.log &\n\
 fi\n\
 \n\
-echo "Waiting for log file..."\n\
-LOG_FILE="$KK_ROOT_DIR/log/kkFileView.log"\n\
 for i in {1..30}; do\n\
-    if [ -f "$LOG_FILE" ]; then\n\
-        echo "✓ Found log file: $LOG_FILE"\n\
-        tail -f "$LOG_FILE" &\n\
         break\n\
     fi\n\
-    sleep 1\n\
-done\n\
-\n\
-echo "Waiting for backend..."\n\
-for i in {1..60}; do\n\
-    if netstat -tuln | grep ":8012 " > /dev/null; then\n\
-        echo "✓ Port 8012 is ready!"\n\
-        break\n\
     fi\n\
-    echo "Waiting... ($i/60)"\n\
     sleep 2\n\
 done\n\
 \n\
-echo "Starting Nginx on 7860..."\n\
 nginx -g "daemon off;"\n' > /start.sh && \
     chmod +x /start.sh
 EXPOSE 7860
 ENTRYPOINT []
-CMD ["/start.sh"]

 USER root
+# 1. 安装必要依赖
 RUN apt-get update && apt-get install -y \
     nginx \
     apache2-utils \
     xvfb \
     fonts-wqy-zenhei \
+    curl \
+    && rm -rf /var/lib/apt/lists/* \
+    && fc-cache -fv
+# 2. JVM 优化配置（针对 16GB RAM 环境）
+ENV SERVER_PORT=8012 \
+    KKFILEVIEW_SECURITY_TRUST_HOST=default \
+    JAVA_OPTS="-server \
+-Xms8g \
+-Xmx8g \
+-XX:+UseG1GC \
+-XX:MaxGCPauseMillis=200 \
+-XX:G1HeapRegionSize=16m \
+-XX:G1NewSizePercent=30 \
+-XX:G1MaxNewSizePercent=40 \
+-XX:InitiatingHeapOccupancyPercent=45 \
+-XX:MetaspaceSize=256m \
+-XX:MaxMetaspaceSize=512m \
+-Xss1m \
+-XX:+UseCompressedOops \
+-XX:+UseStringDeduplication \
+-XX:+OptimizeStringConcat \
+-Djava.awt.headless=true \
+-Dsun.java2d.fontpath=/usr/share/fonts \
+-Dfile.encoding=UTF-8 \
+-Djava.security.egd=file:/dev/./urandom \
+-XX:+HeapDumpOnOutOfMemoryError \
+-XX:HeapDumpPath=/var/log/kkfileview/ \
+-XX:+PrintGCDetails \
+-XX:+PrintGCTimeStamps \
+-Xloggc:/var/log/kkfileview/gc.log \
+-XX:+UseGCLogFileRotation \
+-XX:NumberOfGCLogFiles=5 \
+-XX:GCLogFileSize=100M \
+-Dserver.tomcat.threads.max=16 \
+-Dserver.tomcat.threads.min-spare=4 \
+-Dserver.tomcat.accept-count=50 \
+-Dserver.tomcat.max-connections=200"
+# 3. 创建非 root 用户
+RUN useradd -m -u 1000 -s /bin/bash kkuser && \
+    mkdir -p /var/log/kkfileview /opt/kkFileView/file && \
+    chown -R kkuser:kkuser /var/log/kkfileview /opt/kkFileView
+# 4. Nginx 配置
+RUN rm -rf /etc/nginx/sites-enabled/* /etc/nginx/conf.d/* && \
+    printf 'user nginx;\n\
+worker_processes 2;\n\
+worker_cpu_affinity 01 10;\n\
+worker_priority -5;\n\
+worker_rlimit_nofile 65535;\n\
+\n\
+error_log /var/log/nginx/error.log warn;\n\
+pid /var/run/nginx.pid;\n\
+\n\
+events {\n\
+    worker_connections 4096;\n\
+    multi_accept on;\n\
+    use epoll;\n\
+    accept_mutex off;\n\
+}\n\
+\n\
+http {\n\
+    include /etc/nginx/mime.types;\n\
+    default_type application/octet-stream;\n\
+    \n\
+    log_format main '"'"'$remote_addr - $remote_user [$time_local] "$request" '"'"'\n\
+                    '"'"'$status $body_bytes_sent "$http_referer" '"'"'\n\
+                    '"'"'"$http_user_agent" rt=$request_time uct="$upstream_connect_time"'"'"';\n\
+    \n\
+    access_log /var/log/nginx/access.log main;\n\
+    \n\
+    sendfile on;\n\
+    tcp_nopush on;\n\
+    tcp_nodelay on;\n\
+    keepalive_timeout 65;\n\
+    keepalive_requests 1000;\n\
+    \n\
     client_max_body_size 500M;\n\
+    client_body_buffer_size 1M;\n\
+    client_body_timeout 300s;\n\
+    client_header_timeout 60s;\n\
+    \n\
+    proxy_buffering on;\n\
+    proxy_buffer_size 16k;\n\
+    proxy_buffers 8 16k;\n\
+    proxy_busy_buffers_size 32k;\n\
+    proxy_max_temp_file_size 2048m;\n\
+    proxy_temp_file_write_size 32k;\n\
+    \n\
+    proxy_connect_timeout 60s;\n\
+    proxy_send_timeout 300s;\n\
+    proxy_read_timeout 300s;\n\
+    \n\
+    gzip on;\n\
+    gzip_vary on;\n\
+    gzip_min_length 1024;\n\
+    gzip_comp_level 6;\n\
+    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript;\n\
+    \n\
+    upstream kkfileview {\n\
+        server 127.0.0.1:8012;\n\
+        keepalive 32;\n\
+        keepalive_requests 1000;\n\
+        keepalive_timeout 60s;\n\
+    }\n\
+    \n\
+    server {\n\
+        listen 7860 default_server;\n\
+        server_name _;\n\
+        \n\
+        auth_basic "Restricted Access";\n\
+        auth_basic_user_file /etc/nginx/.htpasswd;\n\
+        \n\
+        add_header X-Content-Type-Options "nosniff" always;\n\
+        add_header X-Frame-Options "SAMEORIGIN" always;\n\
+        add_header X-XSS-Protection "1; mode=block" always;\n\
+        \n\
+        location / {\n\
+            proxy_pass http://kkfileview;\n\
+            proxy_http_version 1.1;\n\
+            proxy_set_header Connection "";\n\
+            proxy_set_header Host $http_host;\n\
+            proxy_set_header X-Real-IP $remote_addr;\n\
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
+            proxy_set_header X-Forwarded-Proto $scheme;\n\
+            \n\
+            proxy_buffering on;\n\
+            proxy_buffer_size 16k;\n\
+            proxy_buffers 8 16k;\n\
+            proxy_read_timeout 300s;\n\
+        }\n\
+        \n\
+        location /health {\n\
+            auth_basic off;\n\
+            access_log off;\n\
+            return 200 "OK";\n\
+            add_header Content-Type text/plain;\n\
+        }\n\
+        \n\
+        location /nginx_status {\n\
+            auth_basic off;\n\
+            stub_status on;\n\
+            access_log off;\n\
+            allow 127.0.0.1;\n\
+            deny all;\n\
+        }\n\
     }\n\
+}\n' > /etc/nginx/nginx.conf
+# 5. 启动脚本
 RUN printf '#!/bin/bash\n\
 set -e\n\
 \n\
+echo "=== Starting KKFileView Optimized for HuggingFace Spaces ==="\n\
 \n\
+: "${AUTH_USERNAME:?AUTH_USERNAME is required}"\n\
+: "${AUTH_PASSWORD:?AUTH_PASSWORD is required}"\n\
 \n\
 htpasswd -cb /etc/nginx/.htpasswd "$AUTH_USERNAME" "$AUTH_PASSWORD"\n\
 \n\
+echo "Starting Xvfb..."\n\
 Xvfb :99 -screen 0 1024x768x24 >/dev/null 2>&1 &\n\
 export DISPLAY=:99\n\
 sleep 2\n\
 \n\
+STARTUP_SCRIPT=$(find /opt -name "startup.sh" -o -name "kkFileView" | grep "bin/" | head -n 1)\n\
+if [ -z "$STARTUP_SCRIPT" ]; then\n\
+    echo "ERROR: KKFileView startup script not found!"\n\
+    exit 1\n\
+fi\n\
 \n\
+echo "Starting KKFileView on port 8012..."\n\
+echo "JVM Configuration: $JAVA_OPTS"\n\
 if [[ "$STARTUP_SCRIPT" == *".sh" ]]; then\n\
+    bash "$STARTUP_SCRIPT" 2>&1 | tee /var/log/kkfileview/app.log &\n\
 else\n\
+    "$STARTUP_SCRIPT" --server.port=8012 2>&1 | tee /var/log/kkfileview/app.log &\n\
 fi\n\
 \n\
+echo "Waiting for KKFileView to start..."\n\
 for i in {1..30}; do\n\
+    if curl -s http://127.0.0.1:8012 >/dev/null 2>&1; then\n\
+        echo "✓ KKFileView is ready!"\n\
         break\n\
     fi\n\
+    if [ $i -eq 30 ]; then\n\
+        echo "ERROR: KKFileView failed to start within 60 seconds"\n\
+        cat /var/log/kkfileview/app.log\n\
+        exit 1\n\
     fi\n\
     sleep 2\n\
 done\n\
 \n\
+echo "Starting Nginx on port 7860..."\n\
 nginx -g "daemon off;"\n' > /start.sh && \
     chmod +x /start.sh
+# 6. 健康检查
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD curl -f http://localhost:7860/health || exit 1
+# 7. 暴露端口
 EXPOSE 7860
+# 8. 启动命令
 ENTRYPOINT []
+CMD ["/start.sh"]