FROM ymlisoft/kkfileview USER root # 1. 安装必要依赖 RUN apt-get update && apt-get install -y \ nginx \ apache2-utils \ xvfb \ fonts-wqy-zenhei \ curl \ && rm -rf /var/lib/apt/lists/* \ && fc-cache -fv # 2. JVM 优化配置(针对 16GB RAM 环境) ENV SERVER_PORT=8012 \ KKFILEVIEW_SECURITY_TRUST_HOST=default \ JAVA_OPTS="-server \ -Xms8g \ -Xmx8g \ -XX:+UseG1GC \ -XX:MaxGCPauseMillis=200 \ -XX:G1HeapRegionSize=16m \ -XX:G1NewSizePercent=30 \ -XX:G1MaxNewSizePercent=40 \ -XX:InitiatingHeapOccupancyPercent=45 \ -XX:MetaspaceSize=256m \ -XX:MaxMetaspaceSize=512m \ -Xss1m \ -XX:+UseCompressedOops \ -XX:+UseStringDeduplication \ -XX:+OptimizeStringConcat \ -Djava.awt.headless=true \ -Dsun.java2d.fontpath=/usr/share/fonts \ -Dfile.encoding=UTF-8 \ -Djava.security.egd=file:/dev/./urandom \ -XX:+HeapDumpOnOutOfMemoryError \ -XX:HeapDumpPath=/var/log/kkfileview/ \ -XX:+PrintGCDetails \ -XX:+PrintGCTimeStamps \ -Xloggc:/var/log/kkfileview/gc.log \ -XX:+UseGCLogFileRotation \ -XX:NumberOfGCLogFiles=5 \ -XX:GCLogFileSize=100M \ -Dserver.tomcat.threads.max=16 \ -Dserver.tomcat.threads.min-spare=4 \ -Dserver.tomcat.accept-count=50 \ -Dserver.tomcat.max-connections=200" # 3. 创建目录并设置权限(兼容现有用户) RUN mkdir -p /var/log/kkfileview /opt/kkFileView/file && \ chmod -R 755 /var/log/kkfileview /opt/kkFileView # 4. Nginx 配置 RUN rm -rf /etc/nginx/sites-enabled/* /etc/nginx/conf.d/* && \ printf 'user nginx;\n\ worker_processes 2;\n\ worker_cpu_affinity 01 10;\n\ worker_priority -5;\n\ worker_rlimit_nofile 65535;\n\ \n\ error_log /var/log/nginx/error.log warn;\n\ pid /var/run/nginx.pid;\n\ \n\ events {\n\ worker_connections 4096;\n\ multi_accept on;\n\ use epoll;\n\ accept_mutex off;\n\ }\n\ \n\ http {\n\ include /etc/nginx/mime.types;\n\ default_type application/octet-stream;\n\ \n\ log_format main '"'"'$remote_addr - $remote_user [$time_local] "$request" '"'"'\n\ '"'"'$status $body_bytes_sent "$http_referer" '"'"'\n\ '"'"'"$http_user_agent" rt=$request_time uct="$upstream_connect_time"'"'"';\n\ \n\ access_log /var/log/nginx/access.log main;\n\ \n\ sendfile on;\n\ tcp_nopush on;\n\ tcp_nodelay on;\n\ keepalive_timeout 65;\n\ keepalive_requests 1000;\n\ \n\ client_max_body_size 500M;\n\ client_body_buffer_size 1M;\n\ client_body_timeout 300s;\n\ client_header_timeout 60s;\n\ \n\ proxy_buffering on;\n\ proxy_buffer_size 16k;\n\ proxy_buffers 8 16k;\n\ proxy_busy_buffers_size 32k;\n\ proxy_max_temp_file_size 2048m;\n\ proxy_temp_file_write_size 32k;\n\ \n\ proxy_connect_timeout 60s;\n\ proxy_send_timeout 300s;\n\ proxy_read_timeout 300s;\n\ \n\ gzip on;\n\ gzip_vary on;\n\ gzip_min_length 1024;\n\ gzip_comp_level 6;\n\ gzip_types text/plain text/css text/xml text/javascript application/json application/javascript;\n\ \n\ upstream kkfileview {\n\ server 127.0.0.1:8012;\n\ keepalive 32;\n\ keepalive_requests 1000;\n\ keepalive_timeout 60s;\n\ }\n\ \n\ server {\n\ listen 7860 default_server;\n\ server_name _;\n\ \n\ auth_basic "Restricted Access";\n\ auth_basic_user_file /etc/nginx/.htpasswd;\n\ \n\ add_header X-Content-Type-Options "nosniff" always;\n\ add_header X-Frame-Options "SAMEORIGIN" always;\n\ add_header X-XSS-Protection "1; mode=block" always;\n\ \n\ location / {\n\ proxy_pass http://kkfileview;\n\ proxy_http_version 1.1;\n\ proxy_set_header Connection "";\n\ proxy_set_header Host $http_host;\n\ proxy_set_header X-Real-IP $remote_addr;\n\ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\ proxy_set_header X-Forwarded-Proto $scheme;\n\ \n\ proxy_buffering on;\n\ proxy_buffer_size 16k;\n\ proxy_buffers 8 16k;\n\ proxy_read_timeout 300s;\n\ }\n\ \n\ location /health {\n\ auth_basic off;\n\ access_log off;\n\ return 200 "OK";\n\ add_header Content-Type text/plain;\n\ }\n\ \n\ location /nginx_status {\n\ auth_basic off;\n\ stub_status on;\n\ access_log off;\n\ allow 127.0.0.1;\n\ deny all;\n\ }\n\ }\n\ }\n' > /etc/nginx/nginx.conf # 5. 启动脚本 RUN printf '#!/bin/bash\n\ set -e\n\ \n\ echo "=== Starting KKFileView Optimized for HuggingFace Spaces ==="\n\ \n\ : "${AUTH_USERNAME:?AUTH_USERNAME is required}"\n\ : "${AUTH_PASSWORD:?AUTH_PASSWORD is required}"\n\ \n\ htpasswd -cb /etc/nginx/.htpasswd "$AUTH_USERNAME" "$AUTH_PASSWORD"\n\ \n\ echo "Starting Xvfb..."\n\ Xvfb :99 -screen 0 1024x768x24 >/dev/null 2>&1 &\n\ export DISPLAY=:99\n\ sleep 2\n\ \n\ STARTUP_SCRIPT=$(find /opt -name "startup.sh" -o -name "kkFileView" | grep "bin/" | head -n 1)\n\ if [ -z "$STARTUP_SCRIPT" ]; then\n\ echo "ERROR: KKFileView startup script not found!"\n\ exit 1\n\ fi\n\ \n\ echo "Starting KKFileView on port 8012..."\n\ echo "JVM Configuration: $JAVA_OPTS"\n\ if [[ "$STARTUP_SCRIPT" == *".sh" ]]; then\n\ bash "$STARTUP_SCRIPT" 2>&1 | tee /var/log/kkfileview/app.log &\n\ else\n\ "$STARTUP_SCRIPT" --server.port=8012 2>&1 | tee /var/log/kkfileview/app.log &\n\ fi\n\ \n\ echo "Waiting for KKFileView to start..."\n\ for i in {1..30}; do\n\ if curl -s http://127.0.0.1:8012 >/dev/null 2>&1; then\n\ echo "✓ KKFileView is ready!"\n\ break\n\ fi\n\ if [ $i -eq 30 ]; then\n\ echo "ERROR: KKFileView failed to start within 60 seconds"\n\ cat /var/log/kkfileview/app.log\n\ exit 1\n\ fi\n\ sleep 2\n\ done\n\ \n\ echo "Starting Nginx on port 7860..."\n\ nginx -g "daemon off;"\n' > /start.sh && \ chmod +x /start.sh # 6. 健康检查 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ CMD curl -f http://localhost:7860/health || exit 1 # 7. 暴露端口 EXPOSE 7860 # 8. 启动命令 ENTRYPOINT [] CMD ["/start.sh"]