Add nginx reverse proxy for multi-service routing

- nginx listens on :7860 as main entry point
- / → code-server on :8443 (password protected)
- /files/ → dufs on :5000 (public, no auth required)
- Installs nginx and dufs in Dockerfile
- All services start from start_server.sh

Dockerfile

@@ -4,7 +4,7 @@ FROM python:3.9
 # Set environment variables
 ENV DEBIAN_FRONTEND=noninteractive
 
-# Install necessary packages
+# Install system packages
 RUN apt-get update && \
     apt-get install -y \
     curl \
@@ -20,62 +20,51 @@ RUN apt-get update && \
     nmap \
     ca-certificates \
     zsh \
-    rclone 
-
+    rclone \
+    nginx \
+    wget && \
+    rm -rf /var/lib/apt/lists/*
 
 # Install Node.js (LTS version)
-RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - && \
-    apt-get install -y nodejs
-
-RUN npm install -g pnpm@8.3.1 pm2 ts-node 
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - && \
+    apt-get install -y nodejs && \
+    npm install -g pnpm@8.3.1 pm2 ts-node
 
+# Install dufs (latest binary)
+RUN wget -qO /usr/local/bin/dufs https://github.com/sigoden/dufs/releases/latest/download/dufs-x86_64-unknown-linux-musl && \
+    chmod +x /usr/local/bin/dufs
 
 # Install code-server
-RUN curl -fsSL https://code-server.dev/install.sh | sh -s --
-
+RUN curl -fsSL https://code-server.dev/install.sh | sh -
 
 # Create a user to run code-server
 RUN useradd -m -s /bin/zsh coder && \
     echo 'coder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
 
 # Create code-server configuration directory
-RUN mkdir -p /home/coder/.local/share/code-server/User
-RUN chmod -R 777 /home/coder
-
-# Add settings.json to enable dark mode
-RUN echo '{ \
+RUN mkdir -p /home/coder/.local/share/code-server/User && \
+    chmod -R 777 /home/coder && \
+    echo '{ \
    "workbench.colorTheme": "Default Dark Modern", \
     "telemetry.enableTelemetry": true, \
     "telemetry.enableCrashReporter": true \
-}' > /home/coder/.local/share/code-server/User/settings.json
-
-# Change ownership of the configuration directory
-RUN chown -R coder:coder /home/coder/.local/share/code-server
+}' > /home/coder/.local/share/code-server/User/settings.json && \
+    chown -R coder:coder /home/coder/.local/share/code-server
 
 # Install Python extension for code-server
 RUN sudo -u coder code-server --install-extension ms-python.python
 
-# Switch to the coder user for running code-server
-USER coder
+# Copy config files
+COPY --chown=coder:coder start_server.sh /home/coder/
+COPY nginx.conf /etc/nginx/nginx.conf
 
-ENV HOME=/home/coder \
-	PATH=/home/coder/.local/bin:$PATH
+RUN chmod +x /home/coder/start_server.sh
 
-COPY --chown=coder start_server.sh $HOME
-RUN chmod +x $HOME/start_server.sh
+ENV HOME=/home/coder \
+    PATH=/home/coder/.local/bin:$PATH
 
 WORKDIR /home/coder
 
-# 创建rclone配置文件
-RUN rclone config -h
-
-# Start code-server with authentication
-# CMD ["sh", "-c", "code-server --bind-addr 0.0.0.0:7860"]
-
-CMD ["sh", "-c", "/home/coder/start_server.sh"]
-# ENTRYPOINT ["/home/coder/start_server.sh"]
-
-# Expose the default code-server port
 EXPOSE 7860
 
-# End of Dockerfile
+CMD ["sh", "-c", "/home/coder/start_server.sh"]

nginx.conf

@@ -0,0 +1,79 @@
+worker_processes 1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    sendfile on;
+    keepalive_timeout 65;
+
+    server {
+        listen 7860;
+        server_name _;
+
+        # -----------------------------
+        # code-server (主入口，需要密码)
+        # -----------------------------
+        location / {
+            proxy_pass http://127.0.0.1:8443;
+            proxy_http_version 1.1;
+
+            # WebSocket support (code-server 编辑器需要)
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # 长连接超时
+            proxy_read_timeout 86400s;
+            proxy_send_timeout 86400s;
+        }
+
+        # -----------------------------
+        # dufs 文件服务 (公开，无需登录)
+        # -----------------------------
+        location /files/ {
+            proxy_pass http://127.0.0.1:5000/;
+            proxy_http_version 1.1;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # CORS 支持
+            add_header Access-Control-Allow-Origin *;
+            add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS, PROPFIND, MKCOL, COPY, MOVE';
+            add_header Access-Control-Allow-Headers 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Depth';
+            add_header Access-Control-Max-Age 86400;
+
+            # dufs WebDAV 需要
+            proxy_set_header X-Forwarded-Prefix /files;
+
+            # OPTIONS 预检请求直接返回
+            if ($request_method = OPTIONS) {
+                add_header Access-Control-Allow-Origin *;
+                add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS, PROPFIND, MKCOL, COPY, MOVE';
+                add_header Access-Control-Allow-Headers 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Depth';
+                add_header Access-Control-Max-Age 86400;
+                add_header Content-Length 0;
+                add_header Content-Type text/plain;
+                return 204;
+            }
+        }
+
+        # -----------------------------
+        # 旧的 absproxy 路径，重定向到新路径
+        # -----------------------------
+        location /absproxy/5000/ {
+            return 301 /files/;
+        }
+    }
+}

start_server.sh

@@ -1,7 +1,34 @@
 #!/bin/sh
 
-echo -e "======================写入rclone配置========================\n"
-echo "$RCLONE_CONF" > ~/.config/rclone/rclone.conf
+set -e
 
+echo "====================== Writing rclone config ========================"
+if [ -n "$RCLONE_CONF" ]; then
+    mkdir -p ~/.config/rclone
+    echo "$RCLONE_CONF" > ~/.config/rclone/rclone.conf
+fi
 
-code-server --bind-addr 0.0.0.0:7860
+echo "====================== Starting dufs (port 5000) ========================"
+mkdir -p /data/files
+/usr/local/bin/dufs /data/files \
+    --allow-upload \
+    --allow-delete \
+    --allow-search \
+    --allow-archive \
+    --enable-cors \
+    --port 5000 \
+    --bind 127.0.0.1 &
+
+sleep 1
+
+echo "====================== Starting code-server (port 8443) ========================"
+sudo -u coder code-server \
+    --bind-addr 127.0.0.1:8443 &
+
+sleep 2
+
+echo "====================== Starting nginx (port 7860) ========================"
+# Remove default nginx site configs
+rm -f /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/* /etc/nginx/conf.d/default.conf 2>/dev/null || true
+
+nginx -g "daemon off;"