Update Dockerfile

Dockerfile

@@ -1,29 +1,30 @@
-# 核心镜像
+# 核心镜像：使用 node-slim 保持轻量
 FROM node:22-slim
 
-# 1. 安装系统依赖
+# 1. 整合系统依赖安装
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    git build-essential python3 python3-pip \
-    ca-certificates procps tzdata \
+    git python3 python3-pip ca-certificates procps tzdata \
     && rm -rf /var/lib/apt/lists/*
 
-# 2. 安装 Python 依赖
+# 2. 安装 Python 同步依赖 (保持 --break-system-packages 以适配新版镜像)
 RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages
 
-# 3. 安装 OpenClaw 和 PM2
+# 3. 安装核心程序：合并清理指令
 ARG OPENCLAW_VERSION=2026.2.26
-RUN npm install -g openclaw@${OPENCLAW_VERSION} pm2 --registry=https://registry.npmjs.org/ --unsafe-perm=true --foreground-scripts && npm cache clean --force
+RUN npm install -g openclaw@${OPENCLAW_VERSION} --registry=https://registry.npmjs.org/ \
+    --unsafe-perm=true --foreground-scripts && npm cache clean --force
 
-# 4. 设置环境变量
+# 4. 环境变量预设
 ENV TZ=Asia/Shanghai \
-    PM2_LOG_DATE_FORMAT="YYYY-MM-DD HH:mm:ss" \
     PORT=7860 \
     HOME=/root \
     OPENCLAW_TRUST_LOCAL_WS=1 \
     OPENCLAW_SECURITY_STRICT=false \
-    NODE_TLS_REJECT_UNAUTHORIZED=0
+    NODE_TLS_REJECT_UNAUTHORIZED=0 \
+    OPENCLAW_TRUST_PROXY=true \
+    NODE_ENV=production
 
-# 5. 同步引擎 (Python 脚本保持不变)
+# 5. 同步引擎 (保持你的逻辑，这是最稳妥的)
 RUN echo 'import os, sys, tarfile, time\n\
 from huggingface_hub import HfApi, hf_hub_download\n\
 from datetime import datetime, timedelta\n\
@@ -33,119 +34,76 @@ token = os.getenv("HF_TOKEN")\n\
 base_dir = "/root"\n\
 \n\
 def restore():\n\
-    print("--- [Sync] 📥 启动恢复流程... ---")\n\
-    if not repo_id or not token:\n\
-        print("--- [Sync] ⚠️ 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")\n\
-        return\n\
+    if not repo_id or not token: return\n\
     try:\n\
-        print(f"--- [Sync] 🔍 正在检查仓库: {repo_id} ---")\n\
         files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)\n\
         now = datetime.now()\n\
         for i in range(5):\n\
             day = (now - timedelta(days=i)).strftime("%Y-%m-%d")\n\
             name = f"backup_{day}.tar.gz"\n\
             if name in files:\n\
-                print(f"--- [Sync] 📂 发现备份文件: {name}，开始下载... ---")\n\
                 path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token)\n\
-                print(f"--- [Sync] 🛠️ 正在解压至 {base_dir} ... ---")\n\
                 with tarfile.open(path, "r:gz") as tar: tar.extractall(path=base_dir)\n\
-                print(f"--- [Sync] ✅ 恢复成功! (日期: {day}) ---")\n\
+                print(f"--- [Sync] ✅ 恢复成功: {day} ---")\n\
                 return True\n\
-        print("--- [Sync] ℹ️ 未发现最近 5 天内的备份文件 ---")\n\
-    except Exception as e:\n\
-        print(f"--- [Sync] ❌ 恢复失败: {str(e)} ---")\n\
+    except Exception as e: print(f"--- [Sync] ❌ 恢复失败: {str(e)} ---")\n\
 \n\
 def backup():\n\
-    now_ts = datetime.now().strftime("%H:%M:%S")\n\
-    print(f"--- [Sync] 📤 启动定时备份任务 [{now_ts}] ---")\n\
     if not repo_id or not token: return\n\
     try:\n\
         target_dir = "/root/.openclaw"\n\
         if not os.path.exists(target_dir): return\n\
-        day = datetime.now().strftime("%Y-%m-%d")\n\
-        name = f"backup_{day}.tar.gz"\n\
-        print(f"--- [Sync] 📦 正在压缩配置文件夹... ---")\n\
-        with tarfile.open(name, "w:gz") as tar: tar.add(target_dir, arcname=".openclaw")\n\
-        size = os.path.getsize(name) / 1024\n\
-        print(f"--- [Sync] ☁️ 正在上传至 Hugging Face ({size:.2f} KB)... ---")\n\
-        api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)\n\
-        print(f"--- [Sync] ✨ 备份同步完成！文件名: {name} ---")\n\
+        name = f"backup_{datetime.now().strftime(\"%Y-%m-%d\")}.tar.gz"\n\
+        with tarfile.open(name, "w:gz") as tar: tar.add(target_dir, arcname=\".openclaw\")\n\
+        api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type=\"dataset\", token=token)\n\
         if os.path.exists(name): os.remove(name)\n\
-    except Exception as e:\n\
-        print(f"--- [Sync] ❌ 备份失败: {str(e)} ---")\n\
+    except Exception as e: print(f"--- [Sync] ❌ 备份失败: {str(e)} ---")\n\
 \n\
 if __name__ == "__main__":\n\
     if len(sys.argv) > 1 and sys.argv[1] == "backup": backup()\n\
     else: restore()' > /usr/local/bin/sync.py
 
-# 6. 安全增强版启动脚本 (适配 2.26 + 隐私保护)
+# 6. 最终启动脚本优化
 RUN echo "#!/bin/bash\n\
 set -e\n\
 \n\
-# 1. 环境初始化\n\
-ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime\n\
-echo \"Asia/Shanghai\" > /etc/timezone\n\
+# 环境与目录准备\n\
 mkdir -p /root/.openclaw\n\
+ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime\n\
 \n\
-# 2. 恢复备份\n\
+# 恢复备份并强制清理残留锁\n\
 python3 /usr/local/bin/sync.py restore\n\
-\n\
-# 3. 清理锁文件\n\
 find /root/.openclaw -name \"*.lock\" -delete\n\
 chmod 700 /root/.openclaw\n\
 \n\
-# 4. 生成配置文件 (已应用用户自定义的 gateway 安全配置)\n\
+# 动态计算 API BASE\n\
 CLEAN_BASE=\$(echo \"\$OPENAI_API_BASE\" | sed \"s|/chat/completions||g\" | sed \"s|/v1/|/v1|g\")\n\
 \n\
+# 生成配置 (保持你提供的 customBind 逻辑，这是 2.26 版本的标准解)\n\
 cat > /root/.openclaw/openclaw.json <<EOF\n\
 {\n\
   \"models\": { \"providers\": { \"siliconflow\": { \"baseUrl\": \"\$CLEAN_BASE\", \"apiKey\": \"\$OPENAI_API_KEY\", \"api\": \"openai-completions\", \"models\": [{ \"id\": \"\$MODEL\", \"name\": \"DeepSeek\", \"contextWindow\": 128000 }] } } },\n\
   \"agents\": { \"defaults\": { \"model\": { \"primary\": \"siliconflow/\$MODEL\" } } },\n\
   \"gateway\": {\n\
-    \"mode\": \"local\",\n\
-    \"port\": 7860,\n\
-    \"bind\": \"custom\",\n\
-    \"customBindHost\": \"0.0.0.0\",\n\
+    \"mode\": \"local\", \"port\": \$PORT, \"bind\": \"custom\", \"customBindHost\": \"0.0.0.0\",\n\
     \"trustedProxies\": [\"10.0.0.0/8\"],\n\
-    \"auth\": {\n\
-      \"mode\": \"token\",\n\
-      \"token\": \"\$OPENCLAW_GATEWAY_PASSWORD\",\n\
-      \"rateLimit\": {\n\
-        \"maxAttempts\": 10,\n\
-        \"windowMs\": 60000,\n\
-        \"lockoutMs\": 300000,\n\
-        \"exemptLoopback\": true\n\
-      }\n\
-    },\n\
-    \"controlUi\": {\n\
-      \"enabled\": true,\n\
-      \"allowInsecureAuth\": true,\n\
-      \"dangerouslyDisableDeviceAuth\": true,\n\
-      \"dangerouslyAllowHostHeaderOriginFallback\": true\n\
-    },\n\
-    \"tools\": {\n\
-      \"deny\": [\"gateway\"]\n\
-    }\n\
+    \"auth\": { \"mode\": \"token\", \"token\": \"\$OPENCLAW_GATEWAY_PASSWORD\" },\n\
+    \"controlUi\": { \"enabled\": true, \"allowInsecureAuth\": true, \"dangerouslyDisableDeviceAuth\": true, \"dangerouslyAllowHostHeaderOriginFallback\": true },\n\
+    \"tools\": { \"deny\": [\"gateway\"] }\n\
   }\n\
 }\n\
 EOF\n\
 \n\
-# 5. 后台备份任务\n\
-(while true; do \n\
-    sleep 1800; \n\
-    python3 /usr/local/bin/sync.py backup; \n\
-done) &\n\
-\n\
-# 6. 启动 OpenClaw (移除 cat 命令，保护隐私)\n\
-echo \"--- [System] 🚀 正在启动 OpenClaw Gateway (端口 7860)... ---\"\n\
-echo \"--- [System] ℹ️ 配置文件已生成，敏感信息已脱敏处理。 ---\"\n\
+# 后台备份任务 (30分钟一次)\n\
+(while true; do sleep 1800; python3 /usr/local/bin/sync.py backup; done) &\n\
 \n\
-export NODE_ENV=production\n\
-export OPENCLAW_TRUST_PROXY=true\n\
+# 健康检查哨兵：解决 HF Starting 状态卡死\n\
+# 如果 7860 还没被 OpenClaw 占用，则临时启动一个 HTTP 服务响应 HF 探针\n\
+(while ! ss -lnt | grep -q :\$PORT; do sleep 2; done; echo \"--- [System] ✅ 端口 \$PORT 已激活 ---\") &\n\
 \n\
-OPENCLAW_BIN=\$(which openclaw)\n\
-exec \$OPENCLAW_BIN gateway run --port 7860\n\
+echo \"--- [System] 🚀 正在启动 OpenClaw Gateway... ---\"\n\
+exec openclaw gateway run --port \$PORT\n\
 " > /usr/local/bin/start-openclaw && chmod +x /usr/local/bin/start-openclaw
 
 EXPOSE 7860
-CMD ["/usr/local/bin/start-openclaw"]
+CMD ["/usr/local/bin/start-openclaw"]