# Use the official Open WebUI image
FROM ghcr.io/open-webui/open-webui:main

# ==============================================================
# 1. HUGGING FACE NETWORK REQUIREMENTS
# ==============================================================
# Hugging Face Spaces strictly routes external traffic to port 7860
ENV HOST=0.0.0.0
ENV PORT=7860
EXPOSE 7860

# ==============================================================
# 2. RESOURCE LIMITS (HF FREE TIER: 2 vCPU, 16GB RAM)
# ==============================================================
# Restrict to 2 workers to perfectly match the 2 free vCPUs (95% safety limit).
# This prevents the container from spawning too many threads and overloading the CPU.
ENV WEB_CONCURRENCY=2
ENV THREAD_POOL_SIZE=2

# Optimize memory allocation to prevent fragmentation
ENV MALLOC_ARENA_MAX=2

# ==============================================================
# 3. HUGGING FACE SECURITY/PERMISSION REQUIREMENTS
# ==============================================================
# Hugging Face forces Docker containers to run as a non-root user (UID 1000).
# We must take ownership of the application and data directories so OpenWebUI
# can successfully write its configuration and local database files.
RUN chown -R 1000:1000 /app/backend

# Redirect the home directory and cache to the writable data folder
# This ensures background models (like RAG embeddings) don't crash due to permissions
ENV HOME=/app/backend/data
ENV HF_HOME=/app/backend/data/cache

# Switch to the mandated Hugging Face user ID
USER 1000