tfrfu / Dockerfile
no-name-here's picture
Update Dockerfile
9d77a50 verified
# ──────────────────────────────────────────────────────────────────────────────
# HuggingFace Spaces Docker – SSH remote dev environment via gsocket
#
# HOW IT WORKS:
# β€’ A tiny Python HTTP server runs on port 7860 β†’ satisfies HF health check
# β€’ sshd listens on port 2222 internally
# β€’ gsocket wraps sshd so you can reach it peer-to-peer without open ports
#
# TO CONNECT (from your local machine, after container starts):
# gs-netcat -s YOUR_SECRET -i (interactive shell)
# OR
# gsocket -s YOUR_SECRET ssh user@localhost
# ──────────────────────────────────────────────────────────────────────────────
FROM python:3.9
ENV DEBIAN_FRONTEND=noninteractive
# ── System deps ───────────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y \
openssh-server \
curl \
build-essential \
libssl-dev \
git \
automake \
autoconf \
nano \
net-tools \
wget \
sudo \
gnupg \
ca-certificates \
libcap2-bin && \
rm -rf /var/lib/apt/lists/*
# ── SSH setup ─────────────────────────────────────────────────────────────────
RUN mkdir -p /var/run/sshd && \
ssh-keygen -A
# CRITICAL: private host keys must be 600 β€” sshd refuses to start with 644
RUN chmod 600 /etc/ssh/ssh_host_*_key && \
chmod 644 /etc/ssh/ssh_host_*_key.pub
# SSH config: internal port 2222, key-auth only
RUN sed -i -E 's/#?Port 22/Port 2222/' /etc/ssh/sshd_config && \
sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
sed -i -E 's/#?UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \
sed -i -E 's/#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config && \
sed -i -E 's/#?ChallengeResponseAuthentication .*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && \
sed -i -E 's/#?PermitRootLogin .*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
# ── Non-root user ─────────────────────────────────────────────────────────────
RUN useradd -m -u 1000 -s /bin/bash user && \
usermod -aG sudo user && \
echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user && \
echo "user:user" | chpasswd && \
usermod -U user
# ── Authorized key ─────────────────────────────────────────────────────────────
# REPLACE the key below with your own: ssh-keygen -t ed25519 -C "hf-space"
# You can also pass it at build time: docker build --build-arg SSH_PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)"
ARG SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/ea9QICE2WvsyrW8pExgonHhJPz5Kuj0jvX6HmsSWM hf-spac"
RUN mkdir -p /home/user/.ssh /root/.ssh && \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/ea9QICE2WvsyrW8pExgonHhJPz5Kuj0jvX6HmsSWM hf-spac" > /home/user/.ssh/authorized_keys && \
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWxPZTbbTrzQcOeO7qgLKr8DdnzZYT6Ciy+1hxKg5gT/JEk9Z1jS77YHhV6CEcrZ3dN6hsfOeIhn4sgXhR+4CqtkeWJmXiifsfp4+hDWgTiWWQoabgNnxq7+XS0Skh90yqjhA18RZOedf5cHrr1KhgmPZ0NwOOg6A84Z5oYNTuXPfHKHjfgdByvGqVOOHku7cesNS+syPz+QmSbIM5R31IaP3cuB+tnEIIid6Zc7q7DFAE0iheiaLWW0fGVRJ4tngxh2XxSoog1Qr+AHSLcmTBByAJwpu2iwXg6sv1M0rCDvNSuthlgi8y9M/mQ4UzQdPrJnHmDS4AhMCdaI/0YIgo5EEn9gvq/BMSCI+8AU8URZOMCn+DCygEHXVnCcblHm8/SLXH0DMaSuGR8jmnIXDxGi3NFwT+WwRKVsc8J/OLuJDD6ADJWsIjO0rA9TUEzm05Eub5+ugS4wswHsBF4VN+MlaQUqGBMurUGJLs+LXGbgoOZEhC7VCEdou+aOyzzjnYhZ4Ss4ope/xtlMpL1dGCle3jYlugnMbUUqtC8KGjETPhHlc+w2KahpjlaQaw/HJo523ZIcD0ZunPylSPgOGyTfZzv/fEvy7UzV0cRwc6YVEB/fNll+4V3bsFk/hjHRb8KVQTNvtEXnaZVG1xZ48ooJSXhzn3b/zDMzP+OzAfgw== hf-space" >> /home/user/.ssh/authorized_keys && \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxiyMGImiwuQGuc1gglcuheK2NO9vy38BpamLMxD+XX hf-space" >> /home/user/.ssh/authorized_keys && \
cp /home/user/.ssh/authorized_keys /root/.ssh/authorized_keys && \
chmod 700 /home/user/.ssh /root/.ssh && \
chmod 600 /home/user/.ssh/authorized_keys /root/.ssh/authorized_keys && \
chown -R user:user /home/user/.ssh
# ── gsocket ───────────────────────────────────────────────────────────────────
# Build from source β€” no .deb dependencies, works in all environments.
# autoreconf/automake/autoconf/libssl-dev are already installed above.
RUN git clone --depth=1 https://github.com/hackerschoice/gsocket.git /tmp/gsocket-src && \
cd /tmp/gsocket-src && \
autoreconf -fi && \
./configure && \
make && \
make install && \
rm -rf /tmp/gsocket-src
# ── Optional: Code Server (VS Code in browser on port 8080) ───────────────────
# Uncomment if you want a browser-based IDE as well:
# RUN curl -fsSL https://code-server.dev/install.sh | sh
# ── App ───────────────────────────────────────────────────────────────────────
WORKDIR /app
COPY . /app
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# HuggingFace Spaces health-checks port 7860 via HTTP
EXPOSE 7860
CMD ["/entrypoint.sh"]
# ── Debug: confirm bash path and fix shell ────────────────────────────────────
RUN which bash && ls -la /bin/bash && \
chsh -s /bin/bash user && \
chsh -s /bin/bash root