Update Dockerfile
Browse files- Dockerfile +39 -17
Dockerfile
CHANGED
|
@@ -1,33 +1,55 @@
|
|
| 1 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
FROM python:3.11-slim
|
| 3 |
|
| 4 |
-
#
|
| 5 |
ENV PYTHONUNBUFFERED=1 \
|
| 6 |
PYTHONDONTWRITEBYTECODE=1 \
|
| 7 |
-
|
| 8 |
|
| 9 |
-
# Install
|
| 10 |
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 11 |
-
|
| 12 |
&& rm -rf /var/lib/apt/lists/*
|
| 13 |
|
| 14 |
-
#
|
|
|
|
|
|
|
|
|
|
| 15 |
WORKDIR /app
|
| 16 |
|
| 17 |
-
#
|
| 18 |
-
COPY
|
| 19 |
-
RUN pip install --no-cache-dir --upgrade pip && \
|
| 20 |
-
pip install --no-cache-dir -r requirements.txt
|
| 21 |
|
| 22 |
-
#
|
| 23 |
-
|
|
|
|
| 24 |
|
| 25 |
# Expose API port
|
| 26 |
EXPOSE 8000
|
| 27 |
|
| 28 |
-
#
|
| 29 |
-
|
| 30 |
-
|
| 31 |
|
| 32 |
-
#
|
| 33 |
-
CMD ["
|
|
|
|
| 1 |
+
# Multi-stage Docker build for Phoenix Fury API v7.0
|
| 2 |
+
FROM python:3.11-slim as builder
|
| 3 |
+
|
| 4 |
+
# Set environment variables for Python optimization
|
| 5 |
+
ENV PYTHONUNBUFFERED=1 \
|
| 6 |
+
PYTHONDONTWRITEBYTECODE=1 \
|
| 7 |
+
PIP_NO_CACHE_DIR=1 \
|
| 8 |
+
PIP_DISABLE_PIP_VERSION_CHECK=1
|
| 9 |
+
|
| 10 |
+
# Install build dependencies
|
| 11 |
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 12 |
+
gcc \
|
| 13 |
+
g++ \
|
| 14 |
+
make \
|
| 15 |
+
&& rm -rf /var/lib/apt/lists/*
|
| 16 |
+
|
| 17 |
+
# Copy requirements and install Python dependencies
|
| 18 |
+
COPY requirements.txt /tmp/
|
| 19 |
+
RUN pip install --user -r /tmp/requirements.txt
|
| 20 |
+
|
| 21 |
+
# Final stage
|
| 22 |
FROM python:3.11-slim
|
| 23 |
|
| 24 |
+
# Set environment variables
|
| 25 |
ENV PYTHONUNBUFFERED=1 \
|
| 26 |
PYTHONDONTWRITEBYTECODE=1 \
|
| 27 |
+
PATH=/root/.local/bin:$PATH
|
| 28 |
|
| 29 |
+
# Install runtime dependencies
|
| 30 |
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 31 |
+
libcap2-bin \
|
| 32 |
&& rm -rf /var/lib/apt/lists/*
|
| 33 |
|
| 34 |
+
# Copy Python dependencies from builder
|
| 35 |
+
COPY --from=builder /root/.local /root/.local
|
| 36 |
+
|
| 37 |
+
# Create app directory
|
| 38 |
WORKDIR /app
|
| 39 |
|
| 40 |
+
# Copy application code
|
| 41 |
+
COPY main.py /app/
|
|
|
|
|
|
|
| 42 |
|
| 43 |
+
# Grant raw socket capabilities (for L4 attacks without full root)
|
| 44 |
+
# Note: Container must still run with --cap-add=NET_RAW or privileged mode
|
| 45 |
+
RUN setcap cap_net_raw+ep /usr/local/bin/python3.11 || true
|
| 46 |
|
| 47 |
# Expose API port
|
| 48 |
EXPOSE 8000
|
| 49 |
|
| 50 |
+
# Health check
|
| 51 |
+
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
| 52 |
+
CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/').read()" || exit 1
|
| 53 |
|
| 54 |
+
# Run the application
|
| 55 |
+
CMD ["python3", "main.py"]
|