FROM itzcrazykns1337/vane:latest ENV PORT=7860 ENV HOSTNAME=0.0.0.0 ENV DATA_DIR=/home/vane EXPOSE 7860 # Install nginx for basic auth RUN apt-get update && apt-get install -y nginx apache2-utils && rm -rf /var/lib/apt/lists/* # Create persistent directories RUN mkdir -p /home/vane/data /home/vane/uploads && \ chmod -R 777 /home/vane/data /home/vane/uploads # Nginx config template (password injected at runtime from Secret) COPY <<'EOF' /etc/nginx/nginx.conf events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 7860; server_name localhost; location / { auth_basic "Vane Private Space"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } } } EOF # Startup script reads password from HF Secret at runtime COPY <<'EOF' /usr/local/bin/start-persistent.sh #!/bin/bash set -e # Create persistent dirs mkdir -p /home/vane/data && chmod 777 /home/vane/data mkdir -p /home/vane/uploads && chmod 777 /home/vane/uploads # Create htpasswd from HF Secret (VANE_PASSWORD) # If no secret set, use a default fallback (but you SHOULD set the secret!) if [ -n "$VANE_PASSWORD" ]; then echo "Setting up auth with HF Secret..." htpasswd -cb /etc/nginx/.htpasswd admin "$VANE_PASSWORD" else echo "WARNING: No VANE_PASSWORD secret set! Using default password 'changeme'" htpasswd -cb /etc/nginx/.htpasswd admin changeme fi echo "Starting Vane on internal port 3000..." PORT=3000 HOSTNAME=127.0.0.1 /home/vane/entrypoint.sh & sleep 5 echo "Starting nginx proxy with auth on port 7860..." exec nginx -g 'daemon off;' EOF RUN chmod +x /usr/local/bin/start-persistent.sh CMD ["/usr/local/bin/start-persistent.sh"]