Spaces:

peihsin
/

RS-AAAI

Sleeping

App Files Files Community

peihsin0715 commited on Sep 10

Commit

cf579a5

1 Parent(s): 17c5c69

Fix sed error; use nginx conf.d drop-in; move pid/temp to /tmp

Browse files

Files changed (1) hide show

Dockerfile +16 -14

Dockerfile CHANGED Viewed

@@ -37,33 +37,35 @@ COPY backend/ ./backend/
 FROM python:3.11-slim AS runtime
 ENV PYTHONUNBUFFERED=1 PIP_NO_CACHE_DIR=1 PORT=7860 \
     PATH="/opt/venv/bin:${PATH}" \
-    MPLCONFIGDIR=/tmp/matplotlib
 WORKDIR /app
-# 輕量執行期相依
 RUN apt-get update && apt-get install -y --no-install-recommends \
     nginx supervisor ca-certificates \
     libgomp1 libopenblas0 \
  && rm -rf /var/lib/apt/lists/*
-# 建立可寫的暫存與 pid 目錄
 RUN mkdir -p /tmp/nginx/client_body /tmp/nginx/proxy /tmp/nginx/fastcgi /tmp/nginx/uwsgi /tmp/nginx/scgi \
     /tmp/matplotlib
-# 前端靜態檔
 COPY --from=fe /app/frontend/dist /usr/share/nginx/html
-# 只拷「虛擬環境」
 COPY --from=be /opt/venv /opt/venv
-# 後端程式碼
 COPY --from=be /app/backend /app/backend
-# nginx 設定
 COPY nginx.conf.template /etc/nginx/nginx.conf
-# 調整 nginx：移除 user 指令、把 pid 與 temp 目錄轉到 /tmp
 RUN set -eux; \
   sed -ri 's/^\s*user\s+[^;]+;//g' /etc/nginx/nginx.conf || true; \
   if grep -qE '^\s*pid\s+' /etc/nginx/nginx.conf; then \
@@ -71,11 +73,11 @@ RUN set -eux; \
   else \
     sed -ri '1i pid /tmp/nginx.pid;' /etc/nginx/nginx.conf; \
   fi; \
-  # 若沒有 temp 路徑，就在 http {} 內加入；有的話改成 /tmp
-  sed -ri 's|client_max_body_size .*;||g' /etc/nginx/nginx.conf || true; \
-  sed -ri '/http\s*{.*/a \    client_max_body_size 100M;\n    client_body_temp_path /tmp/nginx/client_body;\n    proxy_temp_path /tmp/nginx/proxy;\n    fastcgi_temp_path /tmp/nginx/fastcgi;\n    uwsgi_temp_path /tmp/nginx/uwsgi;\n    scgi_temp_path /tmp/nginx/scgi;' /etc/nginx/nginx.conf
-# 產生 supervisor 設定：把 pidfile 放 /tmp，且不使用任何 user=
 RUN mkdir -p /etc/supervisor/conf.d && \
 printf "[program:api]\n\
 command=gunicorn --workers 2 --threads 8 --timeout 0 --chdir /app/backend -b 0.0.0.0:5001 server:app\n\
@@ -94,4 +96,4 @@ nodaemon=true\n" \
 > /etc/supervisor/conf.d/app.conf
 EXPOSE 7860
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/app.conf"]

 FROM python:3.11-slim AS runtime
 ENV PYTHONUNBUFFERED=1 PIP_NO_CACHE_DIR=1 PORT=7860 \
     PATH="/opt/venv/bin:${PATH}" \
+    MPLCONFIGDIR=/tmp/matplotlib
 WORKDIR /app
+# 依賴
 RUN apt-get update && apt-get install -y --no-install-recommends \
     nginx supervisor ca-certificates \
     libgomp1 libopenblas0 \
  && rm -rf /var/lib/apt/lists/*
+# 建立可寫暫存
 RUN mkdir -p /tmp/nginx/client_body /tmp/nginx/proxy /tmp/nginx/fastcgi /tmp/nginx/uwsgi /tmp/nginx/scgi \
     /tmp/matplotlib
+# 前端
 COPY --from=fe /app/frontend/dist /usr/share/nginx/html
+# venv + 後端
 COPY --from=be /opt/venv /opt/venv
 COPY --from=be /app/backend /app/backend
+# nginx 主設定
 COPY nginx.conf.template /etc/nginx/nginx.conf
+# 放一個 http 級別的 drop-in，避免高風險 sed
+RUN printf "client_max_body_size 100M;\nclient_body_temp_path /tmp/nginx/client_body;\nproxy_temp_path /tmp/nginx/proxy;\nfastcgi_temp_path /tmp/nginx/fastcgi;\nuwsgi_temp_path /tmp/nginx/uwsgi;\nscgi_temp_path /tmp/nginx/scgi;\n" \
+    > /etc/nginx/conf.d/temp_paths.conf
+# 調整 nginx.conf：移除 user；設定 pid；在 http{} 內包含 conf.d
 RUN set -eux; \
   sed -ri 's/^\s*user\s+[^;]+;//g' /etc/nginx/nginx.conf || true; \
   if grep -qE '^\s*pid\s+' /etc/nginx/nginx.conf; then \
   else \
     sed -ri '1i pid /tmp/nginx.pid;' /etc/nginx/nginx.conf; \
   fi; \
+  if ! grep -q 'include /etc/nginx/conf.d/\*.conf;' /etc/nginx/nginx.conf; then \
+    sed -ri 's|(^\s*include\s+/etc/nginx/mime\.types;)|\1\n    include /etc/nginx/conf.d/*.conf;|' /etc/nginx/nginx.conf; \
+  fi
+# supervisor 設定：pidfile 放 /tmp；不要 user=
 RUN mkdir -p /etc/supervisor/conf.d && \
 printf "[program:api]\n\
 command=gunicorn --workers 2 --threads 8 --timeout 0 --chdir /app/backend -b 0.0.0.0:5001 server:app\n\
 > /etc/supervisor/conf.d/app.conf
 EXPOSE 7860
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/app.conf"]