Update Dockerfile
Browse files- Dockerfile +30 -22
Dockerfile
CHANGED
|
@@ -1,17 +1,40 @@
|
|
| 1 |
FROM python:3.10-slim
|
| 2 |
|
| 3 |
-
# Set environment variables
|
| 4 |
ENV PYTHONUNBUFFERED=1
|
| 5 |
ENV DEBIAN_FRONTEND=noninteractive
|
| 6 |
|
| 7 |
-
# Install system dependencies
|
| 8 |
RUN apt-get update && \
|
| 9 |
apt-get install -y --no-install-recommends \
|
| 10 |
ffmpeg \
|
| 11 |
libsm6 \
|
| 12 |
libxext6 \
|
| 13 |
fontconfig \
|
| 14 |
-
imagemagick
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
apt-get clean && \
|
| 16 |
rm -rf /var/lib/apt/lists/*
|
| 17 |
|
|
@@ -28,31 +51,16 @@ ARG APP_USER_GID=1000
|
|
| 28 |
RUN groupadd --gid $APP_USER_GID appgroup && \
|
| 29 |
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser
|
| 30 |
|
| 31 |
-
# Set the working directory
|
| 32 |
WORKDIR /home/appuser/app
|
|
|
|
| 33 |
|
| 34 |
-
|
| 35 |
-
|
| 36 |
|
| 37 |
-
# Pip install as root (or default user before USER appuser)
|
| 38 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 39 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 40 |
|
| 41 |
-
|
| 42 |
-
COPY . .
|
| 43 |
|
| 44 |
-
# Ensure the entire app directory and its contents are owned by appuser
|
| 45 |
-
# and explicitly create the output directory as root and then chown it.
|
| 46 |
-
RUN mkdir -p /home/appuser/app/temp_cinegen_media && \
|
| 47 |
-
chown -R appuser:appgroup /home/appuser/app
|
| 48 |
-
|
| 49 |
-
# Switch to the non-root user
|
| 50 |
-
USER appuser
|
| 51 |
-
# Ensure user's local bin is in PATH for pip-installed executables
|
| 52 |
-
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 53 |
-
|
| 54 |
-
# Expose Streamlit's default port
|
| 55 |
EXPOSE 8501
|
| 56 |
-
|
| 57 |
-
# Command to run Streamlit
|
| 58 |
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]
|
|
|
|
| 1 |
FROM python:3.10-slim
|
| 2 |
|
|
|
|
| 3 |
ENV PYTHONUNBUFFERED=1
|
| 4 |
ENV DEBIAN_FRONTEND=noninteractive
|
| 5 |
|
|
|
|
| 6 |
RUN apt-get update && \
|
| 7 |
apt-get install -y --no-install-recommends \
|
| 8 |
ffmpeg \
|
| 9 |
libsm6 \
|
| 10 |
libxext6 \
|
| 11 |
fontconfig \
|
| 12 |
+
imagemagick \
|
| 13 |
+
ghostscript && \ # Often needed by ImageMagick for text/vector handling
|
| 14 |
+
# Modify ImageMagick policy to be less restrictive for TextClip
|
| 15 |
+
# This comments out common restrictive policies. Be aware of security implications if image content is user-supplied.
|
| 16 |
+
# For a more targeted approach, identify the exact policy causing the block.
|
| 17 |
+
# Common paths for policy.xml: /etc/ImageMagick-6/policy.xml or /etc/ImageMagick/policy.xml
|
| 18 |
+
# The path might vary based on ImageMagick version (e.g., ImageMagick-6 or ImageMagick-7)
|
| 19 |
+
# First, find the policy file path
|
| 20 |
+
( \
|
| 21 |
+
POLICY_FILE=$(find /etc/ImageMagick* -name policy.xml | head -n 1) && \
|
| 22 |
+
if [ -f "$POLICY_FILE" ]; then \
|
| 23 |
+
echo "INFO: Modifying ImageMagick policy file: $POLICY_FILE"; \
|
| 24 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="PS" \/>/<!-- <policy domain="coder" rights="none" pattern="PS" \/> -->/' "$POLICY_FILE"; \
|
| 25 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="PS2" \/>/<!-- <policy domain="coder" rights="none" pattern="PS2" \/> -->/' "$POLICY_FILE"; \
|
| 26 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="PS3" \/>/<!-- <policy domain="coder" rights="none" pattern="PS3" \/> -->/' "$POLICY_FILE"; \
|
| 27 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="EPS" \/>/<!-- <policy domain="coder" rights="none" pattern="EPS" \/> -->/' "$POLICY_FILE"; \
|
| 28 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<!-- <policy domain="coder" rights="none" pattern="PDF" \/> -->/' "$POLICY_FILE"; \
|
| 29 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="XPS" \/>/<!-- <policy domain="coder" rights="none" pattern="XPS" \/> -->/' "$POLICY_FILE"; \
|
| 30 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="LABEL" \/>/<!-- <policy domain="coder" rights="none" pattern="LABEL" \/> -->/' "$POLICY_FILE"; \
|
| 31 |
+
sed -i 's/<policy domain="coder" rights="none" pattern="TEXT" \/>/<!-- <policy domain="coder" rights="none" pattern="TEXT" \/> -->/' "$POLICY_FILE"; \
|
| 32 |
+
sed -i 's/<policy domain="path" rights="none" pattern="@*" \/>/<!-- <policy domain="path" rights="none" pattern="@*" \/> -->/' "$POLICY_FILE"; \
|
| 33 |
+
echo "INFO: ImageMagick policy potentially updated."; \
|
| 34 |
+
else \
|
| 35 |
+
echo "WARNING: ImageMagick policy.xml not found. TextClip might fail."; \
|
| 36 |
+
fi \
|
| 37 |
+
) && \
|
| 38 |
apt-get clean && \
|
| 39 |
rm -rf /var/lib/apt/lists/*
|
| 40 |
|
|
|
|
| 51 |
RUN groupadd --gid $APP_USER_GID appgroup && \
|
| 52 |
useradd --uid $APP_USER_UID --gid appgroup --shell /bin/bash --create-home appuser
|
| 53 |
|
|
|
|
| 54 |
WORKDIR /home/appuser/app
|
| 55 |
+
COPY --chown=appuser:appgroup requirements.txt ./
|
| 56 |
|
| 57 |
+
USER appuser
|
| 58 |
+
ENV PATH="/home/appuser/.local/bin:${PATH}"
|
| 59 |
|
|
|
|
| 60 |
RUN python -m pip install --no-cache-dir --upgrade pip
|
| 61 |
RUN python -m pip install --no-cache-dir -r requirements.txt
|
| 62 |
|
| 63 |
+
COPY --chown=appuser:appgroup . .
|
|
|
|
| 64 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 65 |
EXPOSE 8501
|
|
|
|
|
|
|
| 66 |
CMD ["streamlit", "run", "app.py", "--server.headless=true", "--server.port=8501", "--server.fileWatcherType=none"]
|