Spaces:
Running
Running
Harry-zklcdc
commited on
Commit
·
6ae6c08
1
Parent(s):
a46452f
[Fix] 🤔 Add *
Browse files- Dockerfile +24 -10
- init.sh +25 -0
- nginx.conf +108 -0
- supervisor.conf +52 -0
Dockerfile
CHANGED
|
@@ -1,20 +1,34 @@
|
|
| 1 |
-
|
| 2 |
-
|
|
|
|
|
|
|
| 3 |
|
| 4 |
-
# 设置工作目录,之后的命令都会在这个目录下执行
|
| 5 |
WORKDIR /app
|
| 6 |
|
| 7 |
-
# 将当前目录下的所有文件复制到工作目录下
|
| 8 |
COPY . /app
|
| 9 |
|
| 10 |
-
|
|
|
|
| 11 |
RUN pip install Flask
|
| 12 |
|
| 13 |
-
|
| 14 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
|
| 16 |
-
# 设置环境变量,确保Flask运行在生产模式
|
| 17 |
ENV FLASK_ENV=development
|
| 18 |
|
| 19 |
-
|
| 20 |
-
|
|
|
|
|
|
| 1 |
+
FROM ubuntu:latest
|
| 2 |
+
|
| 3 |
+
ENV USER ${USER:-user}
|
| 4 |
+
ENV USER_ID ${USER_ID:-1000}
|
| 5 |
|
|
|
|
| 6 |
WORKDIR /app
|
| 7 |
|
|
|
|
| 8 |
COPY . /app
|
| 9 |
|
| 10 |
+
RUN apt-get update && apt-get install -y python3 python3-pip nginx curl supervisor
|
| 11 |
+
|
| 12 |
RUN pip install Flask
|
| 13 |
|
| 14 |
+
RUN curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared && \
|
| 15 |
+
chmod +x cloudflared
|
| 16 |
+
|
| 17 |
+
COPY supervisor.conf /etc/supervisor/conf.d/supervisor.conf
|
| 18 |
+
|
| 19 |
+
RUN groupadd -g $USER_ID $USER
|
| 20 |
+
RUN useradd -rm -G sudo -u $USER_ID -g $USER_ID $USER
|
| 21 |
+
|
| 22 |
+
RUN mkdir -p /var/run/supervisor /var/log/supervisor /var/log/nginx /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi
|
| 23 |
+
RUN chown "${USER_ID}:${USER_ID}" /var/run/supervisor /var/log/supervisor /var/log/nginx /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi
|
| 24 |
+
RUN touch /var/log/nginx/access.log /var/log/nginx/error.log
|
| 25 |
+
RUN chown -R "${USER_ID}:${USER_ID}" /app /var/log/nginx/access.log /var/log/nginx/error.log
|
| 26 |
+
RUN chmod 777 /tmp
|
| 27 |
+
|
| 28 |
+
USER $USER
|
| 29 |
|
|
|
|
| 30 |
ENV FLASK_ENV=development
|
| 31 |
|
| 32 |
+
EXPOSE 5000
|
| 33 |
+
|
| 34 |
+
CMD /app/init.sh
|
init.sh
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash
|
| 2 |
+
|
| 3 |
+
tmpUpstreamServerConfig=""
|
| 4 |
+
tmpSupervisorConfig=""
|
| 5 |
+
tmpPort=18080
|
| 6 |
+
|
| 7 |
+
IFS=";" read -ra PARTS <<< "$UPSTREAM_SERVERS"
|
| 8 |
+
for i in "${PARTS[@]}"; do
|
| 9 |
+
tmpUpstreamServerConfig=$tmpUpstreamServerConfig"\nserver 127.0.0.1:$tmpPort fail_timeout=600s max_fails=3;"
|
| 10 |
+
tmpSupervisorConfig=$tmpSupervisorConfig"\n\n[program:$i]\ncommand=/app/cloudflared access tcp --hostname $i --listener localhost:$tmpPort\ndirectory=/app\nstdout_logfile=/dev/stdout\nstderr_logfile=/dev/stderr\nautostart=true\nautorestart=true\nstartsecs=5\nstopwaitsecs = 5\nkillasgroup=true"
|
| 11 |
+
tmpPort=$((tmpPort+1))
|
| 12 |
+
done
|
| 13 |
+
|
| 14 |
+
echo $tmpUpstreamServerConfig
|
| 15 |
+
|
| 16 |
+
sed -i "s|{{UPSTREAM_SERVERS}}|$tmpUpstreamServerConfig|g" /app/nginx.conf
|
| 17 |
+
sed -i "s|{{SUPERVISOR_CONFIG}}|$tmpSupervisorConfig|g" /app/supervisor.conf
|
| 18 |
+
|
| 19 |
+
echo "############ Supervisor Conf ############"
|
| 20 |
+
cat /app/supervisor.conf
|
| 21 |
+
|
| 22 |
+
echo -e "\n############ Nginx Conf ############"
|
| 23 |
+
cat /app/nginx.conf
|
| 24 |
+
|
| 25 |
+
/usr/bin/supervisord -c supervisor.conf
|
nginx.conf
ADDED
|
@@ -0,0 +1,108 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
user user;
|
| 2 |
+
daemon off;
|
| 3 |
+
worker_processes auto;
|
| 4 |
+
pid /tmp/nginx.pid;
|
| 5 |
+
error_log /app/error.log;
|
| 6 |
+
|
| 7 |
+
events {
|
| 8 |
+
worker_connections 1024;
|
| 9 |
+
# multi_accept on;
|
| 10 |
+
}
|
| 11 |
+
|
| 12 |
+
http {
|
| 13 |
+
##
|
| 14 |
+
# Basic Settings
|
| 15 |
+
##
|
| 16 |
+
|
| 17 |
+
sendfile on;
|
| 18 |
+
tcp_nopush on;
|
| 19 |
+
tcp_nodelay on;
|
| 20 |
+
keepalive_timeout 65;
|
| 21 |
+
types_hash_max_size 2048;
|
| 22 |
+
# server_tokens off;
|
| 23 |
+
|
| 24 |
+
client_max_body_size 512m;
|
| 25 |
+
|
| 26 |
+
# server_names_hash_bucket_size 64;
|
| 27 |
+
# server_name_in_redirect off;
|
| 28 |
+
|
| 29 |
+
include /etc/nginx/mime.types;
|
| 30 |
+
default_type application/octet-stream;
|
| 31 |
+
|
| 32 |
+
##
|
| 33 |
+
# SSL Settings
|
| 34 |
+
##
|
| 35 |
+
|
| 36 |
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
| 37 |
+
ssl_prefer_server_ciphers on;
|
| 38 |
+
|
| 39 |
+
##
|
| 40 |
+
# Logging Settings
|
| 41 |
+
##
|
| 42 |
+
|
| 43 |
+
# access_log /dev/stdout;
|
| 44 |
+
# error_log /dev/stderr;
|
| 45 |
+
|
| 46 |
+
##
|
| 47 |
+
# Gzip Settings
|
| 48 |
+
##
|
| 49 |
+
|
| 50 |
+
gzip on;
|
| 51 |
+
|
| 52 |
+
# gzip_vary on;
|
| 53 |
+
# gzip_proxied any;
|
| 54 |
+
# gzip_comp_level 6;
|
| 55 |
+
# gzip_buffers 16 8k;
|
| 56 |
+
# gzip_http_version 1.1;
|
| 57 |
+
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
| 58 |
+
|
| 59 |
+
map $http_upgrade $connection_upgrade {
|
| 60 |
+
default upgrade;
|
| 61 |
+
'' close;
|
| 62 |
+
}
|
| 63 |
+
map $remote_addr $proxy_forwarded_elem {
|
| 64 |
+
# IPv4 addresses can be sent as-is
|
| 65 |
+
~^[0-9.]+$ "for=$remote_addr";
|
| 66 |
+
|
| 67 |
+
# IPv6 addresses need to be bracketed and quoted
|
| 68 |
+
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
|
| 69 |
+
|
| 70 |
+
# Unix domain socket names cannot be represented in RFC 7239 syntax
|
| 71 |
+
default "for=unknown";
|
| 72 |
+
}
|
| 73 |
+
map $http_forwarded $proxy_add_forwarded {
|
| 74 |
+
default "$proxy_forwarded_elem";
|
| 75 |
+
}
|
| 76 |
+
|
| 77 |
+
proxy_next_upstream_tries 3;
|
| 78 |
+
|
| 79 |
+
upstream azureServer {
|
| 80 |
+
{{UPSTREAM_SERVERS}}
|
| 81 |
+
}
|
| 82 |
+
|
| 83 |
+
server {
|
| 84 |
+
listen 48080;
|
| 85 |
+
|
| 86 |
+
location / {
|
| 87 |
+
proxy_pass http://azureServer; # 你部署的地址和端口
|
| 88 |
+
proxy_http_version 1.1;
|
| 89 |
+
# proxy_cache_bypass $http_upgrade;
|
| 90 |
+
|
| 91 |
+
# Proxy headers
|
| 92 |
+
proxy_set_header Upgrade $http_upgrade;
|
| 93 |
+
proxy_set_header Connection $connection_upgrade;
|
| 94 |
+
proxy_set_header Host $host;
|
| 95 |
+
proxy_set_header X-Real-IP $remote_addr;
|
| 96 |
+
proxy_set_header Forwarded $proxy_add_forwarded;
|
| 97 |
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
| 98 |
+
proxy_set_header X-Forwarded-Proto $scheme;
|
| 99 |
+
proxy_set_header X-Forwarded-Host $host;
|
| 100 |
+
proxy_set_header X-Forwarded-Port $server_port;
|
| 101 |
+
|
| 102 |
+
# Proxy timeouts
|
| 103 |
+
proxy_connect_timeout 60s;
|
| 104 |
+
proxy_send_timeout 60s;
|
| 105 |
+
proxy_read_timeout 60s;
|
| 106 |
+
}
|
| 107 |
+
}
|
| 108 |
+
}
|
supervisor.conf
ADDED
|
@@ -0,0 +1,52 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
[supervisord]
|
| 2 |
+
logfile=/var/log/supervisor/supervisord.log
|
| 3 |
+
logfile_maxbytes=10MB
|
| 4 |
+
logfile_backups=10
|
| 5 |
+
loglevel=info
|
| 6 |
+
pidfile=/var/run/supervisor/supervisord.pid
|
| 7 |
+
nodaemon=true
|
| 8 |
+
childlogdir=/var/log/supervisor
|
| 9 |
+
|
| 10 |
+
[inet_http_server]
|
| 11 |
+
port=127.0.0.1:9005
|
| 12 |
+
|
| 13 |
+
[rpcinterface:supervisor]
|
| 14 |
+
supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
|
| 15 |
+
|
| 16 |
+
[supervisorctl]
|
| 17 |
+
serverurl=http://127.0.0.1:9005
|
| 18 |
+
|
| 19 |
+
[program:flask]
|
| 20 |
+
command=flask run --host=0.0.0.0
|
| 21 |
+
directory=/app
|
| 22 |
+
stdout_logfile=/dev/stdout
|
| 23 |
+
stderr_logfile=/dev/stderr
|
| 24 |
+
autostart=true
|
| 25 |
+
autorestart=true
|
| 26 |
+
startsecs=5
|
| 27 |
+
stopwaitsecs = 5
|
| 28 |
+
killasgroup=true
|
| 29 |
+
|
| 30 |
+
[program:nginx]
|
| 31 |
+
command=nginx -c /app/nginx.conf
|
| 32 |
+
directory=/app
|
| 33 |
+
stdout_logfile=/dev/stdout
|
| 34 |
+
stderr_logfile=/dev/stderr
|
| 35 |
+
autostart=true
|
| 36 |
+
autorestart=true
|
| 37 |
+
startsecs=5
|
| 38 |
+
stopwaitsecs = 5
|
| 39 |
+
killasgroup=true
|
| 40 |
+
|
| 41 |
+
[program:cloudflared]
|
| 42 |
+
command=/app/cloudflared tunnel --no-autoupdate run --token %(ENV_CF_TOKEN)s
|
| 43 |
+
directory=/app
|
| 44 |
+
stdout_logfile=/dev/stdout
|
| 45 |
+
stderr_logfile=/dev/stderr
|
| 46 |
+
autostart=true
|
| 47 |
+
autorestart=true
|
| 48 |
+
startsecs=5
|
| 49 |
+
stopwaitsecs = 5
|
| 50 |
+
killasgroup=true
|
| 51 |
+
|
| 52 |
+
{{SUPERVISOR_CONFIG}}
|