From ebd692d7408c43ac6872c753009a6401b61cf5f9 Mon Sep 17 00:00:00 2001 From: raikbitters Date: Fri, 3 Nov 2023 13:50:56 +0400 Subject: [PATCH] Update uWSGI build and run into Dockerfile Added non-root user, limit for FD and libpcre3 --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6671fe55..c567d0b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN make test-all FROM --platform=${BUILDPLATFORM} python:3.10.13 as builder -RUN apt-get update && apt-get install -y build-essential \ +RUN apt-get update && apt-get install -y build-essential libpcre3 libpcre3-dev \ && rm -rf /var/lib/apt/lists/* \ && python -m venv /venv \ && mkdir /build @@ -38,20 +38,27 @@ RUN mkdir /backend \ FROM --platform=${BUILDPLATFORM} python:3.10.13-slim RUN apt-get update && apt-get -y upgrade \ - && apt-get install -y libxml2 libgomp1 curl \ + && apt-get install -y libxml2 libgomp1 curl libpcre3 libpcre3-dev \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /venv /venv RUN mkdir /usr/share/nltk_data && chmod g+w /usr/share/nltk_data COPY --from=builder /usr/share/nltk_data /usr/share/nltk_data/ WORKDIR /backend/ COPY --from=builder /backend ./ + +# Create a group and user +RUN groupadd uwsgi && useradd -g uwsgi uwsgi +USER uwsgi + EXPOSE 5001 ENV VIRTUAL_ENV="/venv" + # uWSGI configuration (customize as needed): ENV PATH="${VIRTUAL_ENV}/bin:${PATH}" PYTHONPATH=/backend \ FLASK_APP=app/main.py UWSGI_WSGI_FILE=app/main.py UWSGI_SOCKET=:3031 UWSGI_HTTP=:5001 \ - UWSGI_VIRTUALENV=${VIRTUAL_ENV} UWSGI_MASTER=1 UWSGI_WORKERS=4 UWSGI_THREADS=8 UWSGI_LAZY_APPS=1 \ + UWSGI_VIRTUALENV=${VIRTUAL_ENV} UWSGI_MASTER=1 UWSGI_WORKERS=4 UWSGI_THREADS=8 UWSGI_MAX_FD=10000 UWSGI_LAZY_APPS=1 \ UWSGI_WSGI_ENV_BEHAVIOR=holy PYTHONDONTWRITEBYTECODE=1 + # Start uWSGI CMD ["/venv/bin/uwsgi", "--http-auto-chunked", "--http-keepalive"] HEALTHCHECK --interval=1m --timeout=5s --retries=2 CMD ["curl", "-s", "-f", "--show-error", "http://localhost:5001/"]