Upload 5 files

Dockerfile.txt

@@ -0,0 +1,37 @@
+FROM node:22-slim
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    HOME=/root \
+    PROXY_PORT=7860 \
+    OPENCLAW_PORT=8080 \
+    SYNC_INTERVAL=300 \
+    PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    gettext-base \
+    git \
+    nginx \
+    procps \
+    python3 \
+    rsync \
+    unzip \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN npm install -g openclaw@latest playwright \
+    && playwright install --with-deps chromium
+
+WORKDIR /root/workspace
+
+COPY start.sh /app/start.sh
+COPY sync-root-data.sh /app/sync-root-data.sh
+COPY nginx.conf.template /app/nginx.conf.template
+COPY webhook_server.py /app/webhook_server.py
+
+RUN chmod +x /app/start.sh /app/sync-root-data.sh /app/webhook_server.py
+
+EXPOSE 7860
+
+CMD ["/app/start.sh"]

nginx.conf.template.txt

@@ -0,0 +1,78 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  access_log /dev/stdout;
+  error_log /dev/stderr info;
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  tcp_nodelay on;
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+  }
+
+  server {
+    listen ${PROXY_PORT};
+    server_name _;
+    client_max_body_size 0;
+
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Authorization "Bearer ${OPENCLAW_GATEWAY_PASSWORD}";
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_read_timeout 86400;
+    proxy_send_timeout 86400;
+    proxy_buffering off;
+
+    location = /tg-webhook {
+      proxy_set_header Authorization "";
+      proxy_pass http://127.0.0.1:8787/tg-webhook;
+      proxy_buffering off;
+      proxy_connect_timeout 60s;
+      proxy_send_timeout 60s;
+      proxy_read_timeout 60s;
+    }
+
+    location /tg-webhook/ {
+      proxy_set_header Authorization "";
+      proxy_pass http://127.0.0.1:8787/tg-webhook/;
+      proxy_buffering off;
+      proxy_connect_timeout 60s;
+      proxy_send_timeout 60s;
+      proxy_read_timeout 60s;
+    }
+
+    location ~ ^/proxy/([0-9]+)/(.*)$ {
+      proxy_set_header X-Forwarded-Prefix /proxy/$1;
+      proxy_pass http://127.0.0.1:$1/$2$is_args$args;
+    }
+
+    location ~ ^/proxy/([0-9]+)$ {
+      return 308 /proxy/$1/;
+    }
+
+    location ~ ^/([0-9]+)/(.*)$ {
+      proxy_set_header X-Forwarded-Prefix /$1;
+      proxy_pass http://127.0.0.1:$1/$2$is_args$args;
+    }
+
+    location ~ ^/([0-9]+)$ {
+      return 308 /$1/;
+    }
+
+    location / {
+      proxy_pass http://127.0.0.1:${OPENCLAW_PORT};
+    }
+  }
+}

start.sh

@@ -0,0 +1,326 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+export PROXY_PORT="${PROXY_PORT:-7860}"
+export OPENCLAW_PORT="${OPENCLAW_PORT:-8080}"
+export PORT="${OPENCLAW_PORT}"
+export HOST="0.0.0.0"
+export OPENCLAW_HOST="0.0.0.0"
+export OPENCLAW_PORT
+export OPENCLAW_GATEWAY_PASSWORD="${OPENCLAW_GATEWAY_PASSWORD:-773322}"
+export SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
+export PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/ms-playwright}"
+export TELEGRAM_API_ROOT="${TELEGRAM_API_ROOT:-https://tg-relay.markdevil11.workers.dev}"
+export OPENCLAW_TELEGRAM_API_ROOT="${OPENCLAW_TELEGRAM_API_ROOT:-${TELEGRAM_API_ROOT}}"
+export SPACE_URL="${SPACE_URL:-https://elysiadev11-openclaw.hf.space}"
+export TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}"
+export TELEGRAM_ALLOW_ID="${TELEGRAM_ALLOW_ID:-0}"
+
+configure_dns() {
+  if [ -w /etc/resolv.conf ]; then
+    cat > /etc/resolv.conf <<'EOF'
+nameserver 1.1.1.1
+nameserver 1.0.0.1
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+options timeout:2 attempts:3 rotate
+EOF
+    echo "DNS configured with Cloudflare and Google resolvers."
+  else
+    echo "WARN: /etc/resolv.conf is not writable; keeping existing DNS."
+  fi
+}
+
+mkdir -p /root/workspace
+configure_dns
+
+/app/sync-root-data.sh restore
+mkdir -p /root/.openclaw
+
+generate_openclaw_config() {
+  local clean_base
+  clean_base="$(printf '%s' "${OPENAI_API_BASE:-}" | sed 's|/chat/completions||g' | sed 's|/v1/|/v1|g' | sed 's|/v1$|/v1|g')"
+  local allow_id
+  allow_id="${TELEGRAM_ALLOW_ID:-0}"
+  local primary_model="kilo_gateway/kilo-auto/free"
+  local nvidia_provider=""
+
+  if [ -n "$clean_base" ] && [ -n "${OPENAI_API_KEY:-}" ]; then
+    primary_model="nvidia/${MODEL:-gpt-5.5}"
+    nvidia_provider=',
+      "nvidia": {
+        "baseUrl": "'"${clean_base}"'",
+        "apiKey": "'"${OPENAI_API_KEY:-}"'",
+        "api": "openai-completions",
+        "models": [
+          { "id": "'"${MODEL:-gpt-5.5}"'", "name": "'"${MODEL:-gpt-5.5}"'", "contextWindow": 128000 },
+          { "id": "'"${VISION_MODEL:-${MODEL:-gpt-5.5}}"'", "name": "Nvidia Vision", "contextWindow": 128000, "input": ["text", "image"] }
+        ]
+      }'
+  fi
+
+  cat > /root/.openclaw/openclaw.json <<JSONEOF
+{
+  "models": {
+    "providers": {
+      "kilo_gateway": {
+        "baseUrl": "https://api.kilo.ai/api/gateway",
+        "apiKey": "anonymous",
+        "api": "openai-completions",
+        "models": [
+          { "id": "kilo-auto/free", "name": "Kilo Auto Free", "contextWindow": 128000, "maxTokens": 16000 }
+        ]
+      }${nvidia_provider}
+    }
+  },
+  "agents": {
+    "defaults": {
+      "model": {
+        "primary": "${primary_model}",
+        "fallbacks": ["kilo_gateway/kilo-auto/free"]
+      },
+      "imageModel": {
+        "primary": "${primary_model}"
+      }
+    }
+  },
+  "commands": { "restart": true },
+  "browser": {
+    "enabled": true,
+    "headless": true,
+    "noSandbox": true,
+    "defaultProfile": "openclaw",
+    "ssrfPolicy": { "dangerouslyAllowPrivateNetwork": true },
+    "profiles": {
+      "openclaw": {
+        "cdpPort": 18800,
+        "color": "0088FF"
+      }
+    }
+  },
+  "channels": {
+    "telegram": {
+      "enabled": true,
+      "botToken": "${TELEGRAM_BOT_TOKEN:-}",
+      "dmPolicy": "allowlist",
+      "allowFrom": [${allow_id}],
+      "apiRoot": "${TELEGRAM_API_ROOT}",
+      "webhookUrl": "${SPACE_URL}/tg-webhook",
+      "webhookSecret": "${OPENCLAW_GATEWAY_PASSWORD:-}",
+      "webhookPath": "/tg-webhook",
+      "webhookHost": "0.0.0.0",
+      "webhookPort": 8787,
+      "streaming": {
+        "mode": "partial"
+      }
+    }
+  },
+  "gateway": {
+    "mode": "local",
+    "bind": "lan",
+    "port": ${OPENCLAW_PORT},
+    "trustedProxies": ["0.0.0.0/0"],
+    "auth": { "mode": "token", "token": "${OPENCLAW_GATEWAY_PASSWORD:-}" },
+    "http": {
+      "endpoints": {
+        "chatCompletions": { "enabled": true }
+      }
+    },
+    "controlUi": {
+      "enabled": true,
+      "allowedOrigins": ["${SPACE_URL}"],
+      "allowInsecureAuth": true,
+      "dangerouslyDisableDeviceAuth": true,
+      "dangerouslyAllowHostHeaderOriginFallback": true
+    }
+  }
+}
+JSONEOF
+}
+
+config_is_complete() {
+  python3 - <<'PY'
+import json
+from pathlib import Path
+
+path = Path('/root/.openclaw/openclaw.json')
+if not path.exists():
+    raise SystemExit(1)
+
+try:
+    data = json.loads(path.read_text())
+except Exception:
+    raise SystemExit(1)
+
+required_paths = [
+    ('models', 'providers'),
+    ('models', 'providers', 'kilo_gateway'),
+    ('agents', 'defaults'),
+    ('browser',),
+    ('gateway',),
+    ('gateway', 'controlUi'),
+    ('channels', 'telegram'),
+]
+
+for parts in required_paths:
+    cur = data
+    for part in parts:
+        if not isinstance(cur, dict) or part not in cur:
+            raise SystemExit(1)
+        cur = cur[part]
+
+raise SystemExit(0)
+PY
+}
+
+if ! config_is_complete; then
+  echo "Generating full /root/.openclaw/openclaw.json before OpenClaw startup..."
+  generate_openclaw_config
+else
+  echo "Complete /root/.openclaw/openclaw.json found; keeping it."
+fi
+
+python3 - <<'PY'
+import json
+import os
+from pathlib import Path
+
+path = Path('/root/.openclaw/openclaw.json')
+api_root = os.environ.get('TELEGRAM_API_ROOT', 'https://tg-relay.markdevil11.workers.dev')
+space_url = os.environ.get('SPACE_URL', 'https://elysiadev11-openclaw.hf.space')
+if not path.exists():
+  raise SystemExit(0)
+
+try:
+  data = json.loads(path.read_text())
+except Exception as exc:
+  print(f'WARN: cannot update Telegram apiRoot in openclaw.json: {exc}')
+  raise SystemExit(0)
+
+channels = data.setdefault('channels', {})
+telegram = channels.setdefault('telegram', {})
+old = telegram.get('apiRoot')
+providers = data.setdefault('models', {}).setdefault('providers', {})
+nvidia = providers.get('nvidia')
+if isinstance(nvidia, dict) and not nvidia.get('baseUrl'):
+  providers.pop('nvidia', None)
+agents = data.setdefault('agents', {})
+defaults = agents.setdefault('defaults', {})
+model = defaults.setdefault('model', {})
+if model.get('primary', '').startswith('nvidia/') and 'nvidia' not in providers:
+  model['primary'] = 'kilo_gateway/kilo-auto/free'
+fallbacks = model.setdefault('fallbacks', [])
+if 'kilo_gateway/kilo-auto/free' not in fallbacks:
+  fallbacks.append('kilo_gateway/kilo-auto/free')
+image_model = defaults.setdefault('imageModel', {})
+if image_model.get('primary', '').startswith('nvidia/') and 'nvidia' not in providers:
+  image_model['primary'] = model['primary']
+telegram['webhookUrl'] = f'{space_url}/tg-webhook'
+telegram['webhookPath'] = '/tg-webhook'
+telegram['webhookHost'] = '0.0.0.0'
+telegram['webhookPort'] = 8787
+browser = data.get('browser')
+if isinstance(browser, dict):
+  browser.pop('requirePairing', None)
+if isinstance(defaults, dict):
+  defaults.pop('llm', None)
+gateway = data.setdefault('gateway', {})
+auth = gateway.setdefault('auth', {})
+auth['mode'] = 'token'
+auth['token'] = os.environ.get('OPENCLAW_GATEWAY_PASSWORD', '773322')
+control_ui = gateway.setdefault('controlUi', {})
+control_ui['enabled'] = True
+control_ui['allowInsecureAuth'] = True
+control_ui['dangerouslyDisableDeviceAuth'] = True
+control_ui['dangerouslyAllowHostHeaderOriginFallback'] = True
+origins = control_ui.setdefault('allowedOrigins', [])
+if space_url not in origins:
+  origins.append(space_url)
+if old != api_root:
+  telegram['apiRoot'] = api_root
+  print(f'Updated Telegram apiRoot: {old!r} -> {api_root!r}')
+else:
+  print(f'Telegram apiRoot already set to {api_root}')
+print(f'Telegram webhookUrl set to {telegram.get("webhookUrl")}')
+path.write_text(json.dumps(data, indent=2) + '\n')
+PY
+
+/app/sync-root-data.sh reconcile
+
+/app/sync-root-data.sh loop &
+
+run_openclaw() {
+  while true; do
+    echo "Starting OpenClaw on 127.0.0.1:${OPENCLAW_PORT}..."
+    echo "OpenClaw config:"
+    cat /root/.openclaw/openclaw.json
+    if [ -n "${OPENCLAW_CMD:-}" ]; then
+      sh -lc "$OPENCLAW_CMD"
+    else
+      openclaw gateway --port "${OPENCLAW_PORT}" --allow-unconfigured &
+      OPENCLAW_PID=$!
+      echo "OpenClaw started with PID: $OPENCLAW_PID"
+      wait $OPENCLAW_PID
+    fi
+    echo "OpenClaw exited; restarting in 2 seconds..."
+    sleep 2
+  done
+}
+
+run_nginx() {
+  while true; do
+    envsubst '${PROXY_PORT} ${OPENCLAW_PORT} ${OPENCLAW_GATEWAY_PASSWORD}' < /app/nginx.conf.template > /tmp/nginx.conf
+    nginx -c /tmp/nginx.conf -g 'daemon off;'
+    echo "Nginx exited; restarting in 2 seconds..."
+    sleep 2
+  done
+}
+
+run_openclaw &
+run_nginx &
+
+# Start a simple webhook server if OpenClaw doesn't start one
+run_simple_webhook() {
+  while true; do
+    echo "Starting simple webhook server on port 8787..."
+    python3 /app/webhook_server.py &
+    WEBHOOK_PID=$!
+    echo "Simple webhook server started with PID: $WEBHOOK_PID"
+    wait $WEBHOOK_PID
+    echo "Webhook server exited; restarting in 2 seconds..."
+    sleep 2
+  done
+}
+
+
+# Wait for services to start
+echo "Waiting for services to start..."
+sleep 10
+
+# Check if webhook port is listening
+echo "Checking webhook port 8787..."
+if command -v ss &> /dev/null && ss -tuln 2>/dev/null | grep -q ":8787"; then
+  echo "Webhook server is listening on port 8787"
+  # Test webhook endpoint
+  echo "Testing webhook endpoint..."
+  curl -s -o /dev/null -w "Webhook test status: %{http_code}\n" http://0.0.0.0:8787/tg-webhook || curl -s -o /dev/null -w "Webhook test status: %{http_code}\n" http://localhost:8787/tg-webhook || echo "Webhook test failed"
+elif sleep 2 && curl -s http://0.0.0.0:8787/tg-webhook &>/dev/null; then
+  echo "Webhook server is accessible on port 8787"
+else
+  echo "WARNING: Webhook server is NOT listening on port 8787"
+  echo "Starting simple webhook server as fallback..."
+  run_simple_webhook &
+fi
+
+# Check if OpenClaw port is listening
+echo "Checking OpenClaw port ${OPENCLAW_PORT}..."
+if command -v ss &> /dev/null && ss -tuln 2>/dev/null | grep -q ":${OPENCLAW_PORT}"; then
+  echo "OpenClaw is listening on port ${OPENCLAW_PORT}"
+elif sleep 2 && curl -s http://127.0.0.1:${OPENCLAW_PORT}/health &>/dev/null; then
+  echo "OpenClaw is accessible on port ${OPENCLAW_PORT}"
+else
+  echo "WARNING: OpenClaw is NOT listening on port ${OPENCLAW_PORT}"
+fi
+
+wait -n
+exit 1

sync-root-data.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DATA_ROOT="${DATA_ROOT:-/data/root}"
+SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
+CONFIG_PATH=".openclaw/openclaw.json"
+
+EXCLUDES=(
+  "--exclude=.cache"
+  "--exclude=.npm/_cacache"
+  "--exclude=.npm/_update-notifier-last-checked*"
+  "--exclude=.pnpm-store"
+  "--exclude=node_modules"
+  "--exclude=.next"
+  "--exclude=dist"
+  "--exclude=build"
+  "--exclude=coverage"
+  "--exclude=tmp"
+)
+
+data_available() {
+  [ -d /data ] || mkdir -p /data 2>/dev/null || return 1
+  mkdir -p "$DATA_ROOT" 2>/dev/null || return 1
+}
+
+restore_root() {
+  if data_available; then
+    echo "Restoring persistent data from $DATA_ROOT to /root..."
+    rsync -rlptD --no-specials --no-devices --update "${EXCLUDES[@]}" "$DATA_ROOT/" /root/ || true
+  else
+    echo "Persistent /data is not available; skipping restore."
+  fi
+}
+
+persist_root() {
+  if data_available; then
+    echo "Syncing /root to $DATA_ROOT..."
+    rsync -rlptD --no-specials --no-devices --update --delete "${EXCLUDES[@]}" /root/ "$DATA_ROOT/" || true
+  else
+    echo "Persistent /data is not available; skipping sync."
+  fi
+}
+
+sync_config_newer() {
+  local root_config="/root/$CONFIG_PATH"
+  local data_config="$DATA_ROOT/$CONFIG_PATH"
+
+  if [ -f "$data_config" ] && { [ ! -f "$root_config" ] || [ "$data_config" -nt "$root_config" ]; }; then
+    mkdir -p "$(dirname "$root_config")"
+    cp -p "$data_config" "$root_config" || true
+    echo "Pulled newer OpenClaw config from $data_config to $root_config."
+  elif [ -f "$root_config" ] && { [ ! -f "$data_config" ] || [ "$root_config" -nt "$data_config" ]; }; then
+    mkdir -p "$(dirname "$data_config")"
+    cp -p "$root_config" "$data_config" || true
+    echo "Persisted newer OpenClaw config from $root_config to $data_config."
+  fi
+}
+
+reconcile_root_data() {
+  if data_available; then
+    restore_root
+    sync_config_newer
+    persist_root
+  else
+    echo "Persistent /data is not available; skipping two-way sync."
+  fi
+}
+
+case "${1:-loop}" in
+  restore)
+    restore_root
+    ;;
+  persist)
+    persist_root
+    ;;
+  reconcile)
+    reconcile_root_data
+    ;;
+  loop)
+    while true; do
+      reconcile_root_data
+      sleep "$SYNC_INTERVAL"
+    done
+    ;;
+  *)
+    echo "Usage: $0 {restore|persist|loop}"
+    exit 2
+    ;;
+esac

webhook_server.py

@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+import os
+import json
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from urllib.parse import urlparse, parse_qs
+
+class WebhookHandler(BaseHTTPRequestHandler):
+    def do_GET(self):
+        self.send_response(200)
+        self.send_header('Content-type', 'text/plain')
+        self.end_headers()
+        self.wfile.write(b'Webhook server is running')
+
+    def do_POST(self):
+        content_length = int(self.headers.get('Content-Length', 0))
+        if content_length > 0:
+            post_data = self.rfile.read(content_length)
+        else:
+            post_data = b''
+
+        # Log the webhook request
+        print(f"Webhook received: {self.path}")
+        print(f"Headers: {dict(self.headers)}")
+        if post_data:
+            print(f"Body: {post_data.decode('utf-8', errors='ignore')}")
+
+            # Try to parse as JSON
+            try:
+                data = json.loads(post_data.decode('utf-8'))
+                print(f"JSON data: {json.dumps(data, indent=2)}")
+            except:
+                pass
+
+        # Respond with 200 OK
+        self.send_response(200)
+        self.send_header('Content-type', 'application/json')
+        self.end_headers()
+        self.wfile.write(b'{"status": "ok"}')
+
+    def log_message(self, format, *args):
+        # Suppress default logging
+        pass
+
+def run_server(port=8787, host='0.0.0.0'):
+    server_address = (host, port)
+    httpd = HTTPServer(server_address, WebhookHandler)
+    print(f"Webhook server running on {host}:{port}")
+    try:
+        httpd.serve_forever()
+    except KeyboardInterrupt:
+        print("\nShutting down webhook server")
+        httpd.shutdown()
+
+if __name__ == '__main__':
+    run_server()