Hugging Face's logo

Spaces:
heiyuheiyu
/
test2
Running

App Files Community
heiyuheiyu commited on
Commit
7dcf428
·
verified ·
1 Parent(s): ce4851a

Upload Dockerfile

Browse files
Files changed (1) hide show
  1. Dockerfile +45 -87
Dockerfile CHANGED
@@ -904,34 +904,48 @@ for i in $(seq 1 60); do
904
  sleep 2
905
  done
906
 
907
- # ── 3. code-server 不再預先啟動,改為按需啟動由 watchdog 管理)────────────
908
- # watchdog 會監聽 nginx access log,首次請求 /ide/ 時才啟動 code-server,
909
- # 超過 IDE_IDLE_MINUTES 分鐘無請求則自動關閉以釋放資源
910
- mkdir -p /root/.openclaw/logs /root/.code-server /root/.config/code-server
911
-
912
- IDE_IDLE_MINUTES="${IDE_IDLE_MINUTES:-10}"
913
-
914
- # 先寫入 config.yaml保啟動時端口正確(防止 code-server 讀 $PORT=7860)
 
915
  cat > /root/.config/code-server/config.yaml <<CODESERVERCFG
916
  bind-addr: 127.0.0.1:${CODE_SERVER_PORT}
917
  auth: password
918
  password: ${CODE_SERVER_PASSWORD:-changeme123!}
919
  cert: false
920
  CODESERVERCFG
921
- echo "code-server config.yaml pre-written (bind-addr: 127.0.0.1:${CODE_SERVER_PORT})"
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
922
 
923
  # ── 4. 生成 nginx 配置並啟動 ────────────────────────────────────────────────
 
924
  rm -f /etc/nginx/sites-enabled/default /etc/nginx/conf.d/default.conf
925
 
926
- # 使用命名管道(fifo)讓 nginx 把 /ide/ 的訪問日誌寫給 watchdog
927
- IDE_PIPE=/tmp/nginx-ide-access.pipe
928
- rm -f "${IDE_PIPE}"
929
- mkfifo "${IDE_PIPE}"
930
-
931
  cat > /etc/nginx/conf.d/openclaw-ide.conf <<'NGINX'
932
- # 專用日誌格式:只記錄時間戳
933
- log_format ide_hit '$time_iso8601';
934
-
935
  server {
936
  listen PLACEHOLDER_LISTEN_PORT;
937
  server_name _;
@@ -940,12 +954,19 @@ server {
940
  access_log /dev/stdout;
941
  error_log /dev/stderr warn;
942
 
 
 
 
 
 
943
  absolute_redirect off;
944
  port_in_redirect off;
945
 
946
- # IDE:代理到 code-server,同時把訪問記錄寫到命名管道供 watchdog 讀取
 
 
 
947
  location /ide/ {
948
- access_log PLACEHOLDER_IDE_PIPE ide_hit;
949
  proxy_pass http://127.0.0.1:PLACEHOLDER_CODE_SERVER_PORT/;
950
  proxy_http_version 1.1;
951
  proxy_set_header Host $host;
@@ -972,80 +993,17 @@ server {
972
  NGINX
973
 
974
  sed -i \
975
- "s|PLACEHOLDER_LISTEN_PORT|${LISTEN_PORT}|g;
976
- s|PLACEHOLDER_CODE_SERVER_PORT|${CODE_SERVER_PORT}|g;
977
- s|PLACEHOLDER_GATEWAY_PORT|${GATEWAY_PORT}|g;
978
- s|PLACEHOLDER_IDE_PIPE|${IDE_PIPE}|g" \
979
  /etc/nginx/conf.d/openclaw-ide.conf
980
 
981
  echo "nginx config:"
982
  cat /etc/nginx/conf.d/openclaw-ide.conf
983
 
984
  nginx -t
985
- nginx -g 'daemon off; error_log /dev/stderr warn;' &
986
- NGINX_PID=$!
987
- echo "nginx started (PID=${NGINX_PID})"
988
-
989
- # ── 5. code-server watchdog(按需啟動/自動關閉)────────────────────────────
990
- (
991
- CS_PID=""
992
- LAST_ACCESS=0
993
- IDLE_SECONDS=$((IDE_IDLE_MINUTES * 60))
994
-
995
- # 後台超時檢查循環(每 30 秒一次)
996
- (
997
- while true; do
998
- sleep 30
999
- if [ -n "${CS_PID}" ] && kill -0 "${CS_PID}" 2>/dev/null; then
1000
- NOW=$(date +%s)
1001
- IDLE=$((NOW - LAST_ACCESS))
1002
- if [ ${IDLE} -ge ${IDLE_SECONDS} ]; then
1003
- echo "[ide-watchdog] Idle ${IDLE}s >= ${IDLE_SECONDS}s, stopping code-server (PID=${CS_PID})"
1004
- kill "${CS_PID}" 2>/dev/null || true
1005
- CS_PID=""
1006
- fi
1007
- fi
1008
- done
1009
- ) &
1010
-
1011
- echo "[ide-watchdog] Watching ${IDE_PIPE} (idle timeout: ${IDE_IDLE_MINUTES}min)"
1012
-
1013
- while true; do
1014
- if read -r _line < "${IDE_PIPE}"; then
1015
- LAST_ACCESS=$(date +%s)
1016
- if [ -z "${CS_PID}" ] || ! kill -0 "${CS_PID}" 2>/dev/null; then
1017
- echo "[ide-watchdog] First request, starting code-server..."
1018
- # 重新寫入 config.yaml 防止被其他進程覆蓋
1019
- cat > /root/.config/code-server/config.yaml <<CODESERVERCFG2
1020
- bind-addr: 127.0.0.1:${CODE_SERVER_PORT}
1021
- auth: password
1022
- password: ${CODE_SERVER_PASSWORD:-changeme123!}
1023
- cert: false
1024
- CODESERVERCFG2
1025
- ( unset PORT; code-server \
1026
- --disable-telemetry \
1027
- --disable-update-check \
1028
- --user-data-dir /root/.code-server \
1029
- --extensions-dir /root/.code-server/extensions \
1030
- /root/.openclaw \
1031
- >> /root/.openclaw/logs/code-server.log 2>&1 ) &
1032
- CS_PID=$!
1033
- echo "[ide-watchdog] code-server started (PID=${CS_PID})"
1034
- # 等待 code-server 端口就緒(最多 10 秒),避免首個請求 502
1035
- for _w in $(seq 1 10); do
1036
- sleep 1
1037
- curl -fsS http://127.0.0.1:${CODE_SERVER_PORT}/ >/dev/null 2>&1 && break
1038
- done
1039
- fi
1040
- fi
1041
- done
1042
- ) &
1043
-
1044
- echo "code-server watchdog started (idle timeout: ${IDE_IDLE_MINUTES} minutes)"
1045
- echo "code-server will start on first /ide/ request and stop after ${IDE_IDLE_MINUTES}min idle"
1046
-
1047
- # nginx 前台持續運行
1048
- wait ${NGINX_PID}
1049
  EOF
1050
 
1051
  RUN chmod +x /usr/local/bin/start-openclaw-code-server
 
904
  sleep 2
905
  done
906
 
907
+ # ── 3. 啟動 code-server(後台,僅本機監聽)──────────────────────────────────
908
+ # 注意:code-server 已移除 --base-path 參數,subpath 由 nginx proxy_pass 末尾 / 處理
909
+ mkdir -p /root/.openclaw/logs /root/.code-server
910
+
911
+ # 強制寫入 config.yaml,確保 bind-addr 正確。
912
+ # code-server 會讀取 $PORT 環境變量作為端口(HF 注入 PORT=7860),
913
+ # 無論 --bind-addr 還是 config.yaml,$PORT 都可能覆蓋端口設置。
914
+ # 解決方案:先寫入 config.yaml 指定正確端口,再 unset PORT 後啟動。
915
+ mkdir -p /root/.config/code-server
916
  cat > /root/.config/code-server/config.yaml <<CODESERVERCFG
917
  bind-addr: 127.0.0.1:${CODE_SERVER_PORT}
918
  auth: password
919
  password: ${CODE_SERVER_PASSWORD:-changeme123!}
920
  cert: false
921
  CODESERVERCFG
922
+ echo "code-server config.yaml written (bind-addr: 127.0.0.1:${CODE_SERVER_PORT})"
923
+
924
+ # unset PORT:防止 code-server 讀取 $PORT=7860 覆蓋我們設定的端口
925
+ ( unset PORT; code-server \
926
+ --disable-telemetry \
927
+ --disable-update-check \
928
+ --user-data-dir /root/.code-server \
929
+ --extensions-dir /root/.code-server/extensions \
930
+ /root/.openclaw \
931
+ 2>&1 | tee /root/.openclaw/logs/code-server.log ) &
932
+ echo "code-server launched (port=${CODE_SERVER_PORT})"
933
+
934
+ # 等待 code-server 端口就緒(最多 60 秒)
935
+ echo "Waiting for code-server on port ${CODE_SERVER_PORT}..."
936
+ for i in $(seq 1 30); do
937
+ if curl -fsS http://127.0.0.1:${CODE_SERVER_PORT}/ >/dev/null 2>&1; then
938
+ echo "code-server is up after $((i * 2))s."
939
+ break
940
+ fi
941
+ sleep 2
942
+ done
943
 
944
  # ── 4. 生成 nginx 配置並啟動 ────────────────────────────────────────────────
945
+ # nginx 不支持 bash 變量語法,所有動態值通過 sed 替換佔位符寫入
946
  rm -f /etc/nginx/sites-enabled/default /etc/nginx/conf.d/default.conf
947
 
 
 
 
 
 
948
  cat > /etc/nginx/conf.d/openclaw-ide.conf <<'NGINX'
 
 
 
949
  server {
950
  listen PLACEHOLDER_LISTEN_PORT;
951
  server_name _;
 
954
  access_log /dev/stdout;
955
  error_log /dev/stderr warn;
956
 
957
+ # 關鍵:Cloudflare 做 SSL 終結,nginx 只收到 http 請求。
958
+ # 若 nginx 生成絕對 URL(如 301/302 Location),會帶上 http://host:PORT,
959
+ # 導致瀏覽器被重定向到帶明確端口的 http URL,被 Cloudflare 拒絕(400 Bad Request)。
960
+ # absolute_redirect off → 所有 nginx 內部重定向(含 proxy_redirect)輸出相對路徑
961
+ # port_in_redirect off → 禁止 nginx 在重定向 URL 中附加監聽端口
962
  absolute_redirect off;
963
  port_in_redirect off;
964
 
965
+ # IDE(code-server)nginx 剝離 /ide/ 前綴後轉發到 code-server 根路徑
966
+ # proxy_pass 末尾帶 / 是關鍵:nginx 自動將 /ide/xxx 重寫為 /xxx 再轉發
967
+ # proxy_redirect:code-server 登錄後發 302 跳轉到 /,需重寫回 /ide/
968
+ # 由於 absolute_redirect off,這裡輸出的是相對路徑,不帶 scheme/host/port
969
  location /ide/ {
 
970
  proxy_pass http://127.0.0.1:PLACEHOLDER_CODE_SERVER_PORT/;
971
  proxy_http_version 1.1;
972
  proxy_set_header Host $host;
 
993
  NGINX
994
 
995
  sed -i \
996
+ "s/PLACEHOLDER_LISTEN_PORT/${LISTEN_PORT}/g;
997
+ s/PLACEHOLDER_CODE_SERVER_PORT/${CODE_SERVER_PORT}/g;
998
+ s/PLACEHOLDER_GATEWAY_PORT/${GATEWAY_PORT}/g" \
 
999
  /etc/nginx/conf.d/openclaw-ide.conf
1000
 
1001
  echo "nginx config:"
1002
  cat /etc/nginx/conf.d/openclaw-ide.conf
1003
 
1004
  nginx -t
1005
+ echo "Starting nginx (foreground)..."
1006
+ exec nginx -g 'daemon off; error_log /dev/stderr warn;'
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1007
  EOF
1008
 
1009
  RUN chmod +x /usr/local/bin/start-openclaw-code-server