dockerfile fixes for running as non-root user
Browse files- Dockerfile +17 -15
Dockerfile
CHANGED
@@ -42,13 +42,9 @@ RUN apt-get update -y \
|
|
42 |
&& apt-get autoremove --yes \
|
43 |
&& rm -rf /var/lib/apt/lists/*
|
44 |
|
45 |
-
#
|
46 |
-
RUN printf "\n. /etc/profile\n" >> /root/.profile
|
47 |
-
RUN printf "\n. /etc/profile\n" >> /root/.bashrc
|
48 |
-
RUN printf "\nset mouse=\n" >> /usr/share/vim/vim82/defaults.vim
|
49 |
RUN echo "UTC" > /etc/timezone
|
50 |
ENV TZ=UTC
|
51 |
-
ENV ENV="/etc/profile"
|
52 |
|
53 |
# Poetry for Python packages
|
54 |
RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry python3 - --yes \
|
@@ -57,27 +53,33 @@ RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry
|
|
57 |
&& poetry config virtualenvs.create false \
|
58 |
&& poetry config virtualenvs.in-project false
|
59 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
60 |
# Sets up virtualenv for dependencies
|
61 |
ENV VIRTUAL_ENV="/opt/venv"
|
62 |
ENV VIRTUAL_ENV_DISABLE_PROMPT=1
|
63 |
ENV POETRY_ACTIVE=1
|
64 |
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
65 |
-
RUN echo "export PATH=$PATH" >>
|
66 |
&& python3 -m venv $VIRTUAL_ENV \
|
67 |
-
&& /opt/venv/bin/pip install --upgrade --no-cache-dir pip
|
|
|
68 |
|
69 |
-
# Run
|
70 |
-
WORKDIR /app
|
71 |
-
RUN adduser --disabled-password --gecos '' user
|
72 |
-
RUN chown -R user:user /app /opt/venv
|
73 |
USER user
|
74 |
|
75 |
# Installation of basic Python dependencies specified in pyproject.toml
|
76 |
-
COPY pyproject.toml poetry.lock /app/
|
77 |
RUN poetry install
|
78 |
|
79 |
# WebUI + extensions
|
80 |
-
RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui
|
81 |
RUN wget https://raw.githubusercontent.com/camenduru/stable-diffusion-webui-scripts/main/run_n_times.py -O /app/stable-diffusion-webui/scripts/run_n_times.py
|
82 |
RUN git clone -b v1.6 https://github.com/camenduru/deforum-for-automatic1111-webui /app/stable-diffusion-webui/extensions/deforum-for-automatic1111-webui
|
83 |
RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui-images-browser /app/stable-diffusion-webui/extensions/stable-diffusion-webui-images-browser
|
@@ -89,7 +91,7 @@ RUN git clone https://github.com/Mikubill/sd-webui-controlnet /app/stable-diffus
|
|
89 |
|
90 |
# Prepare WebUI environment
|
91 |
WORKDIR /app/stable-diffusion-webui
|
92 |
-
COPY config.json ui-config.json /app/stable-diffusion-webui/
|
93 |
RUN /opt/venv/bin/python launch.py --exit --skip-torch-cuda-test --xformers
|
94 |
|
95 |
# Patch WebUI
|
@@ -99,7 +101,7 @@ RUN sed -i -e 's/ outputs=\[/queue=False, &/g' modules/ui.py
|
|
99 |
RUN sed -i -e 's/ queue=False, / /g' modules/ui.py
|
100 |
|
101 |
# Copy startup scripts
|
102 |
-
COPY run.py on_start.sh /app/stable-diffusion-webui/
|
103 |
RUN chmod +x on_start.sh
|
104 |
|
105 |
EXPOSE 7860
|
|
|
42 |
&& apt-get autoremove --yes \
|
43 |
&& rm -rf /var/lib/apt/lists/*
|
44 |
|
45 |
+
# OS timezone setting (UTC)
|
|
|
|
|
|
|
46 |
RUN echo "UTC" > /etc/timezone
|
47 |
ENV TZ=UTC
|
|
|
48 |
|
49 |
# Poetry for Python packages
|
50 |
RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry python3 - --yes \
|
|
|
53 |
&& poetry config virtualenvs.create false \
|
54 |
&& poetry config virtualenvs.in-project false
|
55 |
|
56 |
+
# Create non-root user
|
57 |
+
ENV ENV="/etc/profile"
|
58 |
+
RUN adduser --disabled-password --gecos '' user && \
|
59 |
+
mkdir -p /app && \
|
60 |
+
chown -R user:user /app && \
|
61 |
+
printf "\n. /etc/profile\n" >> /home/user/.profile \
|
62 |
+
printf "\n. /etc/profile\n" >> /home/user/.bashrc
|
63 |
+
|
64 |
# Sets up virtualenv for dependencies
|
65 |
ENV VIRTUAL_ENV="/opt/venv"
|
66 |
ENV VIRTUAL_ENV_DISABLE_PROMPT=1
|
67 |
ENV POETRY_ACTIVE=1
|
68 |
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
69 |
+
RUN echo "export PATH=$PATH" >> /home/user/.bashrc \
|
70 |
&& python3 -m venv $VIRTUAL_ENV \
|
71 |
+
&& /opt/venv/bin/pip install --upgrade --no-cache-dir pip \
|
72 |
+
&& chown -R user:user /opt/venv
|
73 |
|
74 |
+
# Run as non-root user
|
|
|
|
|
|
|
75 |
USER user
|
76 |
|
77 |
# Installation of basic Python dependencies specified in pyproject.toml
|
78 |
+
COPY --chown=user:user pyproject.toml poetry.lock /app/
|
79 |
RUN poetry install
|
80 |
|
81 |
# WebUI + extensions
|
82 |
+
RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui /app/stable-diffusion-webui
|
83 |
RUN wget https://raw.githubusercontent.com/camenduru/stable-diffusion-webui-scripts/main/run_n_times.py -O /app/stable-diffusion-webui/scripts/run_n_times.py
|
84 |
RUN git clone -b v1.6 https://github.com/camenduru/deforum-for-automatic1111-webui /app/stable-diffusion-webui/extensions/deforum-for-automatic1111-webui
|
85 |
RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui-images-browser /app/stable-diffusion-webui/extensions/stable-diffusion-webui-images-browser
|
|
|
91 |
|
92 |
# Prepare WebUI environment
|
93 |
WORKDIR /app/stable-diffusion-webui
|
94 |
+
COPY --chown=user:user config.json ui-config.json /app/stable-diffusion-webui/
|
95 |
RUN /opt/venv/bin/python launch.py --exit --skip-torch-cuda-test --xformers
|
96 |
|
97 |
# Patch WebUI
|
|
|
101 |
RUN sed -i -e 's/ queue=False, / /g' modules/ui.py
|
102 |
|
103 |
# Copy startup scripts
|
104 |
+
COPY --chown=user:user run.py on_start.sh /app/stable-diffusion-webui/
|
105 |
RUN chmod +x on_start.sh
|
106 |
|
107 |
EXPOSE 7860
|