carloscar commited on
Commit
3d31e1a
·
verified ·
1 Parent(s): 80c144b

dockerfile fixes for running as non-root user

Browse files
Files changed (1) hide show
  1. Dockerfile +17 -15
Dockerfile CHANGED
@@ -42,13 +42,9 @@ RUN apt-get update -y \
42
  && apt-get autoremove --yes \
43
  && rm -rf /var/lib/apt/lists/*
44
 
45
- # For debug shells, quality of life and OS timezone setting (UTC)
46
- RUN printf "\n. /etc/profile\n" >> /root/.profile
47
- RUN printf "\n. /etc/profile\n" >> /root/.bashrc
48
- RUN printf "\nset mouse=\n" >> /usr/share/vim/vim82/defaults.vim
49
  RUN echo "UTC" > /etc/timezone
50
  ENV TZ=UTC
51
- ENV ENV="/etc/profile"
52
 
53
  # Poetry for Python packages
54
  RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry python3 - --yes \
@@ -57,27 +53,33 @@ RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry
57
  && poetry config virtualenvs.create false \
58
  && poetry config virtualenvs.in-project false
59
 
 
 
 
 
 
 
 
 
60
  # Sets up virtualenv for dependencies
61
  ENV VIRTUAL_ENV="/opt/venv"
62
  ENV VIRTUAL_ENV_DISABLE_PROMPT=1
63
  ENV POETRY_ACTIVE=1
64
  ENV PATH="$VIRTUAL_ENV/bin:$PATH"
65
- RUN echo "export PATH=$PATH" >> ~/.bashrc \
66
  && python3 -m venv $VIRTUAL_ENV \
67
- && /opt/venv/bin/pip install --upgrade --no-cache-dir pip
 
68
 
69
- # Run app as non-root user
70
- WORKDIR /app
71
- RUN adduser --disabled-password --gecos '' user
72
- RUN chown -R user:user /app /opt/venv
73
  USER user
74
 
75
  # Installation of basic Python dependencies specified in pyproject.toml
76
- COPY pyproject.toml poetry.lock /app/
77
  RUN poetry install
78
 
79
  # WebUI + extensions
80
- RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui
81
  RUN wget https://raw.githubusercontent.com/camenduru/stable-diffusion-webui-scripts/main/run_n_times.py -O /app/stable-diffusion-webui/scripts/run_n_times.py
82
  RUN git clone -b v1.6 https://github.com/camenduru/deforum-for-automatic1111-webui /app/stable-diffusion-webui/extensions/deforum-for-automatic1111-webui
83
  RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui-images-browser /app/stable-diffusion-webui/extensions/stable-diffusion-webui-images-browser
@@ -89,7 +91,7 @@ RUN git clone https://github.com/Mikubill/sd-webui-controlnet /app/stable-diffus
89
 
90
  # Prepare WebUI environment
91
  WORKDIR /app/stable-diffusion-webui
92
- COPY config.json ui-config.json /app/stable-diffusion-webui/
93
  RUN /opt/venv/bin/python launch.py --exit --skip-torch-cuda-test --xformers
94
 
95
  # Patch WebUI
@@ -99,7 +101,7 @@ RUN sed -i -e 's/ outputs=\[/queue=False, &/g' modules/ui.py
99
  RUN sed -i -e 's/ queue=False, / /g' modules/ui.py
100
 
101
  # Copy startup scripts
102
- COPY run.py on_start.sh /app/stable-diffusion-webui/
103
  RUN chmod +x on_start.sh
104
 
105
  EXPOSE 7860
 
42
  && apt-get autoremove --yes \
43
  && rm -rf /var/lib/apt/lists/*
44
 
45
+ # OS timezone setting (UTC)
 
 
 
46
  RUN echo "UTC" > /etc/timezone
47
  ENV TZ=UTC
 
48
 
49
  # Poetry for Python packages
50
  RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/usr/local/poetry python3 - --yes \
 
53
  && poetry config virtualenvs.create false \
54
  && poetry config virtualenvs.in-project false
55
 
56
+ # Create non-root user
57
+ ENV ENV="/etc/profile"
58
+ RUN adduser --disabled-password --gecos '' user && \
59
+ mkdir -p /app && \
60
+ chown -R user:user /app && \
61
+ printf "\n. /etc/profile\n" >> /home/user/.profile \
62
+ printf "\n. /etc/profile\n" >> /home/user/.bashrc
63
+
64
  # Sets up virtualenv for dependencies
65
  ENV VIRTUAL_ENV="/opt/venv"
66
  ENV VIRTUAL_ENV_DISABLE_PROMPT=1
67
  ENV POETRY_ACTIVE=1
68
  ENV PATH="$VIRTUAL_ENV/bin:$PATH"
69
+ RUN echo "export PATH=$PATH" >> /home/user/.bashrc \
70
  && python3 -m venv $VIRTUAL_ENV \
71
+ && /opt/venv/bin/pip install --upgrade --no-cache-dir pip \
72
+ && chown -R user:user /opt/venv
73
 
74
+ # Run as non-root user
 
 
 
75
  USER user
76
 
77
  # Installation of basic Python dependencies specified in pyproject.toml
78
+ COPY --chown=user:user pyproject.toml poetry.lock /app/
79
  RUN poetry install
80
 
81
  # WebUI + extensions
82
+ RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui /app/stable-diffusion-webui
83
  RUN wget https://raw.githubusercontent.com/camenduru/stable-diffusion-webui-scripts/main/run_n_times.py -O /app/stable-diffusion-webui/scripts/run_n_times.py
84
  RUN git clone -b v1.6 https://github.com/camenduru/deforum-for-automatic1111-webui /app/stable-diffusion-webui/extensions/deforum-for-automatic1111-webui
85
  RUN git clone -b v2.0 https://github.com/camenduru/stable-diffusion-webui-images-browser /app/stable-diffusion-webui/extensions/stable-diffusion-webui-images-browser
 
91
 
92
  # Prepare WebUI environment
93
  WORKDIR /app/stable-diffusion-webui
94
+ COPY --chown=user:user config.json ui-config.json /app/stable-diffusion-webui/
95
  RUN /opt/venv/bin/python launch.py --exit --skip-torch-cuda-test --xformers
96
 
97
  # Patch WebUI
 
101
  RUN sed -i -e 's/ queue=False, / /g' modules/ui.py
102
 
103
  # Copy startup scripts
104
+ COPY --chown=user:user run.py on_start.sh /app/stable-diffusion-webui/
105
  RUN chmod +x on_start.sh
106
 
107
  EXPOSE 7860