From 59518cf7738a3fde95b1d570088bcfa47ebd1597 Mon Sep 17 00:00:00 2001 From: jouls0217 Date: Tue, 12 May 2026 16:11:31 +0800 Subject: [PATCH 1/3] Add docker-compose and harden Dockerfile - Add docker-compose.yml with explicit image/container names, port mapping, downloads volume mount, and restart policy for a one-command local deployment. - Add .dockerignore to keep .git, downloads, caches, and editor files out of the build context, shrinking the image and improving cache reuse on rebuilds. - Harden the Dockerfile: run as a non-root user, set PYTHONUNBUFFERED so logs stream to docker logs in real time, install curl for the new HEALTHCHECK against the index route, and switch the entrypoint from Flask's dev server to gunicorn for production use. --- .dockerignore | 15 +++++++++++++++ Dockerfile | 20 ++++++++++++++++---- docker-compose.yml | 10 ++++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 .dockerignore create mode 100644 docker-compose.yml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ee429ec --- /dev/null +++ b/.dockerignore @@ -0,0 +1,15 @@ +.git +.gitignore +downloads +__pycache__ +*.pyc +*.pyo +README.md +LICENSE +docker-compose.yml +Dockerfile +.dockerignore +.env +.env.* +.vscode +.idea diff --git a/Dockerfile b/Dockerfile index d3dfbe9..cd5fafd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,27 @@ FROM python:3.12-slim +ENV PYTHONUNBUFFERED=1 \ + PYTHONDONTWRITEBYTECODE=1 + RUN apt-get update && \ - apt-get install -y --no-install-recommends ffmpeg && \ + apt-get install -y --no-install-recommends ffmpeg curl && \ rm -rf /var/lib/apt/lists/* WORKDIR /app + COPY requirements.txt . -RUN pip install --no-cache-dir -r requirements.txt +RUN pip install --no-cache-dir -r requirements.txt gunicorn COPY . . +RUN useradd -m -u 1000 reclip && \ + mkdir -p /app/downloads && \ + chown -R reclip:reclip /app +USER reclip + EXPOSE 8899 -ENV HOST=0.0.0.0 -CMD ["python", "app.py"] + +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s \ + CMD curl -fsS http://localhost:8899/ || exit 1 + +CMD ["gunicorn", "-b", "0.0.0.0:8899", "-w", "2", "--timeout", "600", "app:app"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0b20fe6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,10 @@ +services: + reclip: + build: . + image: reclip:latest + container_name: reclip + ports: + - "8899:8899" + volumes: + - ./downloads:/app/downloads + restart: unless-stopped From 254939c784b0bd2f456b39af2f2c0d8a908bd881 Mon Sep 17 00:00:00 2001 From: jouls0217 Date: Tue, 12 May 2026 16:28:15 +0800 Subject: [PATCH 2/3] Remove unnecessary HEALTHCHECK and curl from Dockerfile --- Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index cd5fafd..1e4019d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ENV PYTHONUNBUFFERED=1 \ PYTHONDONTWRITEBYTECODE=1 RUN apt-get update && \ - apt-get install -y --no-install-recommends ffmpeg curl && \ + apt-get install -y --no-install-recommends ffmpeg && \ rm -rf /var/lib/apt/lists/* WORKDIR /app @@ -21,7 +21,4 @@ USER reclip EXPOSE 8899 -HEALTHCHECK --interval=30s --timeout=5s --start-period=10s \ - CMD curl -fsS http://localhost:8899/ || exit 1 - CMD ["gunicorn", "-b", "0.0.0.0:8899", "-w", "2", "--timeout", "600", "app:app"] From a9cb2f102233577a9f0dbe53185f7840885269c5 Mon Sep 17 00:00:00 2001 From: jouls0217 Date: Tue, 12 May 2026 16:46:43 +0800 Subject: [PATCH 3/3] Use named volume and fix gunicorn worker config Switch downloads to a named volume to avoid host permission issues on first run, and adjust gunicorn to one worker with multiple threads so the in-memory jobs dict is shared across requests. Also enable access logging. --- Dockerfile | 2 +- docker-compose.yml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e4019d..335a41c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,4 +21,4 @@ USER reclip EXPOSE 8899 -CMD ["gunicorn", "-b", "0.0.0.0:8899", "-w", "2", "--timeout", "600", "app:app"] +CMD ["gunicorn", "-b", "0.0.0.0:8899", "-w", "1", "--threads", "4", "--timeout", "600", "--access-logfile", "-", "app:app"] diff --git a/docker-compose.yml b/docker-compose.yml index 0b20fe6..19404ec 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,5 +6,8 @@ services: ports: - "8899:8899" volumes: - - ./downloads:/app/downloads + - reclip-downloads:/app/downloads restart: unless-stopped + +volumes: + reclip-downloads: