Fix volume permissions: entrypoint chowns /data to uid 1000, run app as non-root
This commit is contained in:
@@ -2,7 +2,7 @@ FROM python:3.12-slim
|
|||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/*
|
RUN apt-get update && apt-get install -y ffmpeg gosu && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
COPY backend/requirements.txt ./backend/requirements.txt
|
COPY backend/requirements.txt ./backend/requirements.txt
|
||||||
RUN pip install --no-cache-dir -r backend/requirements.txt && pip install --no-cache-dir -U yt-dlp
|
RUN pip install --no-cache-dir -r backend/requirements.txt && pip install --no-cache-dir -U yt-dlp
|
||||||
@@ -11,4 +11,5 @@ COPY backend/ ./backend/
|
|||||||
|
|
||||||
EXPOSE 8000
|
EXPOSE 8000
|
||||||
|
|
||||||
|
ENTRYPOINT ["/app/backend/entrypoint.sh"]
|
||||||
CMD ["uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"]
|
CMD ["uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"]
|
||||||
|
|||||||
3
backend/entrypoint.sh
Executable file
3
backend/entrypoint.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
chown -R 1000:1000 /data 2>/dev/null || true
|
||||||
|
exec gosu 1000:1000 "$@"
|
||||||
@@ -462,8 +462,10 @@ def start_download(
|
|||||||
|
|
||||||
file_path = None
|
file_path = None
|
||||||
stream_index = 0
|
stream_index = 0
|
||||||
|
output_lines: list[str] = []
|
||||||
for line in process.stdout:
|
for line in process.stdout:
|
||||||
line = line.strip()
|
line = line.strip()
|
||||||
|
output_lines.append(line)
|
||||||
if re.search(r"\[download\] Destination:", line):
|
if re.search(r"\[download\] Destination:", line):
|
||||||
stream_index += 1
|
stream_index += 1
|
||||||
m = re.search(r"\[download\]\s+([\d.]+)%", line)
|
m = re.search(r"\[download\]\s+([\d.]+)%", line)
|
||||||
@@ -480,7 +482,10 @@ def start_download(
|
|||||||
resolution = detect_resolution(file_path) if file_path else None
|
resolution = detect_resolution(file_path) if file_path else None
|
||||||
on_complete(download_id, file_path, resolution)
|
on_complete(download_id, file_path, resolution)
|
||||||
else:
|
else:
|
||||||
on_error(download_id, f"yt-dlp exited with code {process.returncode}")
|
tail = "\n".join(output_lines[-20:]) if output_lines else "(no output)"
|
||||||
|
import logging
|
||||||
|
logging.getLogger(__name__).error("yt-dlp failed (code %d):\n%s", process.returncode, tail)
|
||||||
|
on_error(download_id, f"yt-dlp exited with code {process.returncode}:\n{tail}")
|
||||||
|
|
||||||
thread = threading.Thread(target=_run_download, daemon=True)
|
thread = threading.Thread(target=_run_download, daemon=True)
|
||||||
thread.start()
|
thread.start()
|
||||||
|
|||||||
Reference in New Issue
Block a user