refactor(docker): 修改容器配置以使用root用户并更新运行参数
- 移除非root用户相关配置,改为直接使用root用户 - 添加容器运行时的用户ID、重启策略和特权模式参数 - 更新容器名称和挂载路径以匹配root用户 - 同步更新Windows和Linux的启动脚本
This commit is contained in:
parent
2c9dd481ff
commit
faf215dae1
3 changed files with 15 additions and 15 deletions
|
|
@ -17,16 +17,10 @@ COPY package*.json ./
|
|||
# 使用--omit=dev来排除开发依赖
|
||||
RUN npm install
|
||||
|
||||
# 添加非root用户以提高安全性
|
||||
RUN addgroup -g 1001 -S nodejs
|
||||
RUN adduser -S nextjs -u 1001
|
||||
|
||||
# 复制源代码
|
||||
COPY . .
|
||||
|
||||
# 更改文件所有者为非root用户
|
||||
RUN chown -R nextjs:nodejs /app
|
||||
USER nextjs
|
||||
USER root
|
||||
|
||||
# 创建目录用于存储日志和系统提示文件
|
||||
RUN mkdir -p /app/logs
|
||||
|
|
|
|||
|
|
@ -28,12 +28,15 @@ if exist "%GEMINI_CONFIG_PATH%" (
|
|||
|
||||
:: 构建Docker运行命令,使用USERPROFILE环境变量构建的路径
|
||||
set "DOCKER_CMD=docker run -d ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -u "$(id -u):$(id -g)" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! --restart=always ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! --privileged=true ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -p 3000:3000 ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -e ARGS="--api-key 123456 --host 0.0.0.0" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/home/nextjs/.aws/sso/cache" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/home/nextjs/.gemini/oauth_creds.json" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! --name gemini-cli2api ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! gemini-cli2api"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/root/.aws/sso/cache" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/root/.gemini/oauth_creds.json" ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! --name aiclient2api ^"
|
||||
set "DOCKER_CMD=!DOCKER_CMD! aiclient2api"
|
||||
|
||||
:: 显示将要执行的命令
|
||||
echo.
|
||||
|
|
|
|||
|
|
@ -26,12 +26,15 @@ fi
|
|||
|
||||
# 构建Docker运行命令,使用HOME环境变量构建的路径
|
||||
DOCKER_CMD="docker run -d \\
|
||||
-u "$(id -u):$(id -g)" \\
|
||||
--restart=always \\
|
||||
--privileged=true \\
|
||||
-p 3000:3000 \\
|
||||
-e ARGS=\"--api-key 123456 --host 0.0.0.0\" \\
|
||||
-v $AWS_SSO_CACHE_PATH:/home/nextjs/.aws/sso/cache \\
|
||||
-v $GEMINI_CONFIG_PATH:/home/nextjs/.gemini/oauth_creds.json \\
|
||||
--name gemini-cli2api \\
|
||||
gemini-cli2api"
|
||||
-v $AWS_SSO_CACHE_PATH:/root/.aws/sso/cache \\
|
||||
-v $GEMINI_CONFIG_PATH:/root/.gemini/oauth_creds.json \\
|
||||
--name aiclient2api \\
|
||||
aiclient2api"
|
||||
|
||||
# 显示将要执行的命令
|
||||
echo
|
||||
|
|
|
|||
Loading…
Reference in a new issue