diff --git a/Dockerfile b/Dockerfile index 0f8b7af..04c436b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,16 +17,10 @@ COPY package*.json ./ # 使用--omit=dev来排除开发依赖 RUN npm install -# 添加非root用户以提高安全性 -RUN addgroup -g 1001 -S nodejs -RUN adduser -S nextjs -u 1001 - # 复制源代码 COPY . . -# 更改文件所有者为非root用户 -RUN chown -R nextjs:nodejs /app -USER nextjs +USER root # 创建目录用于存储日志和系统提示文件 RUN mkdir -p /app/logs diff --git a/run-docker.bat b/run-docker.bat index 61680eb..1a2aab6 100644 --- a/run-docker.bat +++ b/run-docker.bat @@ -28,12 +28,15 @@ if exist "%GEMINI_CONFIG_PATH%" ( :: 构建Docker运行命令,使用USERPROFILE环境变量构建的路径 set "DOCKER_CMD=docker run -d ^" +set "DOCKER_CMD=!DOCKER_CMD! -u "$(id -u):$(id -g)" ^" +set "DOCKER_CMD=!DOCKER_CMD! --restart=always ^" +set "DOCKER_CMD=!DOCKER_CMD! --privileged=true ^" set "DOCKER_CMD=!DOCKER_CMD! -p 3000:3000 ^" set "DOCKER_CMD=!DOCKER_CMD! -e ARGS="--api-key 123456 --host 0.0.0.0" ^" -set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/home/nextjs/.aws/sso/cache" ^" -set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/home/nextjs/.gemini/oauth_creds.json" ^" -set "DOCKER_CMD=!DOCKER_CMD! --name gemini-cli2api ^" -set "DOCKER_CMD=!DOCKER_CMD! gemini-cli2api" +set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/root/.aws/sso/cache" ^" +set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/root/.gemini/oauth_creds.json" ^" +set "DOCKER_CMD=!DOCKER_CMD! --name aiclient2api ^" +set "DOCKER_CMD=!DOCKER_CMD! aiclient2api" :: 显示将要执行的命令 echo. diff --git a/run-docker.sh b/run-docker.sh index 83288ce..c0a0b49 100644 --- a/run-docker.sh +++ b/run-docker.sh @@ -26,12 +26,15 @@ fi # 构建Docker运行命令,使用HOME环境变量构建的路径 DOCKER_CMD="docker run -d \\ + -u "$(id -u):$(id -g)" \\ + --restart=always \\ + --privileged=true \\ -p 3000:3000 \\ -e ARGS=\"--api-key 123456 --host 0.0.0.0\" \\ - -v $AWS_SSO_CACHE_PATH:/home/nextjs/.aws/sso/cache \\ - -v $GEMINI_CONFIG_PATH:/home/nextjs/.gemini/oauth_creds.json \\ - --name gemini-cli2api \\ - gemini-cli2api" + -v $AWS_SSO_CACHE_PATH:/root/.aws/sso/cache \\ + -v $GEMINI_CONFIG_PATH:/root/.gemini/oauth_creds.json \\ + --name aiclient2api \\ + aiclient2api" # 显示将要执行的命令 echo