From faf215dae10d5b8b24e154ee582a456e5504bd60 Mon Sep 17 00:00:00 2001 From: hex2077 Date: Tue, 12 Aug 2025 12:40:30 +0800 Subject: [PATCH] =?UTF-8?q?refactor(docker):=20=E4=BF=AE=E6=94=B9=E5=AE=B9?= =?UTF-8?q?=E5=99=A8=E9=85=8D=E7=BD=AE=E4=BB=A5=E4=BD=BF=E7=94=A8root?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=B9=B6=E6=9B=B4=E6=96=B0=E8=BF=90=E8=A1=8C?= =?UTF-8?q?=E5=8F=82=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 移除非root用户相关配置,改为直接使用root用户 - 添加容器运行时的用户ID、重启策略和特权模式参数 - 更新容器名称和挂载路径以匹配root用户 - 同步更新Windows和Linux的启动脚本 --- Dockerfile | 8 +------- run-docker.bat | 11 +++++++---- run-docker.sh | 11 +++++++---- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0f8b7af..04c436b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,16 +17,10 @@ COPY package*.json ./ # 使用--omit=dev来排除开发依赖 RUN npm install -# 添加非root用户以提高安全性 -RUN addgroup -g 1001 -S nodejs -RUN adduser -S nextjs -u 1001 - # 复制源代码 COPY . . -# 更改文件所有者为非root用户 -RUN chown -R nextjs:nodejs /app -USER nextjs +USER root # 创建目录用于存储日志和系统提示文件 RUN mkdir -p /app/logs diff --git a/run-docker.bat b/run-docker.bat index 61680eb..1a2aab6 100644 --- a/run-docker.bat +++ b/run-docker.bat @@ -28,12 +28,15 @@ if exist "%GEMINI_CONFIG_PATH%" ( :: 构建Docker运行命令,使用USERPROFILE环境变量构建的路径 set "DOCKER_CMD=docker run -d ^" +set "DOCKER_CMD=!DOCKER_CMD! -u "$(id -u):$(id -g)" ^" +set "DOCKER_CMD=!DOCKER_CMD! --restart=always ^" +set "DOCKER_CMD=!DOCKER_CMD! --privileged=true ^" set "DOCKER_CMD=!DOCKER_CMD! -p 3000:3000 ^" set "DOCKER_CMD=!DOCKER_CMD! -e ARGS="--api-key 123456 --host 0.0.0.0" ^" -set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/home/nextjs/.aws/sso/cache" ^" -set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/home/nextjs/.gemini/oauth_creds.json" ^" -set "DOCKER_CMD=!DOCKER_CMD! --name gemini-cli2api ^" -set "DOCKER_CMD=!DOCKER_CMD! gemini-cli2api" +set "DOCKER_CMD=!DOCKER_CMD! -v "%AWS_SSO_CACHE_PATH%:/root/.aws/sso/cache" ^" +set "DOCKER_CMD=!DOCKER_CMD! -v "%GEMINI_CONFIG_PATH%:/root/.gemini/oauth_creds.json" ^" +set "DOCKER_CMD=!DOCKER_CMD! --name aiclient2api ^" +set "DOCKER_CMD=!DOCKER_CMD! aiclient2api" :: 显示将要执行的命令 echo. diff --git a/run-docker.sh b/run-docker.sh index 83288ce..c0a0b49 100644 --- a/run-docker.sh +++ b/run-docker.sh @@ -26,12 +26,15 @@ fi # 构建Docker运行命令,使用HOME环境变量构建的路径 DOCKER_CMD="docker run -d \\ + -u "$(id -u):$(id -g)" \\ + --restart=always \\ + --privileged=true \\ -p 3000:3000 \\ -e ARGS=\"--api-key 123456 --host 0.0.0.0\" \\ - -v $AWS_SSO_CACHE_PATH:/home/nextjs/.aws/sso/cache \\ - -v $GEMINI_CONFIG_PATH:/home/nextjs/.gemini/oauth_creds.json \\ - --name gemini-cli2api \\ - gemini-cli2api" + -v $AWS_SSO_CACHE_PATH:/root/.aws/sso/cache \\ + -v $GEMINI_CONFIG_PATH:/root/.gemini/oauth_creds.json \\ + --name aiclient2api \\ + aiclient2api" # 显示将要执行的命令 echo