42 lines
1.4 KiB
Docker
42 lines
1.4 KiB
Docker
# disinto-chat — minimal HTTP backend for Claude chat UI
|
|
#
|
|
# Small Debian slim base with Python runtime.
|
|
# Chosen for simplicity and small image size (~100MB).
|
|
#
|
|
# Image size: ~100MB (well under the 200MB ceiling)
|
|
#
|
|
# The claude binary is mounted from the host at runtime via docker-compose,
|
|
# not baked into the image — same pattern as the agents container.
|
|
|
|
FROM debian:bookworm-slim
|
|
|
|
# Install Python (no build-time network access needed)
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
python3 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Non-root user — fixed UID 10001 for sandbox hardening (#706, #707)
|
|
RUN useradd -m -u 10001 -s /bin/bash chat
|
|
|
|
# Copy application files
|
|
COPY server.py /usr/local/bin/server.py
|
|
COPY entrypoint-chat.sh /entrypoint-chat.sh
|
|
COPY ui/ /var/chat/ui/
|
|
|
|
RUN chmod +x /entrypoint-chat.sh /usr/local/bin/server.py
|
|
|
|
# Create and set ownership of chat identity directory for #707
|
|
RUN install -d -m 0700 /home/chat/.claude-chat/config/credentials \
|
|
&& chown -R chat:chat /home/chat/.claude-chat
|
|
|
|
USER chat
|
|
WORKDIR /var/chat
|
|
|
|
# Declare volume for chat identity — mounted from host at runtime (#707)
|
|
VOLUME /home/chat/.claude-chat
|
|
|
|
EXPOSE 8080
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8080/')" || exit 1
|
|
|
|
ENTRYPOINT ["/entrypoint-chat.sh"]
|