1a05ee941e
The Dockerfile CMD runs without arguments, causing the CLI to print help and exit with code 1. This breaks deployment on container platforms (Render, Railway, Fly.io, etc.) that rely on the CMD. Changes: - Add `gateway` subcommand to start the server - Add `--allow-unconfigured` to allow startup without config file - Add `--bind lan` to bind to 0.0.0.0 instead of localhost (required for container health checks) Fixes #5685
43 lines
1.2 KiB
Docker
43 lines
1.2 KiB
Docker
FROM node:22-bookworm
|
|
|
|
# Install Bun (required for build scripts)
|
|
RUN curl -fsSL https://bun.sh/install | bash
|
|
ENV PATH="/root/.bun/bin:${PATH}"
|
|
|
|
RUN corepack enable
|
|
|
|
WORKDIR /app
|
|
|
|
ARG OPENCLAW_DOCKER_APT_PACKAGES=""
|
|
RUN if [ -n "$OPENCLAW_DOCKER_APT_PACKAGES" ]; then \
|
|
apt-get update && \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $OPENCLAW_DOCKER_APT_PACKAGES && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
|
|
fi
|
|
|
|
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
|
|
COPY ui/package.json ./ui/package.json
|
|
COPY patches ./patches
|
|
COPY scripts ./scripts
|
|
|
|
RUN pnpm install --frozen-lockfile
|
|
|
|
COPY . .
|
|
RUN OPENCLAW_A2UI_SKIP_MISSING=1 pnpm build
|
|
# Force pnpm for UI build (Bun may fail on ARM/Synology architectures)
|
|
ENV OPENCLAW_PREFER_PNPM=1
|
|
RUN pnpm ui:build
|
|
|
|
ENV NODE_ENV=production
|
|
|
|
# Allow non-root user to write temp files during runtime/tests.
|
|
RUN chown -R node:node /app
|
|
|
|
# Security hardening: Run as non-root user
|
|
# The node:22-bookworm image includes a 'node' user (uid 1000)
|
|
# This reduces the attack surface by preventing container escape via root privileges
|
|
USER node
|
|
|
|
CMD ["node", "dist/index.js", "gateway", "--allow-unconfigured", "--bind", "lan"]
|