jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/build/docker/full-prod.Dockerfile
Jeremie Fraeys ea15af1833 Fix multi-user authentication and clean up debug code 
- Fix YAML tags in auth config struct (json -> yaml)
- Update CLI configs to use pre-hashed API keys
- Remove double hashing in WebSocket client
- Fix port mapping (9102 -> 9103) in CLI commands
- Update permission keys to use jobs:read, jobs:create, etc.
- Clean up all debug logging from CLI and server
- All user roles now authenticate correctly:
  * Admin: Can queue jobs and see all jobs
  * Researcher: Can queue jobs and see own jobs
  * Analyst: Can see status (read-only access)

Multi-user authentication is now fully functional.
2025-12-06 12:35:32 -05:00

73 lines
2.1 KiB
Docker
Raw Blame History

# Full Production Dockerfile with Podman and SSH
FROM golang:1.25-alpine AS builder
# Install dependencies
RUN apk add --no-cache git make
# Set working directory
WORKDIR /app
# Copy go mod files
COPY go.mod go.sum ./
# Download dependencies
RUN go mod download
# Copy source code
COPY . .
# Build Go binaries
RUN go build -o bin/api-server cmd/api-server/main.go && \
go build -o bin/worker cmd/worker/worker_server.go cmd/worker/worker_config.go
# Final stage with Podman
FROM alpine:3.19
# Install runtime dependencies including Podman and SSH
RUN apk add --no-cache ca-certificates redis openssl curl podman openssh
# Create app user
RUN addgroup -g 1001 -S appgroup && \
adduser -u 1001 -S appuser -G appgroup
# Set working directory
WORKDIR /app
# Copy binaries from builder
COPY --from=builder /app/bin/ /usr/local/bin/
# Copy configs
COPY --from=builder /app/configs/ /app/configs/
# Create necessary directories
RUN mkdir -p /app/data/experiments /app/logs /app/ssl /app/ssh /tmp/fetchml-jobs
# Generate SSL certificates
RUN openssl req -x509 -newkey rsa:2048 -keyout /app/ssl/key.pem -out /app/ssl/cert.pem -days 365 -nodes \
-subj "/C=US/ST=Homelab/L=Local/O=ML/OU=Experiments/CN=localhost" && \
chmod 644 /app/ssl/cert.pem /app/ssl/key.pem
# Generate SSH keys for container communication
RUN ssh-keygen -t rsa -b 2048 -f /app/ssh/id_rsa -N "" && \
cp /app/ssh/id_rsa.pub /app/ssh/authorized_keys && \
chmod 600 /app/ssh/id_rsa && \
chmod 644 /app/ssh/id_rsa.pub /app/ssh/authorized_keys
# Configure SSH daemon
RUN echo "PermitRootLogin yes" >> /etc/ssh/sshd_config && \
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && \
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config && \
echo "AuthorizedKeysFile /app/ssh/authorized_keys" >> /etc/ssh/sshd_config
# Switch to app user
USER appuser
# Expose ports
EXPOSE 9101 22
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD curl -k -f https://localhost:9101/health || exit 1
# Default command for API server
CMD ["/usr/local/bin/api-server", "-config", "/app/configs/config.yaml"]
Reference in a new issue View git blame Copy permalink