|
|
@@ -11,6 +11,9 @@ ARG USE_CUDA_VER=cu121
|
|
|
# IMPORTANT: If you change the embedding model (sentence-transformers/all-MiniLM-L6-v2) and vice versa, you aren't able to use RAG Chat with your previous documents loaded in the WebUI! You need to re-embed them.
|
|
|
ARG USE_EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
|
|
|
ARG USE_RERANKING_MODEL=""
|
|
|
+# Override at your own risk - non-root configurations are untested
|
|
|
+ARG UID=0
|
|
|
+ARG GID=0
|
|
|
|
|
|
######## WebUI frontend ########
|
|
|
FROM --platform=$BUILDPLATFORM node:21-alpine3.19 as build
|
|
|
@@ -32,6 +35,8 @@ ARG USE_OLLAMA
|
|
|
ARG USE_CUDA_VER
|
|
|
ARG USE_EMBEDDING_MODEL
|
|
|
ARG USE_RERANKING_MODEL
|
|
|
+ARG UID
|
|
|
+ARG GID
|
|
|
|
|
|
## Basis ##
|
|
|
ENV ENV=prod \
|
|
|
@@ -76,9 +81,20 @@ ENV HF_HOME="/app/backend/data/cache/embedding/models"
|
|
|
WORKDIR /app/backend
|
|
|
|
|
|
ENV HOME /root
|
|
|
+# Create user and group if not root
|
|
|
+RUN if [ $UID -ne 0 ]; then \
|
|
|
+ if [ $GID -ne 0 ]; then \
|
|
|
+ addgroup --gid $GID app; \
|
|
|
+ fi; \
|
|
|
+ adduser --uid $UID --gid $GID --home $HOME --disabled-password --no-create-home app; \
|
|
|
+ fi
|
|
|
+
|
|
|
RUN mkdir -p $HOME/.cache/chroma
|
|
|
RUN echo -n 00000000-0000-0000-0000-000000000000 > $HOME/.cache/chroma/telemetry_user_id
|
|
|
|
|
|
+# Make sure the user has access to the app and root directory
|
|
|
+RUN chown -R $UID:$GID /app $HOME
|
|
|
+
|
|
|
RUN if [ "$USE_OLLAMA" = "true" ]; then \
|
|
|
apt-get update && \
|
|
|
# Install pandoc and netcat
|
|
|
@@ -102,7 +118,7 @@ RUN if [ "$USE_OLLAMA" = "true" ]; then \
|
|
|
fi
|
|
|
|
|
|
# install python dependencies
|
|
|
-COPY ./backend/requirements.txt ./requirements.txt
|
|
|
+COPY --chown=$UID:$GID ./backend/requirements.txt ./requirements.txt
|
|
|
|
|
|
RUN pip3 install uv && \
|
|
|
if [ "$USE_CUDA" = "true" ]; then \
|
|
|
@@ -125,16 +141,17 @@ RUN pip3 install uv && \
|
|
|
# COPY --from=build /app/onnx /root/.cache/chroma/onnx_models/all-MiniLM-L6-v2/onnx
|
|
|
|
|
|
# copy built frontend files
|
|
|
-COPY --from=build /app/build /app/build
|
|
|
-COPY --from=build /app/CHANGELOG.md /app/CHANGELOG.md
|
|
|
-COPY --from=build /app/package.json /app/package.json
|
|
|
+COPY --chown=$UID:$GID --from=build /app/build /app/build
|
|
|
+COPY --chown=$UID:$GID --from=build /app/CHANGELOG.md /app/CHANGELOG.md
|
|
|
+COPY --chown=$UID:$GID --from=build /app/package.json /app/package.json
|
|
|
|
|
|
# copy backend files
|
|
|
-COPY ./backend .
|
|
|
+COPY --chown=$UID:$GID ./backend .
|
|
|
|
|
|
EXPOSE 8080
|
|
|
|
|
|
HEALTHCHECK CMD curl --silent --fail http://localhost:8080/health | jq -e '.status == true' || exit 1
|
|
|
|
|
|
+USER $UID:$GID
|
|
|
|
|
|
CMD [ "bash", "start.sh"]
|
Jun Siang Cheah