Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
OpenSource
/
open-webui
2
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

Merge pull request #2322 from cheahjs/feat/unsupported-nonroot-images

feat: optional UID/GID docker build args
Timothy Jaeryang Baek 11 kuukautta sitten
vanhempi
ba61f87a2f 1dc80786c1
commit
7db4baeffa
1 muutettua tiedostoa jossa 22 lisäystä ja 5 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 22 5
      Dockerfile

+ 22 - 5
Dockerfile
Näytä tiedosto 

@@ -11,6 +11,9 @@ ARG USE_CUDA_VER=cu121
 
 # IMPORTANT: If you change the embedding model (sentence-transformers/all-MiniLM-L6-v2) and vice versa, you aren't able to use RAG Chat with your previous documents loaded in the WebUI! You need to re-embed them.
 
 ARG USE_EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
 
 ARG USE_RERANKING_MODEL=""
 
+# Override at your own risk - non-root configurations are untested
 
+ARG UID=0
 
+ARG GID=0
 
 
 ######## WebUI frontend ########
 
 FROM --platform=$BUILDPLATFORM node:21-alpine3.19 as build
 
@@ -32,6 +35,8 @@ ARG USE_OLLAMA
 
 ARG USE_CUDA_VER
 
 ARG USE_EMBEDDING_MODEL
 
 ARG USE_RERANKING_MODEL
 
+ARG UID
 
+ARG GID
 
 
 ## Basis ##
 
 ENV ENV=prod \
 
@@ -76,9 +81,20 @@ ENV HF_HOME="/app/backend/data/cache/embedding/models"
 
 WORKDIR /app/backend
 
 
 ENV HOME /root
 
+# Create user and group if not root
 
+RUN if [ $UID -ne 0 ]; then \
 
+      if [ $GID -ne 0 ]; then \
 
+        addgroup --gid $GID app; \
 
+      fi; \
 
+      adduser --uid $UID --gid $GID --home $HOME --disabled-password --no-create-home app; \
 
+    fi
 
+
 
 RUN mkdir -p $HOME/.cache/chroma
 
 RUN echo -n 00000000-0000-0000-0000-000000000000 > $HOME/.cache/chroma/telemetry_user_id
 
 
+# Make sure the user has access to the app and root directory
 
+RUN chown -R $UID:$GID /app $HOME
 
+
 
 RUN if [ "$USE_OLLAMA" = "true" ]; then \
 
     apt-get update && \
 
     # Install pandoc and netcat
 
@@ -102,7 +118,7 @@ RUN if [ "$USE_OLLAMA" = "true" ]; then \
 
     fi
 
 
 # install python dependencies
 
-COPY ./backend/requirements.txt ./requirements.txt
 
+COPY --chown=$UID:$GID ./backend/requirements.txt ./requirements.txt
 
 
 RUN pip3 install uv && \
 
     if [ "$USE_CUDA" = "true" ]; then \
 
@@ -125,16 +141,17 @@ RUN pip3 install uv && \
 
 # COPY --from=build /app/onnx /root/.cache/chroma/onnx_models/all-MiniLM-L6-v2/onnx
 
 
 # copy built frontend files
 
-COPY --from=build /app/build /app/build
 
-COPY --from=build /app/CHANGELOG.md /app/CHANGELOG.md
 
-COPY --from=build /app/package.json /app/package.json
 
+COPY --chown=$UID:$GID --from=build /app/build /app/build
 
+COPY --chown=$UID:$GID --from=build /app/CHANGELOG.md /app/CHANGELOG.md
 
+COPY --chown=$UID:$GID --from=build /app/package.json /app/package.json
 
 
 # copy backend files
 
-COPY ./backend .
 
+COPY --chown=$UID:$GID ./backend .
 
 
 EXPOSE 8080
 
 
 HEALTHCHECK CMD curl --silent --fail http://localhost:8080/health | jq -e '.status == true' || exit 1
 
 
+USER $UID:$GID
 
 
 CMD [ "bash", "start.sh"]