mirror of
https://github.com/LibreTranslate/LibreTranslate.git
synced 2025-05-23 17:02:58 -04:00
01042ab2bd
1. docker/root-with-sshd.Dockerfile
- executes as user: "root"
- supports build arguments:
* api_key
* root_password
2. docker/user-with-api-key.Dockerfile
- executes as user: "libretranslate"
- supports build arguments:
* api_key
Build arguments are optional:
* api_key=""
- initializes one API key with the user-defined value
* root_password=""
- sets password for "root" user
- installs sshd server to allow remote access to "ltmanage" command
* enables "PermitRootLogin"
* enables "PasswordAuthentication"
Environment variables with complimentary behavior:
* LT_REQ_LIMIT = 0
* LT_API_KEYS = true
- locks down server and requires an API key for all API access
Testing:
* unexpected complications
- sudo:
* error message:
effective uid is not 0,
is /usr/bin/sudo on a file system with the 'nosuid' option set
or an NFS file system without root privileges?
* info:
https://unix.stackexchange.com/q/546822
* result:
- discarded Dockerfile variation that attempted to:
* run entrypoint as user: "libretranslate"
* use sudo to run sshd
* "render.com" free tier
- notes:
* completely free
* no credit card required
* can clone any public git repo and run any Dockerfile it contains
* can NOT use SSH to access containers
- Dockerfile variations:
1. docker/Dockerfile
- works perfectly
- public API is open and unrestricted
2. docker/root-with-sshd.Dockerfile
- works perfectly
- public API is only accessible to requests with "api_key"
- SSH server is running
* public access is blocked by container firewall
* haven't tested on a paid tier,
but external connections should be allowed and work
3. docker/user-with-api-key.Dockerfile
- works perfectly
- public API is only accessible to requests with "api_key"