mirror of
https://github.com/LibreTranslate/LibreTranslate.git
synced 2025-11-10 08:36:43 -05:00
01042ab2bd
1. docker/root-with-sshd.Dockerfile
- executes as user: "root"
- supports build arguments:
* api_key
* root_password
2. docker/user-with-api-key.Dockerfile
- executes as user: "libretranslate"
- supports build arguments:
* api_key
Build arguments are optional:
* api_key=""
- initializes one API key with the user-defined value
* root_password=""
- sets password for "root" user
- installs sshd server to allow remote access to "ltmanage" command
* enables "PermitRootLogin"
* enables "PasswordAuthentication"
Environment variables with complimentary behavior:
* LT_REQ_LIMIT = 0
* LT_API_KEYS = true
- locks down server and requires an API key for all API access
Testing:
* unexpected complications
- sudo:
* error message:
effective uid is not 0,
is /usr/bin/sudo on a file system with the 'nosuid' option set
or an NFS file system without root privileges?
* info:
https://unix.stackexchange.com/q/546822
* result:
- discarded Dockerfile variation that attempted to:
* run entrypoint as user: "libretranslate"
* use sudo to run sshd
* "render.com" free tier
- notes:
* completely free
* no credit card required
* can clone any public git repo and run any Dockerfile it contains
* can NOT use SSH to access containers
- Dockerfile variations:
1. docker/Dockerfile
- works perfectly
- public API is open and unrestricted
2. docker/root-with-sshd.Dockerfile
- works perfectly
- public API is only accessible to requests with "api_key"
- SSH server is running
* public access is blocked by container firewall
* haven't tested on a paid tier,
but external connections should be allowed and work
3. docker/user-with-api-key.Dockerfile
- works perfectly
- public API is only accessible to requests with "api_key"
79 lines
1.8 KiB
Docker
79 lines
1.8 KiB
Docker
FROM python:3.11.11-slim-bullseye AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
ARG DEBIAN_FRONTEND=noninteractive
|
|
RUN <<EOF
|
|
apt-get update -qq
|
|
apt-get -qqq install --no-install-recommends -y pkg-config gcc g++
|
|
apt-get upgrade --assume-yes
|
|
apt-get clean
|
|
rm -rf /var/lib/apt
|
|
|
|
python -mvenv venv
|
|
./venv/bin/pip install --no-cache-dir --upgrade pip
|
|
EOF
|
|
|
|
COPY . .
|
|
|
|
# Install package from source code, compile translations
|
|
RUN <<EOF
|
|
./venv/bin/pip install Babel==2.12.1
|
|
./venv/bin/python scripts/compile_locales.py
|
|
./venv/bin/pip install torch==2.2.0 --extra-index-url https://download.pytorch.org/whl/cpu
|
|
./venv/bin/pip install "numpy<2"
|
|
./venv/bin/pip install .
|
|
./venv/bin/pip cache purge
|
|
EOF
|
|
|
|
FROM python:3.11.11-slim-bullseye
|
|
|
|
ARG with_models=false
|
|
ARG models=""
|
|
|
|
ARG api_key=""
|
|
|
|
RUN <<EOF
|
|
addgroup --system --gid 1032 libretranslate
|
|
adduser --system --uid 1032 libretranslate
|
|
mkdir -p /home/libretranslate/.local
|
|
chown -R libretranslate:libretranslate /home/libretranslate/.local
|
|
EOF
|
|
|
|
USER libretranslate
|
|
|
|
COPY --from=builder --chown=1032:1032 /app /app
|
|
WORKDIR /app
|
|
|
|
COPY --from=builder --chown=1032:1032 /app/venv/bin/ltmanage /usr/bin/
|
|
|
|
RUN <<EOF
|
|
if [ "$with_models" = "true" ]; then
|
|
# initialize the language models
|
|
if [ ! -z "$models" ]; then
|
|
./venv/bin/python scripts/install_models.py --load_only_lang_codes "$models"
|
|
else
|
|
./venv/bin/python scripts/install_models.py
|
|
fi
|
|
fi
|
|
EOF
|
|
|
|
RUN <<EOF
|
|
if [ ! -z "$api_key" ]; then
|
|
# initialize the API key database
|
|
./venv/bin/python - <<'EOPython'
|
|
from libretranslate.api_keys import Database
|
|
from libretranslate.default_values import DEFAULT_ARGUMENTS as DEFARGS
|
|
Database(DEFARGS['API_KEYS_DB_PATH'])
|
|
EOPython
|
|
|
|
# initialize one API key
|
|
ltmanage keys add 120 --key "$api_key"
|
|
fi
|
|
EOF
|
|
|
|
EXPOSE 22
|
|
EXPOSE 5000
|
|
|
|
ENTRYPOINT [ "./venv/bin/libretranslate", "--host", "*" ]
|