Dockerfile

FROM python:3.11-slim

WORKDIR /code

# Install build dependencies, wget, and OpenGL/X11 libraries
RUN apt-get update && apt-get install -y \
    build-essential \
    wget \
    libgl1-mesa-glx \
    libgl1-mesa-dev \
    libx11-6 \
    libx11-dev \
    libxrender1 \
    nginx \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create matplotlib config directory with proper permissions
ENV MPLCONFIGDIR=/tmp/matplotlib

# Create cache directories with proper permissions
RUN mkdir -p /.cache/ezdxf && \
    chmod 777 /.cache/ezdxf && \
    mkdir -p /tmp/ocpvscode && \
    chmod 777 /tmp/ocpvscode

# Set OCP_VSCODE_LOCK_DIR environment variable
ENV OCP_VSCODE_LOCK_DIR=/tmp/ocpvscode

# Create a non-root user first
RUN useradd -m -d /home/appuser -s /bin/bash appuser

# Set up Nginx directories and permissions
RUN mkdir -p /var/lib/nginx/body \
             /var/lib/nginx/fastcgi \
             /var/lib/nginx/proxy \
             /var/lib/nginx/scgi \
             /var/lib/nginx/uwsgi \
             /run/nginx && \
    touch /var/log/nginx/access.log && \
    touch /var/log/nginx/error.log && \
    chown -R appuser:appuser /var/lib/nginx \
                            /var/log/nginx \
                            /run/nginx \
                            /etc/nginx && \
    chmod -R 755 /var/lib/nginx && \
    chmod -R 644 /var/log/nginx/* && \
    chmod -R 755 /run/nginx && \
    rm -f /etc/nginx/sites-enabled/default

# Copy application files
COPY . .

# Set up startup script with correct permissions
RUN chmod +x start.sh

# Create nginx configuration for port forwarding
RUN echo 'worker_processes 1;\n\
error_log stderr error;\n\
pid /run/nginx/nginx.pid;\n\
events {\n\
    worker_connections 1024;\n\
}\n\
http {\n\
    access_log off;\n\
    error_log stderr error;\n\
    \n\
    log_not_found off;\n\
    \n\
    client_max_body_size 0;\n\
    \n\
    upstream nicegui {\n\
        server 127.0.0.1:7861;\n\
    }\n\
    \n\
    upstream viewer {\n\
        server 127.0.0.1:3939;\n\
    }\n\
    \n\
    map $http_upgrade $connection_upgrade {\n\
        default upgrade;\n\
        "" close;\n\
    }\n\
    \n\
    server {\n\
        listen 7860;\n\
        server_name localhost;\n\
        \n\
        proxy_ignore_client_abort on;\n\
        \n\
        # Main app (NiceGUI)\n\
        location / {\n\
            proxy_pass http://nicegui;\n\
            proxy_http_version 1.1;\n\
            proxy_set_header Upgrade $http_upgrade;\n\
            proxy_set_header Connection $connection_upgrade;\n\
            proxy_set_header Host $host;\n\
            proxy_set_header X-Real-IP $remote_addr;\n\
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
            proxy_set_header X-Forwarded-Proto $scheme;\n\
        }\n\
        \n\
        # Viewer route - pass the full URI directly to the viewer upstream with rewriting for exact /viewer/\n\
        location /viewer/ {\n\
            if ($request_uri = "/viewer/") {\n\
                rewrite ^ /viewer break;\n\
            }\n\
            proxy_pass http://viewer;\n\
            proxy_http_version 1.1;\n\
            proxy_set_header Upgrade $http_upgrade;\n\
            proxy_set_header Connection $connection_upgrade;\n\
            proxy_set_header Host $host;\n\
            proxy_set_header X-Real-IP $remote_addr;\n\
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\
            proxy_set_header X-Forwarded-Proto $scheme;\n\
            proxy_read_timeout 86400;\n\
            proxy_buffering off;\n\
        }\n\
    }\n\
}' > /etc/nginx/nginx.conf && \
    chown appuser:appuser /etc/nginx/nginx.conf

# Set up .ocpvscode file
RUN touch /home/appuser/.ocpvscode && \
    echo "{}" > /home/appuser/.ocpvscode && \
    chown -R appuser:appuser /home/appuser && \
    chmod 666 /home/appuser/.ocpvscode

# Install uv and create virtual environment
RUN pip install uv && \
    uv venv /opt/venv

# Activate virtual environment
ENV PATH="/opt/venv/bin:$PATH"

# Install project and dependencies using uv
RUN uv pip install .

# Download and setup openvscode-server
RUN wget https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.86.2/openvscode-server-v1.86.2-linux-x64.tar.gz -O /tmp/openvscode-server.tar.gz && \
    tar -xzf /tmp/openvscode-server.tar.gz -C /opt && \
    rm /tmp/openvscode-server.tar.gz && \
    mv /opt/openvscode-server-v1.86.2-linux-x64 /opt/openvscode-server

# Set permissions for the entire /code directory
RUN chown -R appuser:appuser /code && \
    chown -R appuser:appuser /opt/openvscode-server

# Switch to non-root user
USER appuser
ENV HOME=/home/appuser

# Expose port 7860 for Hugging Face Spaces
EXPOSE 7860

# Run the startup script
CMD ["./start.sh"]