mmc/lingma-openai-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e6c1c1a633f63376933b35ac503ca85bfa53e04
lingma-openai-gateway/Dockerfile
GitHub Actions 2febc37c2c prod hardening: admin/metrics authz split, subprocess lifecycle, parallel pool start, HEALTHCHECK 
- authz: new ADMIN_TOKEN gates /internal/*; METRICS_PUBLIC=false by default, so
  /metrics returns 503 when neither METRICS_TOKEN nor API_KEYS is set
  (previously leaked pool topology). Startup logs loudly if API_KEYS is empty
  or admin falls back to chat keys.
- lingma_client: keep a Popen handle instead of orphaning Lingma with
  start_new_session, drain stderr to logger at DEBUG, SIGTERM -> 5s grace ->
  SIGKILL on shutdown. Fixes the zombie-process leak on container reload.
- pool: asyncio.gather to start N instances concurrently; N=2 pool shaves
  ~startup_timeout seconds off boot.
- Dockerfile: HEALTHCHECK hits /healthz and greps for pool_ready>0 so Docker
  / compose orchestrators see "stuck on login" as unhealthy.

Made-with: Cursor
2026-04-18 10:22:13 +08:00

32 lines
1.2 KiB
Docker
Raw Blame History

FROM mcr.microsoft.com/playwright/python:v1.52.0-jammy
WORKDIR /app
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
ARG PIP_INDEX_URL=https://mirrors.cloud.tencent.com/pypi/simple
ARG PIP_TRUSTED_HOST=mirrors.cloud.tencent.com
COPY requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir --retries 5 --timeout 120 \
-i "${PIP_INDEX_URL}" --trusted-host "${PIP_TRUSTED_HOST}" \
-r /app/requirements.txt
COPY app /app/app
EXPOSE 8317
# Container-level health signal. Docker Compose / orchestrators rely on this
# to stop sending traffic when the pool is wedged, restart unhealthy replicas,
# and drive rolling deploys. /healthz returns ok=true only when at least one
# Lingma instance is in state=ready, so it catches the "stuck on login" case
# that a raw TCP probe would miss.
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
CMD python -c "import os,json,urllib.request,sys; \
port=os.environ.get('PORT','8317'); \
r=urllib.request.urlopen(f'http://127.0.0.1:{port}/healthz', timeout=3); \
sys.exit(0 if json.load(r).get('ok') else 1)" || exit 1
CMD ["sh", "-c", "python /app/app/bootstrap_lingma.py && uvicorn app.main:app --host ${HOST:-0.0.0.0} --port ${PORT:-8317}"]
Reference in New Issue View Git Blame Copy Permalink