| # Multi-stage build to reduce final image size and handle permissions properly | |
| FROM rust:1.90-alpine AS builder | |
| # Install build dependencies | |
| RUN apk add --no-cache \ | |
| musl-dev \ | |
| pkgconfig \ | |
| openssl-dev \ | |
| openssl-libs-static | |
| # Set working directory | |
| WORKDIR /app | |
| # Copy manifest files first | |
| COPY Cargo.toml Cargo.lock ./ | |
| # Create src directory structure | |
| RUN mkdir -p src | |
| # Copy the actual source files (including api_server.rs) | |
| COPY src ./src | |
| # Build the application | |
| RUN cargo build --release --bin api_server | |
| # Final runtime stage | |
| FROM alpine:3.20 | |
| # Install runtime dependencies | |
| RUN apk add --no-cache \ | |
| ca-certificates \ | |
| openssl-libs-static | |
| # Create app user | |
| RUN addgroup -g 1001 -S appgroup && \ | |
| adduser -S appuser -u 1001 -G appgroup | |
| # Set working directory | |
| WORKDIR /app | |
| # Copy the binary from builder stage | |
| COPY --from=builder /app/target/release/api_server . | |
| # Change ownership to app user | |
| RUN chown -R appuser:appgroup /app | |
| # Switch to non-root user | |
| USER appuser | |
| # Expose the default port | |
| EXPOSE 7860 | |
| # Set environment variables | |
| ENV RUST_LOG=info | |
| ENV API_HOST=0.0.0.0 | |
| ENV API_PORT=7860 | |
| # Run the application directly from binary | |
| CMD ["./api_server", "--no-proxy"] |