-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
82 lines (77 loc) · 3.06 KB
/
Dockerfile
File metadata and controls
82 lines (77 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
FROM node:18-alpine AS frontend-builder
WORKDIR /app/frontend
COPY frontend/package*.json ./
RUN npm install
COPY frontend/ ./
RUN npm run build
FROM golang:1.24 AS backend-builder
ARG GOPROXY=https://proxy.golang.org,direct
ARG GOSUMDB=sum.golang.org
ENV GOPROXY=${GOPROXY}
ENV GOSUMDB=${GOSUMDB}
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
# Force rebuild by adding timestamp
RUN echo "Build at $(date)" > /tmp/buildtime
COPY backend/ ./backend/
COPY frontend/ ./frontend/
COPY --from=frontend-builder /app/frontend/dist ./frontend/dist
COPY internal/ ./internal/
RUN CGO_ENABLED=0 go build -tags frontend_dist -o singbox-proxy-manager ./backend
FROM debian:bookworm-slim
ARG SINGBOX_VERSION=1.12.12
ARG TARGETARCH
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
jq \
&& ARCH="${TARGETARCH}" \
&& if [ -z "$ARCH" ]; then ARCH="$(dpkg --print-architecture)"; fi \
&& case "${ARCH}" in \
amd64) SINGBOX_ARCH="amd64" ;; \
arm64) SINGBOX_ARCH="arm64" ;; \
*) echo "Unsupported TARGETARCH: ${ARCH}" >&2; exit 1 ;; \
esac \
&& ASSET="sing-box-${SINGBOX_VERSION}-linux-${SINGBOX_ARCH}.tar.gz" \
&& curl -fL -o "/tmp/${ASSET}" "https://github.com/SagerNet/sing-box/releases/download/v${SINGBOX_VERSION}/${ASSET}" \
&& GH_API_URL="https://api.github.com/repos/SagerNet/sing-box/releases/tags/v${SINGBOX_VERSION}" \
&& GH_BODY="$(mktemp)" \
&& GH_HEADERS="$(mktemp)" \
&& GH_STATUS="$(curl -sS -D "$GH_HEADERS" -o "$GH_BODY" -w "%{http_code}" "$GH_API_URL" || true)" \
&& if [ "$GH_STATUS" != "200" ]; then \
echo "ERROR: failed to fetch sing-box release metadata from GitHub API (api.github.com)." >&2; \
echo "URL: $GH_API_URL" >&2; \
echo "HTTP status: $GH_STATUS" >&2; \
echo "Hint: your build environment may be blocking api.github.com or hitting GitHub API rate limits." >&2; \
echo "GitHub rate limit headers:" >&2; \
grep -i '^x-ratelimit' "$GH_HEADERS" >&2 || true; \
echo "Response body (first 2000 bytes):" >&2; \
head -c 2000 "$GH_BODY" >&2 || true; \
echo >&2; \
exit 1; \
fi \
&& DIGEST="$(jq -r --arg asset "${ASSET}" '.assets[] | select(.name==$asset) | .digest' "$GH_BODY")" \
&& rm -f "$GH_BODY" "$GH_HEADERS" \
&& if [ -z "$DIGEST" ] || [ "$DIGEST" = "null" ]; then \
echo "ERROR: failed to find digest for asset '$ASSET' in GitHub release metadata." >&2; \
exit 1; \
fi \
&& DIGEST="${DIGEST#sha256:}" \
&& echo "${DIGEST} /tmp/${ASSET}" | sha256sum -c - \
&& tar -xzf "/tmp/${ASSET}" -C /tmp \
&& mv /tmp/sing-box-*/sing-box /usr/local/bin/ \
&& chmod +x /usr/local/bin/sing-box \
&& rm -rf /tmp/sing-box* \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=backend-builder /app/singbox-proxy-manager ./singbox-proxy-manager
RUN mkdir -p /app/config
ENV PORT=30000
ENV CONFIG_DIR=/app/config
ENV TZ=UTC+8
ENV ADMIN_PASSWORD=
EXPOSE 30000
VOLUME ["/app/config"]
CMD ["./singbox-proxy-manager"]