2e7b72307d
E2E encrypted chat (X3DH + Double Ratchet, Signal Protocol). Server: asyncio TCP + TLS, MySQL. Clients: PyQt6 GUI + CLI. Secrets (.env, TLS keys, Cloudflare token), runtime data and mobile clients (separate repos) are gitignored. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
45 lines
1.4 KiB
Docker
45 lines
1.4 KiB
Docker
# Encrypted Chat Server — Docker image
|
|
# Builds only the server-side components (server.py, db.py, crypto_utils.py, protocol.py)
|
|
# GUI/iOS client files are not included.
|
|
|
|
FROM python:3.12-slim
|
|
|
|
# Install system deps needed by pyzbar (libzbar) and Pillow
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
libzbar0 \
|
|
libjpeg62-turbo \
|
|
libpng16-16 \
|
|
default-libmysqlclient-dev \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
# Install Python deps — separate layer so code changes don't bust the cache
|
|
COPY requirements.txt .
|
|
# Install server-only deps (skip PyQt6, pyzbar, qrcode — not needed server-side)
|
|
RUN pip install --no-cache-dir \
|
|
cryptography \
|
|
"mysql-connector-python>=8.3.0" \
|
|
"python-dotenv>=1.0.0" \
|
|
"Pillow>=10.0.0"
|
|
|
|
# Copy server source files
|
|
COPY server.py db.py crypto_utils.py protocol.py schema.sql ./
|
|
|
|
# Optional: copy .env if it exists (overridden at runtime via env vars or mounted file)
|
|
# COPY .env .
|
|
|
|
# Create uploads directory
|
|
RUN mkdir -p /app/uploads && chmod 700 /app/uploads
|
|
|
|
# Expose the default server port
|
|
EXPOSE 5000
|
|
|
|
# Health check: attempt TCP connection to the server port
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
|
|
CMD python -c "import socket,sys; s=socket.socket(); s.settimeout(3); s.connect(('localhost', int(__import__('os').getenv('SERVER_PORT','5000')))); s.close()" || exit 1
|
|
|
|
ENV PYTHONUNBUFFERED=1
|
|
|
|
CMD ["python", "server.py"]
|