diff --git a/.agents/skills b/.agents/skills new file mode 120000 index 0000000..cd2ebc5 --- /dev/null +++ b/.agents/skills @@ -0,0 +1 @@ +../doc/skills \ No newline at end of file diff --git a/.claude/skills b/.claude/skills new file mode 120000 index 0000000..cd2ebc5 --- /dev/null +++ b/.claude/skills @@ -0,0 +1 @@ +../doc/skills \ No newline at end of file diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md new file mode 120000 index 0000000..be77ac8 --- /dev/null +++ b/.github/copilot-instructions.md @@ -0,0 +1 @@ +../AGENTS.md \ No newline at end of file diff --git a/.github/skills b/.github/skills new file mode 120000 index 0000000..cd2ebc5 --- /dev/null +++ b/.github/skills @@ -0,0 +1 @@ +../doc/skills \ No newline at end of file diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 5c3123f..76facd8 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -15,6 +15,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: + contents: read + env: BUILDKIT_PROGRESS: "plain" # Full logs for CI build. REGISTRY_SRC: ${{ vars.REGISTRY_SRC || 'docker.io' }} # For BASE_NAMESPACE of images: where to pull base images from, docker.io or other source registry URL. @@ -26,6 +29,7 @@ env: DOCKER_MIRROR_REGISTRY_USERNAME: ${{ vars.DOCKER_MIRROR_REGISTRY_USERNAME }} DOCKER_MIRROR_REGISTRY_PASSWORD: ${{ secrets.DOCKER_MIRROR_REGISTRY_PASSWORD }} CI_PROJECT_NAME: ${{ vars.CI_PROJECT_NAME || 'LabNow/lab-dev' }} + TZ: Asia/Shanghai jobs: ## Clash diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..91ca7a9 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "doc"] + path = doc + url = https://github.com/LabNow-ai/lab-dev.wiki.git diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..e69de29 diff --git a/CLAUDE.md b/CLAUDE.md new file mode 120000 index 0000000..47dc3e3 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1 @@ +AGENTS.md \ No newline at end of file diff --git a/README.md b/README.md index 8cfd953..80a4c8b 100644 --- a/README.md +++ b/README.md @@ -1,40 +1,61 @@ -# LabNow Container Image Stack - Lab Dev +# LabNow Container Image Stack — Lab Dev [![License](https://img.shields.io/badge/License-BSD%203--Clause-green.svg)](https://opensource.org/licenses/BSD-3-Clause) [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/LabNow-ai/lab-dev/build-docker.yml?branch=main)](https://github.com/LabNow-ai/lab-dev/actions/workflows/build-docker.yml) [![Recent Code Update](https://img.shields.io/github/last-commit/LabNow-ai/lab-dev.svg)](https://github.com/LabNow-ai/lab-dev/stargazers) [![Visit Images on DockerHub](https://img.shields.io/badge/DockerHub-Images-green)](https://hub.docker.com/u/labnow) +[![GitHub Stars](https://img.shields.io/github/stars/LabNow-ai/lab-dev.svg?label=Stars)](https://github.com/LabNow-ai/lab-dev/stargazers) -Please generously STAR★ our project or donate to us! [![GitHub Starts](https://img.shields.io/github/stars/LabNow-ai/lab-dev.svg?label=Stars)](https://github.com/LabNow-ai/lab-dev/stargazers) -[![Donate-PayPal](https://img.shields.io/badge/Donate-PayPal-blue.svg)](https://paypal.me/haobibo) -[![Donate-AliPay](https://img.shields.io/badge/Donate-Alipay-blue.svg)](https://raw.githubusercontent.com/wiki/haobibo/resources/img/Donate-AliPay.png) -[![Donate-WeChat](https://img.shields.io/badge/Donate-WeChat-green.svg)](https://raw.githubusercontent.com/wiki/haobibo/resources/img/Donate-WeChat.png) +`lab-dev` provides standardized, pre-configured building blocks, IDEs, and gateway services to accelerate application development and cloud-native workflows. -Discussion and contributions are welcome: -[![Join the Discord Chat](https://img.shields.io/badge/Discuss_on-Discord-green)](https://discord.gg/kHUzgQxgbJ) -[![Open an Issue on GitHub](https://img.shields.io/github/issues/LabNow-ai/lab-dev)](https://github.com/LabNow-ai/lab-dev/issues) +--- -## Lab Dev - Building Blocks and IDEs for Application Development +## 📖 Documentation & Tutorials +* **[Wiki & Document](https://doc.labnow.ai/)** +* **[中文使用指引 (含中国网络镜像)](https://doc.labnow.ai/zh-CN/)** -`LabNow lab-dev` ( [DockerHub](https://hub.docker.com/u/labnow) | [GitHub](https://github.com/LabNow-ai/lab-dev) ) provides Building Blocks and IDEs for Application Development. +--- -## Documentation & Tutorial +## 🚀 Container Image Catalog -[Wiki & Document](https://doc.labnow.ai/) | [中文使用指引(含中国网络镜像)](https://doc.labnow.ai/zh-CN/) +Below is the directory map of all specialized modules maintained in this repository: -## Develop and Debug +| Module Directory | Image Target | Purpose / Stack | Default Ports | Key Persistence Volumes | +| :--- | :--- | :--- | :--- | :--- | +| **`docker_casdoor`** | `labnow/casdoor` | IAM / SSO Identity Gateway | `8000`, `389`, `1812` | `/opt/casdoor/files` | +| **`docker_clash`** | `labnow/clash` | Network Proxy Core (Mihomo) & UIs | `7890`, `9090`, `1053` | `/opt/clash/config` | +| **`docker_devbox`** | `labnow/developer` | JupyterLab, VS Code, RStudio Server | `8888`, `9999`, `8787` | `/root` | +| **`docker_gui`** | `labnow/gui-linux` | Selkies-GStreamer WebRTC GUI sessions | `8080` | `/tmp/runtime-root` | +| **`docker_hermes`** | `labnow/hermes` | Hermes Autonomous Agent Workspace | `9119` | `/root/workspace` | +| **`docker_keycloak`** | `labnow/keycloak` | Quarkus-based IAM / OAuth2 | `8080` | `/opt/keycloak/data` | +| **`docker_litellm`** | `labnow/litellm` | LiteLLM OpenAI-compatible API Proxy | `4000` | `/opt/litellm` | +| **`docker_logent`** | `labnow/logent` | Supervisord + logrotate + Vector pipeline | — | — | +| **`docker_nocobase`** | `labnow/nocobase` | Extensible Low-code Platform | `13000` | `/opt/nocobase/storage` | +| **`docker_openclaw`** | `labnow/openclaw` | AI Agent Automation Gateway | `18789`, `18790` | `/root/.openclaw/data` | +| **`docker_openresty`** | `labnow/openresty` | Nginx + Lua + acme.sh SSL certificate | `80`, `443` | `/etc/nginx/ssl`, `/root/.acme.sh` | +| **`docker_searxng`** | `labnow/searxng` | Privacy Metasearch Engine | `8080`, `9001` | `/etc/searxng` | +| **`docker_storebox`** | `labnow/storebox` | Alist WebDAV + Rclone Cloud Storage | `5244`, `5572` | `/opt/alist/data`, `/root/.config/rclone` | + +--- + +## 🛠️ Development Quickstart + +To run the unified **`developer`** container workspace with mounted directories: ```bash -IMG="labnow/developer" -# IMG="quay.io/labnow/developer" +IMG="labnow/developer:latest" docker run -d --restart=always \ --name=labnow-dev \ --hostname=LabNow \ - -p 18888-18890:8888-8890 \ - -v $(pwd):/root/labnow \ - -w /root/labnow \ + -p 18888:8888 \ + -p 19999:9999 \ + -p 18787:8787 \ + -v $(pwd):/root/workspace \ + -w /root/workspace \ $IMG - -sleep 5s && docker logs labnow-dev 2>&1|grep token= ``` + +1. **JupyterLab**: Access at `http://localhost:18888` (check `docker logs labnow-dev` for the token). +2. **VS Code (code-server)**: Access at `http://localhost:19999` (started by running `/usr/local/bin/start-code-server.sh` inside the container). +3. **RStudio Server**: Access at `http://localhost:18787` (started by running `/usr/local/bin/start-rserver.sh` inside the container). diff --git a/doc b/doc new file mode 160000 index 0000000..b20cfee --- /dev/null +++ b/doc @@ -0,0 +1 @@ +Subproject commit b20cfee8c9058a2e753db6a6916889e7c3828219 diff --git a/docker_casdoor/README.md b/docker_casdoor/README.md index 1cbea91..3f0248d 100644 --- a/docker_casdoor/README.md +++ b/docker_casdoor/README.md @@ -1,5 +1,41 @@ # Casdoor -Identity and Access Management (IAM) / Single-Sign-On (SSO) platform: https://github.com/casdoor/casdoor +`casdoor` is a Go-based open-source Identity and Access Management (IAM) and Single Sign-On (SSO) platform. -For configuration file (`/opt/casdoor/conf/app.conf`), refer to: https://casdoor.org/de/docs/basic/configuration/ +--- + +## 1. Port Configuration + +Casdoor exposes the following default network ports: +- **`8000` (HTTP Web UI / API)**: Main entry point for the administration interface and user login portals. +- **`389` (LDAP)**: Lightweight Directory Access Protocol directory service port. +- **`1812` (Radius)**: RADIUS authentication service port. + +--- + +## 2. Data Persistence & Configurations + +All uploaded files, avatar resources, and custom database attachments require volume mapping. + +- **`/opt/casdoor/files`**: Local file system storage for user-uploaded resources (exposed as a Docker Volume). +- **`/opt/casdoor/conf/app.conf`** (Symlinked to `/conf/app.conf`): The core configuration file. + +### Database Connection Configuration +Adjust the database connection in `app.conf` or pass them via database flags: +- `driverName`: Database type (e.g. `mysql`, `postgres`, `sqlite3`). +- `dataSourceName`: Database connection string parameters (e.g. `"user=postgres password=postgres host=localhost port=5432 sslmode=disable dbname=casdoor"`). + +--- + +## 3. Quickstart Example + +Run Casdoor using default configs: +```bash +docker run -d \ + --name svc-casdoor \ + -p 8000:8000 \ + -p 389:389 \ + -p 1812:1812 \ + -v casdoor_uploads:/opt/casdoor/files \ + labnow/casdoor:latest +``` diff --git a/docker_clash/README.md b/docker_clash/README.md index 9f27156..c990494 100644 --- a/docker_clash/README.md +++ b/docker_clash/README.md @@ -1,18 +1,50 @@ # Clash / Mihomo -- mihomo core: https://github.com/MetaCubeX/mihomo/tree/Alpha -- webui zashboard: https://github.com/Zephyruso/zashboard -- webui matacubexd: https://github.com/MetaCubeX/metacubexd -- webui verge / client: https://clash-verge-rev.github.io +`clash` is a containerized proxy core (based on Mihomo/Clash Meta) bundled with built-in dashboard web UIs. + +--- + +## 1. Port Configuration + +Clash listens on the following service ports: +- **`7890` (HTTP/SOCKS5 Mixed Proxy)**: Main proxy endpoint for client systems and routing tools. +- **`9090` (External Controller REST API)**: Used by external dashboards to communicate with the proxy. +- **`1053` (DNS Server)**: Listens for DNS queries if DNS resolution redirection is enabled. + +--- + +## 2. Data Persistence & Configurations + +Configurations and cache files can be persisted by mapping the configuration folder: -## Usage +- **`/opt/clash/config`**: Directory housing the configuration file. +### Environment variables configuration: +- `PROXY_PROVIDER`: Subscription URL or YAML document URL to source proxy nodes from. +- `CLASH_CONFIG_PATH`: Custom path to target the config file (defaults to `/opt/clash/config/config.yaml`). + +--- + +## 3. Quickstart Example + +Run the Clash container: ```shell docker run -d \ --name=svc-clash \ - -p 7890:7890 -p 9090:9090 \ + -p 7890:7890 \ + -p 9090:9090 \ + -p 1053:1053/udp \ + -v clash_config:/opt/clash/config \ -e PROXY_PROVIDER="https://raw.githubusercontent.com/snakem982/proxypool/main/source/clash-meta.yaml" \ - labnow/clash + labnow/clash:latest ``` -After the container starts, visit this page to manage proxy: http://localhost:9090/ui/ui-zashboard/ +After the container starts, open your web browser and navigate to the built-in dashboard: +`http://localhost:9090/ui/ui-zashboard/` + +## Reference + +- mihomo core: https://github.com/MetaCubeX/mihomo/tree/Alpha +- webui zashboard: https://github.com/Zephyruso/zashboard +- webui matacubexd: https://github.com/MetaCubeX/metacubexd +- webui verge / client: https://clash-verge-rev.github.io diff --git a/docker_devbox/README.md b/docker_devbox/README.md index b8050d3..b2d171a 100644 --- a/docker_devbox/README.md +++ b/docker_devbox/README.md @@ -1,31 +1,70 @@ -# Developer Box +# Developer Box (DevBox & Hub) -## Develop and Debug - Single User +`docker_devbox` provides containerized IDEs (JupyterLab, VS Code Server, RStudio Server) and JupyterHub orchestration. It is categorized into `developer` (base IDE stacks) and `dev-hub` (multi-user notebooks proxy). -```shell -IMG="labnow/developer" -# IMG="registry.cn-hangzhou.aliyuncs.com/labnow/full-stack-dev" +--- + +## 1. IDE Port Configurations + +The development containers host multiple development environments on the following ports: +- **`8888` (JupyterLab / Notebook)**: Default interface loaded at startup via `start-jupyterlab.sh`. +- **`9999` (VS Code Server / code-server)**: Sourced and run via `/usr/local/bin/start-code-server.sh`. +- **`8787` (RStudio Server)**: Sourced and run via `/usr/local/bin/start-rserver.sh`. +- **`8000` (JupyterHub proxy)**: Serves the multi-user routing portal on the `dev-hub` image. + +### Environment variables configuration: +- `JUPYTER_CMD`: Command to launch (defaults to `lab`). +- `CODER_ARGS`: Custom arguments passed to code-server (e.g. `--bind-addr=0.0.0.0:9999` or `--auth=password`). +- `RSTUDIO_ARGS`: Custom arguments passed to RStudio server (e.g. `--www-port=8787`). +- `USE_SSL` / `GEN_CERT`: Generates self-signed SSL certificates (`certificate.pem` in `/opt/conda/etc/jupyter/`). + +--- + +## 2. Data Persistence & Workspace + +To preserve active code databases, libraries, and shell histories, mount your host working directory directly: + +- **`/root`**: The default home directory containing system configurations, SSH keys, and profile settings. +- **`/root/workspace`**: Shared workspaces for documents and project codes. + +--- +## 3. Quickstart Examples + +### A. JupyterLab Server (Default) +Run a JupyterLab server in the background: +```shell docker run -d --restart=always \ --name=labnow-dev \ --hostname=LabNow \ - -p 18888-18890:8888-8890 \ - -v $(pwd):/root/ \ - -w /root/ \ - $IMG - -sleep 5s && docker logs labnow-dev 2>&1|grep token= + -p 8888:8888 \ + -v $(pwd):/root/workspace \ + -w /root/workspace \ + labnow/developer:latest ``` -Debug building: +### B. VS Code Server (code-server) +Run the container directly executing code-server: +```shell +docker run -d --restart=always \ + --name=labnow-vscode \ + --hostname=LabNow \ + -p 9999:9999 \ + -v $(pwd):/root/workspace \ + -w /root/workspace \ + labnow/developer:latest \ + /usr/local/bin/start-code-server.sh +``` +### C. RStudio Server +Run RStudio Server (requires R profile installed in base): ```shell -IMG="labnow/rust" -docker run --rm -it \ - --name=labnow-dev --hostname=LabNow \ - -p 18888-18890:8888-8890 \ - -v $(pwd):/root/ -w /root/ \ - $IMG bash - -docker exec -it labnow-dev bash +docker run -d --restart=always \ + --name=labnow-rstudio \ + --hostname=LabNow \ + -p 8787:8787 \ + -v $(pwd):/root/workspace \ + -w /root/workspace \ + labnow/data-science-dev:latest \ + /usr/local/bin/start-rserver.sh ``` diff --git a/docker_hermes/README.md b/docker_hermes/README.md index 1ecc71c..81fb801 100644 --- a/docker_hermes/README.md +++ b/docker_hermes/README.md @@ -1,61 +1,44 @@ -# Hermes Agent Docker Image +# Hermes Agent -This directory contains the Dockerfile for building the [Hermes Agent](https://github.com/nousresearch/hermes-agent) Docker image. +`hermes` is a containerized agentic assistant platform based on the [Hermes Agent](https://github.com/nousresearch/hermes-agent) project, built using Node.js and Python runtime stacks. -## Optimization Features +--- -- **Multi-stage Build**: Significantly reduces image size by separating the build environment from the runtime environment. -- **Persistent Storage**: All user data, configurations, and logs are stored in `/root/workspace`. -- **Runtime Environment**: Uses the base Python environment instead of a virtual environment for simplicity and efficiency. +## 1. Port Configuration -## Quick Start +The Hermes Agent container hosts services on the following port: +- **`9119` (HTTP Dashboard)**: Web-based interface to manage agent sessions, skills, configurations, and plans. -### Build Image +### Environment variables configuration: +- `HERMES_DASHBOARD`: Set to `true` or `1` to autostart the dashboard server via Supervisord (defaults to `false` if not set). +- `HERMES_DASHBOARD_HOST`: Interface to bind the dashboard server to (defaults to `0.0.0.0`). +- `HERMES_DASHBOARD_PORT`: Port to host the dashboard server on (defaults to `9119`). +- `HERMES_DASHBOARD_INSECURE`: Set to `true` or `1` to run the dashboard in insecure mode (`--insecure`). -```bash -docker build -f hermes.Dockerfile -t hermes-agent:latest . -``` +--- -### Run with Docker Compose +## 2. Data Persistence -```bash -cd demo -docker compose up -d -``` +The agent stores its memory, dynamic configurations, keys, and session databases under: -### Run Manually +- **`/root/workspace`**: Sourced home directory for all agent states. +### Subdirectories initialized under workspace: +- `sessions/` / `memories/` - Database and session storage. +- `skills/` / `plans/` - Executable custom agent skills and running plans. +- `config.yaml` / `.env` - Main configuration profile files. + +--- + +## 3. Quickstart Example + +Run Hermes Agent with persistent volume and dashboard auto-started: ```bash -# Run with persistent volume docker run -d \ - --name hermes \ + --name svc-hermes \ --hostname hermes \ - -p 8000:8000 \ + -p 9119:9119 \ -v /path/to/your/data:/root/workspace \ - hermes-agent:latest + -e HERMES_DASHBOARD=true \ + labnow/hermes:latest ``` - -## Environment Variables - -| Variable | Default | Description | -|----------|---------|-------------| -| HERMES_HOME | `/root/workspace` | Home directory for hermes data | -| HOME | `/root/workspace` | System HOME environment variable | -| PLAYWRIGHT_BROWSERS_PATH | `/opt/hermes/.playwright` | Path for Playwright browsers | - -## Volumes - -- `/root/workspace` - Persistent data directory for hermes configuration, memories, and skills. This should be mapped to a host directory for data persistence. - -## Build Arguments - -| Argument | Default | Description | -|----------|---------|-------------| -| BASE_NAMESPACE | (empty) | Namespace for the base image | -| BASE_IMG | `node` | Base image name (expected to have Node and Python) | - -## Documentation - -For more information about Hermes Agent, see: -- [Official Documentation](https://hermes-agent.nousresearch.com/docs/) -- [GitHub Repository](https://github.com/nousresearch/hermes-agent) diff --git a/docker_keycloak/README.md b/docker_keycloak/README.md new file mode 100644 index 0000000..8c0b233 --- /dev/null +++ b/docker_keycloak/README.md @@ -0,0 +1,43 @@ +# Keycloak + +`keycloak` is an enterprise-grade open-source Identity and Access Management (IAM) and Single Sign-On (SSO) solution built on top of the dynamic Java JRE (JDK-17) base image. + +--- + +## 1. Port Configuration + +Keycloak runs on the following default port: +- **`8080` (HTTP)**: Serves the administrator console, client login portals, authentication endpoints, and API. + +You can modify the server's listening port at container runtime by overriding Keycloak configuration arguments or variables, such as: +- `--http-port` CLI parameter. +- `KC_HTTP_PORT` environment variable. + +--- + +## 2. Data Persistence + +In a production environment, Keycloak requires an external database (PostgreSQL, MySQL, MariaDB, Oracle, or SQL Server) to persist configuration, client profiles, and user sessions. + +### Environment variables configuration: +- `KC_DB`: Database vendor (e.g. `postgres`, `mysql`). +- `KC_DB_URL`: Connection string URL (e.g. `jdbc:postgresql://postgres-db:5432/keycloak`). +- `KC_DB_USERNAME` / `KC_DB_PASSWORD`: Authentication credentials. + +### File storage persistence (dev mode): +If running the default H2 database (for development), mount the data folder to persist settings: +- **`/opt/keycloak/data`**: Stores local database files. + +--- + +## 3. Quickstart Example + +Run the Keycloak container in dev mode: +```bash +docker run -d \ + --name svc-keycloak \ + -p 8080:8080 \ + -e KEYCLOAK_ADMIN=admin \ + -e KEYCLOAK_ADMIN_PASSWORD=admin \ + labnow/keycloak:latest +``` diff --git a/docker_litellm/README.md b/docker_litellm/README.md index ea6e4f3..45389bb 100644 --- a/docker_litellm/README.md +++ b/docker_litellm/README.md @@ -1,47 +1,37 @@ -# LiteLLM Docker Image +# LiteLLM Proxy -This directory contains the Dockerfile for building the [LiteLLM](https://github.com/BerriAI/litellm) Docker image, following the LabNow optimized multi-stage build pattern. +`litellm` is a lightweight proxy server to call 100+ LLM APIs using the OpenAI format, with a built-in UI dashboard. -## Optimization Features +--- -- **Multi-stage Build**: Separates the UI compilation and Python packaging from the runtime environment to keep the final image slim. -- **Persistent Storage**: Uses `/root/workspace` for all configurations and data. -- **Ready to Use**: Includes the LiteLLM Proxy with the Admin UI pre-compiled. +## 1. Port Configuration -## Quick Start +- **`4000` (HTTP)**: Serves the OpenAI-compatible REST API endpoints and the admin control panel dashboard interface. -### Build Image +--- -```bash -docker build -f litellm.Dockerfile -t litellm-labnow:latest . -``` - -### Run Manually - -```bash -# Run with persistent volume -docker run -d \ - --name litellm \ - -p 4000:4000 \ - -v /path/to/your/config:/root/workspace \ - litellm-labnow:latest -``` +## 2. Data Persistence & Configurations -By default, it will look for a `config.yaml` in the workspace. If not found, a basic one will be created. +LiteLLM looks for `config.yaml` in its home directory at startup: -## Environment Variables +- **`/opt/litellm`**: Sourced workspace directory (configured via `HOME_LITELLM`). This is where `config.yaml` is written and read. +- **`/root/workspace`**: Additional shared data directories volume. -| Variable | Default | Description | -|----------|---------|-------------| -| LITELLM_HOME | `/root/workspace` | Home directory for LiteLLM data | -| HOME | `/root/workspace` | System HOME environment variable | +### Custom Home Directory +You can override the home location using the environment variable: +- `HOME_LITELLM`: Paths to store the active configs (e.g. `/root/workspace`). -## Volumes +--- -- `/root/workspace` - Persistent directory for `config.yaml` and other LiteLLM data. +## 3. Quickstart Example -## Documentation +Run LiteLLM Proxy with mapped configuration folder: +```bash +docker run -d \ + --name svc-litellm \ + -p 4000:4000 \ + -v /path/to/your/config:/opt/litellm \ + labnow/litellm:latest +``` -For more information about LiteLLM, see: -- [Official Documentation](https://docs.litellm.ai/) -- [GitHub Repository](https://github.com/BerriAI/litellm) +By default, it will look for a `config.yaml` in the directory. If not found, a basic template targeting `gpt-3.5-turbo` is auto-generated. diff --git a/docker_nocobase/README.md b/docker_nocobase/README.md new file mode 100644 index 0000000..aa55d35 --- /dev/null +++ b/docker_nocobase/README.md @@ -0,0 +1,44 @@ +# Nocobase + +`nocobase` is an open-source, private, scalable low-code development platform, built on top of a customized Node.js and PostgreSQL Client runtime environment. + +--- + +## 1. Port Configuration + +Nocobase operates on the following default port: +- **`13000` (HTTP)**: Serves the Web interface, API end-points, and admin dashboard. + +--- + +## 2. Data Persistence + +All local files, dynamic configurations, SQLite databases, and customization scripts must be persisted. + +- **`/opt/nocobase/storage`**: Main directory for data storage, files, plugins, and SQLite databases (if used). + +### Startup Hooks: +You can drop custom shell scripts into `/opt/nocobase/storage/scripts/`. The entrypoint will scan and execute any `*.sh` files in this directory before booting the main app. + +### External Database Configuration (Optional): +If not using SQLite, configure database connections via standard environment variables: +- `DB_DIALECT`: `postgres` or `mysql` +- `DB_HOST`: Host address of the database service +- `DB_PORT`: Database port number +- `DB_USER`: Database login user +- `DB_PASSWORD`: Database login password +- `DB_DATABASE`: Database name + +--- + +## 3. Quickstart Example + +Run Nocobase with SQLite database storage: +```bash +docker run -d \ + --name svc-nocobase \ + -p 13000:13000 \ + -v nocobase_storage:/opt/nocobase/storage \ + -e LOCALE="zh-CN" \ + labnow/nocobase:latest +``` diff --git a/docker_openclaw/README.md b/docker_openclaw/README.md new file mode 100644 index 0000000..ff7bc5e --- /dev/null +++ b/docker_openclaw/README.md @@ -0,0 +1,40 @@ +# OpenClaw + +`openclaw` is an open-source AI agent and automation portal gateway based on Node.js/pnpm. It provides visual orchestration, webhooks, and automation pipelines. + +--- + +## 1. Port Configuration + +OpenClaw exposes the following TCP service ports: +- **`18789` (HTTP Gateway)**: Access Web UI portal and core API services. +- **`18790` (Internal Webhooks / Events)**: Receives webhooks and process inter-agent messaging. + +### Custom Port & Bind Interface +You can configure bind settings at runtime using the following environment variables: +- `OPENCLAW_GATEWAY_BIND`: Binding network interface (defaults to `lan` which resolves to the local network IP). +- `OPENCLAW_GATEWAY_PORT`: Binding HTTP port (defaults to `18789`). + +--- + +## 2. Data Persistence + +OpenClaw requires volume mappings to persist configurations, downloaded agent plugins, and logs. + +### Required Directories to Persist: +- **`/root/.openclaw/data`**: Houses the main database and the dynamic config file (`openclaw.json`). +- **`/opt/node/pnpm/store`** (Optional): Stores package dependencies and plugin installation cache. + +--- + +## 3. Quickstart Example + +Start the OpenClaw container with volume persistence: +```bash +docker run -d \ + --name svc-openclaw \ + -p 18789:18789 \ + -p 18790:18790 \ + -v openclaw_data:/root/.openclaw/data \ + labnow/openclaw:latest +``` diff --git a/docker_openresty/README.md b/docker_openresty/README.md index 21bfc49..7a76717 100644 --- a/docker_openresty/README.md +++ b/docker_openresty/README.md @@ -1,58 +1,75 @@ -# OpenResty with Lua, acme.sh +# OpenResty with Lua & acme.sh -What's inside this docker image: - - Openresty, ref: https://github.com/openresty/docker-openresty/blob/master/bionic/Dockerfile - - acme.sh, ref: https://github.com/acmesh-official/acme.sh +`openresty` is a full-fledged web platform that integrates the standard Nginx core, LuaJIT, and acme.sh SSL certificate management tools. -## How to apply for certificates using ACME.sh +--- +## 1. Port Configuration + +- **`80` (HTTP)**: Serves standard HTTP proxy requests, acme-challenge routing, and redirect logic. +- **`443` (HTTPS)**: Serves SSL-terminated connections (configured inside custom proxy templates). + +--- + +## 2. Data Persistence (Volumes) + +To store custom configuration templates and SSL certificates, mount the following directories: + +- **`/var/log/nginx`**: Directory for access and error log outputs. +- **`/var/cache/nginx`**: Proxy cache directories. +- **`/etc/nginx/templates/`**: Directory containing `.template` files for environment variables substitutions. +- **`/etc/nginx/ssl`**: Stores certificates and private keys generated by acme.sh. +- **`/root/.acme.sh`**: Houses acme.sh configs, renewal certificates, and API secrets. + +--- + +## 3. How to apply for certificates using ACME.sh + +Log into the running container to view existing certificates: ```bash -# enter into the container and see existing domain certs docker exec -it svc-proxy-openresty bash cd /etc/nginx/ssl && ls -alh ``` -And then, choose your mode: - -### Mode 1: HTTP-01 mode - -Not working for wild-card domain names, and requires nginx `letsencrypt-acme-challenge.conf`. +Choose your validation method: +### Method A: HTTP-01 Validation +Requires public endpoint accessibility and nginx challenge configuration files. ```bash -# If you don't have any certs yet, set your DOMAIN list to env var DOMAINS +# Set your DOMAINS environment variable DOMAINS='a1.example.com a2.example.com a3.example.com' + # Or if you already have certs in this folder, run the command below to get a list of DOMAINS -DOMAINS=$(printf "%s\n" *.crt *.key 2>/dev/null | sed 's/\.[^.]*$//' | sort -u) +# DOMAINS=$(printf "%s\n" *.crt *.key 2>/dev/null | sed 's/\.[^.]*$//' | sort -u) -# Then apply for certs using acme.sh HTTP-01 method: +# Apply for certs using HTTP-01: /opt/utils/script-acme-sh.sh 'your@email.com' "${DOMAINS}" ``` -### Mode 2: DNS-01 mode +### Method B: DNS-01 Validation (Recommended for Wildcards) +Does not require exposed HTTP ports. Requires [`acme.sh` supported DNS service provider](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) API token (e.g. Cloudflare): -Can work for wild-card domain names, and requires DNS service provider token. - -Refer to: [`acme.sh` supported DNS service provider](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) to find how to get a token and use the token in cli. e.g.: the `CF_Token` and `dns_cf` below is for [Cloudflare](https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf). ```bash +export CF_Token='your-cloudflare-api-token' + # define variable to apply cert for multiple domains in a same cert file (the one without wild-card goes first): DOMAINS='example.com *.example.com' -# Then apply for certs using acme.sh DNS-01 method: -## Firstly apply for DNS service provider token and export the variable -export CF_Token='' -## Then Apply for certs using acme.sh DNS-01 method: +# Apply for certs using DNS-01: /opt/utils/script-acme-sh.sh 'your@email.com' "${DOMAINS}" "dns_cf" ``` -## Custom Configs for Openresty +--- + +## 4. Custom Configurations - Refer to [source code](https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/docker/rootfs/etc/nginx/conf.d) and [docs](https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations) of [Nginx Proxy Manager](https://nginxproxymanager.com/). -You can add your custom configuration snippet files at /data/nginx/custom as follows: +You can add custom config snippets to extend OpenResty routing: - `/data/nginx/custom/root_top.conf`: Included at the top of nginx.conf - `conf/root.conf`: Included at the very end of nginx.conf - `conf/http_top.conf`: Included at the top of the main http block diff --git a/docker_searxng/README.md b/docker_searxng/README.md index fe3404e..4a17099 100644 --- a/docker_searxng/README.md +++ b/docker_searxng/README.md @@ -1,33 +1,42 @@ # SearxNG -## Start standalone version with docker-compose +`searxng` is a privacy-respecting, hackable metasearch engine. It integrates python uwsgi backend with Caddy gateway and Supervisord control planes. -**Notice**: +--- -- remember to check the `SEARXNG_BASE_URL` and `SEARXNG_HOSTNAME` environment variable in the config file. -- make sure the `SEARXNG_BASE_URL` variables points to a URL prefix that users use to open webpage in browser. -- update `proxy-providers` urls in `config.yaml` if you are using proxy. +## 1. Port Configuration -```bash -cd demo +SearxNG exposes the following TCP service ports: +- **`8080` (HTTP Proxy Gateway)**: Web interface fronted by Caddy (recommened entrypoint). +- **`8000` (uWSGI Server Backend)**: Directly exposes the python WSGI process. +- **`9001` (Supervisord control panel)**: Dashboard to monitor running processes. -# export SEARXNG_HOSTNAME="http://localhost:8000" -# docker-compose -f ./docker-compose.searxng-standalone.yml up -d -docker-compose -f ./docker-compose.searxng-with-proxy.yml up -d -``` +--- + +## 2. Data Persistence & Configurations + +To customize search engines and security keys, persist the configuration directory: -## Debug with Docker +- **`/etc/searxng`** (Symlinked to `/opt/searxng/etc`): Houses `settings.yml`. +### Environment variables configuration: +- `SEARXNG_HOSTNAME`: Public hostname URL (defaults to `http://localhost:8000`). +- `SEARXNG_SETTINGS_PATH`: Path to settings.yml (defaults to `/etc/searxng/settings.yml`). +- `UWSGI_WORKERS` / `UWSGI_THREADS`: Concurrency variables for WSGI workers (defaults to `4`). + +--- + +## 3. Quickstart Example + +### Run Standalone Container ```bash -docker run -d --rm \ +docker run -d \ --name=svc-searxng \ - --hostname=svc-searxng \ - -p 8000:8000 \ - -e SEARXNG_HOSTNAME=":8000" \ - -e SEARXNG_BASE_URL=https://${localhost:8000}/ \ + -p 8080:8080 \ + -p 9001:9001 \ + -e SEARXNG_HOSTNAME="http://localhost:8080" \ + -v searxng_etc:/etc/searxng \ -e UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4} \ -e UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4} \ - labnow/searxng - - docker exec -it svc-searxng bash + labnow/searxng:latest ``` diff --git a/docker_storebox/README.md b/docker_storebox/README.md index e1b7985..e0e9672 100644 --- a/docker_storebox/README.md +++ b/docker_storebox/README.md @@ -1,14 +1,41 @@ # Storebox -`storebox` is a storage-focused container image built on top of a shared base image, with extra tooling for file serving, proxying, and cloud storage operations. +`storebox` is a storage-focused container image built on top of a shared base image, bundle-integrating Alist, Rclone, Caddy, and Supervisord. -## Included Components -- `supervisord`: process supervisor for running multiple long-lived services in one container. -- `caddy`: modern web server and reverse proxy, useful for HTTP routing and TLS automation. -- `alist`: web-based file listing and management service, installed from the latest GitHub release during build. -- `rclone`: cloud storage sync/mount/copy CLI, also installed from the latest GitHub release during build. +--- + +## 1. Port Configuration + +- **`5244` (HTTP Alist)**: Access Alist Web Management Console and WebDAV server endpoints. +- **`5572` (HTTP Rclone RC)**: Optional remote control port if running `rclone rcd` daemon mode. + +--- + +## 2. Data Persistence & Configurations + +To persist network drive configuration mappings, credentials, and cache folders, mount these locations: + +- **`/opt/alist/data`**: Houses Alist database and configuration (`config.json`) files. +- **`/root/.config/rclone`**: Houses the rclone config profile (`rclone.conf`). +- **`/root/workspace`**: Sourced workspace mapping for local transfers. + +--- + +## 3. Use Case Example: Serving Static Files from Net-Disks + +1. Run the container: + ```bash + docker run -d \ + --name svc-storebox \ + -p 5244:5244 \ + -v storebox_alist:/opt/alist/data \ + -v storebox_rclone:/root/.config/rclone \ + labnow/storebox:latest + ``` +2. Navigate to Alist Dashboard (`http://localhost:5244`) and add your cloud storage backend (e.g. Baidu Netdisk). +3. Disable `Sign all` and set `Link expiration` to `0` in Alist global settings to expose public assets via HTTP. ## Potential Use Cases - Personal or team file gateway: expose multiple storage backends through `alist` with a browser-friendly UI.