Tuwunel-Interceptor/dockerfile

# --------------------------------------------------
# Base Image
# --------------------------------------------------
FROM python:3.11-slim

# --------------------------------------------------
# Environment
# --------------------------------------------------
ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1

# --------------------------------------------------
# System Dependencies (minimal)
# --------------------------------------------------
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    && rm -rf /var/lib/apt/lists/*

# --------------------------------------------------
# Workdir
# --------------------------------------------------
WORKDIR /app

# --------------------------------------------------
# Python Dependencies
# --------------------------------------------------
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# --------------------------------------------------
# App
# --------------------------------------------------
COPY . .

# --------------------------------------------------
# Create cache directory (important!)
# --------------------------------------------------
RUN mkdir -p /app/cache

# --------------------------------------------------
# Security: Non-root user
# --------------------------------------------------
RUN useradd -m appuser
USER appuser

# --------------------------------------------------
# Healthcheck
# --------------------------------------------------
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
  CMD curl -f http://localhost:5000/healthz || exit 1

# --------------------------------------------------
# Start (Production)
# --------------------------------------------------
CMD ["gunicorn", "-w", "2", "-k", "gthread", "-t", "60", "-b", "0.0.0.0:5000", "app:app"]