SNPR
diff --git a/‎.containerignore‎
Lines changed: 43 additions & 0 deletions b/‎.containerignore‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 11 additions & 0 deletions b/‎.gitignore‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎Caddyfile‎
Lines changed: 29 additions & 0 deletions b/‎Caddyfile‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎Caddyfile.auth‎
Lines changed: 34 additions & 0 deletions b/‎Caddyfile.auth‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎Containerfile‎
Lines changed: 70 additions & 0 deletions b/‎Containerfile‎
Lines changed: 70 additions & 0 deletions
@@ -0,0 +1,43 @@
+# Files excluded from the podman build context (analogous to .dockerignore).
+# Keeps the image small and rebuilds fast.
+
+# VCS / editor noise
+.git
+.gitignore
+.gitattributes
+.idea
+.vscode
+.DS_Store
+
+# Python caches and virtualenvs
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+*.egg-info
+.venv
+venv
+.tox
+.pytest_cache
+.mypy_cache
+.ruff_cache
+
+# Test scratch
+tests/__pycache__
+backend/tests/__pycache__
+**/.coverage*
+htmlcov
+
+# Build artifacts
+build
+dist
+out
+
+# Local dev / docs that don't need to ship
+README.md
+scripts/build.md
+docs
+
+# Container build itself
+Containerfile
+.containerignore
@@ -0,0 +1,11 @@
+# Override the user's global gitignore which excludes any "backend/" directory.
+!backend/
+!backend/**
+
+# Local Python noise we still want to keep out.
+backend/**/__pycache__/
+backend/**/*.pyc
+.pytest_cache/
+.venv/
+.coverage
+htmlcov/
@@ -0,0 +1,29 @@
+# Caddyfile (no-auth variant).
+#
+# Listens on :{$WEBUI_PORT:80}, serves the static SPA from /srv/frontend
+# and reverse-proxies /api/* to the FastAPI backend.
+
+{
+	admin off
+	auto_https off
+	persist_config off
+}
+
+:{$WEBUI_PORT:80} {
+	@api path /api/*
+	handle @api {
+		# No `encode gzip` here — gzip buffers output and breaks the SSE
+		# streams emitted by /api/groups/{add,remove}. flush_interval -1
+		# would otherwise be defeated by the encoder.
+		reverse_proxy {$BACKEND_HOST:127.0.0.1}:{$BACKEND_PORT:8000} {
+			flush_interval -1
+		}
+	}
+
+	handle {
+		encode gzip
+		root * /srv/frontend
+		try_files {path} /index.html
+		file_server
+	}
+}
@@ -0,0 +1,34 @@
+# Caddyfile (basic-auth variant).
+#
+# Selected by start-caddy.sh when both WEBUI_USER and WEBUI_PASSWORD_HASH are
+# set. Generate the hash with:
+#     podman run --rm caddy:2-alpine caddy hash-password --plaintext '<pwd>'
+
+{
+	admin off
+	auto_https off
+	persist_config off
+}
+
+:{$WEBUI_PORT:80} {
+	basic_auth {
+		{$WEBUI_USER} {$WEBUI_PASSWORD_HASH}
+	}
+
+	@api path /api/*
+	handle @api {
+		# No `encode gzip` here — gzip buffers output and breaks the SSE
+		# streams emitted by /api/groups/{add,remove}. flush_interval -1
+		# would otherwise be defeated by the encoder.
+		reverse_proxy {$BACKEND_HOST:127.0.0.1}:{$BACKEND_PORT:8000} {
+			flush_interval -1
+		}
+	}
+
+	handle {
+		encode gzip
+		root * /srv/frontend
+		try_files {path} /index.html
+		file_server
+	}
+}
@@ -0,0 +1,70 @@
+# syntax=docker/dockerfile:1.7
+
+# Stage 1 — builder: same base as runtime so the venv's interpreter symlink
+# (/usr/bin/python3) is valid in the runtime stage. We install build deps to
+# compile any wheels that lack a musllinux build, then drop them.
+#
+# Caddy >= 2.8 is required: Caddyfile.auth uses the renamed `basic_auth`
+# directive (was `basicauth` in 2.7 and earlier). The `caddy:2-alpine` tag
+# tracks the latest 2.x and is well past 2.8 at the time of writing.
+FROM --platform=$TARGETPLATFORM caddy:2-alpine AS builder
+
+RUN apk add --no-cache \
+        python3 \
+        py3-pip \
+    && apk add --no-cache --virtual .build-deps \
+        gcc \
+        musl-dev \
+        libffi-dev \
+        openssl-dev \
+        python3-dev \
+        make
+
+COPY backend/requirements.txt /tmp/requirements.txt
+
+RUN python3 -m venv /opt/venv \
+    && /opt/venv/bin/pip install --no-cache-dir --upgrade pip \
+    && /opt/venv/bin/pip install --no-cache-dir -r /tmp/requirements.txt
+
+# Stage 2 — runtime. Same base, only python3/py3-pip installed (no compilers).
+FROM --platform=$TARGETPLATFORM caddy:2-alpine
+
+RUN apk add --no-cache \
+        python3 \
+        supervisor \
+        ca-certificates \
+        tini
+
+COPY --from=builder /opt/venv /opt/venv
+
+ENV PATH="/opt/venv/bin:${PATH}" \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONPATH=/app
+
+WORKDIR /app
+
+COPY backend/ /app/backend/
+COPY frontend/ /srv/frontend/
+COPY Caddyfile /etc/caddy/Caddyfile
+COPY Caddyfile.auth /etc/caddy/Caddyfile.auth
+COPY supervisord.conf /etc/supervisor/conf.d/mihomo-webui.conf
+COPY start-caddy.sh /usr/local/bin/start-caddy.sh
+RUN chmod +x /usr/local/bin/start-caddy.sh
+
+ENV WEBUI_PORT=80 \
+    BACKEND_HOST=127.0.0.1 \
+    BACKEND_PORT=8000 \
+    MIKROTIK_HOST="" \
+    MIKROTIK_USER="" \
+    MIKROTIK_PASSWORD="" \
+    MIKROTIK_VERIFY_TLS=false \
+    MIKROTIK_CONTAINER_COMMENT=MihomoProxyRoS \
+    MIKROTIK_ENVS_LIST=MihomoProxyRoS \
+    WEBUI_USER="" \
+    WEBUI_PASSWORD_HASH=""
+
+EXPOSE 80
+
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["supervisord", "-c", "/etc/supervisor/conf.d/mihomo-webui.conf", "-n"]