Upload 3 files

Dockerfile

@@ -2,7 +2,7 @@ FROM weishaw/sub2api:latest
 
 USER root
 
-# Install local Redis + PostgreSQL for all-in-one runtime in HF Space.
+# Install local Redis runtime dependencies.
 RUN set -eux; \
     if command -v apk >/dev/null 2>&1; then \
         apk add --no-cache \
@@ -10,8 +10,6 @@ RUN set -eux; \
           ca-certificates \
           netcat-openbsd \
           redis \
-          postgresql15 \
-          postgresql15-client \
           su-exec; \
     elif command -v apt-get >/dev/null 2>&1; then \
         apt-get update && apt-get install -y --no-install-recommends \
@@ -19,40 +17,37 @@ RUN set -eux; \
           ca-certificates \
           netcat-openbsd \
           redis-server \
-          postgresql \
-          postgresql-client \
           gosu \
           && rm -rf /var/lib/apt/lists/*; \
     else \
         echo "No supported package manager found in base image"; \
         exit 1; \
-    fi
-
-ENV PORT=8080 \
-    HOST=0.0.0.0 \
+    fi
+
+ENV PORT=8080 \
+    HOST=0.0.0.0 \
     AUTO_SETUP=true \
     ADMIN_EMAIL=admin@sub2api.com \
     SERVER_HOST=0.0.0.0 \
     SERVER_PORT=8080 \
-    DATABASE_HOST=127.0.0.1 \
-    DATABASE_PORT=5432 \
-    DATABASE_USER=sub2api \
-    DATABASE_PASSWORD=sub2api_pass \
-    DATABASE_DBNAME=sub2api \
-    DATABASE_SSLMODE=disable \
+    DATABASE_HOST=pg-newapi-codeatlantis666.f.aivencloud.com \
+    DATABASE_PORT=22503 \
+    DATABASE_USER=avnadmin \
+    DATABASE_PASSWORD= \
+    DATABASE_DBNAME=defaultdb \
+    DATABASE_SSLMODE=require \
+    DATABASE_SSLROOTCERT=/app/ca.pem \
     REDIS_HOST=127.0.0.1 \
     REDIS_PORT=6379 \
     REDIS_DB=0 \
     REDIS_PASSWORD="" \
     REDIS_ENABLE_TLS=false \
-    PGDATA=/tmp/pgdata \
-    POSTGRES_DB=sub2api \
-    POSTGRES_USER=sub2api \
-    POSTGRES_PASSWORD=sub2api_pass \
     REDIS_URL=redis://127.0.0.1:6379/0
 
 COPY hf-entrypoint.sh /usr/local/bin/hf-entrypoint.sh
-RUN chmod +x /usr/local/bin/hf-entrypoint.sh
+COPY ca.pem /app/ca.pem
+RUN sed -i 's/\r$//' /usr/local/bin/hf-entrypoint.sh \
+    && chmod +x /usr/local/bin/hf-entrypoint.sh
 
 EXPOSE 8080
 ENTRYPOINT ["/usr/local/bin/hf-entrypoint.sh"]

ca.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAqmgAwIBAgIUUIvalUEGuCbKWGhDPHK8kH+ZX5MwDQYJKoZIhvcNAQEM
+BQAwOjE4MDYGA1UEAwwvNDBlZGM0ZWEtY2Q5ZS00MDhmLTk1NWQtNzk5Y2Y5ZmU5
+Yzk2IFByb2plY3QgQ0EwHhcNMjQwNDIwMDY0ODA0WhcNMzQwNDE4MDY0ODA0WjA6
+MTgwNgYDVQQDDC80MGVkYzRlYS1jZDllLTQwOGYtOTU1ZC03OTljZjlmZTljOTYg
+UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALbeRvoT
+xSFMyOWzNPL8W7S8rUy/GRI/TERJPQafcgYT2Fn4J5fql+OFPLa0uT7fZ0HeDjkM
+LeAqMNBJIF4O1IErzEbj/CEGoaeLKN3TRDENAhXSbG3ZsFGRR9YboCU0l9Z3qTL0
+nXRIJ/lMnhbDC10KXILRrESSrvVBWasgx86y+ZQr2nIdJeX1EC/hUYGp0AG89Goi
+2YxfzdxLVlyLOy9FUX1hm4KlWOKnJ5DWJDmngYsQBBI0SKZoujB/ReerB1bCJ6o/
+k2gHPy08qwtns5huz9pgC2BL7vTtGiHtHg6EXRsRcQciDhwIP1TkxROzvTWXuFg3
+4HjX3zZ/R/Yc+lXH0It0umsKYfphzQyB204oPbSoIKpUFoy0U2dALmtscrR7kt/5
+2o6sn2gP46fgFJLdDaButVDeSH504uEl0PXGohFwMV6MVIiiJWLsRvoVXaO0Ho5w
+ULlzK9FgfFnhy0YIMdcBfealdMsi2mUkruROMI6MnFh2Tw2ZihyekreONQIDAQAB
+oz8wPTAdBgNVHQ4EFgQU0mmAUizQPzYlq2vxup8aSHxeuKswDwYDVR0TBAgwBgEB
+/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBACVcnSou40huAkm+
+t/Hz2lQHlMfjsGs57lx4IIJTa8Tf5jbn+G5Us3IVFGQZSnu9EoFy1UiEryQ733u9
+Gbsbjau6nLJzk3DZUb2pQUxBQsZBU4NLlpikTwTvJvbOxuQEq1FTEjFp25Tr52G4
+u83szTo+dD9/+mRwrHt8KjyUF9/I+LMR7YhWGZfS2WFzKhC/qkGshAAAk3xoV7wW
+cHEmaXR9ume//c6uybQ0NvHXbTk30dEwfhbUpvy91XN2KpkdCBjQhohJGf5Eb2qY
+QJJzXmHfJWIfC5beHreYQdJY7wwbdCR8trmxUT8NsXTmYJzcGtwIvQmdhsPXehk7
+goBeVzZs1jv+F1ZIRII58NXRMHxzQpzh5xMKSESFE1KwaBCVWF7k/cSE+QvGBcKx
+2gw+2CRJ5DS3M9P16iPMUcdBec2MXTSuhBIXUgQGTakO73VskJUSTlukH3O7RfXs
+2PQq4Dgu3/cKEVMKpdz5Jb42n5M2PaX65c64aaOkCN0D32YKKw==
+-----END CERTIFICATE-----

hf-entrypoint.sh

@@ -1,60 +1,43 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-run_as_postgres() {
-  if id postgres >/dev/null 2>&1; then
-    if command -v gosu >/dev/null 2>&1; then
-      gosu postgres "$@"
-    elif command -v su-exec >/dev/null 2>&1; then
-      su-exec postgres "$@"
-    else
-      su postgres -s /bin/sh -c "$(printf '%q ' "$@")"
-    fi
-  else
-    "$@"
-  fi
-}
-
 echo "[boot] start redis"
 redis-server --bind 127.0.0.1 --port 6379 --daemonize yes
 
-echo "[boot] init/start postgres"
-mkdir -p "${PGDATA}" /tmp
-if id postgres >/dev/null 2>&1; then
-  chown -R postgres:postgres "${PGDATA}" || true
-fi
+export DATABASE_HOST="${DATABASE_HOST:-pg-newapi-codeatlantis666.f.aivencloud.com}"
+export DATABASE_PORT="${DATABASE_PORT:-22503}"
+export DATABASE_USER="${DATABASE_USER:-avnadmin}"
+export DATABASE_DBNAME="${DATABASE_DBNAME:-defaultdb}"
+export DATABASE_SSLMODE="${DATABASE_SSLMODE:-require}"
+export DATABASE_SSLROOTCERT="${DATABASE_SSLROOTCERT:-/app/ca.pem}"
 
-if [ ! -s "${PGDATA}/PG_VERSION" ]; then
-  run_as_postgres initdb -D "${PGDATA}" >/dev/null
+if [ -z "${SQL_PASSWORD:-}" ]; then
+  echo "[error] SQL_PASSWORD is required. Set Space Secret SQL_PASSWORD."
+  echo "[error] You can provide either:"
+  echo "[error]   1) password only (recommended with DATABASE_USER), or"
+  echo "[error]   2) 'username:password' in SQL_PASSWORD."
+  exit 1
 fi
 
-# Place Unix socket under /tmp to avoid missing /run/postgresql in HF runtime.
-run_as_postgres pg_ctl -D "${PGDATA}" \
-  -o "-c listen_addresses=127.0.0.1 -c port=5432 -c unix_socket_directories=/tmp" \
-  -w start
-
-# Upsert DB role.
-run_as_postgres psql -h 127.0.0.1 -p 5432 -v ON_ERROR_STOP=1 --username postgres --dbname postgres <<SQL
-DO \$\$
-BEGIN
-  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${POSTGRES_USER}') THEN
-    CREATE ROLE ${POSTGRES_USER} LOGIN PASSWORD '${POSTGRES_PASSWORD}';
-  ELSE
-    ALTER ROLE ${POSTGRES_USER} WITH LOGIN PASSWORD '${POSTGRES_PASSWORD}';
-  END IF;
-END
-\$\$;
-SQL
+if [ ! -f "${DATABASE_SSLROOTCERT}" ]; then
+  echo "[error] CA cert not found at ${DATABASE_SSLROOTCERT}."
+  echo "[error] Upload ca.pem and/or set DATABASE_SSLROOTCERT correctly."
+  exit 1
+fi
 
-# CREATE DATABASE cannot run inside DO block. Check first, then createdb.
-DB_EXISTS=$(run_as_postgres psql -h 127.0.0.1 -p 5432 -U postgres -d postgres -tAc \
-  "SELECT 1 FROM pg_database WHERE datname='${POSTGRES_DB}'")
+if [[ "${SQL_PASSWORD}" == *:* ]]; then
+  export DATABASE_USER="${SQL_PASSWORD%%:*}"
+  export DATABASE_PASSWORD="${SQL_PASSWORD#*:}"
+else
+  export DATABASE_PASSWORD="${SQL_PASSWORD}"
+fi
 
-if [ "${DB_EXISTS}" != "1" ]; then
-  run_as_postgres createdb -h 127.0.0.1 -p 5432 -U postgres -O "${POSTGRES_USER}" "${POSTGRES_DB}"
+DATABASE_QUERY="sslmode=${DATABASE_SSLMODE}&sslrootcert=${DATABASE_SSLROOTCERT}"
+if [ -n "${DATABASE_QUERY_EXTRA:-}" ]; then
+  DATABASE_QUERY="${DATABASE_QUERY}&${DATABASE_QUERY_EXTRA}"
 fi
 
-export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@127.0.0.1:5432/${POSTGRES_DB}"
+export DATABASE_URL="postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_HOST}:${DATABASE_PORT}/${DATABASE_DBNAME}?${DATABASE_QUERY}"
 export POSTGRES_URL="${DATABASE_URL}"
 export DB_URL="${DATABASE_URL}"
 export REDIS_URL="${REDIS_URL:-redis://127.0.0.1:6379/0}"
@@ -71,19 +54,19 @@ if [ -z "${ADMIN_PASSWORD:-}" ]; then
 fi
 export SERVER_HOST="${HOST}"
 export SERVER_PORT="${PORT}"
-export DATABASE_HOST="${DATABASE_HOST:-127.0.0.1}"
-export DATABASE_PORT="${DATABASE_PORT:-5432}"
-export DATABASE_USER="${POSTGRES_USER}"
-export DATABASE_PASSWORD="${POSTGRES_PASSWORD}"
-export DATABASE_DBNAME="${POSTGRES_DB}"
-export DATABASE_SSLMODE="${DATABASE_SSLMODE:-disable}"
+export DATABASE_HOST="${DATABASE_HOST}"
+export DATABASE_PORT="${DATABASE_PORT}"
+export DATABASE_USER="${DATABASE_USER}"
+export DATABASE_PASSWORD="${DATABASE_PASSWORD}"
+export DATABASE_DBNAME="${DATABASE_DBNAME}"
+export DATABASE_SSLMODE="${DATABASE_SSLMODE}"
 export REDIS_HOST="${REDIS_HOST:-127.0.0.1}"
 export REDIS_PORT="${REDIS_PORT:-6379}"
 export REDIS_DB="${REDIS_DB:-0}"
 export REDIS_PASSWORD="${REDIS_PASSWORD:-}"
 export REDIS_ENABLE_TLS="${REDIS_ENABLE_TLS:-false}"
 
-echo "[boot] DATABASE_URL=postgresql://${POSTGRES_USER}:******@127.0.0.1:5432/${POSTGRES_DB}"
+echo "[boot] DATABASE_URL=postgresql://${DATABASE_USER}:******@${DATABASE_HOST}:${DATABASE_PORT}/${DATABASE_DBNAME}?sslmode=${DATABASE_SSLMODE}&sslrootcert=${DATABASE_SSLROOTCERT}"
 echo "[boot] REDIS_URL=${REDIS_URL}"
 echo "[boot] APP_PORT=${PORT}"
 echo "[boot] ADMIN_EMAIL=${ADMIN_EMAIL}"