Fix supervisor user and adjust nginx config for HuggingFace

Dockerfile

@@ -11,34 +11,26 @@ FROM python:3.11-slim AS be
 ENV PIP_NO_CACHE_DIR=1 PYTHONUNBUFFERED=1 PIP_PREFER_BINARY=1
 WORKDIR /app
 
-# 系統相依（供一些科學套件編譯/連結）
 RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential gcc g++ gfortran make pkg-config \
     libopenblas-dev liblapack-dev git \
  && rm -rf /var/lib/apt/lists/*
 
-# 建立虛擬環境並啟用
 RUN python -m venv /opt/venv
 ENV PATH="/opt/venv/bin:${PATH}"
 
-# 升級 pip/工具
 RUN python -m pip install --upgrade pip setuptools wheel
 
-# 先裝 CPU 版 torch（避免跟 requirements 衝突）
 RUN pip install --index-url https://download.pytorch.org/whl/cpu "torch==2.3.1"
 
-# 安裝你的後端依賴（移除/忽略裡面的 torch）
 COPY backend/requirements.txt ./backend/requirements.txt
 RUN sed -i 's/^[Tt]orch[[:space:]=<>!].*/# torch pinned separately (CPU)/' backend/requirements.txt || true
 
-# 盡量吃 wheels；若失敗再退而求其次
 RUN pip install --only-binary=:all: blis || echo "Precompiled blis not available"
 RUN pip install -r backend/requirements.txt || pip install -r backend/requirements.txt --no-deps
 
-# 也把 gunicorn 裝進 venv（改用這個，避免 runtime 再裝）
 RUN pip install --no-cache-dir gunicorn
 
-# 可選：把後端程式先帶進來做可用性檢查（不一定需要）
 COPY backend/ ./backend/
 
 # ---------- Runtime ----------
@@ -48,24 +40,27 @@ ENV PYTHONUNBUFFERED=1 PIP_NO_CACHE_DIR=1 PORT=7860 \
 
 WORKDIR /app
 
-# 輕量執行期相依
 RUN apt-get update && apt-get install -y --no-install-recommends \
     nginx supervisor ca-certificates \
     libgomp1 libopenblas0 \
  && rm -rf /var/lib/apt/lists/*
 
-# 前端靜態檔
 COPY --from=fe /app/frontend/dist /usr/share/nginx/html
 
-# 只拷「虛擬環境」，不要整個 /usr/local
 COPY --from=be /opt/venv /opt/venv
 
-# 後端程式碼
 COPY --from=be /app/backend /app/backend
 
-# nginx 設定與 supervisor
 COPY nginx.conf.template /etc/nginx/nginx.conf
 
+RUN set -eux; \
+    sed -ri 's/^\s*user\s+[^;]+;//g' /etc/nginx/nginx.conf || true; \
+    if grep -qE '^\s*pid\s+' /etc/nginx/nginx.conf; then \
+      sed -ri 's|^\s*pid\s+[^;]+;|pid /tmp/nginx.pid;|' /etc/nginx/nginx.conf; \
+    else \
+      sed -ri '1i pid /tmp/nginx.pid;' /etc/nginx/nginx.conf; \
+    fi
+
 RUN mkdir -p /etc/supervisor/conf.d && \
 printf "[program:api]\n\
 command=gunicorn --workers 2 --threads 8 --timeout 0 --chdir /app/backend -b 0.0.0.0:5001 server:app\n\
@@ -77,7 +72,8 @@ command=nginx -g \"daemon off;\"\n\
 priority=20\nautostart=true\nautorestart=true\n\
 stdout_logfile=/dev/stdout\nstderr_logfile=/dev/stderr\n\
 stdout_logfile_maxbytes=0\nstderr_logfile_maxbytes=0\n\n\
-[supervisord]\nlogfile=/dev/stdout\nlogfile_maxbytes=0\nnodaemon=true\nuser=root\n" \
+[supervisord]\n\
+logfile=/dev/stdout\nlogfile_maxbytes=0\nnodaemon=true\n" \
 > /etc/supervisor/conf.d/app.conf
 
 EXPOSE 7860

nginx.conf.template

@@ -1,3 +1,4 @@
+pid /tmp/nginx.pid;
 worker_processes auto;
 events { 
     worker_connections 1024; 
@@ -14,15 +15,13 @@ http {
         server_name _;
         root  /usr/share/nginx/html;
         index index.html;
-        
-        # 前端單頁應用
+
         location / {
             try_files $uri $uri/ /index.html;
         }
-        
-        # 後端 API 反向代理
+
         location /api/ {
-            proxy_pass http://127.0.0.1:5001/;
+            proxy_pass http://127.0.0.2:5001/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
@@ -34,7 +33,6 @@ http {
             proxy_send_timeout 3000s;
             proxy_read_timeout 3000s;
             proxy_redirect off;
-
         }
     }
-}
+}