eliott/openwork
1
0
Fork 0
mirror of https://github.com/different-ai/openwork synced 2026-04-26 01:25:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
800602f4e37d8e42bbc80ae2142ed9cab6209bf4
openwork/packaging/docker/Dockerfile
Source Open 18723ec767 feat(security): default local workers to localhost only (#1132) 
Require generated OpenCode auth and explicit remote-sharing opt-in so local workers stay loopback-only unless the user intentionally exposes them.
2026-03-23 17:58:53 -07:00

49 lines
1.2 KiB
Docker
Raw Blame History

FROM node:22-bookworm-slim
ARG OPENWORK_ORCHESTRATOR_VERSION=0.11.22
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
tar \
unzip \
&& rm -rf /var/lib/apt/lists/*
RUN npm install -g "openwork-orchestrator@${OPENWORK_ORCHESTRATOR_VERSION}"
# Persistent directories (mount volumes here on PaaS/SSH).
ENV OPENWORK_DATA_DIR=/data/openwork-orchestrator
ENV OPENWORK_SIDECAR_DIR=/data/sidecars
# The workspace is mounted from the host/volume.
ENV OPENWORK_WORKSPACE=/workspace
# OpenWork host contract surface.
EXPOSE 8787
# Optional: opencode-router health (only relevant if you enable the router).
EXPOSE 3005
VOLUME ["/workspace", "/data"]
# Defaults:
# - OpenWork server is published intentionally via --remote-access
# - OpenCode stays internal (127.0.0.1:4096)
# - OpenWork server proxies OpenCode via localhost
# - OpenCode Router disabled by default
CMD [
"openwork",
"serve",
"--workspace", "/workspace",
"--remote-access",
"--openwork-port", "8787",
"--opencode-host", "127.0.0.1",
"--opencode-port", "4096",
"--connect-host", "127.0.0.1",
"--cors", "*",
"--approval", "manual",
"--no-opencode-router"
]
Reference in New Issue View Git Blame Copy Permalink