CyberBox/docker-compose.yaml at main · ProwlrBot/CyberBox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
services:
  sandbox:
    container_name: cybersandbox
    image: ghcr.io/prowlrbot/cybersandbox:latest
    # Upstream /opt/gem/run.sh expects root entry so it can useradd +
    # chown /opt/jupyter, then self-drops to $USER via `su -` before
    # exec'ing supervisord. The image's Dockerfile prematurely sets
    # USER 1000, which breaks that contract. Override to root here;
    # the actual services still run as hunter at the app layer.
    user: "0:0"
    security_opt:
      - seccomp:unconfined
    extra_hosts:
      - "host.docker.internal:host-gateway"
    restart: "unless-stopped"
    shm_size: "2gb"
    mem_limit: "8g"
    cpus: "4"
    ports:
      - "${HOST_PORT:-8080}:8080"
    environment:
      # Align runtime user with the image's build-time user (UID/GID 1000).
      # Upstream /opt/gem/run.sh defaults to USER=gem, which collides with
      # the hunter user baked into cybersandbox and crashes the container.
      USER: hunter
      USER_UID: "1000"
      USER_GID: "1000"
      PROXY_SERVER: ${PROXY_SERVER:-}
      JWT_PUBLIC_KEY: ${JWT_PUBLIC_KEY:-}
      DNS_OVER_HTTPS_TEMPLATES: ${DNS_OVER_HTTPS_TEMPLATES:-"https://cloudflare-dns.com/dns-query{?dns}"}
      WORKSPACE: ${WORKSPACE:-"/home/gem"}
      HOMEPAGE: ${HOMEPAGE:-}
      BROWSER_EXTRA_ARGS: ${BROWSER_EXTRA_ARGS:-}
      TZ: ${TZ:-Asia/Singapore}
      DISPLAY_WIDTH: ${DISPLAY_WIDTH:-1280}
      DISPLAY_HEIGHT: ${DISPLAY_HEIGHT:-1024}
      WAIT_PORTS: "8079,8091"
      VNC_SERVER_PORT: 5900
      PUBLIC_PORT: 8080
      AUTH_BACKEND_PORT: 8081
      WEBSOCKET_PROXY_PORT: 6080
      GEM_SERVER_PORT: 8088
      MCP_HUB_PORT: 8079
      SANDBOX_SRV_PORT: 8091
      JUPYTER_LAB_PORT: 8888
      CODE_SERVER_PORT: 8200
      MCP_SERVER_BROWSER_PORT: 8100
      TINYPROXY_PORT: 8118
      MCP_SERVER_MARKITDOWN_PORT: 8101
      MCP_SERVER_CHROME_DEVTOOLS_PORT: 8102
      BROWSER_REMOTE_DEBUGGING_PORT: 9222
      PIP_INDEX_URL: ${PIP_INDEX_URL:-https://pypi.org/simple}
      UV_DEFAULT_INDEX: ${UV_DEFAULT_INDEX:-https://pypi.org/simple}
      NPM_CONFIG_REGISTRY: ${NPM_CONFIG_REGISTRY:-https://registry.npmjs.org}
      # for gh cli
      GITHUB_TOKEN: ""
      # Claude Skills
      AIO_SKILLS_PATH: ${AIO_SKILLS_PATH:-}
      # Features
      DISABLE_JUPYTER: ${DISABLE_JUPYTER:-false}
      DISABLE_CODE_SERVER: ${DISABLE_CODE_SERVER:-false}