2026-03-27 20:32:50 +01:00
|
|
|
# Slim runtime image — uses pre-built binaries from the release.
|
|
|
|
|
# The full Dockerfile (multi-stage Rust build) is for local development.
|
|
|
|
|
# CI uses this to avoid 60+ min QEMU cross-compilation.
|
|
|
|
|
|
|
|
|
|
FROM ubuntu:24.04
|
|
|
|
|
|
2026-05-19 19:05:16 +02:00
|
|
|
# CA bundle copied from a reliable multi-arch image instead of apt-installing
|
|
|
|
|
# from ports.ubuntu.com — Canonical's arm64 ports mirror is unreachable from
|
|
|
|
|
# CI runners and breaks the multi-arch release build. No build-time network.
|
|
|
|
|
COPY --from=gcr.io/distroless/static-debian12 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
2026-03-27 20:32:50 +01:00
|
|
|
|
2026-06-10 15:54:28 +02:00
|
|
|
# TARGETARCH (amd64 / arm64) is provided automatically by buildx for each
|
|
|
|
|
# target platform, so one multi-platform build copies the matching binaries.
|
|
|
|
|
# The release workflow stages them in binaries-amd64 / binaries-arm64.
|
|
|
|
|
ARG TARGETARCH
|
|
|
|
|
COPY binaries-${TARGETARCH}/webclaw /usr/local/bin/webclaw
|
|
|
|
|
COPY binaries-${TARGETARCH}/webclaw-mcp /usr/local/bin/webclaw-mcp
|
|
|
|
|
COPY binaries-${TARGETARCH}/webclaw-server /usr/local/bin/webclaw-server
|
feat(server): add OSS webclaw-server REST API binary (closes #29)
Self-hosters hitting docs/self-hosting were promised three binaries
but the OSS Docker image only shipped two. webclaw-server lived in
the closed-source hosted-platform repo, which couldn't be opened. This
adds a minimal axum REST API in the OSS repo so self-hosting actually
works without pretending to ship the cloud platform.
Crate at crates/webclaw-server/. Stateless, no database, no job queue,
single binary. Endpoints: GET /health, POST /v1/{scrape, crawl, map,
batch, extract, summarize, diff, brand}. JSON shapes mirror
api.webclaw.io for the endpoints OSS can support, so swapping between
self-hosted and hosted is a base-URL change.
Auth: optional bearer token via WEBCLAW_API_KEY / --api-key. Comparison
is constant-time (subtle::ConstantTimeEq). Open mode (no key) is
allowed and binds 127.0.0.1 by default; the Docker image flips
WEBCLAW_HOST=0.0.0.0 so the container is reachable out of the box.
Hard caps to keep naive callers from OOMing the process: crawl capped
at 500 pages synchronously, batch capped at 100 URLs / 20 concurrent.
For unbounded crawls or anti-bot bypass the docs point users at the
hosted API.
Dockerfile + Dockerfile.ci updated to copy webclaw-server into
/usr/local/bin and EXPOSE 3000. Workspace version bumped to 0.4.0
(new public binary).
2026-04-22 12:25:11 +02:00
|
|
|
|
|
|
|
|
# Default REST API port when running `webclaw-server` inside the container.
|
|
|
|
|
EXPOSE 3000
|
|
|
|
|
|
|
|
|
|
# Container default: bind all interfaces so `-p 3000:3000` works. The
|
|
|
|
|
# binary itself defaults to 127.0.0.1; flipping here keeps the CLI safe on
|
|
|
|
|
# a laptop but makes the container reachable out of the box.
|
|
|
|
|
ENV WEBCLAW_HOST=0.0.0.0
|
2026-03-27 20:32:50 +01:00
|
|
|
|
2026-04-17 15:57:47 +02:00
|
|
|
# Entrypoint shim: forwards webclaw args/URL to the binary, but exec's other
|
|
|
|
|
# commands directly so this image can be used as a FROM base with custom CMD.
|
2026-06-10 15:54:28 +02:00
|
|
|
# `--chmod` sets the bit at copy time so the build needs no in-container `RUN`
|
|
|
|
|
# (and thus no QEMU emulation for the arm64 platform).
|
|
|
|
|
COPY --chmod=755 docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
|
2026-04-17 15:57:47 +02:00
|
|
|
|
|
|
|
|
ENTRYPOINT ["docker-entrypoint.sh"]
|
|
|
|
|
CMD ["webclaw", "--help"]
|