update serviceportal

.env

@@ -11,6 +11,8 @@ ROCM_LEVEL=runtime
 
 ### Runtime Vars ###
 
+DIRECT_ADDRESS=127.0.0.1
+DIRECT_ADDRESS_GET_WAN=false
 WORKSPACE=/workspace/
 WORKSPACE_SYNC=true
 WEB_ENABLE_AUTH=true
@@ -19,7 +21,6 @@ WEB_PASSWORD=password
 CF_TUNNEL_TOKEN=
 CF_QUICK_TUNNELS=true
 REDIRECTOR_PORT_HOST=1111
-LOG_VIEWER_PORT_HOST=1122
 SSH_PORT=22
 SSH_PORT_HOST=2222
 RCLONE_PORT_HOST=53682

README.md

@@ -89,21 +89,23 @@ You can use the included `cloudflared` service to make secure connections withou
 
 ## Environment Variables
 
-| Variable              | Description |
-| --------------------- | ----------- |
-| `CF_TUNNEL_TOKEN`     | Cloudflare zero trust tunnel token - See [documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/). |
-| `CF_QUICK_TUNNELS`    | Create ephemeral Cloudflare tunnels for web services (default `false`) |
-| `GPU_COUNT`           | Limit the number of available GPUs |
-| `PROVISIONING_SCRIPT` | URL of a remote script to execute on init. See [note](#provisioning-script). |
-| `RCLONE_*`            | Rclone configuration - See [rclone documentation](https://rclone.org/docs/#config-file) |
-| `SKIP_ACL`            | Set `true` to skip modifying workspace ACL |
-| `SSH_PORT`            | Set a non-standard port for SSH (default `22`) |
-| `SSH_PUBKEY`          | Your public key for SSH |
-| `WEB_ENABLE_AUTH`     | Enable password protection for web services (default `true`) |
-| `WEB_USER`            | Username for web services (default `user`) |
-| `WEB_PASSWORD`        | Password for web services (default `password`) |
-| `WORKSPACE`           | A volume path. Defaults to `/workspace/` |
-| `WORKSPACE_SYNC`      | Move mamba environments and services to workspace if mounted (default `true`) |
+| Variable                 | Description |
+| ------------------------ | ----------- |
+| `CF_TUNNEL_TOKEN`        | Cloudflare zero trust tunnel token - See [documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/). |
+| `CF_QUICK_TUNNELS`       | Create ephemeral Cloudflare tunnels for web services (default `false`) |
+| `DIRECT_ADDRESS`         | IP/hostname for service portal direct links (default `localhost`) |
+| `DIRECT_ADDRESS_GET_WAN` | Use the internet facing interface for direct links (default `false`) |
+| `GPU_COUNT`              | Limit the number of available GPUs |
+| `PROVISIONING_SCRIPT`    | URL of a remote script to execute on init. See [note](#provisioning-script). |
+| `RCLONE_*`               | Rclone configuration - See [rclone documentation](https://rclone.org/docs/#config-file) |
+| `SKIP_ACL`               | Set `true` to skip modifying workspace ACL |
+| `SSH_PORT`               | Set a non-standard port for SSH (default `22`) |
+| `SSH_PUBKEY`             | Your public key for SSH |
+| `WEB_ENABLE_AUTH`        | Enable password protection for web services (default `true`) |
+| `WEB_USER`               | Username for web services (default `user`) |
+| `WEB_PASSWORD`           | Password for web services (default `password`) |
+| `WORKSPACE`              | A volume path. Defaults to `/workspace/` |
+| `WORKSPACE_SYNC`         | Move mamba environments and services to workspace if mounted (default `true`) |
 
 Environment variables can be specified by using any of the standard methods (`docker-compose.yaml`, `docker run -e...`). Additionally, environment variables can also be passed as parameters of `init.sh`.
 
@@ -134,7 +136,7 @@ The URL must point to a plain text file - GitHub Gists/Pastebin (raw) are suitab
 If you are running locally you may instead opt to mount a script at `/opt/ai-dock/bin/provisioning.sh`.
 
 >[!NOTE]  
->If configured, `sshd`, `caddy`, `cloudflared`, `rclone`, `port redirector` & `logtail` will be launched before provisioning; Any other processes will launch after.
+>If configured, `sshd`, `caddy`, `cloudflared`, `rclone`, `serviceportal` & `logtail` will be launched before provisioning; Any other processes will launch after.
 
 >[!WARNING]  
 >Only use scripts that you trust and which cannot be changed without your consent.
@@ -205,17 +207,14 @@ This is a simple webserver acting as a reverse proxy.
 
 Caddy is used to enable basic authentication for all sensitive web services.
 
-### Port Redirector
+### Service Portal
 
 This is a simple list of links to the web services available inside the container.
 
 The service will bind to port `1111`.
 
 For each service, you will find a direct link and, if you have set `CF_QUICK_TUNNELS=true`, a link to the service via a fast and secure Cloudflare tunnel.
 
->[!NOTE]  
->*This service will not show links to any pre-configured Cloudflare tunnels as the domains are static and already known to the user.*
-
 ### Log Viewer
 
 The web based log viewer will start on port `1122`.

build/COPY_ROOT/etc/supervisor/supervisord/conf.d/cloudflared.conf

@@ -1,4 +1,4 @@
-[program:cloudflared]
+[program:cf_tunnel]
 command=supervisor-cloudflared.sh
 process_name=%(program_name)s
 numprocs=%(ENV_SUPERVISOR_START_CLOUDFLARED)s

build/COPY_ROOT/etc/supervisor/supervisord/conf.d/quicktunnel.conf

@@ -1,4 +1,4 @@
-[program:cloudflare_quicktunnel]
+[program:cf_quicktunnel]
 command=supervisor-quicktunnel.sh
 process_name=="%(program_name)s_%(process_num)s"
 numprocs=%(ENV_CF_QUICK_TUNNELS_COUNT)s

build/COPY_ROOT/etc/supervisor/supervisord/supervisord.conf

@@ -18,6 +18,9 @@ user=root
 [rpcinterface:supervisor]
 supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 
+[inet_http_server]
+port = 0.0.0.0:9001
+
 [supervisorctl]
 serverurl=unix:///var/run/supervisor.sock
 username = ai-dock

build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh

@@ -53,6 +53,8 @@ $APT_INSTALL \
     uvicorn==0.23 \
     fastapi==0.103 \
     jinja2==3.1 \
+    jinja_partials \
+    python-multipart \
     websockets
 
 # Get caddy server

build/COPY_ROOT/opt/ai-dock/bin/init.sh

@@ -17,7 +17,7 @@ function init_main() {
     init_create_logfiles
     init_set_ssh_keys
     init_set_web_credentials
-    init_cloud_context
+    init_direct_address
     init_set_workspace
     init_count_gpus
     init_count_quicktunnels
@@ -52,7 +52,7 @@ init_serverless() {
   export CF_QUICK_TUNNELS_COUNT=0
   export RCLONE_MOUNT_COUNT=0
   export SUPERVISOR_START_CLOUDFLARED=0
-  init_cloud_context
+  init_direct_address
   init_set_workspace
   init_count_gpus
   init_create_directories
@@ -170,6 +170,7 @@ function init_set_workspace() {
     # Determine workspace mount status
     if mountpoint "$WORKSPACE" > /dev/null 2>&1; then
         export WORKSPACE_MOUNTED=true
+        mkdir -p ${WORKSPACE}environments
     else
         export WORKSPACE_MOUNTED=false
         no_mount_warning_file="${WORKSPACE}WARNING-NO-MOUNT.txt"
@@ -181,29 +182,34 @@ function init_set_workspace() {
 }
 
 function init_sync_mamba_envs() {
-  if [[ $WORKSPACE_MOUNTED = "false" ]]; then
+    ws_mamba_target="${WORKSPACE}environments/micromamba-${IMAGE_SLUG}"
+    if [[ -d ${WORKSPACE}micromamba ]]; then
+        mv ${WORKSPACE}micromamba "$ws_mamba_target"
+    fi
+
+    if [[ $WORKSPACE_MOUNTED = "false" ]]; then
       printf "No mount: Mamba environments remain in /opt\n"
-  elif [[ ${WORKSPACE_SYNC,,} = "false" ]]; then
+    elif [[ ${WORKSPACE_SYNC,,} = "false" ]]; then
       printf "Skipping workspace sync: Mamba environments remain in /opt\n"
-  elif [[ -f ${WORKSPACE}micromamba/.move_complete ]]; then
+    elif [[ -f ${ws_mamba_target}/.move_complete ]]; then
       printf "Mamba environments already present at ${WORKSPACE}\n"
       rm -rf /opt/micromamba/*
       link-mamba-envs.sh
-  else
+    else
       # Complete the copy if not serverless
       if [[ ${SERVERLESS,,} != 'true' ]]; then
           rm -rf ${WORKSPACE}micromamba
           printf "Moving mamba environments to %s...\n" "${WORKSPACE}"
           while sleep 10; do printf "Waiting for workspace mamba sync...\n"; done &
-          rsync -azh --stats /opt/micromamba "${WORKSPACE}"
+          rsync -azh --stats /opt/micromamba/ "${ws_mamba_target}"
           kill $!
           wait $! 2>/dev/null
           printf "Moved mamba environments to %s\n" "${WORKSPACE}"
           rm -rf "/opt/micromamba/*"
-          printf 1 > ${WORKSPACE}micromamba/.move_complete
+          printf 1 > ${ws_mamba_target}/.move_complete
           link-mamba-envs.sh
       fi
-  fi
+fi
 }
 
 init_sync_opt() {
@@ -322,18 +328,28 @@ function init_count_rclone_remotes() {
     fi
 }
 
-function init_cloud_context() {
-    # Don't run tmux automatically on vast.ai
-    if [[ -n $VAST_NO_TMUX ]]; then
-        touch /root/.no_auto_tmux
+function init_direct_address() {
+    # Ensure set
+    if [[ ! -v $DIRECT_ADDRESS ]]; then
+        $DIRECT_ADDRESS=""
     fi
 
-    if env | grep 'VAST' > /dev/null 2>&1; then
-        export CLOUD_PROVIDER="vast.ai"
-    elif env | grep 'RUNPOD' > /dev/null 2>&1; then
-       export CLOUD_PROVIDER="runpod.io"
-    elif env | grep 'PAPERSPACE' > /dev/null 2>&1; then
-       export CLOUD_PROVIDER="paperspace.com"
+    if [[ ${DIRECT_ADDRESS,,} == "false" ]]; then
+        export DIRECT_ADDRESS=""
+    elif [[ -z $DIRECT_ADDRESS || ${DIRECT_ADDRESS_GET_WAN,,} == 'true' ]]; then
+        if [[ ${DIRECT_ADDRESS_GET_WAN,,} == 'true' ]]; then
+            export DIRECT_ADDRESS="$(curl https://icanhazip.com)"
+        # Detected provider has direct connection method
+        elif env | grep 'VAST' > /dev/null 2>&1; then
+            export DIRECT_ADDRESS="auto#vast-ai"
+        elif env | grep 'RUNPOD' > /dev/null 2>&1; then
+           export DIRECT_ADDRESS="auto#runpod-io"
+        # Detected provider does not support direct connections
+        elif env | grep 'PAPERSPACE' > /dev/null 2>&1; then
+            export DIRECT_ADDRESS=""
+        else
+            export DIRECT_ADDRESS="localhost"
+        fi
     fi
 }
 

build/COPY_ROOT/opt/ai-dock/bin/link-mamba-envs.sh

@@ -1,14 +1,14 @@
 #!/bin/bash
 
 printf "Linking mamba environments to /opt...\n"
-
-for item in ${WORKSPACE}micromamba/*; do
-    if [[ $item = "${WORKSPACE}micromamba/envs" ]]; then
+ws_mamba_target="${WORKSPACE}environments/micromamba-${IMAGE_SLUG}"
+for item in ${ws_mamba_target}/*; do
+    if [[ $item = "${ws_mamba_target}/envs" ]]; then
         # Preventing duplicate envs
-        for  env in ${WORKSPACE}micromamba/envs/*; do
+        for  env in ${ws_mamba_target}/envs/*; do
             env_name="$(basename $env)"
             o_path="/opt/micromamba/envs/${env_name}"
-            w_path="${WORKSPACE}micromamba/envs/${env_name}"
+            w_path="${ws_mamba_target}/envs/${env_name}"
             mkdir -p "$o_path"
             for dir in ${w_path}/*; do
               dir_name="$(basename $dir)"
@@ -18,7 +18,7 @@ for item in ${WORKSPACE}micromamba/*; do
     else
         item_name="$(basename $item)"
         o_path="/opt/micromamba/${item_name}"
-        w_path="${WORKSPACE}micromamba/${item_name}"
+        w_path="${ws_mamba_target}/${item_name}"
         ln -sf ${w_path} ${o_path}
     fi
 done

build/COPY_ROOT/opt/ai-dock/bin/supervisor-caddy.sh

@@ -23,14 +23,19 @@ function start() {
         listen_port=$(jq -r .listen_port ${service})
         proxy_port=$(jq -r .proxy_port ${service})
         proxy_secure=$(jq -r .proxy_secure ${service})
+
+        if [[ -f /opt/caddy/share/service_config_${listen_port} ]]; then
+            template_file="/opt/caddy/share/service_config_${listen_port}"
+        else
+            template_file="/opt/caddy/share/service_config"
+        fi
+
         if [[ ${WEB_ENABLE_AUTH,,} != 'false' && ${proxy_secure,,} != 'false' ]]; then
-            fwauth_string="import fwauth"
-        else fwauth_string=""
+            template_file="${template_file}_auth"
         fi
-        
-        cp /opt/caddy/share/service_config /tmp/caddy
+
+        cp "${template_file}" /tmp/caddy
         sed -i "s/!PROXY_PORT/${proxy_port}/g" /tmp/caddy
-        sed -i "s/!FWAUTH/${fwauth_string}/g" /tmp/caddy
         sed -i "s/!LISTEN_PORT/${listen_port}/g" /tmp/caddy
         cat /tmp/caddy >> /opt/caddy/etc/Caddyfile
         printf "\n" >> /opt/caddy/etc/Caddyfile

build/COPY_ROOT/opt/ai-dock/bin/supervisor-serviceportal.sh

@@ -4,8 +4,9 @@ trap cleanup EXIT
 
 LISTEN_PORT=11111
 METRICS_PORT=21111
-PROXY_PORT=1111
-PROXY_SECURE=false
+PROXY_PORT=${SERVICEPORTAL_PORT_HOST:-1111}
+# Auth is true for defined paths - See /opt/caddy/share/service_config_11111_auth
+PROXY_SECURE=true
 SERVICE_NAME="Service Portal"
 
 function cleanup() {