Skip to content

[Docker] Add docker file for SGL Router #6915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 7, 2025
Merged

[Docker] Add docker file for SGL Router #6915

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b6743c6
Add docker file for router build
YouNeedCryDear Jun 6, 2025
43ba343
Merge branch 'main' into feature/sgl-router-docker
YouNeedCryDear Jun 6, 2025
157f644
address comments from gemini
YouNeedCryDear Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions docker/Dockerfile.router
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
######################## BASE IMAGE ##########################
FROM ubuntu:24.04 AS base

ARG PYTHON_VERSION=3.12

# set the environment variables
ENV PATH="/root/.local/bin:${PATH}"
ENV DEBIAN_FRONTEND=noninteractive

# uv environment variables
ENV UV_HTTP_TIMEOUT=500
ENV VIRTUAL_ENV="/opt/venv"
ENV UV_PYTHON_INSTALL_DIR=/opt/uv/python
ENV UV_INDEX_STRATEGY="unsafe-best-match"
ENV UV_LINK_MODE="copy"
ENV PATH="$VIRTUAL_ENV/bin:$PATH"


# install dependencies
RUN echo 'tzdata tzdata/Areas select America' | debconf-set-selections \
&& echo 'tzdata tzdata/Zones/America select Los_Angeles' | debconf-set-selections \
&& apt update -y \
&& apt install -y curl \
&& rm -rf /var/lib/apt/lists/* \
&& apt clean

# install uv
RUN curl -LsSf https://astral.sh/uv/install.sh | sh

# install python
RUN uv venv --python ${PYTHON_VERSION} --seed ${VIRTUAL_ENV}

######################### BUILD IMAGE #########################
FROM base AS build-image

# set the environment variables
ENV PATH="/root/.cargo/bin:${PATH}"

# install dependencies
RUN apt update -y \
&& apt install -y git build-essential libssl-dev pkg-config \
&& rm -rf /var/lib/apt/lists/* \
&& apt clean

# install rustup from rustup.rs
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
&& rustc --version && cargo --version

# pull the github repository
RUN cd /opt \
&& git clone --depth=1 https://github.com/sgl-project/sglang.git \
&& cd /opt/sglang \
&& git checkout main

# working directory
WORKDIR /opt/sglang/sgl-router

# build the rust dependencies
RUN cargo build \
&& uv build \
&& rm -rf /root/.cache

######################### ROUTER IMAGE #########################
FROM base AS router-image

# Copy the built package from the build image
COPY --from=build-image /opt/sglang/sgl-router/dist/*.whl dist/

# Build the package and install
RUN uv pip install --force-reinstall dist/*.whl

# Clean up unnecessary files to reduce the image size
RUN rm -rf /root/.cache
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For enhanced security, it's a strong Docker best practice to run containers as a non-root user. The current image will run as root by default.

Have you considered adding a dedicated non-root user in the router-image stage and switching to it using the USER instruction before the ENTRYPOINT? This significantly reduces potential risks if the application running inside the container were to be compromised.

For example, you could add the following lines before the ENTRYPOINT (line 76):

RUN groupadd --system appgroup && useradd --system -g appgroup appuser
USER appuser

Ensure that /opt/venv and any other necessary paths are accessible by this new user.

Copy link
Contributor Author

@YouNeedCryDear YouNeedCryDear Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will leave it as is if there is no strong security concern about running as root.


# Set the entrypoint to the main command
ENTRYPOINT ["python3", "-m", "sglang_router.launch_router"]