playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(docker): migrate both images to Alpine

Browse source 
Replace node:20-slim/ubuntu:22.04 with node:20-alpine/alpine:3.21.
Switch package management from apt to apk (--no-cache, no cleanup layer).
Use Alpine addgroup/adduser in claude/Dockerfile. Update proxy to use
squid user (Alpine convention) and /var/cache/squid cache path.
Fix proxy/Dockerfile COPY path now that context is proxy/. Move
webui-entrypoint.sh into claude/ to match its build context. Fix
docker-compose.yml webui context to claude/, update proxy tmpfs path.
This commit is contained in:
docker-claude 2026-04-14 22:40:57 +02:00
parent 782370e014
commit 88805a3c24
9 changed files with 53 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

23
docker-compose.yml
View file

@ -1,15 +1,14 @@
services:
# ─── Proxy sidecar ─────────────────────────────────────────────────────────
# Bridges the isolated internal network to the internet.
# Enforces an egress allowlist — see proxy/squid.conf.
proxy:
build:
context: .
dockerfile: Dockerfile.proxy
context: proxy
dockerfile: Dockerfile
networks:
- claude-internal # reachable by claude and webui containers
- proxy-external # has outbound internet access
- claude-internal # reachable by claude and webui containers
- proxy-external # has outbound internet access
restart: unless-stopped
security_opt:
- no-new-privileges:true
@ -18,7 +17,7 @@ services:
read_only: true
tmpfs:
- /tmp
- /var/spool/squid
- /var/cache/squid
- /var/log/squid
# ─── Claude Code CLI container ─────────────────────────────────────────────
@ -26,13 +25,13 @@ services:
# Run via "docker compose run --rm claude" (managed by claude.sh).
claude:
build:
context: .
dockerfile: Dockerfile.claude
context: claude/
dockerfile: Dockerfile
depends_on:
proxy:
condition: service_healthy
networks:
- claude-internal # only — no route to the internet
- claude-internal # only — no route to the internet
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- HTTP_PROXY=http://proxy:3128
@ -54,14 +53,14 @@ services:
# Network isolation is identical to the CLI container.
webui:
build:
context: .
dockerfile: Dockerfile.claude
context: claude/
dockerfile: Dockerfile
entrypoint: ["/usr/local/bin/webui-entrypoint.sh"]
depends_on:
proxy:
condition: service_healthy
networks:
- claude-internal # only — no route to the internet
- claude-internal # only — no route to the internet
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- HTTP_PROXY=http://proxy:3128