feat(auth): support subscription login alongside API key
Make ANTHROPIC_API_KEY optional. Add CLAUDE_CODE_OAUTH_TOKEN pass-through for headless token-based auth (claude setup-token). When neither is set, Claude Code falls back to browser OAuth on port 54545. Add claude-config named volume mounted at ~/.claude/ in both claude and webui services so credentials persist across container runs. Pre-create ~/.claude/ in the Dockerfile so the volume is initialised with correct ownership. Add --service-ports to docker compose run calls to publish port 54545 during CLI sessions.
This commit is contained in:
docker-claude
parent
88805a3c24
commit
ba3730a24d
6 changed files with 90 additions and 19 deletions
|
|
@ -22,7 +22,7 @@ services:
|
|||
|
||||
# ─── Claude Code CLI container ─────────────────────────────────────────────
|
||||
# No direct internet access. All egress routes through the proxy sidecar.
|
||||
# Run via "docker compose run --rm claude" (managed by claude.sh).
|
||||
# Run via "docker compose run --rm --service-ports claude" (managed by claude.sh).
|
||||
claude:
|
||||
build:
|
||||
context: claude/
|
||||
|
|
@ -33,19 +33,25 @@ services:
|
|||
networks:
|
||||
- claude-internal # only — no route to the internet
|
||||
environment:
|
||||
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
|
||||
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
||||
- CLAUDE_CODE_OAUTH_TOKEN=${CLAUDE_CODE_OAUTH_TOKEN:-}
|
||||
- HTTP_PROXY=http://proxy:3128
|
||||
- HTTPS_PROXY=http://proxy:3128
|
||||
- ALL_PROXY=http://proxy:3128
|
||||
- NO_PROXY=localhost,127.0.0.1
|
||||
ports:
|
||||
# OAuth callback — required for browser-based login (claude login)
|
||||
- "0.0.0.0:54545:54545"
|
||||
volumes:
|
||||
- claude-config:/home/claude/.claude
|
||||
# Workspace is injected by claude.sh via --volume flag at run time.
|
||||
# Default: named Docker volume. Override: set WORKSPACE_DIR on the host.
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
stdin_open: true
|
||||
tty: true
|
||||
# Workspace is injected by claude.sh via --volume flag at run time.
|
||||
# Default: named Docker volume. Override: set WORKSPACE_DIR on the host.
|
||||
|
||||
# ─── Claude Code web interface ─────────────────────────────────────────────
|
||||
# Serves Claude Code as a browser terminal via ttyd (port 7681).
|
||||
|
|
@ -62,7 +68,8 @@ services:
|
|||
networks:
|
||||
- claude-internal # only — no route to the internet
|
||||
environment:
|
||||
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
|
||||
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
||||
- CLAUDE_CODE_OAUTH_TOKEN=${CLAUDE_CODE_OAUTH_TOKEN:-}
|
||||
- HTTP_PROXY=http://proxy:3128
|
||||
- HTTPS_PROXY=http://proxy:3128
|
||||
- ALL_PROXY=http://proxy:3128
|
||||
|
|
@ -72,7 +79,10 @@ services:
|
|||
- WEBUI_PORT=7681
|
||||
ports:
|
||||
- "0.0.0.0:7681:7681"
|
||||
# OAuth callback — required for browser-based login (claude login)
|
||||
- "0.0.0.0:54545:54545"
|
||||
volumes:
|
||||
- claude-config:/home/claude/.claude
|
||||
- claude-web-workspace:/workspace
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
|
|
@ -93,5 +103,8 @@ networks:
|
|||
driver: bridge
|
||||
|
||||
volumes:
|
||||
# Persists Claude Code auth credentials (~/.claude/) across container runs.
|
||||
# Shared between the CLI and web interface so login carries over.
|
||||
claude-config:
|
||||
# Persistent workspace for the web interface
|
||||
claude-web-workspace:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue