mirror of
https://github.com/LearningCircuit/local-deep-research.git
synced 2026-06-15 19:46:56 +03:00
07ff140c16
Docker hardening: - Add no-new-privileges and cap_drop ALL to main LDR service - Add no-new-privileges to ollama service - Mount local_collections volumes as read-only (:ro) - Validate model name in ollama_entrypoint.sh to prevent injection - Add security warning to elasticsearch example about disabled xpack Application settings: - Make app.debug non-editable via UI to prevent enabling debug mode in production (can still be set via environment variable) - Reduce remember-me max from 90 to 30 days and default from 30 to 7 days to limit session persistence window
46 lines
929 B
Bash
Executable File
46 lines
929 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# Function to display usage information
|
|
usage() {
|
|
echo "Usage: $0 <model_name>"
|
|
exit 1
|
|
}
|
|
|
|
# Check if a model name is provided as an argument
|
|
if [ "$#" -ne 1 ]; then
|
|
usage
|
|
fi
|
|
|
|
MODEL_NAME=$1
|
|
|
|
# Validate model name to prevent command injection
|
|
if ! echo "$MODEL_NAME" | grep -qE '^[a-zA-Z0-9._:/-]+$'; then
|
|
echo "ERROR: Invalid model name: $MODEL_NAME"
|
|
exit 1
|
|
fi
|
|
|
|
# Start the main Ollama application
|
|
ollama serve &
|
|
|
|
# Wait for the Ollama application to be ready (optional, if necessary)
|
|
while ! ollama ls; do
|
|
echo "Waiting for Ollama service to be ready..."
|
|
sleep 10
|
|
done
|
|
echo "Ollama service is ready."
|
|
|
|
# Pull the model using ollama pull
|
|
echo "Pulling the $MODEL_NAME with ollama pull..."
|
|
# Check if the model was pulled successfully
|
|
if ollama pull "$MODEL_NAME"; then
|
|
echo "Model pulled successfully."
|
|
else
|
|
echo "Failed to pull model."
|
|
exit 1
|
|
fi
|
|
|
|
# Run ollama forever.
|
|
sleep infinity
|