Skip to content

Commit

Permalink
Merge pull request #22 from mmartial/comfytoo
Browse files Browse the repository at this point in the history 
20250227: Simplified user switching logic using the comfytoo user as the default entry point user that will set up the comfy user
  • Loading branch information
@mmartial
mmartial authored Feb 28, 2025
2 parents 00cc071 + d6bb1ea commit 672b08d
Show file tree
Hide file tree
Showing 8 changed files with 185 additions and 113 deletions.
39 changes: 27 additions & 12 deletions Dockerfile/ubuntu22_cuda12.3.2.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,25 +67,40 @@ ARG BUILD_BASE="unknown"
LABEL comfyui-nvidia-docker-build-from=${BUILD_BASE}
RUN it="/etc/build_base.txt"; echo ${BUILD_BASE} > $it && chmod 555 $it

# Place the init script in / so it can be found by the entrypoint
COPY --chmod=555 init.bash /comfyui-nvidia_init.bash

##### ComfyUI preparation
# The comfy user will have UID 1024 and GID 1024
ENV COMFYUSER_DIR="/comfy"
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& useradd -u 1024 -U -d ${COMFYUSER_DIR} -s /bin/bash -m comfy \
# Every sudo group user does not need a password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Create a new group for the comfy and comfytoo users
RUN groupadd -g 1024 comfy \
&& groupadd -g 1025 comfytoo

# The comfy (resp. comfytoo) user will have UID 1024 (resp. 1025),
# be part of the comfy (resp. comfytoo) and users groups and be sudo capable (passwordless)
RUN useradd -u 1024 -d /home/comfy -g comfy -s /bin/bash -m comfy \
&& usermod -G users comfy \
&& adduser comfy sudo \
&& test -d ${COMFYUSER_DIR}
&& adduser comfy sudo
RUN useradd -u 1025 -d /home/comfytoo -g comfytoo -s /bin/bash -m comfytoo \
&& usermod -G users comfytoo \
&& adduser comfytoo sudo

ENV COMFYUSER_DIR="/comfy"
RUN mkdir -p ${COMFYUSER_DIR}
RUN it="/etc/comfyuser_dir"; echo ${COMFYUSER_DIR} > $it && chmod 555 $it

ENV NVIDIA_VISIBLE_DEVICES=all

EXPOSE 8188

USER comfy
WORKDIR ${COMFYUSER_DIR}
COPY --chown=comfy:comfy --chmod=555 init.bash comfyui-nvidia_init.bash
ARG COMFYUI_NVIDIA_DOCKER_VERSION="unknown"
LABEL comfyui-nvidia-docker-build=${COMFYUI_NVIDIA_DOCKER_VERSION}
RUN echo "COMFYUI_NVIDIA_DOCKER_VERSION: ${COMFYUI_NVIDIA_DOCKER_VERSION}" | tee -a ${BUILD_FILE}

ARG BUILD_DATE="unknown"
LABEL comfyui-nvidia-docker-build=${BUILD_DATE}
# We start as comfytoo and will switch to the comfy user AFTER the container is up
# and after having altered the comfy details to match the requested UID/GID
USER comfytoo

CMD [ "./comfyui-nvidia_init.bash" ]
CMD [ "/comfyui-nvidia_init.bash" ]
39 changes: 27 additions & 12 deletions Dockerfile/ubuntu22_cuda12.4.1.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,25 +65,40 @@ ARG BUILD_BASE="unknown"
LABEL comfyui-nvidia-docker-build-from=${BUILD_BASE}
RUN it="/etc/build_base.txt"; echo ${BUILD_BASE} > $it && chmod 555 $it

# Place the init script in / so it can be found by the entrypoint
COPY --chmod=555 init.bash /comfyui-nvidia_init.bash

##### ComfyUI preparation
# The comfy user will have UID 1024 and GID 1024
ENV COMFYUSER_DIR="/comfy"
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& useradd -u 1024 -U -d ${COMFYUSER_DIR} -s /bin/bash -m comfy \
# Every sudo group user does not need a password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Create a new group for the comfy and comfytoo users
RUN groupadd -g 1024 comfy \
&& groupadd -g 1025 comfytoo

# The comfy (resp. comfytoo) user will have UID 1024 (resp. 1025),
# be part of the comfy (resp. comfytoo) and users groups and be sudo capable (passwordless)
RUN useradd -u 1024 -d /home/comfy -g comfy -s /bin/bash -m comfy \
&& usermod -G users comfy \
&& adduser comfy sudo \
&& test -d ${COMFYUSER_DIR}
&& adduser comfy sudo
RUN useradd -u 1025 -d /home/comfytoo -g comfytoo -s /bin/bash -m comfytoo \
&& usermod -G users comfytoo \
&& adduser comfytoo sudo

ENV COMFYUSER_DIR="/comfy"
RUN mkdir -p ${COMFYUSER_DIR}
RUN it="/etc/comfyuser_dir"; echo ${COMFYUSER_DIR} > $it && chmod 555 $it

ENV NVIDIA_VISIBLE_DEVICES=all

EXPOSE 8188

USER comfy
WORKDIR ${COMFYUSER_DIR}
COPY --chown=comfy:comfy --chmod=555 init.bash comfyui-nvidia_init.bash
ARG COMFYUI_NVIDIA_DOCKER_VERSION="unknown"
LABEL comfyui-nvidia-docker-build=${COMFYUI_NVIDIA_DOCKER_VERSION}
RUN echo "COMFYUI_NVIDIA_DOCKER_VERSION: ${COMFYUI_NVIDIA_DOCKER_VERSION}" | tee -a ${BUILD_FILE}

ARG BUILD_DATE="unknown"
LABEL comfyui-nvidia-docker-build=${BUILD_DATE}
# We start as comfytoo and will switch to the comfy user AFTER the container is up
# and after having altered the comfy details to match the requested UID/GID
USER comfytoo

CMD [ "./comfyui-nvidia_init.bash" ]
CMD [ "/comfyui-nvidia_init.bash" ]
39 changes: 27 additions & 12 deletions Dockerfile/ubuntu24_cuda12.5.1.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,25 +64,40 @@ ARG BUILD_BASE="unknown"
LABEL comfyui-nvidia-docker-build-from=${BUILD_BASE}
RUN it="/etc/build_base.txt"; echo ${BUILD_BASE} > $it && chmod 555 $it

# Place the init script in / so it can be found by the entrypoint
COPY --chmod=555 init.bash /comfyui-nvidia_init.bash

##### ComfyUI preparation
# The comfy user will have UID 1024 and GID 1024
ENV COMFYUSER_DIR="/comfy"
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& useradd -u 1024 -U -d ${COMFYUSER_DIR} -s /bin/bash -m comfy \
# Every sudo group user does not need a password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Create a new group for the comfy and comfytoo users
RUN groupadd -g 1024 comfy \
&& groupadd -g 1025 comfytoo

# The comfy (resp. comfytoo) user will have UID 1024 (resp. 1025),
# be part of the comfy (resp. comfytoo) and users groups and be sudo capable (passwordless)
RUN useradd -u 1024 -d /home/comfy -g comfy -s /bin/bash -m comfy \
&& usermod -G users comfy \
&& adduser comfy sudo \
&& test -d ${COMFYUSER_DIR}
&& adduser comfy sudo
RUN useradd -u 1025 -d /home/comfytoo -g comfytoo -s /bin/bash -m comfytoo \
&& usermod -G users comfytoo \
&& adduser comfytoo sudo

ENV COMFYUSER_DIR="/comfy"
RUN mkdir -p ${COMFYUSER_DIR}
RUN it="/etc/comfyuser_dir"; echo ${COMFYUSER_DIR} > $it && chmod 555 $it

ENV NVIDIA_VISIBLE_DEVICES=all

EXPOSE 8188

USER comfy
WORKDIR ${COMFYUSER_DIR}
COPY --chown=comfy:comfy --chmod=555 init.bash comfyui-nvidia_init.bash
ARG COMFYUI_NVIDIA_DOCKER_VERSION="unknown"
LABEL comfyui-nvidia-docker-build=${COMFYUI_NVIDIA_DOCKER_VERSION}
RUN echo "COMFYUI_NVIDIA_DOCKER_VERSION: ${COMFYUI_NVIDIA_DOCKER_VERSION}" | tee -a ${BUILD_FILE}

ARG BUILD_DATE="unknown"
LABEL comfyui-nvidia-docker-build=${BUILD_DATE}
# We start as comfytoo and will switch to the comfy user AFTER the container is up
# and after having altered the comfy details to match the requested UID/GID
USER comfytoo

CMD [ "./comfyui-nvidia_init.bash" ]
CMD [ "/comfyui-nvidia_init.bash" ]
39 changes: 27 additions & 12 deletions Dockerfile/ubuntu24_cuda12.8.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,25 +62,40 @@ ARG BUILD_BASE="unknown"
LABEL comfyui-nvidia-docker-build-from=${BUILD_BASE}
RUN it="/etc/build_base.txt"; echo ${BUILD_BASE} > $it && chmod 555 $it

# Place the init script in / so it can be found by the entrypoint
COPY --chmod=555 init.bash /comfyui-nvidia_init.bash

##### ComfyUI preparation
# The comfy user will have UID 1024 and GID 1024
ENV COMFYUSER_DIR="/comfy"
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& useradd -u 1024 -U -d ${COMFYUSER_DIR} -s /bin/bash -m comfy \
# Every sudo group user does not need a password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Create a new group for the comfy and comfytoo users
RUN groupadd -g 1024 comfy \
&& groupadd -g 1025 comfytoo

# The comfy (resp. comfytoo) user will have UID 1024 (resp. 1025),
# be part of the comfy (resp. comfytoo) and users groups and be sudo capable (passwordless)
RUN useradd -u 1024 -d /home/comfy -g comfy -s /bin/bash -m comfy \
&& usermod -G users comfy \
&& adduser comfy sudo \
&& test -d ${COMFYUSER_DIR}
&& adduser comfy sudo
RUN useradd -u 1025 -d /home/comfytoo -g comfytoo -s /bin/bash -m comfytoo \
&& usermod -G users comfytoo \
&& adduser comfytoo sudo

ENV COMFYUSER_DIR="/comfy"
RUN mkdir -p ${COMFYUSER_DIR}
RUN it="/etc/comfyuser_dir"; echo ${COMFYUSER_DIR} > $it && chmod 555 $it

ENV NVIDIA_VISIBLE_DEVICES=all

EXPOSE 8188

USER comfy
WORKDIR ${COMFYUSER_DIR}
COPY --chown=comfy:comfy --chmod=555 init.bash comfyui-nvidia_init.bash
ARG COMFYUI_NVIDIA_DOCKER_VERSION="unknown"
LABEL comfyui-nvidia-docker-build=${COMFYUI_NVIDIA_DOCKER_VERSION}
RUN echo "COMFYUI_NVIDIA_DOCKER_VERSION: ${COMFYUI_NVIDIA_DOCKER_VERSION}" | tee -a ${BUILD_FILE}

ARG BUILD_DATE="unknown"
LABEL comfyui-nvidia-docker-build=${BUILD_DATE}
# We start as comfytoo and will switch to the comfy user AFTER the container is up
# and after having altered the comfy details to match the requested UID/GID
USER comfytoo

CMD [ "./comfyui-nvidia_init.bash" ]
CMD [ "/comfyui-nvidia_init.bash" ]
12 changes: 5 additions & 7 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,8 @@ SHELL := /bin/bash
DOCKER_CMD=docker
DOCKER_PRE="NVIDIA_VISIBLE_DEVICES=all"
DOCKER_BUILD_ARGS=
##DOCKER_BUILD_ARGS="--no-cache"

#BUILD_DATE=$(shell printf '%(%Y%m%d)T' -1)
BUILD_DATE=20250216
COMFYUI_NVIDIA_DOCKER_VERSION=20250227

COMFYUI_CONTAINER_NAME=comfyui-nvidia-docker

Expand Down Expand Up @@ -41,7 +39,7 @@ ${DOCKER_ALL}: ${DOCKERFILE_DIR}
@echo "docker buildx ls | grep -q ${COMFYUI_CONTAINER_NAME} && echo \"builder already exists -- to delete it, use: docker buildx rm ${COMFYUI_CONTAINER_NAME}\" || docker buildx create --name ${COMFYUI_CONTAINER_NAME}" > ${VAR_NT}.cmd
@echo "docker buildx use ${COMFYUI_CONTAINER_NAME} || exit 1" >> ${VAR_NT}.cmd
@echo "BUILDX_EXPERIMENTAL=1 ${DOCKER_PRE} docker buildx debug --on=error build --progress plain --platform linux/amd64 ${DOCKER_BUILD_ARGS} \\" >> ${VAR_NT}.cmd
@echo " --build-arg BUILD_DATE=\"${BUILD_DATE}\" \\" >> ${VAR_NT}.cmd
@echo " --build-arg COMFYUI_NVIDIA_DOCKER_VERSION=\"${COMFYUI_NVIDIA_DOCKER_VERSION}\" \\" >> ${VAR_NT}.cmd
@echo " --build-arg BUILD_BASE=\"$@\" \\" >> ${VAR_NT}.cmd
@echo " --tag=\"${COMFYUI_CONTAINER_NAME}:$@\" \\" >> ${VAR_NT}.cmd
@echo " -f ${DOCKERFILE_NAME} \\" >> ${VAR_NT}.cmd
Expand Down Expand Up @@ -95,15 +93,15 @@ LATEST_CANDIDATE=$(shell echo ${COMFYUI_CONTAINER_NAME}:${LATEST_ENTRY})
docker_tag:
@if [ `echo ${DOCKER_PRESENT} | wc -w` -eq 0 ]; then echo "No images to tag"; exit 1; fi
@echo "== About to tag:"
@for i in ${DOCKER_PRESENT}; do image_out1="${DOCKERHUB_REPO}/$$i-${BUILD_DATE}"; image_out2="${DOCKERHUB_REPO}/$$i-latest"; echo " ++ $$i -> $$image_out1"; echo " ++ $$i -> $$image_out2"; done
@for i in ${DOCKER_PRESENT}; do image_out1="${DOCKERHUB_REPO}/$$i-${COMFYUI_NVIDIA_DOCKER_VERSION}"; image_out2="${DOCKERHUB_REPO}/$$i-latest"; echo " ++ $$i -> $$image_out1"; echo " ++ $$i -> $$image_out2"; done
@if echo ${DOCKER_PRESENT} | grep -q ${LATEST_CANDIDATE}; then image_out="${DOCKERHUB_REPO}/${COMFYUI_CONTAINER_NAME}:latest"; echo " ++ ${LATEST_CANDIDATE} -> $$image_out"; else echo " -- Unable to find latest candidate: ${LATEST_CANDIDATE}"; fi
@echo ""
@echo "tagging for hub.docker.com upload -- Press Ctl+c within 5 seconds to cancel"
@for i in 5 4 3 2 1; do echo -n "$$i "; sleep 1; done; echo ""
@for i in ${DOCKER_PRESENT}; do image_out1="${DOCKERHUB_REPO}/$$i-${BUILD_DATE}"; image_out2="${DOCKERHUB_REPO}/$$i-latest"; docker tag $$i $$image_out1; docker tag $$i $$image_out2; done
@for i in ${DOCKER_PRESENT}; do image_out1="${DOCKERHUB_REPO}/$$i-${COMFYUI_NVIDIA_DOCKER_VERSION}"; image_out2="${DOCKERHUB_REPO}/$$i-latest"; docker tag $$i $$image_out1; docker tag $$i $$image_out2; done
@if echo ${DOCKER_PRESENT} | grep -q ${LATEST_CANDIDATE}; then image_out="${DOCKERHUB_REPO}/${COMFYUI_CONTAINER_NAME}:latest"; docker tag ${LATEST_CANDIDATE} $$image_out; fi

DOCKERHUB_READY=$(shell for i in ${DOCKER_ALL}; do image="${DOCKERHUB_REPO}/${COMFYUI_CONTAINER_NAME}:$$i"; image1=$$image-${BUILD_DATE}; image2=$$image-latest; if docker images --format "{{.Repository}}:{{.Tag}}" | grep -q $$image1; then echo $$image1; fi; if docker images --format "{{.Repository}}:{{.Tag}}" | grep -q $$image2; then echo $$image2; fi; done)
DOCKERHUB_READY=$(shell for i in ${DOCKER_ALL}; do image="${DOCKERHUB_REPO}/${COMFYUI_CONTAINER_NAME}:$$i"; image1=$$image-${COMFYUI_NVIDIA_DOCKER_VERSION}; image2=$$image-latest; if docker images --format "{{.Repository}}:{{.Tag}}" | grep -q $$image1; then echo $$image1; fi; if docker images --format "{{.Repository}}:{{.Tag}}" | grep -q $$image2; then echo $$image2; fi; done)
DOCKERHUB_READY_LATEST=$(shell image="${DOCKERHUB_REPO}/${COMFYUI_CONTAINER_NAME}:latest"; if docker images --format "{{.Repository}}:{{.Tag}}" | grep -q $$image; then echo $$image; else echo ""; fi)


Expand Down
12 changes: 9 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,10 @@ The use of the `basedir` is recommended. This folder will be populated at run ti
This is possible because of a new CLI option `--basedir` that was added to the code at the end of January 2025. This option will not be available unless ComfyUI is updated for existing installations.

When starting, the container image executes the `init.bash` script that performs a few operations:
- Ensure we can use the `WANTED_UID` and `WANTED_GID` as the `comfy` user (the user set to run the container),
- When starting, the container is using the `comfytoo` user. This user has UID/GID 1025/1025 (ie not a value existing by default in a default Ubuntu installation).
- As the `sudo` capable `comfytoo` user, the script will modify the existing `comfy` user to use the `WANTED_UID` and `WANTED_GID`
- Then, it will re-start the initialization script by becoming the newly modified `comfy` user (which can write in the `run` and `basedir` folders with the provided `WANTED_UID` and `WANTED_GID`).
- After restarting as the `comfy` user...
- Obtain the latest version of ComfyUI from GitHub if not already present in the mounted `run` folder.
- Create the virtual environment (`venv`) if one does not already exist
- if one exists, confirm it is the one for this OS+CUDA pair
Expand Down Expand Up @@ -418,7 +421,7 @@ If the file is not executable, the tool will attempt to make it executable, but

### 5.3.1. WANTED_UID and WANTED_GID

The Linux User ID (`uid`) and Group ID (`gid`) will be used by the `comfy` user within the container.
The `WANTED_UID` and `WANTED_GID` environment variables will be used to set the `comfy` user within the container.
It is recommended that those be set to the end-user's `uid` and `gid` to allow the addition of files, models, and other content within the `run` directory.
Content to be added within the `run` directory must be created with the `uid` and `gid`.

Expand Down Expand Up @@ -495,7 +498,9 @@ For example: `python3 /comfy/mnt/custom_nodes/ComfyUI-Manager/cm-cli.py show ins

## 5.5. Shell within the Docker image

Depending on your `WANTED_UID` and `WANTED_GID`, when starting a `docker exec` (or getting a `bash` terminal from `docker compose`), it is possible that the shell is started with incorrect permissions (we will see a `bash: /comfy/.bashrc: Permission denied` error). The `comfy` user is `sudo`-able: run `sudo su comfytoo` to get the proper UID/GID.
When starting a `docker exec -it comfyui-nvidia /bin/bash` (or getting a `bash` terminal from `docker compose`), you will be logged in as the `comfytoo` user.
Switch to the `comfy` user with: `sudo su -l comfy`.
As the `comfy` user you will be using the `WANTED_UID` and `WANTED_GID` provided. You will be able to `cd` into the mounted locations for the `run` and `basedir` folders, `source /comfy/mnt/venv/bin/activate` to get the virtual environment activated (allowing you to perfom `pip3 install` operations), and other operations that the `comfy` user is allowed to perform.


## 5.6. Additional FAQ
Expand Down Expand Up @@ -628,6 +633,7 @@ Make sure to change file ownership to the user with the `WANTED_UID` and `WANTED

# 7. Changelog

- 20250227: Simplified user switching logic using the `comfytoo` user as the default entry point user that will set up the `comfy` user
- 20250216: Fix issue with empty `BASE_DIRECTORY` variable
- 20250202: Added `BASE_DIRECTORY` variable
- 20250116: Happy 2nd Birthday ComfyUI -- added multiple builds for different base Ubuntu OS and CUDA combinations + added `ffmpeg` into the base container.
Expand Down
39 changes: 27 additions & 12 deletions components/part1-common.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,25 +48,40 @@ ARG BUILD_BASE="unknown"
LABEL comfyui-nvidia-docker-build-from=${BUILD_BASE}
RUN it="/etc/build_base.txt"; echo ${BUILD_BASE} > $it && chmod 555 $it

# Place the init script in / so it can be found by the entrypoint
COPY --chmod=555 init.bash /comfyui-nvidia_init.bash

##### ComfyUI preparation
# The comfy user will have UID 1024 and GID 1024
ENV COMFYUSER_DIR="/comfy"
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& useradd -u 1024 -U -d ${COMFYUSER_DIR} -s /bin/bash -m comfy \
# Every sudo group user does not need a password
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# Create a new group for the comfy and comfytoo users
RUN groupadd -g 1024 comfy \
&& groupadd -g 1025 comfytoo

# The comfy (resp. comfytoo) user will have UID 1024 (resp. 1025),
# be part of the comfy (resp. comfytoo) and users groups and be sudo capable (passwordless)
RUN useradd -u 1024 -d /home/comfy -g comfy -s /bin/bash -m comfy \
&& usermod -G users comfy \
&& adduser comfy sudo \
&& test -d ${COMFYUSER_DIR}
&& adduser comfy sudo
RUN useradd -u 1025 -d /home/comfytoo -g comfytoo -s /bin/bash -m comfytoo \
&& usermod -G users comfytoo \
&& adduser comfytoo sudo

ENV COMFYUSER_DIR="/comfy"
RUN mkdir -p ${COMFYUSER_DIR}
RUN it="/etc/comfyuser_dir"; echo ${COMFYUSER_DIR} > $it && chmod 555 $it

ENV NVIDIA_VISIBLE_DEVICES=all

EXPOSE 8188

USER comfy
WORKDIR ${COMFYUSER_DIR}
COPY --chown=comfy:comfy --chmod=555 init.bash comfyui-nvidia_init.bash
ARG COMFYUI_NVIDIA_DOCKER_VERSION="unknown"
LABEL comfyui-nvidia-docker-build=${COMFYUI_NVIDIA_DOCKER_VERSION}
RUN echo "COMFYUI_NVIDIA_DOCKER_VERSION: ${COMFYUI_NVIDIA_DOCKER_VERSION}" | tee -a ${BUILD_FILE}

ARG BUILD_DATE="unknown"
LABEL comfyui-nvidia-docker-build=${BUILD_DATE}
# We start as comfytoo and will switch to the comfy user AFTER the container is up
# and after having altered the comfy details to match the requested UID/GID
USER comfytoo

CMD [ "./comfyui-nvidia_init.bash" ]
CMD [ "/comfyui-nvidia_init.bash" ]
Loading

0 comments on commit 672b08d

Please sign in to comment.