@lobehub/chat 1.20.4 → 1.20.5

package/CHANGELOG.md

@@ -2,6 +2,23 @@
 
 # Changelog
 
+### [Version 1.20.5](https://github.com/lobehub/lobe-chat/compare/v1.20.4...v1.20.5)
+
+<sup>Released on **2024-09-29**</sup>
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.20.4](https://github.com/lobehub/lobe-chat/compare/v1.20.3...v1.20.4)
 
 <sup>Released on **2024-09-28**</sup>

package/Dockerfile

@@ -1,4 +1,4 @@
-## Base image for all the stages
+## Base image for all building stages
 FROM node:20-slim AS base
 
 ARG USE_CN_MIRROR
@@ -10,19 +10,22 @@ RUN \
     if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
         sed -i "s/deb.debian.org/mirrors.ustc.edu.cn/g" "/etc/apt/sources.list.d/debian.sources"; \
     fi \
-    # Add required package & update base package
+    # Add required package
     && apt update \
-    && apt install busybox proxychains-ng -qy \
-    && apt full-upgrade -qy \
-    && apt autoremove -qy --purge \
-    && apt clean -qy \
-    # Configure BusyBox
-    && busybox --install -s \
-    # Add nextjs:nodejs to run the app
-    && addgroup --system --gid 1001 nodejs \
-    && adduser --system --home "/app" --gid 1001 -uid 1001 nextjs \
-    # Set permission for nextjs:nodejs
-    && chown -R nextjs:nodejs "/etc/proxychains4.conf" \
+    && apt install ca-certificates proxychains-ng -qy \
+    # Prepare required package to distroless
+    && mkdir -p /distroless/bin /distroless/etc /distroless/etc/ssl/certs /distroless/lib \
+    # Copy proxychains to distroless
+    && cp /usr/lib/$(arch)-linux-gnu/libproxychains.so.4 /distroless/lib/libproxychains.so.4 \
+    && cp /usr/lib/$(arch)-linux-gnu/libdl.so.2 /distroless/lib/libdl.so.2 \
+    && cp /usr/bin/proxychains4 /distroless/bin/proxychains \
+    && cp /etc/proxychains4.conf /distroless/etc/proxychains4.conf \
+    # Copy node to distroless
+    && cp /usr/lib/$(arch)-linux-gnu/libstdc++.so.6 /distroless/lib/libstdc++.so.6 \
+    && cp /usr/lib/$(arch)-linux-gnu/libgcc_s.so.1 /distroless/lib/libgcc_s.so.1 \
+    && cp /usr/local/bin/node /distroless/bin/node \
+    # Copy CA certificates to distroless
+    && cp /etc/ssl/certs/ca-certificates.crt /distroless/etc/ssl/certs/ca-certificates.crt \
     # Cleanup temp files
     && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/*
 
@@ -61,6 +64,7 @@ RUN \
     if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
         export SENTRYCLI_CDNURL="https://npmmirror.com/mirrors/sentry-cli"; \
         npm config set registry "https://registry.npmmirror.com/"; \
+        echo 'canvas_binary_host_mirror=https://npmmirror.com/mirrors/canvas' >> .npmrc; \
     fi \
     # Set the registry for corepack
     && export COREPACK_NPM_REGISTRY=$(npm config get registry | sed 's/\/$//') \
@@ -80,7 +84,9 @@ COPY . .
 RUN npm run build:docker
 
 ## Application image, copy all the files for production
-FROM scratch AS app
+FROM busybox:latest AS app
+
+COPY --from=base /distroless/ /
 
 COPY --from=builder /app/public /app/public
 
@@ -90,13 +96,25 @@ COPY --from=builder /app/.next/standalone /app/
 COPY --from=builder /app/.next/static /app/.next/static
 COPY --from=builder /deps/node_modules/.pnpm /app/node_modules/.pnpm
 
+# Copy server launcher
+COPY --from=builder /app/scripts/serverLauncher/startServer.js /app/startServer.js
+
+RUN \
+    # Add nextjs:nodejs to run the app
+    addgroup -S -g 1001 nodejs \
+    && adduser -D -G nodejs -H -S -h /app -u 1001 nextjs \
+    # Set permission for nextjs:nodejs
+    && chown -R nextjs:nodejs /app /etc/proxychains4.conf
+
 ## Production image, copy all the files and run next
-FROM base
+FROM scratch
 
 # Copy all the files from app, set the correct permission for prerender cache
-COPY --from=app --chown=nextjs:nodejs /app /app
+COPY --from=app / /
 
 ENV NODE_ENV="production" \
+    NODE_OPTIONS="--use-openssl-ca" \
+    NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \
     NODE_TLS_REJECT_UNAUTHORIZED=""
 
 # set hostname to localhost
@@ -176,36 +194,6 @@ USER nextjs
 
 EXPOSE 3210/tcp
 
-CMD \
-    if [ -n "$PROXY_URL" ]; then \
-        # Set regex for IPv4
-        IP_REGEX="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$"; \
-        # Set proxychains command
-        PROXYCHAINS="proxychains -q"; \
-        # Parse the proxy URL
-        host_with_port="${PROXY_URL#*//}"; \
-        host="${host_with_port%%:*}"; \
-        port="${PROXY_URL##*:}"; \
-        protocol="${PROXY_URL%%://*}"; \
-        # Resolve to IP address if the host is a domain
-        if ! [[ "$host" =~ "$IP_REGEX" ]]; then \
-            nslookup=$(nslookup -q="A" "$host" | tail -n +3 | grep 'Address:'); \
-            if [ -n "$nslookup" ]; then \
-                host=$(echo "$nslookup" | tail -n 1 | awk '{print $2}'); \
-            fi; \
-        fi; \
-        # Generate proxychains configuration file
-        printf "%s\n" \
-            'localnet 127.0.0.0/255.0.0.0' \
-            'localnet ::1/128' \
-            'proxy_dns' \
-            'remote_dns_subnet 224' \
-            'strict_chain' \
-            'tcp_connect_time_out 8000' \
-            'tcp_read_time_out 15000' \
-            '[ProxyList]' \
-            "$protocol $host $port" \
-        > "/etc/proxychains4.conf"; \
-    fi; \
-    # Run the server
-    ${PROXYCHAINS} node "/app/server.js";
+ENTRYPOINT ["/bin/node"]
+
+CMD ["/app/startServer.js"]

package/Dockerfile.database

@@ -1,4 +1,4 @@
-## Base image for all the stages
+## Base image for all building stages
 FROM node:20-slim AS base
 
 ARG USE_CN_MIRROR
@@ -10,19 +10,22 @@ RUN \
     if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
         sed -i "s/deb.debian.org/mirrors.ustc.edu.cn/g" "/etc/apt/sources.list.d/debian.sources"; \
     fi \
-    # Add required package & update base package
+    # Add required package
     && apt update \
-    && apt install busybox proxychains-ng -qy \
-    && apt full-upgrade -qy \
-    && apt autoremove -qy --purge \
-    && apt clean -qy \
-    # Configure BusyBox
-    && busybox --install -s \
-    # Add nextjs:nodejs to run the app
-    && addgroup --system --gid 1001 nodejs \
-    && adduser --system --home "/app" --gid 1001 -uid 1001 nextjs \
-    # Set permission for nextjs:nodejs
-    && chown -R nextjs:nodejs "/etc/proxychains4.conf" \
+    && apt install ca-certificates proxychains-ng -qy \
+    # Prepare required package to distroless
+    && mkdir -p /distroless/bin /distroless/etc /distroless/etc/ssl/certs /distroless/lib \
+    # Copy proxychains to distroless
+    && cp /usr/lib/$(arch)-linux-gnu/libproxychains.so.4 /distroless/lib/libproxychains.so.4 \
+    && cp /usr/lib/$(arch)-linux-gnu/libdl.so.2 /distroless/lib/libdl.so.2 \
+    && cp /usr/bin/proxychains4 /distroless/bin/proxychains \
+    && cp /etc/proxychains4.conf /distroless/etc/proxychains4.conf \
+    # Copy node to distroless
+    && cp /usr/lib/$(arch)-linux-gnu/libstdc++.so.6 /distroless/lib/libstdc++.so.6 \
+    && cp /usr/lib/$(arch)-linux-gnu/libgcc_s.so.1 /distroless/lib/libgcc_s.so.1 \
+    && cp /usr/local/bin/node /distroless/bin/node \
+    # Copy CA certificates to distroless
+    && cp /etc/ssl/certs/ca-certificates.crt /distroless/etc/ssl/certs/ca-certificates.crt \
     # Cleanup temp files
     && rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/*
 
@@ -65,6 +68,7 @@ RUN \
     if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
         export SENTRYCLI_CDNURL="https://npmmirror.com/mirrors/sentry-cli"; \
         npm config set registry "https://registry.npmmirror.com/"; \
+        echo 'canvas_binary_host_mirror=https://npmmirror.com/mirrors/canvas' >> .npmrc; \
     fi \
     # Set the registry for corepack
     && export COREPACK_NPM_REGISTRY=$(npm config get registry | sed 's/\/$//') \
@@ -84,7 +88,9 @@ COPY . .
 RUN npm run build:docker
 
 ## Application image, copy all the files for production
-FROM scratch AS app
+FROM busybox:latest AS app
+
+COPY --from=base /distroless/ /
 
 COPY --from=builder /app/public /app/public
 
@@ -103,13 +109,25 @@ COPY --from=builder /app/src/database/server/migrations /app/migrations
 COPY --from=builder /app/scripts/migrateServerDB/docker.cjs /app/docker.cjs
 COPY --from=builder /app/scripts/migrateServerDB/errorHint.js /app/errorHint.js
 
+# Copy server launcher
+COPY --from=builder /app/scripts/serverLauncher/startServer.js /app/startServer.js
+
+RUN \
+    # Add nextjs:nodejs to run the app
+    addgroup -S -g 1001 nodejs \
+    && adduser -D -G nodejs -H -S -h /app -u 1001 nextjs \
+    # Set permission for nextjs:nodejs
+    && chown -R nextjs:nodejs /app /etc/proxychains4.conf
+
 ## Production image, copy all the files and run next
-FROM base
+FROM scratch
 
 # Copy all the files from app, set the correct permission for prerender cache
-COPY --from=app --chown=nextjs:nodejs /app /app
+COPY --from=app / /
 
 ENV NODE_ENV="production" \
+    NODE_OPTIONS="--use-openssl-ca" \
+    NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \
     NODE_TLS_REJECT_UNAUTHORIZED=""
 
 # set hostname to localhost
@@ -208,40 +226,6 @@ USER nextjs
 
 EXPOSE 3210/tcp
 
-CMD \
-    if [ -n "$PROXY_URL" ]; then \
-        # Set regex for IPv4
-        IP_REGEX="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$"; \
-        # Set proxychains command
-        PROXYCHAINS="proxychains -q"; \
-        # Parse the proxy URL
-        host_with_port="${PROXY_URL#*//}"; \
-        host="${host_with_port%%:*}"; \
-        port="${PROXY_URL##*:}"; \
-        protocol="${PROXY_URL%%://*}"; \
-        # Resolve to IP address if the host is a domain
-        if ! [[ "$host" =~ "$IP_REGEX" ]]; then \
-            nslookup=$(nslookup -q="A" "$host" | tail -n +3 | grep 'Address:'); \
-            if [ -n "$nslookup" ]; then \
-                host=$(echo "$nslookup" | tail -n 1 | awk '{print $2}'); \
-            fi; \
-        fi; \
-        # Generate proxychains configuration file
-        printf "%s\n" \
-            'localnet 127.0.0.0/255.0.0.0' \
-            'localnet ::1/128' \
-            'proxy_dns' \
-            'remote_dns_subnet 224' \
-            'strict_chain' \
-            'tcp_connect_time_out 8000' \
-            'tcp_read_time_out 15000' \
-            '[ProxyList]' \
-            "$protocol $host $port" \
-        > "/etc/proxychains4.conf"; \
-    fi; \
-    # Run migration
-    node "/app/docker.cjs"; \
-    if [ "$?" -eq "0" ]; then \
-      # Run the server
-      ${PROXYCHAINS} node "/app/server.js"; \
-    fi;
+ENTRYPOINT ["/bin/node"]
+
+CMD ["/app/startServer.js"]

package/docs/self-hosting/server-database/docker-compose.mdx

@@ -88,7 +88,7 @@ docker compose up -d
    - `Redirect URI` should be `http://localhost:3210/api/auth/callback/logto`
    - `Post sign-out redirect URI` should be `http://localhost:3210/`
 
-3. Obtain the `App ID` and `App secrets`, and fill them into your `.env` file corresponding to `LOGTO_CLIENT_ID` and `LOGTO_CLIENT_SECRET`.
+3. Obtain the `App ID` and `App secrets`, and fill them into your `.env` file corresponding to `AUTH_LOGTO_ID` and `AUTH_LOGTO_SECRET`.
 
 ### Configure MinIO S3
 
@@ -258,9 +258,9 @@ You need to first access the WebUI for configuration:
      src="https://github.com/user-attachments/assets/5b816379-c07b-40ea-bde4-df16e2e4e523"
    />
 
-5. Obtain `App ID` and `App secrets`, and fill them into your `.env` file under `LOGTO_CLIENT_ID` and `LOGTO_CLIENT_SECRET`.
+5. Obtain `App ID` and `App secrets`, and fill them into your `.env` file under `AUTH_LOGTO_ID` and `AUTH_LOGTO_SECRET`.
 
-6. Set `LOGTO_ISSUER` in your `.env` file to `https://lobe-auth-api.example.com/oidc`.
+6. Set `AUTH_LOGTO_ISSUER` in your `.env` file to `https://lobe-auth-api.example.com/oidc`.
 
    <Image
      alt="Configure environment variables"
@@ -349,8 +349,8 @@ To facilitate one-click copying, here are the example configuration files needed
 
 ```sh
 # Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+AUTH_LOGTO_ID=
+AUTH_LOGTO_SECRET=
 
 # MinIO S3 configuration
 MINIO_ROOT_USER=YOUR_MINIO_USER
@@ -467,7 +467,7 @@ services:
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
       - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
-      - 'LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
+      - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
@@ -519,9 +519,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth providers configuration (example using Logto)
 # For other providers, see: https://lobehub.com/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # Proxy settings (if needed, e.g., when using GitHub as an auth provider)
 # HTTP_PROXY=http://localhost:7890

package/docs/self-hosting/server-database/docker-compose.zh-CN.mdx

@@ -86,7 +86,7 @@ docker compose up -d
    - `Redirect URI` 为 `http://localhost:3210/api/auth/callback/logto`
    - `Post sign-out redirect URI` 为 `http://localhost:3210/`
 
-3. 获取 `App ID` 和 `App secrets`，填入 `.env` 文件中对应的 `LOGTO_CLIENT_ID` 、 `LOGTO_CLIENT_SECRETT`
+3. 获取 `App ID` 和 `App secrets`，填入 `.env` 文件中对应的 `AUTH_LOGTO_ID` 、 `AUTH_LOGTO_SECRET`
 
 ### 配置 MinIO S3
 
@@ -256,9 +256,9 @@ docker compose up -d # 重新启动
      src="https://github.com/user-attachments/assets/5b816379-c07b-40ea-bde4-df16e2e4e523"
    />
 
-5. 获取 `App ID` 和 `App secrets`，填入你的 `.env` 文件中的 `LOGTO_CLIENT_ID` 和 `LOGTO_CLIENT_SECRETT` 中
+5. 获取 `App ID` 和 `App secrets`，填入你的 `.env` 文件中的 `AUTH_LOGTO_ID` 和 `AUTH_LOGTO_SECRET` 中
 
-6. 配置你的 `.env` 文件中 `LOGTO_ISSUER` 为 `https://lobe-auth-api.example.com/oidc`
+6. 配置你的 `.env` 文件中 `AUTH_LOGTO_ISSUER` 为 `https://lobe-auth-api.example.com/oidc`
 
    <Image
      alt="配置 Logto 环境变量"
@@ -346,8 +346,8 @@ docker compose up -d # 重新启动
 
 ```sh
 # Logto secret
-LOGTO_CLIENT_ID=
-LOGTO_CLIENT_SECRET=
+AUTH_LOGTO_ID=
+AUTH_LOGTO_SECRET=
 
 # MinIO S3 配置
 MINIO_ROOT_USER=YOUR_MINIO_USER
@@ -464,7 +464,7 @@ services:
       - 'KEY_VAULTS_SECRET=Kix2wcUONd4CX51E/ZPAd36BqM4wzJgKjPtz2sGztqQ='
       - 'NEXT_AUTH_SECRET=NX2kaPE923dt6BL2U8e9oSre5RfoT7hg'
       - 'NEXTAUTH_URL=http://localhost:${LOBE_PORT}/api/auth'
-      - 'LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
+      - 'AUTH_LOGTO_ISSUER=http://localhost:${LOGTO_PORT}/oidc'
       - 'DATABASE_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgresql:5432/${LOBE_DB_NAME}'
       - 'S3_ENDPOINT=http://localhost:${MINIO_PORT}'
       - 'S3_BUCKET=${MINIO_LOBE_BUCKET}'
@@ -515,9 +515,9 @@ NEXTAUTH_URL=https://lobe.example.com/api/auth
 
 # NextAuth 鉴权服务提供商部分，以 Logto 为例
 # 其他鉴权服务提供商所需的环境变量，请参考：https://lobehub.com/zh/docs/self-hosting/environment-variables/auth
-LOGTO_CLIENT_ID=YOUR_LOGTO_CLIENT_ID
-LOGTO_CLIENT_SECRET=YOUR_LOGTO_CLIENT_SECRET
-LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
+AUTH_LOGTO_ID=YOUR_LOGTO_CLIENT_ID
+AUTH_LOGTO_SECRET=YOUR_LOGTO_CLIENT_SECRET
+AUTH_LOGTO_ISSUER=https://lobe-auth-api.example.com/oidc
 
 # 代理相关，如果你需要的话（比如你使用 GitHub 作为鉴权服务提供商）
 # HTTP_PROXY=http://localhost:7890

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.20.4",
+  "version": "1.20.5",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/scripts/serverLauncher/startServer.js

@@ -0,0 +1,181 @@
+const dns = require('dns').promises;
+const fs = require('fs');
+const tls = require('tls');
+const { spawn } = require('child_process');
+
+// Set file paths
+const DB_MIGRATION_SCRIPT_PATH = '/app/docker.cjs';
+const SERVER_SCRIPT_PATH = '/app/server.js';
+const PROXYCHAINS_CONF_PATH = '/etc/proxychains4.conf';
+
+// Function to check if a string is a valid IP address
+const isValidIP = (ip, version = 4) => {
+  const ipv4Regex = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/;
+  const ipv6Regex = /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|([0-9a-f]{1,4}:){1,7}:|([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|[0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|:((:[0-9a-f]{1,4}){1,7}|:)|fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-f]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/;
+
+  switch (version) {
+    case 4:
+      return ipv4Regex.test(ip);
+    case 6:
+      return ipv6Regex.test(ip);
+    default:
+      return ipv4Regex.test(ip) || ipv6Regex.test(ip);
+  }
+};
+
+// Function to check TLS validity of a URL
+const isValidTLS = (url = '') => {
+  if (!url) {
+    console.log('⚠️ TLS Check: No URL provided. Skipping TLS check. Ensure correct setting ENV.');
+    console.log('-------------------------------------');
+    return Promise.resolve();
+  }
+
+  const { protocol, host, port } = parseUrl(url);
+  if (protocol !== 'https') {
+    console.log(`⚠️ TLS Check: Non-HTTPS protocol (${protocol}). Skipping TLS check for ${url}.`);
+    console.log('-------------------------------------');
+    return Promise.resolve();
+  }
+
+  const options = { host, port, servername: host };
+  return new Promise((resolve, reject) => {
+    const socket = tls.connect(options, () => {
+      if (socket.authorized) {
+        console.log(`✅ TLS Check: Valid certificate for ${host}:${port}.`);
+        console.log('-------------------------------------');
+        resolve();
+      }
+      socket.end();
+    });
+
+    socket.on('error', (err) => {
+      const errMsg = `❌ TLS Check: Error for ${host}:${port}. Details:`;
+      switch (err.code) {
+        case 'CERT_HAS_EXPIRED':
+        case 'DEPTH_ZERO_SELF_SIGNED_CERT':
+          console.error(`${errMsg} Certificate is not valid. Consider setting NODE_TLS_REJECT_UNAUTHORIZED="0" or mapping /etc/ssl/certs/ca-certificates.crt.`);
+          break;
+        case 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY':
+          console.error(`${errMsg} Unable to verify issuer. Ensure correct mapping of /etc/ssl/certs/ca-certificates.crt.`);
+          break;
+        default:
+          console.error(`${errMsg} Network issue. Check firewall or DNS.`);
+          break;
+      }
+      reject(err);
+    });
+  });
+};
+
+// Function to check TLS connections for OSS and Auth Issuer
+const checkTLSConnections = async () => {
+  await Promise.all([
+    isValidTLS(process.env.S3_ENDPOINT),
+    isValidTLS(process.env.S3_PUBLIC_DOMAIN),
+    isValidTLS(getEnvVarsByKeyword('_ISSUER')),
+  ]);
+};
+
+// Function to get environment variable by keyword
+const getEnvVarsByKeyword = (keyword) => {
+  return Object.entries(process.env)
+    .filter(([key, value]) => key.includes(keyword) && value)
+    .map(([, value]) => value)[0] || null;
+};
+
+// Function to parse protocol, host and port from a URL
+const parseUrl = (url) => {
+  const { protocol, hostname: host, port } = new URL(url);
+  return { protocol: protocol.replace(':', ''), host, port: port || 443 };
+};
+
+// Function to resolve host IP via DNS
+const resolveHostIP = async (host, version = 4) => {
+  try {
+    const { address } = await dns.lookup(host, { family: version });
+
+    if (!isValidIP(address, version)) {
+      console.error(`❌ DNS Error: Invalid resolved IP: ${address}. IP address must be IPv${version}.`);
+      process.exit(1);
+    }
+
+    return address;
+  } catch (err) {
+    console.error(`❌ DNS Error: Could not resolve ${host}. Check DNS server.`, err);
+    process.exit(1);
+  }
+};
+
+// Function to generate proxychains configuration
+const runProxyChainsConfGenerator = async (url) => {
+  const { protocol, host, port } = parseUrl(url);
+
+  if (!['http', 'socks4', 'socks5'].includes(protocol)) {
+    console.error(`❌ ProxyChains: Invalid protocol (${protocol}). Protocol must be 'http', 'socks4' and 'socks5'.`);
+    process.exit(1);
+  }
+
+  const validPort = parseInt(port, 10);
+  if (isNaN(validPort) || validPort <= 0 || validPort > 65535) {
+    console.error(`❌ ProxyChains: Invalid port (${port}). Port must be a number between 1 and 65535.`);
+    process.exit(1);
+  }
+
+  let ip = isValidIP(host, 4) ? host : await resolveHostIP(host, 4);
+
+  const configContent = `
+localnet 127.0.0.0/255.0.0.0
+localnet ::1/128
+proxy_dns
+remote_dns_subnet 224
+strict_chain
+tcp_connect_time_out 8000
+tcp_read_time_out 15000
+[ProxyList]
+${protocol} ${ip} ${port}
+`.trim();
+
+  fs.writeFileSync(PROXYCHAINS_CONF_PATH, configContent);
+  console.log(`✅ ProxyChains: All outgoing traffic routed via ${protocol}://${ip}:${port}.`);
+  console.log('-------------------------------------');
+};
+
+// Function to execute a script with child process spawn
+const runScript = (scriptPath, useProxy = false) => {
+  const command = useProxy ? ['/bin/proxychains', '-q', '/bin/node', scriptPath] : ['/bin/node', scriptPath];
+  return new Promise((resolve, reject) => {
+    const process = spawn(command.shift(), command, { stdio: 'inherit' });
+    process.on('close', (code) => (code === 0 ? resolve() : reject(new Error(`🔴 Process exited with code ${code}`))));
+  });
+};
+
+// Main function to run the server with optional proxy
+const runServer = async () => {
+  const PROXY_URL = process.env.PROXY_URL || ''; // Default empty string to avoid undefined errors
+
+  if (PROXY_URL) {
+    await runProxyChainsConfGenerator(PROXY_URL);
+    return runScript(SERVER_SCRIPT_PATH, true);
+  }
+  return runScript(SERVER_SCRIPT_PATH);
+};
+
+// Main execution block
+(async () => {
+  console.log('🌐 DNS Server:', dns.getServers());
+  console.log('-------------------------------------');
+
+  if (process.env.DATABASE_DRIVER) {
+    try {
+      await runScript(DB_MIGRATION_SCRIPT_PATH);
+      await checkTLSConnections();
+    } catch (err) {
+      console.error('❌ Error during DB migration or TLS connection check:', err);
+      process.exit(1);
+    }
+  }
+
+  // Run the server in either database or non-database mode
+  await runServer();
+})();