Merge pull request #135 from kuanhulio/master

harden docker-compose
This commit is contained in:
Pablo Ferreiro 2023-03-29 09:04:10 +00:00 committed by GitHub
commit 08145ee90b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -18,13 +18,47 @@ services:
depends_on: depends_on:
- redis - redis
- signer - signer
networks:
- proxitok
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
redis: redis:
container_name: proxitok-redis container_name: proxitok-redis
image: redis:7-alpine image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
signer: signer:
container_name: proxitok-signer container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master image: ghcr.io/pablouser1/signtok:master
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes: volumes:
proxitok-cache: proxitok-cache:
networks:
proxitok: