TWS/proxitok
8
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

harden docker-compose

Browse source
This commit is contained in:
Nullnet Services Administrator 2023-03-18 21:10:24 -05:00
parent cac97ff05e
commit 48eccbc5ec
1 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docker-compose.yml
View file

@ -18,13 +18,47 @@ services:
depends_on: depends_on:
- redis - redis
- signer - signer
networks:
- proxitok
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
redis: redis:
container_name: proxitok-redis container_name: proxitok-redis
image: redis:7-alpine image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
signer: signer:
container_name: proxitok-signer container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master image: ghcr.io/pablouser1/signtok:master
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes: volumes:
proxitok-cache: proxitok-cache:
networks:
proxitok: