Skip to content

Commit

Permalink
harden docker-compose
Browse files Browse the repository at this point in the history
  • Loading branch information
@Reflux0301
Reflux0301 committed Mar 19, 2023
1 parent cac97ff commit 48eccbc
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,47 @@ services:
depends_on:
- redis
- signer
networks:
- proxitok
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID

redis:
container_name: proxitok-redis
image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL

signer:
container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL

volumes:
proxitok-cache:

networks:
proxitok:

0 comments on commit 48eccbc

Please sign in to comment.