added security

2024-10-13 17:22:17 +02:00 · 2024-10-13 17:22:17 +02:00 · 3c2f64f835
commit 3c2f64f835
parent c7e3a45761
1 changed files with 36 additions and 6 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,13 +1,18 @@
-version: '3.8'
-
 services:
  web:
-    build: .
+    build: 
+      context: .
+      dockerfile: Dockerfile
    ports:
-      - "8000:8000"
+      - "127.0.0.1:8000:8000"
    volumes:
      - ./posters:/app/posters
-      - ./db/:/app/db
+      - ./db:/app/db
+      - /tmp
+    tmpfs:
+      - /tmp
+      - /run
+      - /var/log
    environment:
      - FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
      - FLASK_OMDB_KEY=${FLASK_OMDB_KEY}
@ -16,7 +21,32 @@ services:
      - FLASK_IMAGE_WIDTH=200
    env_file:
      - .env
+    user: 952:952
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_BIND_SERVICE
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 3
+      start_period: 60s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 512M

 volumes:
  posters:
-  db:
+  db:
+