From 3c2f64f835e970898e152111cffe78e402db3fed Mon Sep 17 00:00:00 2001 From: kaia Date: Sun, 13 Oct 2024 17:22:17 +0200 Subject: [PATCH] added security --- docker-compose.yml | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 453ad97..7b829f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,13 +1,18 @@ -version: '3.8' - services: web: - build: . + build: + context: . + dockerfile: Dockerfile ports: - - "8000:8000" + - "127.0.0.1:8000:8000" volumes: - ./posters:/app/posters - - ./db/:/app/db + - ./db:/app/db + - /tmp + tmpfs: + - /tmp + - /run + - /var/log environment: - FLASK_SECRET_KEY=${FLASK_SECRET_KEY} - FLASK_OMDB_KEY=${FLASK_OMDB_KEY} @@ -16,7 +21,32 @@ services: - FLASK_IMAGE_WIDTH=200 env_file: - .env + user: 952:952 + read_only: true + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - NET_BIND_SERVICE + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000"] + interval: 1m30s + timeout: 30s + retries: 3 + start_period: 60s + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + deploy: + resources: + limits: + cpus: '0.50' + memory: 512M volumes: posters: - db: \ No newline at end of file + db: +