added security

This commit is contained in:
kaia 2024-10-13 17:22:17 +02:00
parent c7e3a45761
commit 3c2f64f835

View File

@ -1,13 +1,18 @@
version: '3.8'
services: services:
web: web:
build: . build:
context: .
dockerfile: Dockerfile
ports: ports:
- "8000:8000" - "127.0.0.1:8000:8000"
volumes: volumes:
- ./posters:/app/posters - ./posters:/app/posters
- ./db/:/app/db - ./db:/app/db
- /tmp
tmpfs:
- /tmp
- /run
- /var/log
environment: environment:
- FLASK_SECRET_KEY=${FLASK_SECRET_KEY} - FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
- FLASK_OMDB_KEY=${FLASK_OMDB_KEY} - FLASK_OMDB_KEY=${FLASK_OMDB_KEY}
@ -16,7 +21,32 @@ services:
- FLASK_IMAGE_WIDTH=200 - FLASK_IMAGE_WIDTH=200
env_file: env_file:
- .env - .env
user: 952:952
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000"]
interval: 1m30s
timeout: 30s
retries: 3
start_period: 60s
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
deploy:
resources:
limits:
cpus: '0.50'
memory: 512M
volumes: volumes:
posters: posters:
db: db: