added security
This commit is contained in:
parent
c7e3a45761
commit
3c2f64f835
@ -1,13 +1,18 @@
|
|||||||
version: '3.8'
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
web:
|
||||||
build: .
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: Dockerfile
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000"
|
- "127.0.0.1:8000:8000"
|
||||||
volumes:
|
volumes:
|
||||||
- ./posters:/app/posters
|
- ./posters:/app/posters
|
||||||
- ./db/:/app/db
|
- ./db:/app/db
|
||||||
|
- /tmp
|
||||||
|
tmpfs:
|
||||||
|
- /tmp
|
||||||
|
- /run
|
||||||
|
- /var/log
|
||||||
environment:
|
environment:
|
||||||
- FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
|
- FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
|
||||||
- FLASK_OMDB_KEY=${FLASK_OMDB_KEY}
|
- FLASK_OMDB_KEY=${FLASK_OMDB_KEY}
|
||||||
@ -16,7 +21,32 @@ services:
|
|||||||
- FLASK_IMAGE_WIDTH=200
|
- FLASK_IMAGE_WIDTH=200
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
|
user: 952:952
|
||||||
|
read_only: true
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost:8000"]
|
||||||
|
interval: 1m30s
|
||||||
|
timeout: 30s
|
||||||
|
retries: 3
|
||||||
|
start_period: 60s
|
||||||
|
logging:
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-size: "10m"
|
||||||
|
max-file: "3"
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 512M
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
posters:
|
posters:
|
||||||
db:
|
db:
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user