1
0
mirror of https://github.com/ArcticFoxes-net/Signal-TLS-Proxy synced 2024-12-21 16:11:33 -05:00

Fix privileges, remove read_only

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-25 16:08:35 -04:00
parent 8d34521b58
commit 487810f259
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -8,7 +8,6 @@ services:
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
- ./data/certbot/conf:/etc/letsencrypt:Z
- ./data/certbot/www:/var/www/certbot:Z
read_only: true
ports:
- "443:443"
- "80:80"
@ -19,21 +18,20 @@ services:
cap_add:
- CAP_NET_BIND_SERVICE
- CHOWN
tmpfs:
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
- /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev
- SETUID
- SETGID
nginx-relay:
image: nginx:alpine
restart: unless-stopped
volumes:
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
tmpfs:
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
cap_add:
- SETUID
- SETGID
certbot:
image: certbot/certbot
restart: unless-stopped