1
0
mirror of https://github.com/ArcticFoxes-net/Signal-TLS-Proxy synced 2024-11-17 17:41:32 -05:00

Drop capabilities

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-11 11:03:17 -04:00
parent 2c2c3b4003
commit 708bbf0496
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -10,11 +10,22 @@ services:
- ./data/certbot/www:/var/www/certbot:Z
ports:
- "443:443"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CAP_NET_BIND_SERVICE
- CHOWN
nginx-relay:
image: nginx:alpine
restart: unless-stopped
volumes:
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
certbot:
image: certbot/certbot
restart: unless-stopped
@ -23,4 +34,10 @@ services:
- ./data/certbot/www:/var/www/certbot:Z
ports:
- "80:80"
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CAP_NET_BIND_SERVICE