diff --git a/docker-compose.yml b/docker-compose.yml index bb915a5..4317828 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,11 +10,22 @@ services: - ./data/certbot/www:/var/www/certbot:Z ports: - "443:443" + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - CAP_NET_BIND_SERVICE + - CHOWN nginx-relay: image: nginx:alpine restart: unless-stopped volumes: - ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z + security_opt: + - no-new-privileges:true + cap_drop: + - ALL certbot: image: certbot/certbot restart: unless-stopped @@ -23,4 +34,10 @@ services: - ./data/certbot/www:/var/www/certbot:Z ports: - "80:80" - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" \ No newline at end of file + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + cap_add: + - CAP_NET_BIND_SERVICE \ No newline at end of file