1
0
mirror of https://github.com/ArcticFoxes-net/Signal-TLS-Proxy synced 2024-12-22 00:21:32 -05:00

Readonly Containers

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-13 03:35:07 -04:00
parent 708bbf0496
commit 978a26962c
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -8,6 +8,7 @@ services:
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z - ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
- ./data/certbot/conf:/etc/letsencrypt:Z - ./data/certbot/conf:/etc/letsencrypt:Z
- ./data/certbot/www:/var/www/certbot:Z - ./data/certbot/www:/var/www/certbot:Z
read_only: true
ports: ports:
- "443:443" - "443:443"
security_opt: security_opt:
@ -17,15 +18,20 @@ services:
cap_add: cap_add:
- CAP_NET_BIND_SERVICE - CAP_NET_BIND_SERVICE
- CHOWN - CHOWN
tmpfs:
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
nginx-relay: nginx-relay:
image: nginx:alpine image: nginx:alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z - ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
cap_drop: cap_drop:
- ALL - ALL
tmpfs:
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
certbot: certbot:
image: certbot/certbot image: certbot/certbot
restart: unless-stopped restart: unless-stopped