mirror of
https://github.com/ArcticFoxes-net/Signal-TLS-Proxy
synced 2024-12-22 00:21:32 -05:00
Readonly Containers
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
708bbf0496
commit
978a26962c
@ -8,6 +8,7 @@ services:
|
|||||||
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
|
- ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
|
||||||
- ./data/certbot/conf:/etc/letsencrypt:Z
|
- ./data/certbot/conf:/etc/letsencrypt:Z
|
||||||
- ./data/certbot/www:/var/www/certbot:Z
|
- ./data/certbot/www:/var/www/certbot:Z
|
||||||
|
read_only: true
|
||||||
ports:
|
ports:
|
||||||
- "443:443"
|
- "443:443"
|
||||||
security_opt:
|
security_opt:
|
||||||
@ -17,15 +18,20 @@ services:
|
|||||||
cap_add:
|
cap_add:
|
||||||
- CAP_NET_BIND_SERVICE
|
- CAP_NET_BIND_SERVICE
|
||||||
- CHOWN
|
- CHOWN
|
||||||
|
tmpfs:
|
||||||
|
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
|
||||||
nginx-relay:
|
nginx-relay:
|
||||||
image: nginx:alpine
|
image: nginx:alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
|
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
|
||||||
|
read_only: true
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
cap_drop:
|
cap_drop:
|
||||||
- ALL
|
- ALL
|
||||||
|
tmpfs:
|
||||||
|
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
|
||||||
certbot:
|
certbot:
|
||||||
image: certbot/certbot
|
image: certbot/certbot
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
Loading…
Reference in New Issue
Block a user