1
0
mirror of https://github.com/ArcticFoxes-net/Signal-TLS-Proxy synced 2024-11-08 21:31:33 -05:00

Drop privileges

This commit is contained in:
Tommy 2022-09-11 14:21:12 -04:00 committed by GitHub
parent 8999930ff0
commit a8e7911514
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11,12 +11,23 @@ services:
ports: ports:
- "443:443" - "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CAP_NET_BIND_SERVICE
- CHOWN
nginx-relay: nginx-relay:
build: ./nginx-relay/ build: ./nginx-relay/
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./data/nginx-relay:/etc/nginx/conf.d - ./data/nginx-relay:/etc/nginx/conf.d
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /opt/nginx/sbin/nginx -s reload; done & /opt/nginx/sbin/nginx -c /etc/nginx/conf.d/nginx.conf -g \"daemon off;\"'"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
certbot: certbot:
image: certbot/certbot image: certbot/certbot
restart: unless-stopped restart: unless-stopped
@ -24,3 +35,9 @@ services:
- ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot - ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CAP_NET_BIND_SERVICE