From cea65fe055cbc564749d74788254b09cbc814fac Mon Sep 17 00:00:00 2001
From: samsepi0l <contact@simpleprivacy.fr>
Date: Fri, 1 Dec 2023 13:44:21 +0100
Subject: [PATCH] Set volumes to read-only (#6)

P.S. I also forgot to mention line 10 in the issue in which I also set ro.

Signed-off-by: samsepi0l <contact@simpleprivacy.fr>
---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index ab14c0d..bc28099 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,9 +5,9 @@ services:
     image: nginx:alpine
     restart: unless-stopped
     volumes:
-      - ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:Z
-      - ./data/certbot/conf:/etc/letsencrypt:z
-      - ./data/certbot/www:/var/www/certbot:z
+      - ./data/nginx-terminate/nginx.conf:/etc/nginx/nginx.conf:ro,Z
+      - ./data/certbot/conf:/etc/letsencrypt:ro,z
+      - ./data/certbot/www:/var/www/certbot:ro,z
     ports:
       - "443:443"
       - "80:80"
@@ -25,7 +25,7 @@ services:
     image: nginx:alpine
     restart: unless-stopped
     volumes:
-      - ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z
+      - ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:ro,Z
     security_opt:
       - no-new-privileges:true
     cap_drop: