mirror of
https://github.com/tommytran732/Vaultwarden-Docker-Compose
synced 2024-12-21 13:51:33 -05:00
Run vaultwarden as nobody
This commit is contained in:
parent
0847c5a9cb
commit
ab46d85dbc
@ -25,7 +25,7 @@
|
||||
reverse_proxy /notifications/hub vaultwarden:3012
|
||||
|
||||
# Proxy everything else to Rocket
|
||||
reverse_proxy vaultwarden:80 {
|
||||
reverse_proxy vaultwarden:8080 {
|
||||
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
|
||||
# log, so that fail2ban can ban the correct IP.
|
||||
header_up X-Real-IP {remote_host}
|
||||
|
@ -9,18 +9,18 @@ services:
|
||||
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
|
||||
- DATABASE_URL=postgresql://vaultwarden:YOUR_POSTGRESQL_PASSWORD@postgres:5432/vaultwarden
|
||||
- ADMIN_TOKEN=YOUR_ADMIN_PASSWORD
|
||||
- ROCKET_PORT=8080
|
||||
volumes:
|
||||
- vaultwarden:/data
|
||||
networks:
|
||||
- vaultwarden
|
||||
- postgres
|
||||
user: nobody
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
|
||||
caddy:
|
||||
image: caddy:alpine
|
||||
|
Loading…
Reference in New Issue
Block a user