Update docker-compose security features (#208)
Co-authored-by: Sebastian Forst <sebastian.forst@posteo.de>main
parent
ecb7885a56
commit
48c8e9d14b
|
@ -1,9 +1,26 @@
|
||||||
version: "3"
|
# cant use mem_limit in a 3.x docker-compose file in non swarm mode
|
||||||
|
# see https://github.com/docker/compose/issues/4513
|
||||||
|
version: "2.4"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
whoogle-search:
|
whoogle-search:
|
||||||
image: benbusby/whoogle-search
|
image: benbusby/whoogle-search
|
||||||
container_name: whoogle-search
|
container_name: whoogle-search
|
||||||
|
restart: on-failure:5
|
||||||
|
pids_limit: 50
|
||||||
|
mem_limit: 256mb
|
||||||
|
memswap_limit: 256mb
|
||||||
|
# user debian-tor from tor package
|
||||||
|
user: '102'
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
read_only: true
|
||||||
|
tmpfs:
|
||||||
|
- /config/:size=10M,uid=102,gid=102,mode=1700
|
||||||
|
- /var/lib/tor/:size=10M,uid=102,gid=102,mode=1700
|
||||||
|
- /run/tor/:size=1M,uid=102,gid=102,mode=1700
|
||||||
#environment: # Uncomment to configure environment variables
|
#environment: # Uncomment to configure environment variables
|
||||||
# Basic auth configuration, uncomment to enable
|
# Basic auth configuration, uncomment to enable
|
||||||
#- WHOOGLE_USER=<auth username>
|
#- WHOOGLE_USER=<auth username>
|
||||||
|
|
Loading…
Reference in New Issue