Update docker-compose security features (#208)

Co-authored-by: Sebastian Forst <sebastian.forst@posteo.de>
main
Basti 2021-02-26 16:33:11 +01:00 committed by Ben Busby
parent ecb7885a56
commit 48c8e9d14b
1 changed files with 18 additions and 1 deletions

View File

@ -1,9 +1,26 @@
version: "3" # cant use mem_limit in a 3.x docker-compose file in non swarm mode
# see https://github.com/docker/compose/issues/4513
version: "2.4"
services: services:
whoogle-search: whoogle-search:
image: benbusby/whoogle-search image: benbusby/whoogle-search
container_name: whoogle-search container_name: whoogle-search
restart: on-failure:5
pids_limit: 50
mem_limit: 256mb
memswap_limit: 256mb
# user debian-tor from tor package
user: '102'
security_opt:
- no-new-privileges
cap_drop:
- ALL
read_only: true
tmpfs:
- /config/:size=10M,uid=102,gid=102,mode=1700
- /var/lib/tor/:size=10M,uid=102,gid=102,mode=1700
- /run/tor/:size=1M,uid=102,gid=102,mode=1700
#environment: # Uncomment to configure environment variables #environment: # Uncomment to configure environment variables
# Basic auth configuration, uncomment to enable # Basic auth configuration, uncomment to enable
#- WHOOGLE_USER=<auth username> #- WHOOGLE_USER=<auth username>