harden docker

2023-07-15 04:22:56 +00:00 · 2023-07-15 04:22:56 +00:00 · 7dd1720c47
commit 7dd1720c47
parent e7738ff004
1 changed files with 14 additions and 6 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,12 +1,20 @@
-version: "3.9"
+version: "3.7"
+
 services:
  pixivfe:
+    container_name: pixivfe
+    hostname: pixivfe
+    restart: always
+    user: 65534:65534
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
    build:
      context: .
-      dockerfile: ./Dockerfile
+      dockerfile: Dockerfile
    ports:
-      - "8080:8080"
-    restart: "always"
+      - '127.0.0.1:8282:8080'
    environment:
-      - PIXIVFE_TOKEN=TOKEN HERE
-    pid: "host"
+      - PIXIVFE_TOKEN=changethis