From 3b7af7907dcdfc8df30bdfd38d832c47204ba693 Mon Sep 17 00:00:00 2001 From: Sangelo Date: Wed, 24 Apr 2024 17:02:40 +0200 Subject: [PATCH] Initial work on hardening --- Dockerfile | 8 +++++++- hardening/healthcheck.sh | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 hardening/healthcheck.sh diff --git a/Dockerfile b/Dockerfile index 0dbbdd3..949da5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,13 +19,19 @@ WORKDIR /app # Copy the build directory from the builder stage to /app COPY --from=builder /git/build /app +# Create a dedicated user 'web' and change ownership of /app to 'web' +RUN addgroup -S web && adduser -S web -G web && chown -R web:web /app + # Caddyfile configuration to serve files from /app RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile # Expose port 80 EXPOSE 80 -# Start Caddy with the specified Caddyfile +# Switch to the 'web' user +USER web + +# Start Caddy with the specified Caddyfile as the 'web' user CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] # Docker Container Labels diff --git a/hardening/healthcheck.sh b/hardening/healthcheck.sh new file mode 100644 index 0000000..0520ca7 --- /dev/null +++ b/hardening/healthcheck.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Configuration +HEALTH_URL="http://10.1.30.1:8080/health" +NTFY_INSTANCE="https://ntfy.lunivity.com" +NTFY_TOPIC="$NTFY_INSTANCE/mytopic" +CONFIGURABLE_MESSAGE="Something went wrong with the health check." +LOG_FILE="health_check.log" + +# Function to send push notification +send_notification() { + local message="$1" + local priority="$2" + local tags="$3" + curl -H "Title: Health Check Failure" \ + -H "Priority: $priority" \ + -H "Tags: $tags" \ + -d "$message" \ + "$NTFY_TOPIC" + if [ $? -ne 0 ]; then + echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed to send push notification" >> "$LOG_FILE" + fi +} + +# Perform curl request +HEALTH_RESPONSE=$(curl -s -w "%{http_code}" "$HEALTH_URL") +HTTP_CODE=$(echo "$HEALTH_RESPONSE" | tail -n1) +CONTENT=$(echo "$HEALTH_RESPONSE" | head -n -1) +if [ "$HTTP_CODE" == "200" ] && [ "$CONTENT" == "OK" ]; then + echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Successful response from health check at '$HEALTH_URL' - Response: 'OK'" >> "$LOG_FILE" +else + echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed response from health check at '$HEALTH_URL' - HTTP Code: '$HTTP_CODE' - Content: '$CONTENT'" >> "$LOG_FILE" + echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Sending a push notification..." >> "$LOG_FILE" + send_notification "$CONFIGURABLE_MESSAGE" "urgent" "warning" +fi