Initial work on hardening
This commit is contained in:
parent
1a734dbe6d
commit
3b7af7907d
2 changed files with 42 additions and 1 deletions
|
@ -19,13 +19,19 @@ WORKDIR /app
|
||||||
# Copy the build directory from the builder stage to /app
|
# Copy the build directory from the builder stage to /app
|
||||||
COPY --from=builder /git/build /app
|
COPY --from=builder /git/build /app
|
||||||
|
|
||||||
|
# Create a dedicated user 'web' and change ownership of /app to 'web'
|
||||||
|
RUN addgroup -S web && adduser -S web -G web && chown -R web:web /app
|
||||||
|
|
||||||
# Caddyfile configuration to serve files from /app
|
# Caddyfile configuration to serve files from /app
|
||||||
RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile
|
RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile
|
||||||
|
|
||||||
# Expose port 80
|
# Expose port 80
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
||||||
# Start Caddy with the specified Caddyfile
|
# Switch to the 'web' user
|
||||||
|
USER web
|
||||||
|
|
||||||
|
# Start Caddy with the specified Caddyfile as the 'web' user
|
||||||
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
|
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
|
||||||
|
|
||||||
# Docker Container Labels
|
# Docker Container Labels
|
||||||
|
|
35
hardening/healthcheck.sh
Normal file
35
hardening/healthcheck.sh
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Configuration
|
||||||
|
HEALTH_URL="http://10.1.30.1:8080/health"
|
||||||
|
NTFY_INSTANCE="https://ntfy.lunivity.com"
|
||||||
|
NTFY_TOPIC="$NTFY_INSTANCE/mytopic"
|
||||||
|
CONFIGURABLE_MESSAGE="Something went wrong with the health check."
|
||||||
|
LOG_FILE="health_check.log"
|
||||||
|
|
||||||
|
# Function to send push notification
|
||||||
|
send_notification() {
|
||||||
|
local message="$1"
|
||||||
|
local priority="$2"
|
||||||
|
local tags="$3"
|
||||||
|
curl -H "Title: Health Check Failure" \
|
||||||
|
-H "Priority: $priority" \
|
||||||
|
-H "Tags: $tags" \
|
||||||
|
-d "$message" \
|
||||||
|
"$NTFY_TOPIC"
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed to send push notification" >> "$LOG_FILE"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Perform curl request
|
||||||
|
HEALTH_RESPONSE=$(curl -s -w "%{http_code}" "$HEALTH_URL")
|
||||||
|
HTTP_CODE=$(echo "$HEALTH_RESPONSE" | tail -n1)
|
||||||
|
CONTENT=$(echo "$HEALTH_RESPONSE" | head -n -1)
|
||||||
|
if [ "$HTTP_CODE" == "200" ] && [ "$CONTENT" == "OK" ]; then
|
||||||
|
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Successful response from health check at '$HEALTH_URL' - Response: 'OK'" >> "$LOG_FILE"
|
||||||
|
else
|
||||||
|
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed response from health check at '$HEALTH_URL' - HTTP Code: '$HTTP_CODE' - Content: '$CONTENT'" >> "$LOG_FILE"
|
||||||
|
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Sending a push notification..." >> "$LOG_FILE"
|
||||||
|
send_notification "$CONFIGURABLE_MESSAGE" "urgent" "warning"
|
||||||
|
fi
|
Loading…
Reference in a new issue