sangelo/website
sangelo/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Initial work on hardening

Browse source
This commit is contained in:
Sangelo 2024-04-24 17:02:40 +02:00
parent 1a734dbe6d
commit 3b7af7907d
2 changed files with 42 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Dockerfile
View file

@ -19,13 +19,19 @@ WORKDIR /app
# Copy the build directory from the builder stage to /app
COPY --from=builder /git/build /app
# Create a dedicated user 'web' and change ownership of /app to 'web'
RUN addgroup -S web && adduser -S web -G web && chown -R web:web /app
# Caddyfile configuration to serve files from /app
RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile
# Expose port 80
EXPOSE 80
# Start Caddy with the specified Caddyfile
# Switch to the 'web' user
USER web
# Start Caddy with the specified Caddyfile as the 'web' user
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
# Docker Container Labels

35
hardening/healthcheck.sh Normal file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# Configuration
HEALTH_URL="http://10.1.30.1:8080/health"
NTFY_INSTANCE="https://ntfy.lunivity.com"
NTFY_TOPIC="$NTFY_INSTANCE/mytopic"
CONFIGURABLE_MESSAGE="Something went wrong with the health check."
LOG_FILE="health_check.log"
# Function to send push notification
send_notification() {
local message="$1"
local priority="$2"
local tags="$3"
curl -H "Title: Health Check Failure" \
-H "Priority: $priority" \
-H "Tags: $tags" \
-d "$message" \
"$NTFY_TOPIC"
if [ $? -ne 0 ]; then
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed to send push notification" >> "$LOG_FILE"
fi
}
# Perform curl request
HEALTH_RESPONSE=$(curl -s -w "%{http_code}" "$HEALTH_URL")
HTTP_CODE=$(echo "$HEALTH_RESPONSE" | tail -n1)
CONTENT=$(echo "$HEALTH_RESPONSE" | head -n -1)
if [ "$HTTP_CODE" == "200" ] && [ "$CONTENT" == "OK" ]; then
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Successful response from health check at '$HEALTH_URL' - Response: 'OK'" >> "$LOG_FILE"
else
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed response from health check at '$HEALTH_URL' - HTTP Code: '$HTTP_CODE' - Content: '$CONTENT'" >> "$LOG_FILE"
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Sending a push notification..." >> "$LOG_FILE"
send_notification "$CONFIGURABLE_MESSAGE" "urgent" "warning"
fi