Initial work on hardening
This commit is contained in:
parent
1a734dbe6d
commit
3b7af7907d
2 changed files with 42 additions and 1 deletions
|
@ -19,13 +19,19 @@ WORKDIR /app
|
|||
# Copy the build directory from the builder stage to /app
|
||||
COPY --from=builder /git/build /app
|
||||
|
||||
# Create a dedicated user 'web' and change ownership of /app to 'web'
|
||||
RUN addgroup -S web && adduser -S web -G web && chown -R web:web /app
|
||||
|
||||
# Caddyfile configuration to serve files from /app
|
||||
RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile
|
||||
|
||||
# Expose port 80
|
||||
EXPOSE 80
|
||||
|
||||
# Start Caddy with the specified Caddyfile
|
||||
# Switch to the 'web' user
|
||||
USER web
|
||||
|
||||
# Start Caddy with the specified Caddyfile as the 'web' user
|
||||
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
|
||||
|
||||
# Docker Container Labels
|
||||
|
|
35
hardening/healthcheck.sh
Normal file
35
hardening/healthcheck.sh
Normal file
|
@ -0,0 +1,35 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Configuration
|
||||
HEALTH_URL="http://10.1.30.1:8080/health"
|
||||
NTFY_INSTANCE="https://ntfy.lunivity.com"
|
||||
NTFY_TOPIC="$NTFY_INSTANCE/mytopic"
|
||||
CONFIGURABLE_MESSAGE="Something went wrong with the health check."
|
||||
LOG_FILE="health_check.log"
|
||||
|
||||
# Function to send push notification
|
||||
send_notification() {
|
||||
local message="$1"
|
||||
local priority="$2"
|
||||
local tags="$3"
|
||||
curl -H "Title: Health Check Failure" \
|
||||
-H "Priority: $priority" \
|
||||
-H "Tags: $tags" \
|
||||
-d "$message" \
|
||||
"$NTFY_TOPIC"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed to send push notification" >> "$LOG_FILE"
|
||||
fi
|
||||
}
|
||||
|
||||
# Perform curl request
|
||||
HEALTH_RESPONSE=$(curl -s -w "%{http_code}" "$HEALTH_URL")
|
||||
HTTP_CODE=$(echo "$HEALTH_RESPONSE" | tail -n1)
|
||||
CONTENT=$(echo "$HEALTH_RESPONSE" | head -n -1)
|
||||
if [ "$HTTP_CODE" == "200" ] && [ "$CONTENT" == "OK" ]; then
|
||||
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Successful response from health check at '$HEALTH_URL' - Response: 'OK'" >> "$LOG_FILE"
|
||||
else
|
||||
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Failed response from health check at '$HEALTH_URL' - HTTP Code: '$HTTP_CODE' - Content: '$CONTENT'" >> "$LOG_FILE"
|
||||
echo "[$(date +"%Y-%m-%d %H:%M:%S")] - Sending a push notification..." >> "$LOG_FILE"
|
||||
send_notification "$CONFIGURABLE_MESSAGE" "urgent" "warning"
|
||||
fi
|
Loading…
Reference in a new issue