Compare commits

...

4 commits

Author SHA1 Message Date
9f2dbdf27c [c] hardening of Dockerfile (#4)
All checks were successful
Build and push docker image / publish (push) Successful in 49s
Reviewed-on: #4
2024-05-10 13:50:07 +00:00
b627cf1d4a [d] remove healthcheck script 2024-05-10 15:48:42 +02:00
30dbe25051 [a] add healthcheck endpoint to caddyfile config 2024-04-26 11:08:30 +02:00
3b7af7907d Initial work on hardening 2024-04-24 17:02:40 +02:00
2 changed files with 10 additions and 2 deletions

View file

@ -19,13 +19,19 @@ WORKDIR /app
# Copy the build directory from the builder stage to /app # Copy the build directory from the builder stage to /app
COPY --from=builder /git/build /app COPY --from=builder /git/build /app
# Create a dedicated user 'web' and change ownership of /app to 'web'
RUN addgroup -S web && adduser -S web -G web && chown -R web:web /app
# Caddyfile configuration to serve files from /app # Caddyfile configuration to serve files from /app
RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}" > /etc/caddy/Caddyfile RUN echo -e ":80 {\n root * /app\n try_files {path}.html {path}\n file_server\n}\n:8080 {\n respond /health \"OK\" 200\n}" > /etc/caddy/Caddyfile
# Expose port 80 # Expose port 80
EXPOSE 80 EXPOSE 80
# Start Caddy with the specified Caddyfile # Switch to the 'web' user
USER web
# Start Caddy with the specified Caddyfile as the 'web' user
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
# Docker Container Labels # Docker Container Labels

View file

@ -7,3 +7,5 @@ services:
no_cache: true no_cache: true
ports: ports:
- "3000:80" - "3000:80"
- "3080:8080"